Closed jsiegers closed 5 years ago
I get that too. I don't think the user (on Gitlab) is being removed, the error looks like a non-existent group-member relationship.
This is quite a simple check:
if (!isset($membersOfThisGroup[$gitlabUserId]) || $membersOfThisGroup[$gitlabUserId] != $gitlabUserName) {
$this->logger->error(sprintf("Group member #%d: User not found.", $n));
continue;
}
I suspect this issue is happening because of how the array $membersOfThisGroup
is being built:
$membersOfThisGroup = [];
foreach ($usersToSyncMembership as $gitlabUserId => $gitlabUserName) {
if (!$this->in_array_i($gitlabUserName, $ldapGroupsSafe[$gitlabGroupName])) {
continue;
}
$membersOfThisGroup[$gitlabUserId] = $gitlabUserName;
}
asort($membersOfThisGroup);
$this->logger->notice(sprintf("Synchronising %d member(s) for group #%d \"%s\" [%s]...", ($membersOfThisGroupNum = count($membersOfThisGroup)), $gitlabGroupId, $gitlabGroupName, $gitlabGroupPath));
This is a concatenation of 3 arrays earlier:
$usersToSyncMembership = ($usersSync["found"] + $usersSync["new"] + $usersSync["update"]);
Actually thinking about it the problem is probably right here:
if (!$this->in_array_i($gitlabUserName, $ldapGroupsSafe[$gitlabGroupName])) {
continue;
}
At this point the user you've taken out of the group is no longer in the $ldapGroupsSafe[$gitlabGroupName]
array, so that user would not be added to the $membersOfThisGroup
array for comparison later on.
If so this could be resolved by commenting out lines 1351-1353, then if it looks successful after a --dryrun
, delete them entirely. I will try this later this evening, but you're welcome to do so sooner and let me know if it worked.
Disregard that. ^ The comparison on lines 1409-1411 was what needed removing. I've just tried this now and it appears to have removed extra group memberships correctly.
Release 0.0.3 contains this fix amongst half a dozen others.
Wow that was really fast! Nice work!
It just so happened that I didn't have much on last night. 🙂 Let me know if this fix didn't work for you.
Just tested it and works now! Cheers!
Hi,
Thanks for this awesome tool! I'm using the FreeIPA directory servers and got it working. The only thing I can't do is remove users from a group. I've created an LDAP group (team1) and placed users in them. During the sync the group is then created and the users are added as members. All fine. When I now remove a user from the LDAP group and then do a sync I get the following error:
I'm expecting that user is removed from the gitlab group as well during the Deleting extra group members. But that doesn't seem the case. Am I missing something or is a bug?
Cheers in advance!