ynerant/synchronize-dolibarr-to-ldap
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Manager user group insertion/deletion

Browse Source
This commit is contained in:
Emmy D'Anello 2025-02-18 12:16:19 +01:00
parent de5483107a
commit ce34b1f805
Signed by: ynerant
GPG Key ID: 3A75C55819C8CF85
1 changed files with 30 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
main.py
View File

@ -27,7 +27,9 @@ def manage_users_extra_fields(ldap_conn: Connection, dolibarr_client: Dolibarrpy
manage_user_extra_fields(ldap_conn, dolibarr_user, dolibarr_client) manage_user_extra_fields(ldap_conn, dolibarr_user, dolibarr_client)
def manage_user_extra_fields(ldap_conn: Connection, dolibarr_user: dict, dolibarr_client: Dolibarrpy): def manage_user_extra_fields(ldap_conn: Connection, dolibarr_user: dict, dolibarr_client: Dolibarrpy, /,
manage_user_attrs: bool = True, manage_group_attrs: bool = True,
oldgroupid: int | None = None, newgroupid: int | None = None, new_group: dict | None = None):
login = dolibarr_user['login'] login = dolibarr_user['login']
obj_inetorgperson = ObjectDef(['top', 'inetOrgPerson', 'posixAccount'], ldap_conn) obj_inetorgperson = ObjectDef(['top', 'inetOrgPerson', 'posixAccount'], ldap_conn)
obj_user = ObjectDef(['top', 'inetOrgPerson', 'posixAccount'] + config.LDAP_GROUPS_EXTRA_OBJECT_CLASSES, ldap_conn) obj_user = ObjectDef(['top', 'inetOrgPerson', 'posixAccount'] + config.LDAP_GROUPS_EXTRA_OBJECT_CLASSES, ldap_conn)
@ -57,8 +59,10 @@ def manage_user_extra_fields(ldap_conn: Connection, dolibarr_user: dict, dolibar
users_reader.search() users_reader.search()
users_writer = Writer.from_cursor(users_reader, object_def=obj_user) users_writer = Writer.from_cursor(users_reader, object_def=obj_user)
ldap_user = users_writer[0] ldap_user = users_writer[0]
append_extra_fields_to_ldap_user(ldap_user, dolibarr_user) if manage_user_attrs:
append_extra_group_fields_to_ldap_user(ldap_user, dolibarr_user, dolibarr_client) append_extra_fields_to_ldap_user(ldap_user, dolibarr_user)
if manage_group_attrs:
append_extra_group_fields_to_ldap_user(ldap_user, dolibarr_user, dolibarr_client, oldgroupid=oldgroupid, newgroupid=newgroupid, new_group=new_group)
users_writer.commit() users_writer.commit()
@ -83,17 +87,16 @@ def append_extra_fields_to_ldap_user(ldap_user: WritableEntry, dolibarr_user: di
value = dolibarr_user['array_options'][f'options_{dolibarr_attr}'] value = dolibarr_user['array_options'][f'options_{dolibarr_attr}']
if value: if value:
values.append(value) values.append(value)
if not values:
continue
if ldap_attr.endswith('[]'): if ldap_attr.endswith('[]'):
ldap_attr = ldap_attr[:-2] ldap_attr = ldap_attr[:-2]
value = values value = values
else: else:
value = values[0] value = values[0] if values else ""
setattr(ldap_user, ldap_attr, value) setattr(ldap_user, ldap_attr, value)
def append_extra_group_fields_to_ldap_user(ldap_user: WritableEntry, dolibarr_user: dict, dolibarr_client: Dolibarrpy): def append_extra_group_fields_to_ldap_user(ldap_user: WritableEntry, dolibarr_user: dict, dolibarr_client: Dolibarrpy, /,
oldgroupid: int | None = None, newgroupid: int | None = None, new_group: dict | None = None):
if not any(dolibarr_attr.startswith('GROUP') if not any(dolibarr_attr.startswith('GROUP')
for extra_field in config.LDAP_USERS_EXTRA_FIELDS for extra_field in config.LDAP_USERS_EXTRA_FIELDS
for dolibarr_attr in extra_field.split(':')[0].split('|')): for dolibarr_attr in extra_field.split(':')[0].split('|')):
@ -101,6 +104,12 @@ def append_extra_group_fields_to_ldap_user(ldap_user: WritableEntry, dolibarr_us
user_id = dolibarr_user['id'] user_id = dolibarr_user['id']
dolibarr_groups: list[dict] = dolibarr_client.get_user_groups_uid(user_id) dolibarr_groups: list[dict] = dolibarr_client.get_user_groups_uid(user_id)
if oldgroupid:
dolibarr_groups = [group for group in dolibarr_groups if group['id'] != oldgroupid]
if newgroupid:
dolibarr_groups.append(dolibarr_client.call_get_api('users/groups', newgroupid))
if new_group:
dolibarr_groups = [group for group in dolibarr_groups if group['id'] != new_group['id']] + [new_group]
for extra_field in config.LDAP_USERS_EXTRA_FIELDS: for extra_field in config.LDAP_USERS_EXTRA_FIELDS:
dolibarr_attrs, ldap_attr = extra_field.split(':') dolibarr_attrs, ldap_attr = extra_field.split(':')
@ -120,13 +129,11 @@ def append_extra_group_fields_to_ldap_user(ldap_user: WritableEntry, dolibarr_us
value = dolibarr_group.get(dolibarr_attr, dolibarr_group['array_options'][f'options_{dolibarr_attr}']) value = dolibarr_group.get(dolibarr_attr, dolibarr_group['array_options'][f'options_{dolibarr_attr}'])
if value: if value:
values.append(value) values.append(value)
if not values:
continue
if ldap_attr.endswith('[]'): if ldap_attr.endswith('[]'):
ldap_attr = ldap_attr[:-2] ldap_attr = ldap_attr[:-2]
value = values value = values
else: else:
value = values[0] value = values[0] if values else ""
setattr(ldap_user, ldap_attr, value) setattr(ldap_user, ldap_attr, value)
@ -179,13 +186,11 @@ def append_extra_fields_to_ldap_group(ldap_group: WritableEntry, dolibarr_group:
value = dolibarr_group['array_options'][f'options_{dolibarr_attr}'] value = dolibarr_group['array_options'][f'options_{dolibarr_attr}']
if value: if value:
values.append(value) values.append(value)
if not values:
continue
if ldap_attr.endswith('[]'): if ldap_attr.endswith('[]'):
ldap_attr = ldap_attr[:-2] ldap_attr = ldap_attr[:-2]
value = values value = values
else: else:
value = values[0] value = values[0] if values else ""
setattr(ldap_group, ldap_attr, value) setattr(ldap_group, ldap_attr, value)
@ -200,15 +205,25 @@ def webhook_receiver():
obj = data['object'] obj = data['object']
if config.DOLIBARR_API_DEBUG: if config.DOLIBARR_API_DEBUG:
print("Received webhook trigger of type", triggercode, "with content:") print("Received webhook trigger of type", triggercode, "with content:")
print(json.dumps(obj)) print(json.dumps(obj, indent=4))
dolibarr_client = Dolibarrpy(url=config.DOLIBARR_API_BASE, token=config.DOLIBARR_API_TOKEN, timeout=16, debug=config.DOLIBARR_API_DEBUG) dolibarr_client = Dolibarrpy(url=config.DOLIBARR_API_BASE, token=config.DOLIBARR_API_TOKEN, timeout=16, debug=config.DOLIBARR_API_DEBUG)
ldap_server = Server(config.LDAP_HOST, config.LDAP_PORT, get_info=ALL) ldap_server = Server(config.LDAP_HOST, config.LDAP_PORT, get_info=ALL)
if triggercode.startswith('USER_'): if triggercode.startswith('USER_'):
oldgid, newgid = None, None
if 'context' in obj and obj['context']:
audit = obj['context']['audit']
if audit == "UserSetInGroup":
newgid = obj['context']['newgroupid']
elif audit == "UserRemovedFromGroup":
oldgid = obj['context']['oldgroupid']
with Connection(ldap_server, config.LDAP_BIND_USER, config.LDAP_BIND_PASSWORD) as ldap_conn: with Connection(ldap_server, config.LDAP_BIND_USER, config.LDAP_BIND_PASSWORD) as ldap_conn:
manage_user_extra_fields(ldap_conn, obj) manage_user_extra_fields(ldap_conn, obj, dolibarr_client, oldgroupid=oldgid, newgroupid=newgid)
elif triggercode.startswith('USERGROUP_'): elif triggercode.startswith('USERGROUP_'):
with Connection(ldap_server, config.LDAP_BIND_USER, config.LDAP_BIND_PASSWORD) as ldap_conn: with Connection(ldap_server, config.LDAP_BIND_USER, config.LDAP_BIND_PASSWORD) as ldap_conn:
manage_group_extra_fields(ldap_conn, obj) manage_group_extra_fields(ldap_conn, obj)
group_members = obj['members']
for group_member in group_members.values():
manage_user_extra_fields(ldap_conn, group_member, dolibarr_client, manage_user_attrs=False, new_group=obj)
else: else:
abort(400) abort(400)
return "", 204 return "", 204