Honour do_not_sync_from_ldap when sync'ing group members

This had been working as a side effect of the way the SQL insert statement was working, but better to be explict about skipping them.
2026-05-30 03:24:47 +00:00 · 2024-02-04 00:12:14 +13:00 · 2024-02-04 00:12:14 +13:00 · eb4d120bbf
commit eb4d120bbf
parent 9494256f03
4 changed files with 14 additions and 9 deletions
--- a/inc/drivers_ldap.php
+++ b/inc/drivers_ldap.php
@ -708,6 +708,13 @@ function sync_LDAP_groups(){
        $c->messages[] = sprintf(i18n('- adding %s to group : %s'),join(', ', $add_users ), $group);
        foreach ( $add_users as $member ) {
          if ( isset($c->do_not_sync_from_ldap)
            && isset($c->do_not_sync_from_ldap[$member]) ) {
            dbg_error_log( "ERROR", "drivers_ldap : Skipped adding %s to %s", $member, $group);
            continue;
          }
          $qry = new AwlQuery( "
              INSERT INTO group_member
                  SELECT g.principal_id AS group_id, u.principal_id AS member_id
--- a/testing/regression-conf.php.example
+++ b/testing/regression-conf.php.example
@ -55,6 +55,9 @@
  //ldap       'S' => array(12,2)
  //ldap   )
  //ldap );
  //ldap
  //ldap $c->do_not_sync_from_ldap = array ('pg_ldap_ignore1' => true);
  //ldap $c->do_not_sync_group_from_ldap = array ('pg_ldap_group_ignore' => true);
  //ldap include('drivers_ldap.php');
--- a/testing/tests/ldap/0003-sync-ldap.result
+++ b/testing/tests/ldap/0003-sync-ldap.result
@ -62,7 +62,6 @@ Content-Type: text/xml; charset="utf-8"
         fullname: >pg LDAP 1<
        last_used: >NULL<
         password: >NULL<
          user_no: >1001<
         username: >pg_ldap1<
           active: >1<
@ -70,7 +69,6 @@ Content-Type: text/xml; charset="utf-8"
         fullname: >pg LDAP 2<
        last_used: >NULL<
         password: >NULL<
          user_no: >1002<
         username: >pg_ldap2<
           active: >1<
@ -78,7 +76,6 @@ Content-Type: text/xml; charset="utf-8"
         fullname: >pg LDAP Group 1<
        last_used: >NULL<
         password: >NULL<
          user_no: >1003<
         username: >pg_ldap_group1<
           active: >1<
@ -86,7 +83,6 @@ Content-Type: text/xml; charset="utf-8"
         fullname: >pg LDAP Group 2<
        last_used: >NULL<
         password: >NULL<
          user_no: >1004<
         username: >pg_ldap_group2<
           active: >1<
@ -94,7 +90,6 @@ Content-Type: text/xml; charset="utf-8"
         fullname: >pg LDAP Group 3<
        last_used: >NULL<
         password: >NULL<
          user_no: >1005<
         username: >pg_ldap_group3<
           active: >1<
@ -102,7 +97,6 @@ Content-Type: text/xml; charset="utf-8"
         fullname: >pg LDAP Group 4<
        last_used: >NULL<
         password: >NULL<
          user_no: >1006<
         username: >pg_ldap_group4<
       group_name: >pg_ldap_group1<
--- a/testing/tests/ldap/0003-sync-ldap.test
+++ b/testing/tests/ldap/0003-sync-ldap.test
@ -34,7 +34,7 @@ my $groups = "ou=groups,$base";
 $ldap->add( $base );
 # pg = posixGroup
-for my $username (qw/pg_ldap1 pg_ldap2/) {
+for my $username (qw/pg_ldap1 pg_ldap2 pg_ldap_ignore1/) {
    my $dn       = "uid=$username,$users";
    (my $cn = $username) =~ s/_ldap(\d+)/ LDAP $1/;
    my $entry    = {
@ -51,7 +51,8 @@ for my $username (qw/pg_ldap1 pg_ldap2/) {
 make_group($ldap, 'pg_ldap_group1', 'pg_ldap1');
 make_group($ldap, 'pg_ldap_group2', 'pg_ldap2');
 make_group($ldap, 'pg_ldap_group3');
-make_group($ldap, 'pg_ldap_group4');
+make_group($ldap, 'pg_ldap_group4', 'pg_ldap_ignore1');
 make_group($ldap, 'pg_ldap_group_ignore', 'pg_ldap1');
 # We need to keep the client around, otherwise the test server will exit.
 $evaled{'ldap_client'} = $ldap;
@ -100,7 +101,7 @@ ENDDATA
 # Check that a usr record has been created for all users and groups
 QUERY
-SELECT active, email, fullname, last_used, password, username, user_no
+SELECT active, email, fullname, last_used, password, username
 FROM usr
 WHERE username LIKE 'pg_ldap%'
 ORDER BY username;