From 275991c49c76fb7a3784e1b248f1b18961d4749b Mon Sep 17 00:00:00 2001 From: Timotej Lazar Date: Thu, 3 Apr 2025 18:55:06 +0200 Subject: [PATCH] proxmox: check for errors when retrieving users from AD Sometimes the created user.cfg file is empty for some reason. So add some checking and logging and hope for resolution. --- roles/proxmox/templates/sync-ldap.py.j2 | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/roles/proxmox/templates/sync-ldap.py.j2 b/roles/proxmox/templates/sync-ldap.py.j2 index 6c216b5..52264ee 100644 --- a/roles/proxmox/templates/sync-ldap.py.j2 +++ b/roles/proxmox/templates/sync-ldap.py.j2 @@ -3,6 +3,8 @@ import collections import os import re +import sys +import syslog import ldap3 @@ -22,6 +24,7 @@ filters = [ ] # run query +syslog.syslog(f'querying server {ldap_host}') server = ldap3.Server(ldap_host, use_ssl=True) ldap = ldap3.Connection(server, ldap_user, ldap_pass, auto_bind=True) ldap.search(ldap_base, @@ -38,6 +41,12 @@ for e in ldap.entries: if m := re.match(r'^CN=([^,]*)', group.replace('\\,', '-')): group = re.sub(r'[^A-Za-z0-9_.-]', '-', m[1]) all_groups[group].add(user) +syslog.syslog(f'got {len(all_users)} users with {len(all_groups)} groups from AD') + +# check sanity +if not all_users or not all_groups: + syslog.syslog(f'something went wrong, exiting') + sys.exit(1) with open('/etc/pve/user.cfg.new', 'w') as f: # user:{username}@{realm}:1:0:{name}:{surname}:{mail}:AD sync::