[ldapfeed] if a deactivated user becomes available again in its source, reactivate it (closes #2542776)
* cwusers that see their ldap source counterpart disappear are
deactivated
* until now they were not activated again on reappearance
* note this behaviour in the doc
--- a/doc/book/en/admin/ldap.rst Tue Jan 08 15:53:22 2013 +0100
+++ b/doc/book/en/admin/ldap.rst Wed Jan 09 14:29:29 2013 +0100
@@ -81,13 +81,20 @@
Other notes
-----------
-* Yes, cubicweb is able to start if ldap cannot be reached, even on c-c start,
- though that will slow down the instance, since it will indefinitly attempt
- to connect to the ldap on each query on users.
+* Cubicweb is able to start if ldap cannot be reached, even on
+ cubicweb-ctl start ... If some source ldap server cannot be used
+ while an instance is running, the corresponding users won't be
+ authenticated but their status will not change (e.g. they will not
+ be deactivated)
* Changing the name of the ldap server in your script is fine, changing the base
DN isn't since it's used to identify already known users from others
+* When a user is removed from an LDAP source, it is deactivated in the
+ CubicWeb instance; when a deactivated user comes back in the LDAP
+ source, it (automatically) is activated again
+
+
* You can use the :class:`CWSourceHostConfig` to have variants for a source
configuration according to the host the instance is running on. To do so go on
the source's view from the sources management view.
--- a/server/test/unittest_ldapuser.py Tue Jan 08 15:53:22 2013 +0100
+++ b/server/test/unittest_ldapuser.py Wed Jan 09 14:29:29 2013 +0100
@@ -113,7 +113,7 @@
stats = lfsource.pull_data(isession, force=True, raise_on_error=True)
isession.commit()
- def test_filter_inactivate(self):
+ def test_a_filter_inactivate(self):
""" filtered out people should be deactivated, unable to authenticate """
source = self.session.execute('CWSource S WHERE S type="ldapfeed"').get_entity(0,0)
config = source.repo_source.check_config(source)
@@ -129,6 +129,17 @@
self.assertEqual(self.execute('Any N WHERE U login "adim", '
'U in_state S, S name N').rows[0][0],
'activated')
+ # unfilter, syt should be activated again
+ config['user-filter'] = u''
+ source.repo_source.update_config(source, config)
+ self.commit()
+ self._pull()
+ self.assertEqual(self.execute('Any N WHERE U login "syt", '
+ 'U in_state S, S name N').rows[0][0],
+ 'activated')
+ self.assertEqual(self.execute('Any N WHERE U login "adim", '
+ 'U in_state S, S name N').rows[0][0],
+ 'activated')
def test_delete(self):
""" delete syt, pull, check deactivation, repull,
@@ -149,10 +160,9 @@
self.tearDownClass()
self.setUpClass()
self._pull()
- # still deactivated, but a warning has been emitted ...
self.assertEqual(self.execute('Any N WHERE U login "syt", '
'U in_state S, S name N').rows[0][0],
- 'deactivated')
+ 'activated')
# test reactivating the user isn't enough to authenticate, as the native source
# refuse to authenticate user from other sources
os.system(deletecmd)
--- a/sobjects/ldapparser.py Tue Jan 08 15:53:22 2013 +0100
+++ b/sobjects/ldapparser.py Wed Jan 09 14:29:29 2013 +0100
@@ -90,7 +90,8 @@
if entity.__regid__ == 'CWUser':
wf = entity.cw_adapt_to('IWorkflowable')
if wf.state == 'deactivated':
- self.warning('update on deactivated user %s', entity.login)
+ wf.fire_transition('activate')
+ self.warning('user %s reactivated', entity.login)
mdate = attrs.get('modification_date')
if not mdate or mdate > entity.modification_date:
attrs = dict( (k, v) for k, v in attrs.iteritems()