rc/servers
2
0
Fork 0
Code Issues Pull requests Actions Packages Projects 1 Releases Wiki Activity

proxmox: check for errors when retrieving users from AD

Browse source 
Sometimes the created user.cfg file is empty for some reason. So add
some checking and logging and hope for resolution.
This commit is contained in:
Timotej Lazar 2025-04-03 18:55:06 +02:00
parent 1a7b813dff
commit 275991c49c
1 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
roles/proxmox/templates/sync-ldap.py.j2
View file

@ -3,6 +3,8 @@
import collections import collections
import os import os
import re import re
import sys
import syslog
import ldap3 import ldap3
@ -22,6 +24,7 @@ filters = [
] ]
# run query # run query
syslog.syslog(f'querying server {ldap_host}')
server = ldap3.Server(ldap_host, use_ssl=True) server = ldap3.Server(ldap_host, use_ssl=True)
ldap = ldap3.Connection(server, ldap_user, ldap_pass, auto_bind=True) ldap = ldap3.Connection(server, ldap_user, ldap_pass, auto_bind=True)
ldap.search(ldap_base, ldap.search(ldap_base,
@ -38,6 +41,12 @@ for e in ldap.entries:
if m := re.match(r'^CN=([^,]*)', group.replace('\\,', '-')): if m := re.match(r'^CN=([^,]*)', group.replace('\\,', '-')):
group = re.sub(r'[^A-Za-z0-9_.-]', '-', m[1]) group = re.sub(r'[^A-Za-z0-9_.-]', '-', m[1])
all_groups[group].add(user) all_groups[group].add(user)
syslog.syslog(f'got {len(all_users)} users with {len(all_groups)} groups from AD')
# check sanity
if not all_users or not all_groups:
syslog.syslog(f'something went wrong, exiting')
sys.exit(1)
with open('/etc/pve/user.cfg.new', 'w') as f: with open('/etc/pve/user.cfg.new', 'w') as f:
# user:{username}@{realm}:1:0:{name}:{surname}:{mail}:AD sync:: # user:{username}@{realm}:1:0:{name}:{surname}:{mail}:AD sync::