ad/ldap-connector: prevent revocation if AD/LDAP is down

Ticket: https://redmine.savoirfairelinux.com/issues/7656 Change-Id: Ibd79d6db688ec4662aa756d82051cd03a3493127

ad/ldap-connector: prevent revocation if AD/LDAP is down
f037a08d · Philippe Larose · 484b43dc · f037a08d · f037a08d
Commit f037a08d authored 6 months ago by Philippe Larose
--- a/ad-connector/src/main/java/net/jami/jams/ad/connector/service/UserProfileService.java
+++ b/ad-connector/src/main/java/net/jami/jams/ad/connector/service/UserProfileService.java
@@ -200,19 +200,23 @@ public class UserProfileService {
    public void synchronizeUsersWithAD() {
        log.info("Synchronizing Active Directory user profiles");
        // Fetch all users from the Active Directory
-        List<UserProfile> profilesFromResponse =
+        List<UserProfile> profilesFromAD =
                getUserProfile("*", "LOGON_NAME", false, Optional.empty());
-        // There is a use case where a user is not in the LDAP directory but is in the database.
-        // When this happens, we need to revoke the user from the database.
-        List<UserProfile> profilesFromDatabase = dataStore.getUserProfileDao().getAllUserProfile();
-        for (UserProfile p : profilesFromDatabase) {
-            if (profilesFromResponse.stream()
-                    .noneMatch(r -> r.getUsername().equals(p.getUsername()))) {
-                log.info("Revoking user " + p.getUsername() + " from the database.");
-                RevokeUserFlow.revokeUser(p.getUsername());
-                // We also remove the user from the local_directory table to avoid duplicate
-                // revocations
-                dataStore.getUserProfileDao().deleteUserProfile(p.getUsername());
+        // Do not revoke users if there is an error, the AD server could be down.
+        if (profilesFromAD != null) {
+            // There is a use case where a user is not in the AD server but is in the database.
+            // When this happens, we need to revoke the user from the database.
+            List<UserProfile> profilesFromDatabase =
+                    dataStore.getUserProfileDao().getAllUserProfile();
+            for (UserProfile p : profilesFromDatabase) {
+                if (profilesFromAD.stream()
+                        .noneMatch(r -> r.getUsername().equals(p.getUsername()))) {
+                    log.info("Revoking user " + p.getUsername() + " from the database.");
+                    RevokeUserFlow.revokeUser(p.getUsername());
+                    // We also remove the user from the local_directory table to avoid duplicate
+                    // revocations
+                    dataStore.getUserProfileDao().deleteUserProfile(p.getUsername());
+                }
            }
        }
    }

--- a/ldap-connector/src/main/java/net/jami/jams/ldap/connector/service/UserProfileService.java
+++ b/ldap-connector/src/main/java/net/jami/jams/ldap/connector/service/UserProfileService.java
@@ -152,16 +152,21 @@ public class UserProfileService {
        // Fetcg all users from the LDAP
        List<UserProfile> profilesFromLDAP =
                getUserProfile("*", "LOGON_NAME", false, Optional.empty());
-        // There is a use case where a user is not in the LDAP directory but is in the database.
-        // When this happens, we need to revoke the user from the database.
-        List<UserProfile> profilesFromDatabase = dataStore.getUserProfileDao().getAllUserProfile();
-        for (UserProfile p : profilesFromDatabase) {
-            if (profilesFromLDAP.stream().noneMatch(r -> r.getUsername().equals(p.getUsername()))) {
-                log.info("Revoking user " + p.getUsername() + " from the database.");
-                RevokeUserFlow.revokeUser(p.getUsername());
-                // We also remove the user from the local_directory table to avoid duplicate
-                // revocations
-                dataStore.getUserProfileDao().deleteUserProfile(p.getUsername());
+        // Do not revoke users if there is an error, the LDAP server could be down.
+        if (profilesFromLDAP != null) {
+            // There is a use case where a user is not in the LDAP server but is in the database.
+            // When this happens, we need to revoke the user from the database.
+            List<UserProfile> profilesFromDatabase =
+                    dataStore.getUserProfileDao().getAllUserProfile();
+            for (UserProfile p : profilesFromDatabase) {
+                if (profilesFromLDAP.stream()
+                        .noneMatch(r -> r.getUsername().equals(p.getUsername()))) {
+                    log.info("Revoking user " + p.getUsername() + " from the database.");
+                    RevokeUserFlow.revokeUser(p.getUsername());
+                    // We also remove the user from the local_directory table to avoid duplicate
+                    // revocations
+                    dataStore.getUserProfileDao().deleteUserProfile(p.getUsername());
+                }
            }
        }
    }