Update hg.mozilla.org's pash.py with take both ldap date formats for hgAccessTime

RESOLVED FIXED

Status

RESOLVED FIXED
5 years ago
4 years ago

People

(Reporter: bkero, Unassigned)

Tracking

Details

(Reporter)

Description

5 years ago
In an effort to make svnAccessDate consistent and to alleviate issues with some users not having their hgAccessDate LDAp attributes set correctly, we should forklift this code from bug 936257 to handle both date formats.

I've taken the diff and manually applied it to hg's pash.py version. This won't fix users who have already had their accounts disabled incorrectly, but it will prevent it from happening in the future.

Index: ldap_helper.py.erb
===================================================================
--- ldap_helper.py.erb	(revision 79403)
+++ ldap_helper.py.erb	(working copy)
@@ -44,7 +44,10 @@
       if results:
          (dn, old_entry) = results[0]
          if results[0][1].has_key (attr):
-            access_time = datetime.datetime.strptime(results[0][1][attr][0], "%Y%m%d%H%M%S.%fZ")
+            try:
+               access_time = datetime.datetime.strptime(results[0][1][attr][0], "%Y%m%d%H%M%SZ")
+            except ValueError:
+               access_time = datetime.datetime.strptime(results[0][1][attr][0], "%Y%m%d%H%M%S.%fZ")
             yesterday = datetime.datetime.utcnow() - datetime.timedelta(days=1)
             if access_time < yesterday:
                 ldap_conn_write.modify_s(dn, [(ldap.MOD_REPLACE, attr, value)])
Bug 948762 is one example of a user's access being locked out ahead of time.
(Reporter)

Comment 2

5 years ago
I've tested this on the staging host, this works fine.

>>> ldap_helper.update_ldap_attribute('bkero@mozilla.com', 'hgAccessDate', datetime.datetime.utcnow().strftime("%Y%m%d%H%M%S.%fZ"), 'ldap://ldap.db.scl3.mozilla.com', 'ldap://ldapsync1.db.scl3.mozilla.com')
>>> ldap_helper.get_ldap_attribute('bkero@mozilla.com', 'hgAccessDate', 'ldap://ldap.db.scl3.mozilla.com')
'20131211161013.660590Z'
>>> 

and should resolve the not-updating issue. I've logged the failures to update into pash.log. The file is...rather big.
[root@hgssh1.dmz.scl3 log]# grep ^ERROR pash.log|wc -l
65477

It should be possible to parse this error file and update people's HgAccessTime, although this will take some time to script. Is this worth the engineering effort?
(Reporter)

Comment 3

5 years ago
This comment is for the CAB folks:
Assignee: server-ops-devservices → server-ops
Component: Server Operations: Developer Services → Server Operations: Change Requests
Depends on: 948987
QA Contact: nmaul → shyam
(Reporter)

Comment 4

5 years ago
This got deployed.
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
Product: mozilla.org → Infrastructure & Operations
You need to log in before you can comment on or make changes to this bug.