@@ -1231,45 +1231,21 @@ private function deployGitlabUsersAndGroups(array $config, string $gitlabInstanc
12311231 asort ($ usersSync"new " ]);
12321232 $ this logger ->notice (sprintf ("%d Gitlab user(s) created. " , $ usersSync"newNum " ] = count ($ usersSync"new " ])));
12331233
1234- // Disable Gitlab users of which don't exist in directory
1235- $ this logger ->notice ("Disabling Gitlab users of which don't exist in directory... );
1234+ // Synchronise users of between Gitlab and the directory
1235+ $ this logger ->notice ("Synchronising users of between Gitlab and the directory... );
12361236 foreach ($ usersSync"found " ] as $ gitlabUserId$ gitlabUserName
1237- if ($ this in_array_i ($ gitlabUserName$ this getBuiltInUserNames ())) {
1238- $ this logger ->info (sprintf ("Gitlab built-in %s user will be ignored. " , $ gitlabUserName
1239- continue ;
1240- }
1241-
1242- if ($ this in_array_i ($ gitlabUserName$ config"gitlab " ]["options " ]["userNamesToIgnore " ])) {
1243- $ this logger ->info (sprintf ("User \"%s \" in ignore list. " , $ gitlabUserName
1237+ $ gitlabUser$ gitlabusers ()->show ($ gitlabUserId
1238+ if (!is_array ($ gitlabUserempty ($ gitlabUser
1239+ $ this logger ->error (sprintf ("Gitlab user #%d \"%s \" could not be retrieved. " , $ gitlabUserId$ gitlabUserName
12441240 continue ;
12451241 }
12461242
1247- if (isset ($ ldapUsers$ gitlabUserNameis_array ($ ldapUsers$ gitlabUserName
1243+ if (isset ($ gitlabUsertrue === $ gitlabUser"bot " ]) {
1244+ $ this logger ->info (sprintf ("Gitlab user #%d \"%s \" is a bot, ignoring. " , $ gitlabUserId$ gitlabUserName
12481245 continue ;
12491246 }
12501247
1251- $ this logger ->warning (sprintf ("Disabling Gitlab user #%d \"%s \". " , $ gitlabUserId$ gitlabUserName
1252- $ gitlabUsernull ;
1253-
1254- !$ this dryRun ? ($ gitlabUser$ gitlabusers ()->block ($ gitlabUserId$ this logger ->warning ("Operation skipped due to dry run. " );
1255- !$ this dryRun ? ($ gitlabUser$ gitlabusers ()->update ($ gitlabUserId
1256- "admin " => false ,
1257- "can_create_group " => false ,
1258- "external " => true ,
1259- ])) : $ this logger ->warning ("Operation skipped due to dry run. " );
1260-
1261- $ usersSync"extra " ][$ gitlabUserId$ gitlabUserName
1262-
1263- $ this gitlabApiCoolDown ();
1264- }
1265-
1266- asort ($ usersSync"extra " ]);
1267- $ this logger ->notice (sprintf ("%d Gitlab user(s) disabled. " , $ usersSync"extraNum " ] = count ($ usersSync"extra " ])));
1268-
1269- // Update users of which were already in both Gitlab and the directory
1270- $ this logger ->notice ("Updating users of which were already in both Gitlab and the directory... " );
1271- foreach ($ usersSync"found " ] as $ gitlabUserId$ gitlabUserName
1272- if (!empty ($ usersSync"new " ][$ gitlabUserIdempty ($ usersSync"extra " ][$ gitlabUserId
1248+ if (!empty ($ usersSync"new " ][$ gitlabUserId
12731249 continue ;
12741250 }
12751251
@@ -1283,43 +1259,62 @@ private function deployGitlabUsersAndGroups(array $config, string $gitlabInstanc
12831259 continue ;
12841260 }
12851261
1286- if ($ gitlabusers ()->all (["username " => $ gitlabUserName"blocked " => true ])) {
1287- $ this logger ->info (sprintf ("Enabling Gitlab user #%d \"%s \". " , $ gitlabUserId$ gitlabUserName
1288- $ gitlabUsernull ;
1289- !$ this dryRun ? ($ gitlabUser$ gitlabusers ()->unblock ($ gitlabUserId$ this logger ->warning ("Operation skipped due to dry run. " );
1290- }
1262+ if (isset ($ ldapUsers$ gitlabUserNameis_array ($ ldapUsers$ gitlabUserNameempty ($ ldapUsers$ gitlabUserName
1263+ // User exists in directory: Update
1264+ if ("ldap_blocked " === $ gitlabUser"state " ]) {
1265+ $ this logger ->warning (sprintf ("Gitlab user #%d \"%s \" is LDAP blocked, can't update. " , $ gitlabUserId$ gitlabUserName
1266+ continue ;
1267+ }
12911268
1292- $ this logger ->info (sprintf ("Updating Gitlab user #%d \"%s \". " , $ gitlabUserId$ gitlabUserName
1293- $ gitlabUsernull ;
1269+ if ("blocked " === $ gitlabUser"state " ]) {
1270+ $ this logger ->info (sprintf ("Enabling Gitlab user #%d \"%s \". " , $ gitlabUserId$ gitlabUserName
1271+ !$ this dryRun ? ($ gitlabUser$ gitlabusers ()->unblock ($ gitlabUserId$ this logger ->warning ("Operation skipped due to dry run. " );
1272+ }
12941273
1295- if (!isset ($ ldapUsers$ gitlabUserNameis_array ($ ldapUsers$ gitlabUserNamecount ($ ldapUsers$ gitlabUserName4 ) {
1296- $ this logger ->info (sprintf ("Gitlab user \"%s \" has no LDAP details available. " , $ gitlabUserName
1297- continue ;
1298- }
1299- $ ldapUserDetails$ ldapUsers$ gitlabUserName
1274+ $ this logger ->info (sprintf ("Updating Gitlab user #%d \"%s \". " , $ gitlabUserId$ gitlabUserName
1275+ $ ldapUserDetails$ ldapUsers$ gitlabUserName
13001276
1301- !$ this dryRun ? ($ gitlabUser$ gitlabusers ()->update ($ gitlabUserId
1302- // "username" => $gitlabUserName,
1303- // No point updating that. ^
1304- // If the UID changes so will that bit of the DN anyway, so this can't be detected with a custom attribute containing the Gitlab user ID written back to user's LDAP object.
1305- "reset_password " => false ,
1306- "name " => $ ldapUserDetails"fullName " ],
1307- "extern_uid " => $ ldapUserDetails"dn " ],
1308- "provider " => $ gitlabConfig"ldapServerName " ],
1309- "email " => $ ldapUserDetails"email " ],
1310- "admin " => $ ldapUserDetails"isAdmin " ],
1311- "can_create_group " => $ ldapUserDetails"isAdmin " ],
1312- "skip_confirmation " => true ,
1313- "external " => $ ldapUserDetails"isExternal " ],
1314- ])) : $ this logger ->warning ("Operation skipped due to dry run. " );
1277+ !$ this dryRun ? ($ gitlabUser$ gitlabusers ()->update ($ gitlabUserId
1278+ // "username" => $gitlabUserName,
1279+ // No point updating that. ^
1280+ // If the UID changes so will that bit of the DN anyway, so this can't be detected with a custom attribute containing the Gitlab user ID written back to user's LDAP object.
1281+ "reset_password " => false ,
1282+ "name " => $ ldapUserDetails"fullName " ],
1283+ "extern_uid " => $ ldapUserDetails"dn " ],
1284+ "provider " => $ gitlabConfig"ldapServerName " ],
1285+ "email " => $ ldapUserDetails"email " ],
1286+ "admin " => $ ldapUserDetails"isAdmin " ],
1287+ "can_create_group " => $ ldapUserDetails"isAdmin " ],
1288+ "skip_confirmation " => true ,
1289+ "external " => $ ldapUserDetails"isExternal " ],
1290+ ])) : $ this logger ->warning ("Operation skipped due to dry run. " );
13151291
1316- $ usersSync"update " ][$ gitlabUserId$ gitlabUserName
1292+ $ usersSync"update " ][$ gitlabUserId$ gitlabUserName
1293+ } else {
1294+ // User does not exist in directory: Disable
1295+ if (in_array ($ gitlabUser"state " ], ["blocked " , "ldap_blocked " ], true )) {
1296+ $ this logger ->debug (sprintf ("Gitlab user #%d \"%s \" already disabled. " , $ gitlabUserId$ gitlabUserName
1297+ continue ;
1298+ }
1299+
1300+ $ this logger ->warning (sprintf ("Disabling Gitlab user #%d \"%s \". " , $ gitlabUserId$ gitlabUserName
1301+ !$ this dryRun ? ($ gitlabUser$ gitlabusers ()->block ($ gitlabUserId$ this logger ->warning ("Operation skipped due to dry run. " );
1302+ !$ this dryRun ? ($ gitlabUser$ gitlabusers ()->update ($ gitlabUserId
1303+ "admin " => false ,
1304+ "can_create_group " => false ,
1305+ "external " => true ,
1306+ ])) : $ this logger ->warning ("Operation skipped due to dry run. " );
1307+
1308+ $ usersSync"extra " ][$ gitlabUserId$ gitlabUserName
1309+ }
13171310
13181311 $ this gitlabApiCoolDown ();
13191312 }
13201313
13211314 asort ($ usersSync"update " ]);
13221315 $ this logger ->notice (sprintf ("%d Gitlab user(s) updated. " , $ usersSync"updateNum " ] = count ($ usersSync"update " ])));
1316+ asort ($ usersSync"extra " ]);
1317+ $ this logger ->notice (sprintf ("%d Gitlab user(s) disabled. " , $ usersSync"extraNum " ] = count ($ usersSync"extra " ])));
13231318 // >> Handle users
13241319
13251320 // << Handle groups
0 commit comments