Merge pull request #515 from H2-invent/hotfix/ldapsync-for-deleted-users

Hotfix/ldapsync for deleted users
H2-invent · Mar 19, 2024 · e406d63 · e406d63
2 parents a559c2c + 80a825b
commit e406d63
Show file tree

Hide file tree

Showing 6 changed files with 32 additions and 28 deletions.
diff --git a/src/Command/SyncLdapCommand.php b/src/Command/SyncLdapCommand.php
@@ -24,12 +24,13 @@ class SyncLdapCommand extends Command
 {
     protected static $defaultName = 'app:ldap:sync';
     protected static $defaultDescription = 'This commands syncs a ldap server with users database';
-    private $ldapService;
 
-    public function __construct(LdapService $ldapService, string $name = null)
+    public function __construct(
+        private LdapService $ldapService,
+        string              $name = null)
     {
         parent::__construct($name);
-        $this->ldapService = $ldapService;
+
     }
 
     protected function configure(): void
@@ -91,6 +92,7 @@ protected function execute(InputInterface $input, OutputInterface $output): int
         }
 
         if (!$dryrun) {
+            $io->info('We cleanup Users which are not in the LDAP anymore');
             $this->ldapService->cleanUpLdapUsers();
         }
 

diff --git a/src/Repository/UserRepository.php b/src/Repository/UserRepository.php
@@ -78,6 +78,9 @@ public function findMyUserByIndex($value, User $user)
             ->getResult();
     }
 
+     /**
+      * @return User[] Returns an array of USers objects
+      */
     public function findUsersByLdapServerId($value)
     {
         return $this->createQueryBuilder('u')

diff --git a/src/Service/ldap/LdapService.php b/src/Service/ldap/LdapService.php
@@ -263,22 +263,8 @@ public function setLdaps(array $ldaps): void
 
     public function cleanUpLdapUsers()
     {
-        $ldapUsers = $this->em->getRepository(LdapUserProperties::class)->findAll();
-        foreach ($ldapUsers as $data) {
-            $user = $data->getUser();
-            $ldapTyp = null;
-            foreach ($this->ldaps as $ldap) {
-                if ($ldap->getSerVerId() === $data->getLdapNumber()) {
-                    $ldapTyp = $ldap;
-                }
-            }
-            if (!$ldapTyp) {
-                $this->ldapUserService->deleteUser($user);
-            } else {
-                if ($ldapTyp->isHealthy()) {
-                    $this->ldapUserService->checkUserInLdap($user, $ldapTyp);
-                }
-            }
+        foreach ($this->ldaps as $data){
+            $this->ldapUserService->syncDeletedUser($data);
         }
     }
 }
diff --git a/src/Service/ldap/LdapUserService.php b/src/Service/ldap/LdapUserService.php
@@ -128,12 +128,25 @@ public function cleanUpAdressbook()
      */
     public function syncDeletedUser(LdapType $ldapType)
     {
-        $user = $this->em->getRepository(User::class)->findUsersByLdapServerId($ldapType->getSerVerId());
-        foreach ($user as $data) {
-            $this->checkUserInLdap($data, $ldapType);
+        $usersInSystemFromLdapId = $this->em->getRepository(User::class)->findUsersByLdapServerId($ldapType->getSerVerId());
+        $userListInLdap = $ldapType->retrieveUser();
+
+
+        $dnlist = $this->createDNListFromLdapResult($userListInLdap);
+        foreach ($usersInSystemFromLdapId as $user) {
+            if (!in_array($user->getLdapUserProperties()->getLdapDn(),$dnlist)){
+                $this->deleteUser(user: $user);
+            }
+        }
+    }
+
+
+    private function createDNListFromLdapResult(array $ldapEntry){
+        $dnList = [];
+        foreach ($ldapEntry as $data){
+           $dnList[] = $data->getDn();
         }
-        $user = $this->em->getRepository(User::class)->findUsersByLdapServerId($ldapType->getSerVerId());
-        return $user;
+        return $dnList;
     }
 
     /**

diff --git a/tests/LDAP/LdapConnectionTest.php b/tests/LDAP/LdapConnectionTest.php
@@ -10,7 +10,7 @@
 class LdapConnectionTest extends KernelTestCase
 {
     public static $UserInLDAP = 4;
-    public static $USERWITHLDAPUSERPROPERTIES = 4 + 1;
+    public static $USERWITHLDAPUSERPROPERTIES = 5;
     public static $UserInSubLDAP = 2;
     public static $UserInOneLDAP = 2;
     public $LDAPURL = 'ldap://192.168.230.128:10389';

diff --git a/tests/LDAP/LdapUserServiceTest.php b/tests/LDAP/LdapUserServiceTest.php
@@ -415,19 +415,19 @@ public function testrUsernoinFilterAnymore(): void
         $ldapConnection->setUserNameAttribute('uid');
         $ldapConnection->createLDAP();
         $ldapService->setLdaps([$ldapConnection]);
-        $entry = $ldapService->fetchLdap($ldapConnection);
+        $ldapService->fetchLdap($ldapConnection);
 
         $userRepository = static::getContainer()->get(UserRepository::class);
         $users = $userRepository->findUsersfromLdapService();
-        $this->assertEquals(LdapConnectionTest::$USERWITHLDAPUSERPROPERTIES + 1, sizeof($users));
+        $this->assertEquals(LdapConnectionTest::$USERWITHLDAPUSERPROPERTIES+1, sizeof($users));
         $ldapConnection->setFilter('(&(mail=*))');
         $ldapService->setLdaps([$ldapConnection]);
         $ldapService->fetchLdap($ldapConnection);
         $ldapService->cleanUpLdapUsers();
 
         $userRepository = static::getContainer()->get(UserRepository::class);
         $users = $userRepository->findUsersfromLdapService();
-        $this->assertEquals(LdapConnectionTest::$USERWITHLDAPUSERPROPERTIES - 1, sizeof($users));
+        $this->assertEquals(LdapConnectionTest::$USERWITHLDAPUSERPROPERTIES, sizeof($users));
     }
 
     public function testrUsernoinFilterAnymoreUnhealthy(): void