From c6d11ee6c7fd632441700b18a948d4bd681f8a77 Mon Sep 17 00:00:00 2001
From: Frank Brehm <frank.brehm@pixelpark.com>
Date: Mon, 20 Jul 2020 15:16:19 +0200
Subject: [PATCH] Better handling of non-admin DB users in check-dnsui-users

---
 pp_lib/dnsui_users.py | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/pp_lib/dnsui_users.py b/pp_lib/dnsui_users.py
index 75103e1..2f72638 100644
--- a/pp_lib/dnsui_users.py
+++ b/pp_lib/dnsui_users.py
@@ -26,7 +26,7 @@ from .common import pp
 
 from .ldap_app import PpLdapAppError, PpLdapApplication
 
-__version__ = '0.4.4'
+__version__ = '0.4.5'
 LOG = logging.getLogger(__name__)
 
 
@@ -451,12 +451,13 @@ class DnsuiUsersApp(PpLdapApplication):
 
             query_filter = (
                 '(&(objectclass=posixAccount)(objectclass=shadowAccount)'
-                '(uid={}))').format(uid)
-            if self.verbose > 2:
+                '(inetuserstatus=active)(objectclass=pppixelaccount)'
+                '(!(ou=*Extern))(uid={}))').format(uid)
+            if self.verbose > 1:
                 LOG.debug("Query filter: {!r}".format(query_filter))
 
             entries = self.ldap_search_subtree(person, query_filter)
-            if self.verbose > 2:
+            if self.verbose > 1:
                 LOG.debug("Found {} LDAP entries.".format(len(entries)))
             if entries:
 
@@ -466,6 +467,9 @@ class DnsuiUsersApp(PpLdapApplication):
                 if db_user['active'] != 1:
                     change_data['active'] = 1
 
+                if db_user['admin'] != 0:
+                    change_data['admin'] = 0
+
                 sn = entry['sn'][0].strip()
                 fn = None
                 if entry['givenName'] and entry['givenName'][0]:
-- 
2.39.5