sources/ldap: fix inverted interpretation of FreeIPA nsaccountlock (#6877)
sources/ldap: fix inverted interpretation of nsaccountlock Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
parent
0caa17623f
commit
58aa7ec623
|
@ -47,9 +47,11 @@ class FreeIPA(BaseLDAPSynchronizer):
|
||||||
return
|
return
|
||||||
# For some reason, nsaccountlock is not defined properly in the schema as bool
|
# For some reason, nsaccountlock is not defined properly in the schema as bool
|
||||||
# hence we get it as a list of strings
|
# hence we get it as a list of strings
|
||||||
_is_active = str(self._flatten(attributes.get("nsaccountlock", ["FALSE"])))
|
_is_locked = str(self._flatten(attributes.get("nsaccountlock", ["FALSE"])))
|
||||||
# So we have to attempt to convert it to a bool
|
# So we have to attempt to convert it to a bool
|
||||||
is_active = _is_active.lower() == "true"
|
is_locked = _is_locked.lower() == "true"
|
||||||
|
# And then invert it since freeipa saves locked and we save active
|
||||||
|
is_active = not is_locked
|
||||||
if is_active != user.is_active:
|
if is_active != user.is_active:
|
||||||
user.is_active = is_active
|
user.is_active = is_active
|
||||||
user.save()
|
user.save()
|
||||||
|
|
|
@ -137,6 +137,7 @@ class LDAPSyncTests(TestCase):
|
||||||
user_sync.sync_full()
|
user_sync.sync_full()
|
||||||
self.assertTrue(User.objects.filter(username="user0_sn").exists())
|
self.assertTrue(User.objects.filter(username="user0_sn").exists())
|
||||||
self.assertFalse(User.objects.filter(username="user1_sn").exists())
|
self.assertFalse(User.objects.filter(username="user1_sn").exists())
|
||||||
|
self.assertFalse(User.objects.get(username="user-nsaccountlock").is_active)
|
||||||
|
|
||||||
def test_sync_groups_ad(self):
|
def test_sync_groups_ad(self):
|
||||||
"""Test group sync"""
|
"""Test group sync"""
|
||||||
|
|
Reference in New Issue