ad/ldap-connector: prevent revocation if AD/LDAP is down

Ticket: https://redmine.savoirfairelinux.com/issues/7656 Change-Id: Ibd79d6db688ec4662aa756d82051cd03a3493127

ad/ldap-connector: prevent revocation if AD/LDAP is down
f037a08d · Philippe Larose · 484b43dc · f037a08d · f037a08d
Commit f037a08d authored 9 months ago by Philippe Larose
--- a/ad-connector/src/main/java/net/jami/jams/ad/connector/service/UserProfileService.java
+++ b/ad-connector/src/main/java/net/jami/jams/ad/connector/service/UserProfileService.java
@@ -200,13 +200,16 @@ public class UserProfileService {
    public void synchronizeUsersWithAD() {
        log.info("Synchronizing Active Directory user profiles");
        // Fetch all users from the Active Directory
-        List<UserProfile> profilesFromResponse =
+        List<UserProfile> profilesFromAD =
                getUserProfile("*", "LOGON_NAME", false, Optional.empty());
-        // There is a use case where a user is not in the LDAP directory but is in the database.
+        // Do not revoke users if there is an error, the AD server could be down.
+        if (profilesFromAD != null) {
+            // There is a use case where a user is not in the AD server but is in the database.
            // When this happens, we need to revoke the user from the database.
-        List<UserProfile> profilesFromDatabase = dataStore.getUserProfileDao().getAllUserProfile();
+            List<UserProfile> profilesFromDatabase =
+                    dataStore.getUserProfileDao().getAllUserProfile();
            for (UserProfile p : profilesFromDatabase) {
-            if (profilesFromResponse.stream()
+                if (profilesFromAD.stream()
                        .noneMatch(r -> r.getUsername().equals(p.getUsername()))) {
                    log.info("Revoking user " + p.getUsername() + " from the database.");
                    RevokeUserFlow.revokeUser(p.getUsername());
@@ -217,3 +220,4 @@ public class UserProfileService {
            }
        }
    }
+}
--- a/ldap-connector/src/main/java/net/jami/jams/ldap/connector/service/UserProfileService.java
+++ b/ldap-connector/src/main/java/net/jami/jams/ldap/connector/service/UserProfileService.java
@@ -152,11 +152,15 @@ public class UserProfileService {
        // Fetcg all users from the LDAP
        List<UserProfile> profilesFromLDAP =
                getUserProfile("*", "LOGON_NAME", false, Optional.empty());
-        // There is a use case where a user is not in the LDAP directory but is in the database.
+        // Do not revoke users if there is an error, the LDAP server could be down.
+        if (profilesFromLDAP != null) {
+            // There is a use case where a user is not in the LDAP server but is in the database.
            // When this happens, we need to revoke the user from the database.
-        List<UserProfile> profilesFromDatabase = dataStore.getUserProfileDao().getAllUserProfile();
+            List<UserProfile> profilesFromDatabase =
+                    dataStore.getUserProfileDao().getAllUserProfile();
            for (UserProfile p : profilesFromDatabase) {
-            if (profilesFromLDAP.stream().noneMatch(r -> r.getUsername().equals(p.getUsername()))) {
+                if (profilesFromLDAP.stream()
+                        .noneMatch(r -> r.getUsername().equals(p.getUsername()))) {
                    log.info("Revoking user " + p.getUsername() + " from the database.");
                    RevokeUserFlow.revokeUser(p.getUsername());
                    // We also remove the user from the local_directory table to avoid duplicate
@@ -166,3 +170,4 @@ public class UserProfileService {
            }
        }
    }
+}