Convert all LDAP e-mail addresses to lower case

juliaschroeder · juliaschroeder · commit 8d8c08920121 · 2024-06-27T09:20:00.000+02:00
Convert all e-mail addresses of LDAP imported objects to lower case to avoid
inconsistent data.
Fixes group members not showing in admin web due to case confusion.
diff --git a/api/__init__.py b/api/__init__.py
@@ -7,7 +7,7 @@
 
 apiSpec = None  # API specification
 apiVersion = None  # API specification version. Extracted from the OpenAPI document.
-backendVersion = "1.15.4"  # Backend version number
+backendVersion = "1.15.5"  # Backend version number
 
 
 def _loadOpenApiSpec():
diff --git a/services/ldap.py b/services/ldap.py
@@ -64,22 +64,24 @@ def __init__(self, ldap, resultType, data):
             return
         if resultType == "user":
             if userconf["username"] in data["attributes"] and data["attributes"][userconf["username"]]:
-                self.email = self.username = self._reduce(data["attributes"][userconf["username"]])
+                self.email = self.username = self._reduce(data["attributes"][userconf["username"]]).lower()
             else:
                 self.email = self.username = None
                 self.error = "Missing username"
         elif resultType == "contact":
             self.username = None
             if userconf["contactname"] in data["attributes"] and data["attributes"][userconf["contactname"]]:
-                self.email = self._reduce(data["attributes"][userconf["contactname"]])
+                self.email = self._reduce(data["attributes"][userconf["contactname"]]).lower()
             else:
                 self.email = None
                 self.error = "Missing e-mail address"
         elif resultType == "group":
-            self.email = self._reduce(data["attributes"].get(groupconf["groupaddr"], ""))
-            self.name = self._reduce(data["attributes"].get(groupconf["groupname"], ""))
+            self.email = self._reduce(data["attributes"].get(groupconf["groupaddr"]))
             if not self.email:
                 self.error = "Missing e-mail address"
+            else:
+                self.email = self.email.lower()
+            self.name = self._reduce(data["attributes"].get(groupconf["groupname"], ""))
         else:
             self.error = "Unknown type"
 
diff --git a/tools/ldap.py b/tools/ldap.py
@@ -343,15 +343,15 @@ def syncGroupMembers(orgID, ldapgroup, ldap, users=None):
         from orm.users import Users
         users = {user.externID for user in Users.query.filter(Users.orgID == orgID, Users.externID != None)}
     assocs = {assoc.username: assoc for assoc in Associations.query.filter(Associations.listID == group.ID).all()}
-    add = 0
+    add = []
     for member in ldap.searchUsers(attributes="idonly", customFilter=ldap.groupMemberFilter(ldapgroup.DN)):
         assoc = assocs.pop(member.email, None)
         if assoc or member.ID not in users:  # Do nothing if already associated or not known
             continue
-        add += 1
-        DB.session.add(Associations(member.email, group.ID))
-    remove = len(assocs)
+        add.append((member.email, group.ID))
     for assoc in assocs.values():
         DB.session.delete(assoc)
+    DB.session.flush()  # necessary to fix case-confusions (i.e. User@example.org -> user@example.org)
+    DB.session.add_all([Associations(memberEmail, groupID) for memberEmail, groupID in add])
     DB.session.commit()
-    return add, remove
+    return len(add), len(assocs)
