From 0393afcd81145ae49389cf4bf39c2042f10c5529 Mon Sep 17 00:00:00 2001
From: Tom Teichler <tom.teichler@teckids.org>
Date: Mon, 30 Mar 2020 23:14:04 +0200
Subject: [PATCH] Sync owners of group

---
 aleksis/apps/ldap/settings.py       | 14 ++++++++++++++
 aleksis/apps/ldap/util/ldap_sync.py | 10 ++++++++++
 2 files changed, 24 insertions(+)

diff --git a/aleksis/apps/ldap/settings.py b/aleksis/apps/ldap/settings.py
index f3b26df..3774720 100644
--- a/aleksis/apps/ldap/settings.py
+++ b/aleksis/apps/ldap/settings.py
@@ -14,6 +14,16 @@ CONSTANCE_ADDITIONAL_FIELDS = {
             ),
         },
     ],
+    "owner-attr-type": [
+        "django.forms.fields.ChoiceField",
+        {
+            "widget": "django.forms.Select",
+            "choices": (
+                ("dn", _("Distinguished Name")),
+                ("uid", _("UID")),
+            ),
+        },
+    ],
 }
 
 CONSTANCE_CONFIG = {
@@ -32,6 +42,8 @@ CONSTANCE_CONFIG = {
     "LDAP_GROUP_SYNC_FIELD_NAME": ("cn", _("Field for name of group"), str),
     "LDAP_GROUP_SYNC_FIELD_NAME_RE": ("", _("Regular expression to match LDAP value for group name against, e.g. class_(?P<class>.*); separate multiple patterns by |"), str),
     "LDAP_GROUP_SYNC_FIELD_NAME_REPLACE": ("", _("Replacement template to apply to group name, e.g. \\g<class>; separate multiple templates by |"), str),
+    "LDAP_GROUP_SYNC_OWNER_ATTR": ("", _("LDAP field with dn of group owner"), str),
+    "LDAP_GROUP_SYNC_OWNER_ATTR_TYPE": ("dn", _("Type of data in the ldap_field. Either DN or UID"), "owner-attr-type"),
 }
 CONSTANCE_CONFIG_FIELDSETS = {
     "LDAP-Sync settings": (
@@ -40,6 +52,8 @@ CONSTANCE_CONFIG_FIELDSETS = {
         "LDAP_SYNC_CREATE_MISSING_PERSONS",
         "LDAP_MATCHING_FIELDS",
         "ENABLE_LDAP_GROUP_SYNC",
+        "LDAP_GROUP_SYNC_OWNER_ATTR",
+        "LDAP_GROUP_SYNC_OWNER_ATTR_TYPE",
         "LDAP_GROUP_SYNC_FIELD_SHORT_NAME",
         "LDAP_GROUP_SYNC_FIELD_SHORT_NAME_RE",
         "LDAP_GROUP_SYNC_FIELD_SHORT_NAME_REPLACE",
diff --git a/aleksis/apps/ldap/util/ldap_sync.py b/aleksis/apps/ldap/util/ldap_sync.py
index d347588..1eed725 100644
--- a/aleksis/apps/ldap/util/ldap_sync.py
+++ b/aleksis/apps/ldap/util/ldap_sync.py
@@ -313,6 +313,7 @@ def mass_ldap_import():
     # Synchronise group memberships now
     if config.ENABLE_LDAP_GROUP_SYNC:
         member_attr = getattr(backend.settings.GROUP_TYPE, "member_attr", "memberUid")
+        owner_attr = config.LDAP_GROUP_SYNC_OWNER_ATTR
 
         for group, ldap_group in tqdm(zip(group_objects, ldap_groups)):
             dn, attrs = ldap_group
@@ -323,6 +324,15 @@ def mass_ldap_import():
             else:
                 members = Person.objects.filter(ldap_dn__in=ldap_members)
 
+            if config.LDAP_GROUP_SYNC_OWNER_ATTR:
+                ldap_owners = [_.lower() for _ in attrs[owner_attr]] if owner_attr in attrs else []
+                if config.LDAP_GROUP_SYNC_OWNER_ATTR_TYPE == "uid":
+                    owners = Person.objects.filter(user__username__in=ldap_owners)
+                elif config.LDAP_GROUP_SYNC_OWNER_ATTR_TYPE == "dn":
+                    owners = Person.objects.filter(ldap_dn__in=ldap_owners)
+
             group.members.set(members)
+            if config.LDAP_GROUP_SYNC_OWNER_ATTR:
+                group.owners.set(owners)
             group.save()
             logger.info("Set group members of group %s" % str(group))
-- 
GitLab