setName('ldap:check-group') ->setDescription('checks whether a group exists on LDAP.') ->addArgument( 'ocName', InputArgument::REQUIRED, 'the group name as used in Nextcloud, or the LDAP DN' ) ->addOption( 'force', null, InputOption::VALUE_NONE, 'ignores disabled LDAP configuration' ) ->addOption( 'update', null, InputOption::VALUE_NONE, 'syncs values from LDAP' ) ; } protected function execute(InputInterface $input, OutputInterface $output): int { $this->dispatcher->addListener(GroupCreatedEvent::class, fn ($event) => $this->onGroupCreatedEvent($event, $output)); $this->dispatcher->addListener(UserAddedEvent::class, fn ($event) => $this->onUserAddedEvent($event, $output)); $this->dispatcher->addListener(UserRemovedEvent::class, fn ($event) => $this->onUserRemovedEvent($event, $output)); try { $this->assertAllowed($input->getOption('force')); $gid = $input->getArgument('ocName'); $wasMapped = $this->groupWasMapped($gid); if ($this->backend->getLDAPAccess($gid)->stringResemblesDN($gid)) { $groupname = $this->backend->dn2GroupName($gid); if ($groupname !== false) { $gid = $groupname; } } /* Search to trigger mapping for new groups */ $this->backend->getGroups($gid); $exists = $this->backend->groupExistsOnLDAP($gid, true); if ($exists === true) { $output->writeln('The group is still available on LDAP.'); if ($input->getOption('update')) { $this->backend->getLDAPAccess($gid)->connection->clearCache(); if ($wasMapped) { $this->service->handleKnownGroups([$gid]); } else { $this->service->handleCreatedGroups([$gid]); } } return self::SUCCESS; } if ($wasMapped) { $output->writeln('The group does not exist on LDAP anymore.'); if ($input->getOption('update')) { $this->backend->getLDAPAccess($gid)->connection->clearCache(); $this->service->handleRemovedGroups([$gid]); } return self::SUCCESS; } throw new \Exception('The given group is not a recognized LDAP group.'); } catch (\Exception $e) { $output->writeln('' . $e->getMessage() . ''); return self::FAILURE; } } public function onGroupCreatedEvent(GroupCreatedEvent $event, OutputInterface $output): void { $output->writeln('The group ' . $event->getGroup()->getGID() . ' was added to Nextcloud with ' . $event->getGroup()->count() . ' users'); } public function onUserAddedEvent(UserAddedEvent $event, OutputInterface $output): void { $user = $event->getUser(); $group = $event->getGroup(); $output->writeln('The user ' . $user->getUID() . ' was added to group ' . $group->getGID() . ''); } public function onUserRemovedEvent(UserRemovedEvent $event, OutputInterface $output): void { $user = $event->getUser(); $group = $event->getGroup(); $output->writeln('The user ' . $user->getUID() . ' was removed from group ' . $group->getGID() . ''); } /** * checks whether a group is actually mapped * @param string $gid the groupname as passed to the command */ protected function groupWasMapped(string $gid): bool { $dn = $this->mapping->getDNByName($gid); if ($dn !== false) { return true; } $name = $this->mapping->getNameByDN($gid); return $name !== false; } /** * checks whether the setup allows reliable checking of LDAP group existence * @throws \Exception */ protected function assertAllowed(bool $force): void { if ($this->helper->haveDisabledConfigurations() && !$force) { throw new \Exception('Cannot check group existence, because ' . 'disabled LDAP configurations are present.'); } // we don't check ldapUserCleanupInterval from config.php because this // action is triggered manually, while the setting only controls the // background job. } private function updateGroup(string $gid, OutputInterface $output, bool $wasMapped): void { try { if ($wasMapped) { $this->service->handleKnownGroups([$gid]); } else { $this->service->handleCreatedGroups([$gid]); } } catch (\Exception $e) { $output->writeln('Error while trying to lookup and update attributes from LDAP'); } } }