Project

General

Profile

Actions

Support #5495

open

ldap to crowd users_groups sync source

Added by Stephen Serafin about 6 years ago. Updated about 6 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
23.08.2018
Due date:
% Done:

0%

Estimated time:
Sorting:
Commit Number:
Affected Version:

Description

RhodeCode 4.12.4 Enterprise question:

User data and authentication was configured for ldap against an active directory domain.
Now it is configured to use crowd and crowd is configured to go against that same active directory domain.

Changing users from ldap to crowd was done in one of two ways:
$ rccontrol ishell enterprise-1

In [1]: new_extern_type = 'crowd'
In [2]: my_user = User.get_by_username('some_username')
In [3]: my_user.extern_type = new_extern_type
In [4]: my_user.extern_name = new_extern_type
In [5]: Session().add(my_user);Session().commit()
In [6]: exit()

OR

$ psql rhodecode
rhodecode=> UPDATE users SET extern_type = 'crowd', extern_name = username WHERE extern_type = 'ldap';

Now the groups these users belong to should also be sourced from crowd rather than ldap
Admin -> User groups
show groups that existed before the change to crowd as being sync'd from ldap.

How can they be changed so that they sync from crowd?

Will this work?
$ psql rhodecode
rhodecode => UPDATE users_groups SET user_group_description = 'Automatically created from plugin:crowd' WHERE user_group_description = 'Automatically created from plugin:ldap';

Is there any other condideration that should be addressed with this ldap to crowd change?

Actions #1

Updated by Marcin Kuzminski [CTO] about 6 years ago

Hi Stephen,

Actually this is stored in the group_data={'extern_type': 'crawd'} JSON column, so you'd edit this.

I'd alos check for Crowd groups: in the debug logs. This is what crawd plugin returns as groups for user, just to verify it actually retrieves this data.

Actions #2

Updated by Stephen Serafin about 6 years ago

I can see the data with:
.rccontrol/enterprise-1/profile/bin/rhodecode-api --instance-name enterprise-1 get_user_groups --format json | jq

Can you give me examples of how to change the extern_type to crowd using rccontrol ishell and rhodecode-api?

Actions #3

Updated by Marcin Kuzminski [CTO] about 6 years ago

Unfortunetly with API it's not possible.

Here's how to do it via ishell:

In [1]: for user_group in UserGroup.get_all():
   ...:     user_group.group_data = {'extern_type': 'crowd', 'extern_type_set_by':'YOUR_USERNAME'}
   ...:     Session().add(user_group)
   ...:     Session().commit()
   ...:

The extern_type_set_by is optional

Actions #4

Updated by Stephen Serafin about 6 years ago

As I learn a bit more I am able to make the bulk change this way:

$ rccontrol ishell enterprise-1

In [1]: %cpaste

s = Session()
for u in s.query(User).all():
if u.extern_type == 'ldap':
u.extern_type = 'crowd'
u.extern_name = 'crowd'
s.add(u)

s.commit()

Actions

Also available in: Atom PDF