fix identity primary'

tacxou · tacxou · commit a24f9c9f2880 · 2026-03-27T17:49:07.000+01:00
diff --git a/src/bin/upsertidentity.py b/src/bin/upsertidentity.py
diff --git a/src/lib/backend_ldap_utils.py b/src/lib/backend_ldap_utils.py
@@ -12,15 +12,27 @@
 def set_config(config):
     u.__CONFIG__ = config
 
+def format_ldap_error(err):
+    details = err.args[0] if len(err.args) > 0 else err
+    if isinstance(details, dict):
+        result = details.get("result", "")
+        desc = details.get("desc", "")
+        info = details.get("info", "")
+        return (str(result) + ' ' + str(desc) + ' ' + str(info)).strip()
+    if isinstance(details, (list, tuple)):
+        return " ".join([str(part) for part in details]).strip()
+    return str(details).strip()
+
 def connect_ldap(url,dn,password):
     try:
-        l=ldap.initialize(url)
+        # python-ldap expects an LDAP URI (ldap:// or ldaps://).
+        ldap_uri = url if '://' in str(url) else 'ldap://' + str(url)
+        l=ldap.initialize(ldap_uri)
         l.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_ALLOW)
         l.simple_bind_s(dn,password)
         return l
     except ldap.LDAPError as e:
-        e_dict = e.args[0]
-        print(u.returncode(1, str(e_dict.get("result")) + ' ' + e_dict.get("desc")))
+        print(u.returncode(1, format_ldap_error(e)))
         return(1)
 
 def convert_to_utf8(entry):
@@ -102,8 +114,7 @@ def search_entity(l,entity):
         r=l.search_s(base,ldap.SCOPE_SUBTREE,filter)
         return r
     except ldap.LDAPError as e:
-        e_dict = e.args[0]
-        print(u.returncode(1, str(e_dict.get("result")) + ' ' + e_dict.get("desc") + " " + e_dict.get("info")))
+        print(u.returncode(1, format_ldap_error(e)))
         exit(1)
 
 def upsert_entry(l,entity):
@@ -121,8 +132,7 @@ def upsert_entry(l,entity):
             action="add"
             l.add_s(dn, ldif)
         except ldap.LDAPError as e:
-            e_dict = e.args[0]
-            print(u.returncode(1, "add " + str(e_dict.get("result")) + ' ' + e_dict.get("desc") + " "+ e_dict.get("info",'')))
+            print(u.returncode(1, "add " + format_ldap_error(e)))
             exit(1)
     else:
         if len(r) > 1:
@@ -142,8 +152,7 @@ def upsert_entry(l,entity):
                 action="mod"
                 l.modify_s(r[0][0],ldif)
             except ldap.LDAPError as e:
-                e_dict = e.args[0]
-                print(u.returncode(1, 'mod ' + str(e_dict.get("result")) + ' ' + e_dict.get("desc") + " "+ e_dict.get("info",'')))
+                print(u.returncode(1, 'mod ' + format_ldap_error(e)))
                 return(1)
         else:
             ## changement du DN
@@ -156,8 +165,7 @@ def upsert_entry(l,entity):
                 action="rename"
                 l.rename_s(oldDn,new_rdn,newsuperior=newSuperior)
             except ldap.LDAPError as e:
-                e_dict = e.args[0]
-                print(u.returncode(1, 'rename ' + str(e_dict.get("result")) + ' ' + e_dict.get("desc") + " "+ e_dict.get("info")))
+                print(u.returncode(1, 'rename ' + format_ldap_error(e)))
                 exit(1)
     return u.returncode(0,"Entree " + dn + " " + action)
 
@@ -223,8 +231,7 @@ def delete_entity(l,entity):
             l.delete_s(r[0][0])
             return u.returncode(0, "user : " + r[0][0] + " deleted")
         except ldap.LDAPError as e:
-            e_dict = e.args[0]
-            print(u.returncode(1, str(e_dict.get("result")) + ' ' + e_dict.get("desc") + " "+ e_dict.get("info")))
+            print(u.returncode(1, format_ldap_error(e)))
             exit(1)
     else:
         print(u.returncode(1, "User not found"))
@@ -272,8 +279,7 @@ def activate_entry(l,entity,activate):
             l.modify_s(r[0][0], ldif)
             return(u.returncode(0, message))
         except ldap.LDAPError as e:
-            e_dict = e.args[0]
-            return (u.returncode(1, str(e_dict.get("result")) + ' ' + e_dict.get("desc") + " " + e_dict.get("info")))
+            return (u.returncode(1, format_ldap_error(e)))
 
     else:
         return (u.returncode(1,"Not Found"))
diff --git a/src/lib/backend_utils.py b/src/lib/backend_utils.py
@@ -83,6 +83,16 @@ def _finditem(obj, key):
             if item is not None:
                 return item
 
+def first_non_empty_value(value):
+    if isinstance(value, list):
+        for item in value:
+            s = str(item).strip()
+            if s != "":
+                return s
+        return ""
+    s = str(value).strip()
+    return s if s != "" else ""
+
 def make_entry_array(entity):
     data = {}
     if "identity" in entity['payload']:
@@ -113,6 +123,15 @@ def make_entry_array(entity):
                     if type(v) is int:
                         v = str(v)
                     data[k] = v
+
+    # employeeNumber is usually SINGLE-VALUE in LDAP schema.
+    # Prefer primaryEmployeeNumber when provided by upstream payload.
+    if 'employeeNumber' in data:
+        primary_employee_number = first_non_empty_value(find_key(entity, 'primaryEmployeeNumber'))
+        if primary_employee_number != "":
+            data['employeeNumber'] = primary_employee_number
+        else:
+            data['employeeNumber'] = first_non_empty_value(data['employeeNumber'])
     return data
 
 
