Honour do_not_sync_from_ldap when sync'ing group members

This had been working as a side effect of the way the SQL insert statement was working, but better to be explict about skipping them.
2026-01-27 00:33:34 +00:00 · 2024-02-04 00:12:14 +13:00 · 2024-02-04 00:12:14 +13:00 · eb4d120bbf
commit eb4d120bbf
parent 9494256f03
4 changed files with 14 additions and 9 deletions
--- a/inc/drivers_ldap.php
+++ b/inc/drivers_ldap.php
@ -708,6 +708,13 @@ function sync_LDAP_groups(){
        $c->messages[] = sprintf(i18n('- adding %s to group : %s'),join(', ', $add_users ), $group);

        foreach ( $add_users as $member ) {
+          if ( isset($c->do_not_sync_from_ldap)
+            && isset($c->do_not_sync_from_ldap[$member]) ) {
+            dbg_error_log( "ERROR", "drivers_ldap : Skipped adding %s to %s", $member, $group);
+
+            continue;
+          }
+
          $qry = new AwlQuery( "
              INSERT INTO group_member
                  SELECT g.principal_id AS group_id, u.principal_id AS member_id
--- a/testing/regression-conf.php.example
+++ b/testing/regression-conf.php.example
@ -55,6 +55,9 @@
  //ldap       'S' => array(12,2)
  //ldap   )
  //ldap );
+  //ldap
+  //ldap $c->do_not_sync_from_ldap = array ('pg_ldap_ignore1' => true);
+  //ldap $c->do_not_sync_group_from_ldap = array ('pg_ldap_group_ignore' => true);

  //ldap include('drivers_ldap.php');

--- a/testing/tests/ldap/0003-sync-ldap.result
+++ b/testing/tests/ldap/0003-sync-ldap.result
@ -62,7 +62,6 @@ Content-Type: text/xml; charset="utf-8"
         fullname: >pg LDAP 1<
        last_used: >NULL<
         password: >NULL<
-          user_no: >1001<
         username: >pg_ldap1<

           active: >1<
@ -70,7 +69,6 @@ Content-Type: text/xml; charset="utf-8"
         fullname: >pg LDAP 2<
        last_used: >NULL<
         password: >NULL<
-          user_no: >1002<
         username: >pg_ldap2<

           active: >1<
@ -78,7 +76,6 @@ Content-Type: text/xml; charset="utf-8"
         fullname: >pg LDAP Group 1<
        last_used: >NULL<
         password: >NULL<
-          user_no: >1003<
         username: >pg_ldap_group1<

           active: >1<
@ -86,7 +83,6 @@ Content-Type: text/xml; charset="utf-8"
         fullname: >pg LDAP Group 2<
        last_used: >NULL<
         password: >NULL<
-          user_no: >1004<
         username: >pg_ldap_group2<

           active: >1<
@ -94,7 +90,6 @@ Content-Type: text/xml; charset="utf-8"
         fullname: >pg LDAP Group 3<
        last_used: >NULL<
         password: >NULL<
-          user_no: >1005<
         username: >pg_ldap_group3<

           active: >1<
@ -102,7 +97,6 @@ Content-Type: text/xml; charset="utf-8"
         fullname: >pg LDAP Group 4<
        last_used: >NULL<
         password: >NULL<
-          user_no: >1006<
         username: >pg_ldap_group4<

       group_name: >pg_ldap_group1<
--- a/testing/tests/ldap/0003-sync-ldap.test
+++ b/testing/tests/ldap/0003-sync-ldap.test
@ -34,7 +34,7 @@ my $groups = "ou=groups,$base";
 $ldap->add( $base );

 # pg = posixGroup
-for my $username (qw/pg_ldap1 pg_ldap2/) {
+for my $username (qw/pg_ldap1 pg_ldap2 pg_ldap_ignore1/) {
    my $dn       = "uid=$username,$users";
    (my $cn = $username) =~ s/_ldap(\d+)/ LDAP $1/;
    my $entry    = {
@ -51,7 +51,8 @@ for my $username (qw/pg_ldap1 pg_ldap2/) {
 make_group($ldap, 'pg_ldap_group1', 'pg_ldap1');
 make_group($ldap, 'pg_ldap_group2', 'pg_ldap2');
 make_group($ldap, 'pg_ldap_group3');
-make_group($ldap, 'pg_ldap_group4');
+make_group($ldap, 'pg_ldap_group4', 'pg_ldap_ignore1');
+make_group($ldap, 'pg_ldap_group_ignore', 'pg_ldap1');

 # We need to keep the client around, otherwise the test server will exit.
 $evaled{'ldap_client'} = $ldap;
@ -100,7 +101,7 @@ ENDDATA

 # Check that a usr record has been created for all users and groups
 QUERY
-SELECT active, email, fullname, last_used, password, username, user_no
+SELECT active, email, fullname, last_used, password, username
 FROM usr
 WHERE username LIKE 'pg_ldap%'
 ORDER BY username;