Some initial comments: If an id is re-used for the new account, what happens if someone uses their id whilst the changes are being made?
In general it's not a good idea to delete the original LDAP entry. I think it's risky. Does it matter if there are gaps in the uid/gid? AFAICT the code does not adjust the committers groups. I'm not sure that the calculation of nextuid and nextgid are safe in a multi-processing environment. Also it looks like the uid and gid can be different - is that allowed? == There are other non-LDAP changes that need to be made, for example updating the qmail files on hermes And home directory on home.a.o? On 24 February 2018 at 00:10, <ru...@apache.org> wrote: > This is an automated email from the ASF dual-hosted git repository. > > rubys pushed a commit to branch master > in repository https://gitbox.apache.org/repos/asf/whimsy.git > > > The following commit(s) were added to refs/heads/master by this push: > new d71f1df rough in ASF::Person#rename support (untested) > d71f1df is described below > > commit d71f1dffb3131c94ce6b6d5a53a8ee3e97ccb24a > Author: Sam Ruby <ru...@intertwingly.net> > AuthorDate: Fri Feb 23 19:09:53 2018 -0500 > > rough in ASF::Person#rename support (untested) > --- > lib/whimsy/asf/ldap.rb | 59 > +++++++++++++++++++++++++++++++++++++++++--------- > 1 file changed, 49 insertions(+), 10 deletions(-) > > diff --git a/lib/whimsy/asf/ldap.rb b/lib/whimsy/asf/ldap.rb > index 709b42f..f3d1e40 100644 > --- a/lib/whimsy/asf/ldap.rb > +++ b/lib/whimsy/asf/ldap.rb > @@ -554,6 +554,43 @@ module ASF > person > end > > + # rename a person > + def rename(newid, attrs={}) > + # ensure person exists in LDAP > + raise ArgumentError(self.id) unless self.dn > + > + # create a new person > + new_person = ASF::Person.create(self.attrs.merge(attrs).merge(uid: > newid)) > + > + # determine what groups the individual is a member of > + uid_groups = ASF.search_subtree('dc=apache,dc=org', > + 'memberUid=#{self.id}', 'dn').flatten > + dn_groups = ASF.search_subtree('dc=apache,dc=org', > + 'member=#{self.dn}', 'dn').flatten > + > + # add new user to all groups > + uid_groups.each do |dn| > + ASF::LDAP.modify(dn, [ASF::Base.mod_add('memberUid', new_person.id)]) > + end > + dn_groups.each do |dn| > + ASF::LDAP.modify(dn, [ASF::Base.mod_add('member', new_person.dn)]) > + end > + > + # remove original user from all groups > + uid_groups.each do |dn| > + ASF::LDAP.modify(dn, [ASF::Base.mod_delete('memberUid', self.id)]) > + end > + dn_groups.each do |dn| > + ASF::LDAP.modify(dn, [ASF::Base.mod_delete('member', self.dn)]) > + end > + > + # remove original user > + ASF::Person.remove(person.id) > + > + # return new user > + new_person > + end > + > # completely remove a committer from LDAP > # ** DO NOT USE ** > # In almost all cases, use deregister instead > @@ -813,9 +850,19 @@ module ASF > ASF::search_one(ASF::Person.base, 'uid=*', 'uidNumber'). > flatten.map(&:to_i).max + 1 > > - nextgid = attrs['gidNumber'] || > - ASF::search_one(group_base, 'cn=*', 'gidNumber'). > + nextgid = attrs['gidNumber'] > + unless nextgid > + nextgid = ASF::search_one(group_base, 'cn=*', 'gidNumber'). > flatten.map(&:to_i).max + 1 > + > + # create new LDAP group > + entry = [ > + mod_add('objectClass', ['posixGroup', 'top']), > + mod_add('cn', availid), > + mod_add('userPassword', '{crypt}*'), > + mod_add('gidNumber', nextgid.to_s), > + ] > + end > > # fixed attributes > attrs.merge!({ > @@ -842,14 +889,6 @@ module ASF > end > end > > - # create new LDAP group > - entry = [ > - mod_add('objectClass', ['posixGroup', 'top']), > - mod_add('cn', availid), > - mod_add('userPassword', '{crypt}*'), > - mod_add('gidNumber', nextgid.to_s), > - ] > - > ASF::LDAP.add("cn=#{availid},#{group_base}", entry) > > # create new LDAP person > > -- > To stop receiving notification emails like this one, please contact > ru...@apache.org.
