[Support] Create a multiple scope based user import

[FrancescoD3V]

I need to import users using scopes, users are located in OU or CN sparse in my LDAP server.

I created the scopes and added them to the app/Providers/AuthServiceProvider.php file

When I try to import users, it seems that Laravel only imports the last file inserted on boot()

Can you help me understand what I'm doing wrong?

------ Scopes Persone ------

namespace App\Ldap\Scopes;

use LdapRecord\Models\Model; use LdapRecord\Models\Scope; use LdapRecord\Query\Model\Builder;

class OnlyUsersPersone implements Scope { /**

• Apply the scope to the given query. */ public function apply(Builder $query, Model $model): void { $query->in('OU=Persone,DC=contoso,DC=local'); } }

------ Scopes Security ------

namespace App\Ldap\Scopes;

use LdapRecord\Models\Model; use LdapRecord\Models\Scope; use LdapRecord\Query\Model\Builder;

class OnlyUsersSecurity implements Scope { /**

• Apply the scope to the given query. */ public function apply(Builder $query, Model $model): void { $query->in('OU=Security,DC=contoso,DC=local'); } }

------ AuthServiceProvider ------

namespace App\Providers;

// use Illuminate\Support\Facades\Gate;

use App\Ldap\Scopes\OnlyUsersPersone; use App\Ldap\Scopes\OnlyUsersSecurity; use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;

class AuthServiceProvider extends ServiceProvider { /**

• The model to policy mappings for the application.

• @var array<class-string, class-string> */ protected $policies = [ // ];

  /**

• Register any authentication / authorization services. */ public function boot(): void { \LdapRecord\Models\ActiveDirectory\User::addGlobalScope( new OnlyUsersPersone );

  \LdapRecord\Models\ActiveDirectory\User::addGlobalScope(
      new OnlyUsersSecurity
  ); 

  } }

Environment:

• LDAP Server Type: ActiveDirectory
• LdapRecord-Laravel Major Version: v3
• PHP Version: 8.2.5

[stevebauman]

Hi @FrancescoD3V,

The LDAP protocol itself doesn't support querying inside multiple OUs at the same time, so when you call the "in()" method on the query builder, the last call will take precedence.

In these cases where you need to import users from multiple OUs, group memberships are usually applied so you can query based on that group membership.

Otherwise, you will have to create the import yourself with the results of both OUs using LdapRecord's built-in importer:

https://github.com/DirectoryTree/LdapRecord-Laravel/blob/master/src/Import/Importer.php

[FrancescoD3V]

Ok thanks for your answer, could I use the scope in the terminal during Import? For example: php artisan ldap:import -scope App\Ldap\Scopes\OnlyUserSecurity

[stevebauman]

Happy to help. And yes you can:

https://ldaprecord.com/docs/laravel/v3/auth/database/importing/#scopes

[DevHoracioRodriguez]

Hello @FrancescoD3V.

Like @stevebauman said, you can use scope in the terminal. Just don't use several scopes or you could have the same behavior. Meaning that only the last scope will be applied.

So, you will need two terminal calls:

php php artisan ldap:import users --scopes "App\Ldap\Scopes\OnlyUsersPersone"

php php artisan ldap:import users --scopes "App\Ldap\Scopes\OnlyUsersSecurity"

Once the above works as expected then you could add two schedule commands:

$schedule->command('ldap:import users', ['--no-interaction','--scopes="App\Ldap\Scopes\OnlyUsersPersone::class"'])
            ->everyMinute();

$schedule->command('ldap:import users', ['--no-interaction','--scopes="App\Ldap\Scopes\OnlyUsersSecurity::class"'])
            ->everyMinute();

I hope it helps!

[stevebauman]

Thanks for posting that @CyberEkklesiaOwner! 🙏