Skip to content

Commit 2850528

Browse files
bajwa-adobeadorton-adobe
bajwa-adobe
authored and
adorton-adobe
committed
UST memberOf Update (#578)
UST dynamtic group mappings now reads member information from new config dynamic_group_member_attribute. Implement usecases from https://jira.corp.adobe.com/browse/DMESVCS-99
1 parent 26a5fec commit 2850528

2 files changed

Lines changed: 13 additions & 7 deletions

File tree

user_sync/app.py

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -335,7 +335,10 @@ def begin_work(config_loader):
335335
additional_group_filters = [r['source'] for r in additional_groups]
336336
if directory_connector is not None:
337337
directory_connector.state.additional_group_filters = additional_group_filters
338-
338+
# show error dynamic mappings enabled but 'dynamic_group_member_attribute' is not defined
339+
if additional_group_filters and directory_connector.state.options['dynamic_group_member_attribute'] is None:
340+
raise AssertionException(
341+
"Failed to enable dynamic group mappings. 'dynamic_group_member_attribute' is not defined in config")
339342
primary_name = '.primary' if secondary_umapi_configs else ''
340343
umapi_primary_connector = user_sync.connector.umapi.UmapiConnector(primary_name, primary_umapi_config)
341344
umapi_other_connectors = {}

user_sync/connector/directory_ldap.py

Lines changed: 9 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -77,7 +77,6 @@ def __init__(self, caller_options):
7777
self.user_given_name_formatter = LDAPValueFormatter(options['user_given_name_format'])
7878
self.user_surname_formatter = LDAPValueFormatter(options['user_surname_format'])
7979
self.user_country_code_formatter = LDAPValueFormatter(options['user_country_code_format'])
80-
self.user_memberof_format_formatter = LDAPValueFormatter(options['user_memberof_format'])
8180

8281
auth_method = options['authentication_method'].lower()
8382

@@ -138,7 +137,7 @@ def get_options(caller_config):
138137
builder.set_string_value('user_given_name_format', six.text_type('{givenName}'))
139138
builder.set_string_value('user_surname_format', six.text_type('{sn}'))
140139
builder.set_string_value('user_country_code_format', six.text_type('{c}'))
141-
builder.set_string_value('user_memberof_format', six.text_type('{memberOf}'))
140+
builder.set_string_value('dynamic_group_member_attribute', None)
142141
builder.set_string_value('user_identity_type', None)
143142
builder.set_int_value('search_page_size', 200)
144143
builder.set_string_value('logger_name', LDAPDirectoryConnector.name)
@@ -304,6 +303,9 @@ def iter_group_member_dns(self, group_dn, member_attribute, searched_dns=None):
304303
pass
305304

306305
def iter_users(self, base_dn, users_filter, extended_attributes):
306+
options = self.options
307+
dynamic_group_member_attribute = options['dynamic_group_member_attribute']
308+
307309
user_attribute_names = []
308310
user_attribute_names.extend(self.user_given_name_formatter.get_attribute_names())
309311
user_attribute_names.extend(self.user_surname_formatter.get_attribute_names())
@@ -312,7 +314,8 @@ def iter_users(self, base_dn, users_filter, extended_attributes):
312314
user_attribute_names.extend(self.user_email_formatter.get_attribute_names())
313315
user_attribute_names.extend(self.user_username_formatter.get_attribute_names())
314316
user_attribute_names.extend(self.user_domain_formatter.get_attribute_names())
315-
user_attribute_names.extend(self.user_memberof_format_formatter.get_attribute_names())
317+
if dynamic_group_member_attribute is not None:
318+
user_attribute_names.append(six.text_type(dynamic_group_member_attribute))
316319

317320
extended_attributes = [six.text_type(attr) for attr in extended_attributes]
318321
extended_attributes = list(set(extended_attributes) - set(user_attribute_names))
@@ -391,7 +394,7 @@ def iter_users(self, base_dn, users_filter, extended_attributes):
391394
if c_value is not None:
392395
user['country'] = c_value.upper()
393396

394-
user['member_groups'] = self.get_member_groups(record) if self.additional_group_filters else []
397+
user['member_groups'] = self.get_member_groups(record, dynamic_group_member_attribute) if self.additional_group_filters else []
395398

396399
if extended_attributes is not None:
397400
for extended_attribute in extended_attributes:
@@ -405,15 +408,15 @@ def iter_users(self, base_dn, users_filter, extended_attributes):
405408

406409
yield (dn, user)
407410

408-
def get_member_groups(self, user):
411+
def get_member_groups(self, user, dynamic_group_member_attribute):
409412
"""
410413
Get a list of member group common names for user
411414
Assumes groups are contained in attribute memberOf
412415
:param user:
413416
:return:
414417
"""
415418
group_names = []
416-
groups = LDAPValueFormatter.get_attribute_value(user, 'memberOf')
419+
groups = LDAPValueFormatter.get_attribute_value(user, dynamic_group_member_attribute)
417420

418421
if not groups:
419422
return group_names

0 commit comments

Comments
 (0)