Turned off removal of old user cert DNs not found in the LIGO LDAP.

f4b67db3 · Brian Moe · 1e362095 · f4b67db3
Commit f4b67db3 authored 10 years ago by Brian Moe
--- a/ligoauth/management/commands/refresh_users_from_ldap.py
+++ b/ligoauth/management/commands/refresh_users_from_ldap.py
@@ -85,8 +85,9 @@ class Command(NoArgsCommand):
                        current_dns = set([ cert.subject for cert in user.x509cert_set.all() ])

                        if current_dns != new_dns:
-                            for dn in current_dns - new_dns:
-                                X509Cert.objects.get(subject=dn).delete()
+# XXX Some certs put in by hand are getting blow away. I don't think this feature is really needed anyway.
+#                            for dn in current_dns - new_dns:
+#                                X509Cert.objects.get(subject=dn).delete()
                            for dn in new_dns - current_dns:
                                cert, created = X509Cert.objects.get_or_create(subject=dn)
                                if created: