diff --git a/inc/drivers_ldap.php b/inc/drivers_ldap.php index 9ab5674b..bfb4aacc 100644 --- a/inc/drivers_ldap.php +++ b/inc/drivers_ldap.php @@ -708,6 +708,13 @@ function sync_LDAP_groups(){ $c->messages[] = sprintf(i18n('- adding %s to group : %s'),join(', ', $add_users ), $group); foreach ( $add_users as $member ) { + if ( isset($c->do_not_sync_from_ldap) + && isset($c->do_not_sync_from_ldap[$member]) ) { + dbg_error_log( "ERROR", "drivers_ldap : Skipped adding %s to %s", $member, $group); + + continue; + } + $qry = new AwlQuery( " INSERT INTO group_member SELECT g.principal_id AS group_id, u.principal_id AS member_id diff --git a/testing/regression-conf.php.example b/testing/regression-conf.php.example index 050f5f46..1334fbea 100644 --- a/testing/regression-conf.php.example +++ b/testing/regression-conf.php.example @@ -55,6 +55,9 @@ //ldap 'S' => array(12,2) //ldap ) //ldap ); + //ldap + //ldap $c->do_not_sync_from_ldap = array ('pg_ldap_ignore1' => true); + //ldap $c->do_not_sync_group_from_ldap = array ('pg_ldap_group_ignore' => true); //ldap include('drivers_ldap.php'); diff --git a/testing/tests/ldap/0003-sync-ldap.result b/testing/tests/ldap/0003-sync-ldap.result index 9f77e25c..d0a3d463 100644 --- a/testing/tests/ldap/0003-sync-ldap.result +++ b/testing/tests/ldap/0003-sync-ldap.result @@ -62,7 +62,6 @@ Content-Type: text/xml; charset="utf-8" fullname: >pg LDAP 1< last_used: >NULL< password: >NULL< - user_no: >1001< username: >pg_ldap1< active: >1< @@ -70,7 +69,6 @@ Content-Type: text/xml; charset="utf-8" fullname: >pg LDAP 2< last_used: >NULL< password: >NULL< - user_no: >1002< username: >pg_ldap2< active: >1< @@ -78,7 +76,6 @@ Content-Type: text/xml; charset="utf-8" fullname: >pg LDAP Group 1< last_used: >NULL< password: >NULL< - user_no: >1003< username: >pg_ldap_group1< active: >1< @@ -86,7 +83,6 @@ Content-Type: text/xml; charset="utf-8" fullname: >pg LDAP Group 2< last_used: >NULL< password: >NULL< - user_no: >1004< username: >pg_ldap_group2< active: >1< @@ -94,7 +90,6 @@ Content-Type: text/xml; charset="utf-8" fullname: >pg LDAP Group 3< last_used: >NULL< password: >NULL< - user_no: >1005< username: >pg_ldap_group3< active: >1< @@ -102,7 +97,6 @@ Content-Type: text/xml; charset="utf-8" fullname: >pg LDAP Group 4< last_used: >NULL< password: >NULL< - user_no: >1006< username: >pg_ldap_group4< group_name: >pg_ldap_group1< diff --git a/testing/tests/ldap/0003-sync-ldap.test b/testing/tests/ldap/0003-sync-ldap.test index 6ddc171a..56ecaf3d 100644 --- a/testing/tests/ldap/0003-sync-ldap.test +++ b/testing/tests/ldap/0003-sync-ldap.test @@ -34,7 +34,7 @@ my $groups = "ou=groups,$base"; $ldap->add( $base ); # pg = posixGroup -for my $username (qw/pg_ldap1 pg_ldap2/) { +for my $username (qw/pg_ldap1 pg_ldap2 pg_ldap_ignore1/) { my $dn = "uid=$username,$users"; (my $cn = $username) =~ s/_ldap(\d+)/ LDAP $1/; my $entry = { @@ -51,7 +51,8 @@ for my $username (qw/pg_ldap1 pg_ldap2/) { make_group($ldap, 'pg_ldap_group1', 'pg_ldap1'); make_group($ldap, 'pg_ldap_group2', 'pg_ldap2'); make_group($ldap, 'pg_ldap_group3'); -make_group($ldap, 'pg_ldap_group4'); +make_group($ldap, 'pg_ldap_group4', 'pg_ldap_ignore1'); +make_group($ldap, 'pg_ldap_group_ignore', 'pg_ldap1'); # We need to keep the client around, otherwise the test server will exit. $evaled{'ldap_client'} = $ldap; @@ -100,7 +101,7 @@ ENDDATA # Check that a usr record has been created for all users and groups QUERY -SELECT active, email, fullname, last_used, password, username, user_no +SELECT active, email, fullname, last_used, password, username FROM usr WHERE username LIKE 'pg_ldap%' ORDER BY username;