WIP fixes for DB rebuild operation for lost orphans.

See added comments in group_manager.py for more details.
SpiderOak · Jul 11, 2014 · 7c1e5c4 · 7c1e5c4
1 parent bdf8265
commit 7c1e5c4
Showing 1 changed file with 19 additions and 0 deletions.
diff --git a/netkes/account_mgr/user_source/group_manager.py b/netkes/account_mgr/user_source/group_manager.py
@@ -247,17 +247,36 @@ def run_db_repair(config, db_conn):
                 "FROM ldap_users l JOIN spider_users AS s ON l.email = s.email ")
 
     # Collect the list of users who are NOT in the LDAP
+    # There are two types of users not in the LDAP sync groups we're looking through:
+    #   1. Users who exist in the LDAP still, but not anymore in a monitored group
+    #   2. Users who do not at all exist in the LDAP.
+    #
+    # Users in the first group we can enter back into the user sync database as disabled,
+    # as we can locate some form of unique ID from the LDAP to put in the sync DB. The
+    # second group needs to be just disabled on the Accounts API side. Note that users
+    # in this second group will have to have the whole DB rebuilt if they reappear on the LDAP
+    # and wish to continue using the same account.
     cur.execute("SELECT s.email, s.avatar_id, s.givenname, s.surname, s.group_id, s.enabled "
                 "FROM spider_users s "
                 "LEFT OUTER JOIN ldap_users l USING (email) "
                 "WHERE l.email IS NULL")
     orphans = cur.fetchall()
+
+    # "found_orphans" are the users who exist *somewhere* in the LDAP. lost_orphans do not.
     found_orphans = _run_disabled_users_for_repair(ldap_conn, config, cur.description, orphans)
+    lost_orphans = set(orphans) - set(found_orphans)
 
+    # Put the found orphans in the DB.
     cur.executemany("INSERT INTO users "
                     "(avatar_id, email, givenname, surname, group_id, enabled, uniqueid) "
                     "VALUES (%(avatar_id)s, %(email)s, %(givenname)s, %(surname)s, "
                     "        %(group_id)s, %(enabled)s, %(uniqueid)s);",
                     found_orphans)
 
     db_conn.commit()
+
+    # ...and disable the lost orphans. We don't care about already disabled lost orphans,
+    # we want to only disable orphans who are enabled so they can be rounded up and
+    # deleted.
+
+