From f4b67db39334c6d4955fe89ed234aab1516468ce Mon Sep 17 00:00:00 2001
From: Brian Moe <branson@gravity.phys.uwm.edu>
Date: Fri, 20 Feb 2015 08:34:50 -0600
Subject: [PATCH] Turned off removal of old user cert DNs not found in the LIGO
 LDAP.

---
 ligoauth/management/commands/refresh_users_from_ldap.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/ligoauth/management/commands/refresh_users_from_ldap.py b/ligoauth/management/commands/refresh_users_from_ldap.py
index 3fb0226c7..73781ccb6 100644
--- a/ligoauth/management/commands/refresh_users_from_ldap.py
+++ b/ligoauth/management/commands/refresh_users_from_ldap.py
@@ -85,8 +85,9 @@ class Command(NoArgsCommand):
                         current_dns = set([ cert.subject for cert in user.x509cert_set.all() ])
 
                         if current_dns != new_dns:
-                            for dn in current_dns - new_dns:
-                                X509Cert.objects.get(subject=dn).delete()
+# XXX Some certs put in by hand are getting blow away. I don't think this feature is really needed anyway.
+#                            for dn in current_dns - new_dns:
+#                                X509Cert.objects.get(subject=dn).delete()
                             for dn in new_dns - current_dns:
                                 cert, created = X509Cert.objects.get_or_create(subject=dn)
                                 if created:
-- 
GitLab