[Cubicweb] LDAP synchronization: pre-existing CWGroup and LDAP group with the same name

Dimitri Papadopoulos Orfanos dimitri.papadopoulos at cea.fr
Mon Nov 17 11:20:50 CET 2014

Dear all,

We are operating our new Imagen CubicWeb server using two machines:

* We use a qualification machine on our internal network to import data
to a CubicWeb instance and configure security. Configuring security
requires pre-existing CWGroups. The qualification machine has currently
no access to an LDAP server. The initialization script creates directly
in the CubicWeb instance the CWGroups that are required for configuring
The CubicWeb database is dumped from this qualification machine.

* The production machine is using an LDAP service for user management.
The CubicWeb database is loaded from the dump performed on the
qualification machine. Restarting the production server is pretty fast
this way.
Unfortunately when synchronizing LDAP there is an issue with CWGroups
already present in the CubicWeb database dump and the corresponding
groups declared in LDAP. The synchronization script typically complains
with such errors:

2014-11-16 06:44:55 - (cubicweb.sources.Imagen) ERROR: error while
creating CWGroup: 190798 (name-subject): the value "OPEN_FU2" is already
used, use another one

How would you best solve this issue? I'm working on giving the
qualification machine access to the LDAP service of the production
machine, so that the CubicWeb instance can be synchronized with LDAP on
the qualification machine before importing the data and dumping the
database. It could take some time before it is possible. In the
meantime, do you see an alternative?

Would it make sense to have the synchronization process just emit a
warning when attempting to synchronize an LDAP group with a pre-existing
CWGroup with the same name, instead of emitting an error? The two groups
would be somehow merged,the members of the LDAP group would be added to
the existing CWGroup.

Dimitri Papadopoulos
I2BM, NeuroSpin
F-91191 Gif-sur-Yvette cedex, France

More information about the Cubicweb mailing list