Univention Bugzilla – Bug 50674
Add AD Connector ignorefilter via UCR
Last modified: 2020-07-21 18:30:07 CEST
A UCR variable connector/ad/mapping/user/ignorefilter should be added which can be used to ignore a bulk of users. In a customer package I have used the following patch: @@ -189,6 +189,8 @@ ignore_filter = '(userAccountControl=2080)' for user in configRegistry.get('connector/ad/mapping/user/ignorelist', '').split(','): if user: ignore_filter += '(uid=%s)(CN=%s)' % (user, user) +if configRegistry.get('connector/ad/mapping/user/ignorefilter', None): + ignore_filter += configRegistry.get('connector/ad/mapping/user/ignorefilter') if ignore_filter: print " ignore_filter='(|%s)'," % ignore_filter @!@ So, I could set the UCR variable to (notSyncToAD=TRUE).
escape_filter() missing
Successful build Package: univention-ad-connector Version: 13.0.0-25A~4.4.0.202001221850 Branch: ucs_4.4-0 Scope: errata4.4-3 877e6f856c Bug #50674: yaml 51b88e6763 Bug #50674: Add UCR-Variable to ignore bulks of users via LDAP-Filter I added the UCR variable 'connector/ad/mapping/user/ignorefilter' . I did not add filter escaping, because I think customers should be able to add more complex ldap-filters with this variable, as well as wildcards, which would be prevented by escaping its contents.
52abbede9d Bug #50674: yaml ff80ec116b Bug #50674: debian changelog 91c5dae043 Bug #50674: fix translation in UCR variable description 18265f6328 Bug #50674: Fix spelling d227262877 Bug #50674: Add documentation f8aa3857fc Bug #50674: try to generate a valid ldap filter Successful build Package: univention-ad-connector Version: 13.0.0-27A~4.4.0.202001281145 OK: UCR variable description OK: UCR variable is evaluated, the created filter is correct and matching users are ignored OK: docs OK: yaml -> verified
<http://errata.software-univention.de/ucs/4.4/429.html>