proxmox: check for errors when retrieving users from AD

Sometimes the created user.cfg file is empty for some reason. So add some checking and logging and hope for resolution.
2025-04-03 18:55:06 +02:00 · 2025-04-03 18:55:06 +02:00 · 275991c49c
parent 1a7b813dff
commit 275991c49c
1 changed files with 9 additions and 0 deletions
--- a/roles/proxmox/templates/sync-ldap.py.j2
+++ b/roles/proxmox/templates/sync-ldap.py.j2
@ -3,6 +3,8 @@
 import collections
 import os
 import re
+import sys
+import syslog

 import ldap3

@ -22,6 +24,7 @@ filters = [
 ]

 # run query
+syslog.syslog(f'querying server {ldap_host}')
 server = ldap3.Server(ldap_host, use_ssl=True)
 ldap = ldap3.Connection(server, ldap_user, ldap_pass, auto_bind=True)
 ldap.search(ldap_base,
@ -38,6 +41,12 @@ for e in ldap.entries:
        if m := re.match(r'^CN=([^,]*)', group.replace('\\,', '-')):
            group = re.sub(r'[^A-Za-z0-9_.-]', '-', m[1])
            all_groups[group].add(user)
+syslog.syslog(f'got {len(all_users)} users with {len(all_groups)} groups from AD')
+
+# check sanity
+if not all_users or not all_groups:
+    syslog.syslog(f'something went wrong, exiting')
+    sys.exit(1)

 with open('/etc/pve/user.cfg.new', 'w') as f:
    # user:{username}@{realm}:1:0:{name}:{surname}:{mail}:AD sync::