From 8fb61cf5f8e9d728ffb18ccfd35f25202c7cd215 Mon Sep 17 00:00:00 2001 From: Brady Wetherington Date: Wed, 19 Oct 2022 18:36:16 -0700 Subject: [PATCH] Try to better handle LDAP Manager settings that don't line up with what we expect --- app/Console/Commands/LdapSync.php | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/app/Console/Commands/LdapSync.php b/app/Console/Commands/LdapSync.php index 36505eba11..0e43470d07 100755 --- a/app/Console/Commands/LdapSync.php +++ b/app/Console/Commands/LdapSync.php @@ -218,10 +218,24 @@ class LdapSync extends Command if($item['manager'] != null) { // Get the LDAP Manager - $ldap_manager = Ldap::findLdapUsers($item['manager'], -1, $this->option('filter')); + try { + $ldap_manager = Ldap::findLdapUsers($item['manager'], -1, $this->option('filter')); // *THIS* call might be messing us up, somehow? Like, maybe breaking pagination or something? + } catch (\Exception $e) { + \Log::warn("Manager lookup caused an exception: ".$e->getMessage().". Falling back to direct username lookup"); + // Hail-mary for Okta manager 'shortnames' - will only work if + // Okta configuration is using full email-address-style usernames + $ldap_manager = [ + "count" => 1, + 0 => [ + $ldap_result_username => [$item['manager']] + ] + ]; + } - if($ldap_manager["count"] > 0) { - // Get the Managers username + if ($ldap_manager["count"] > 0) { + + // Get the Manager's username + // PHP LDAP returns every LDAP attribute as an array, and 90% of the time it's an array of just one item. But, hey, it's an array. $ldapManagerUsername = $ldap_manager[0][$ldap_result_username][0]; // Get User from Manager username. @@ -233,7 +247,6 @@ class LdapSync extends Command } } } - // Sync activated state for Active Directory. if ( !empty($ldap_result_active_flag)) { // IF we have an 'active' flag set.... // ....then *most* things that are truthy will activate the user. Anything falsey will deactivate them.