Skip to content
Snippets Groups Projects
Commit f037a08d authored by Philippe Larose's avatar Philippe Larose
Browse files

ad/ldap-connector: prevent revocation if AD/LDAP is down

Ticket: https://redmine.savoirfairelinux.com/issues/7656
Change-Id: Ibd79d6db688ec4662aa756d82051cd03a3493127
parent 484b43dc
No related branches found
No related tags found
No related merge requests found
...@@ -200,13 +200,16 @@ public class UserProfileService { ...@@ -200,13 +200,16 @@ public class UserProfileService {
public void synchronizeUsersWithAD() { public void synchronizeUsersWithAD() {
log.info("Synchronizing Active Directory user profiles"); log.info("Synchronizing Active Directory user profiles");
// Fetch all users from the Active Directory // Fetch all users from the Active Directory
List<UserProfile> profilesFromResponse = List<UserProfile> profilesFromAD =
getUserProfile("*", "LOGON_NAME", false, Optional.empty()); getUserProfile("*", "LOGON_NAME", false, Optional.empty());
// There is a use case where a user is not in the LDAP directory but is in the database. // Do not revoke users if there is an error, the AD server could be down.
if (profilesFromAD != null) {
// There is a use case where a user is not in the AD server but is in the database.
// When this happens, we need to revoke the user from the database. // When this happens, we need to revoke the user from the database.
List<UserProfile> profilesFromDatabase = dataStore.getUserProfileDao().getAllUserProfile(); List<UserProfile> profilesFromDatabase =
dataStore.getUserProfileDao().getAllUserProfile();
for (UserProfile p : profilesFromDatabase) { for (UserProfile p : profilesFromDatabase) {
if (profilesFromResponse.stream() if (profilesFromAD.stream()
.noneMatch(r -> r.getUsername().equals(p.getUsername()))) { .noneMatch(r -> r.getUsername().equals(p.getUsername()))) {
log.info("Revoking user " + p.getUsername() + " from the database."); log.info("Revoking user " + p.getUsername() + " from the database.");
RevokeUserFlow.revokeUser(p.getUsername()); RevokeUserFlow.revokeUser(p.getUsername());
...@@ -217,3 +220,4 @@ public class UserProfileService { ...@@ -217,3 +220,4 @@ public class UserProfileService {
} }
} }
} }
}
...@@ -152,11 +152,15 @@ public class UserProfileService { ...@@ -152,11 +152,15 @@ public class UserProfileService {
// Fetcg all users from the LDAP // Fetcg all users from the LDAP
List<UserProfile> profilesFromLDAP = List<UserProfile> profilesFromLDAP =
getUserProfile("*", "LOGON_NAME", false, Optional.empty()); getUserProfile("*", "LOGON_NAME", false, Optional.empty());
// There is a use case where a user is not in the LDAP directory but is in the database. // Do not revoke users if there is an error, the LDAP server could be down.
if (profilesFromLDAP != null) {
// There is a use case where a user is not in the LDAP server but is in the database.
// When this happens, we need to revoke the user from the database. // When this happens, we need to revoke the user from the database.
List<UserProfile> profilesFromDatabase = dataStore.getUserProfileDao().getAllUserProfile(); List<UserProfile> profilesFromDatabase =
dataStore.getUserProfileDao().getAllUserProfile();
for (UserProfile p : profilesFromDatabase) { for (UserProfile p : profilesFromDatabase) {
if (profilesFromLDAP.stream().noneMatch(r -> r.getUsername().equals(p.getUsername()))) { if (profilesFromLDAP.stream()
.noneMatch(r -> r.getUsername().equals(p.getUsername()))) {
log.info("Revoking user " + p.getUsername() + " from the database."); log.info("Revoking user " + p.getUsername() + " from the database.");
RevokeUserFlow.revokeUser(p.getUsername()); RevokeUserFlow.revokeUser(p.getUsername());
// We also remove the user from the local_directory table to avoid duplicate // We also remove the user from the local_directory table to avoid duplicate
...@@ -166,3 +170,4 @@ public class UserProfileService { ...@@ -166,3 +170,4 @@ public class UserProfileService {
} }
} }
} }
}
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment