Commit Graph

4 Commits

Author SHA1 Message Date
Dominik Csapak
5654260eab do not modify ACLs/Groups for missing users
instead of dropping ACLs and group membership for missing users,
simply warn and leave it in the config

for users that get removed via the api this happens explicitely

this is to prevent that a 'faulty' ldapsync removes users temporarily
and with it all acls that the admin created

we still have a 'purge' flag for the sync where ACLs get removed
explicitly for users removed from ldap

also adapt the tests

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2020-03-21 16:05:38 +01:00
Fabian Grünbichler
21f523a5c1 user.cfg: skip inexisting roles when parsing ACLs
we do the same for missing users, groups and tokens, and just like
groups, roles with an empty privilege set are explicitly allowed so
pre-generating placeholders is possible.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2020-01-29 21:21:59 +01:00
Fabian Grünbichler
891f7afa92 test: add token-related tests
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2020-01-29 21:21:58 +01:00
Fabian Grünbichler
7d1739ad60 test: add parser/writer tests
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2020-01-27 18:34:01 +01:00