docs: Improve documentation on syncing UserProfile bool flags via ldap.

It's better to explicitly list the possibilities. Also, the
recommendation regarding is_active should be changed to a strict
"Don't", as Subscription.is_user_active is a denormalized field and
flipping a user's is_active will cause inconsistent state by leaving
Subscriptions unupdated. Given that similar things can be introduced in
the future for any other flag not officially supported by having a
setter, the recommendation should "Don't" in general.
This commit is contained in:
Mateusz Mandera 2021-10-06 17:43:24 +02:00 committed by Tim Abbott
parent 8fab13bb6c
commit 16321327f9
1 changed files with 7 additions and 7 deletions

View File

@ -256,14 +256,14 @@ the next time your `manage.py sync_ldap_user_data` cron job runs.
Other fields you may want to sync from LDAP include: Other fields you may want to sync from LDAP include:
- Boolean flags; `is_realm_admin` (the organization's administrator - Boolean flags describing the user's level of permission:
permission) is the main one. You can use the `is_realm_owner` (Organization owner), `is_realm_admin` (Organization administrator),
`is_guest` (Guest), `is_moderator` (Moderator). You can use the
[AUTH_LDAP_USER_FLAGS_BY_GROUP][django-auth-booleans] feature of [AUTH_LDAP_USER_FLAGS_BY_GROUP][django-auth-booleans] feature of
`django-auth-ldap` to configure a group to get this permissions. `django-auth-ldap` to configure a group to get any of these permissions.
(We don't recommend using this flags feature for managing (Don't use this to modify other boolean flags such as
`is_active` because deactivating a user this way would not disable `is_active` as that can introduce inconsistent state in the database;
any active sessions the user might have; see the above discussion of see the above discussion of automatic deactivation for how to do that properly).
automatic deactivation for how to do that properly).
- String fields like `default_language` (e.g. `en`) or `timezone`, if - String fields like `default_language` (e.g. `en`) or `timezone`, if
you have that data in the right format in your LDAP database. you have that data in the right format in your LDAP database.