*******************************************************************************/
package fr.gouv.finances.dgfip.xemelios.batch.chaineimport.impdroit;
+import java.io.IOException;
import java.sql.Connection;
import java.sql.SQLException;
import java.text.ParseException;
private static final String AD_BASE_DN_PROP = "ad.baseDn";
private static final String AD_RESULT_PAGE_SIZE = "ad.resultPageSize";
+ private static final String LDAP_FILTER_USER_NOT_XEMELIOS = "(&(objectClass=user)(!(|(memberOf={:mainAdminDN})(memberOf={:delegatedAdminDN})(memberOf={:userDN}))))";
private static final String LDAP_FILTER_ALL_USER = "(&(objectClass=user)(|(memberOf={:mainAdminDN})(memberOf={:delegatedAdminDN})(memberOf={:userDN})))";
private static final String LDAP_FILTER_USER_FROM_LAST_SYNC = "(&(objectClass=user)(whenChanged>={:lastSync})(|(memberOf={:mainAdminDN})(memberOf={:delegatedAdminDN})(memberOf={:userDN})))";
private static final String LDAP_LAST_SYNC_TOKEN = "{:lastSync}";
private QueryProvider queryProvider;
+ private String ldapFilterUserNotXemelios;
private String ldapFilterAllUser;
private String ldapFilterAllUserFromLastSync;
ldapFilterAllUser = buildFilter(LDAP_FILTER_ALL_USER, mainAdminDn, delegAdminDn, userDn);
ldapFilterAllUserFromLastSync = buildFilter(LDAP_FILTER_USER_FROM_LAST_SYNC, mainAdminDn, delegAdminDn, userDn);
+ ldapFilterUserNotXemelios = buildFilter(LDAP_FILTER_USER_NOT_XEMELIOS, mainAdminDn, delegAdminDn, userDn);
logger.debug("Inistialisation du QueryProvider");
String queryFileName = dataLayer.getLayerName() + "-queries.properties";
if (checkNotRunning()) {
PoolManager pool = PoolManager.getInstance();
Connection connection = pool.getConnection();
- byte[] cookie = null; // pour la pagination AD
LdapContext adContext = new InitialLdapContext(adEnvConf, null);
- long newUserSyncCount = 0, updatedUserSyncCount = 0, noneUserSyncCount = 0, pageCount = 0;
+ long newUserSyncCount = 0, updatedUserSyncCount = 0, noneUserSyncCount = 0, deletedUserSyncCount = 0;
long startTime, endTime;
try {
connection.setAutoCommit(false);
adContext.setRequestControls(new Control[] { new PagedResultsControl(resultPageSize, Control.CRITICAL) });
+ // -------- Traitement paginé des utilisateurs créés / mofifiés -------------
startTime = System.currentTimeMillis();
do {
- pageCount++;
+ usersToSynchronize = getAdUsers(adContext, filter, lastSyncDtFmt);
- usersToSynchronize = getAdUsers(adContext, adBaseDn, filter, lastSyncDtFmt);
-
- // -------- Traitement d'une page de résultat -------------
try {
while (usersToSynchronize != null && usersToSynchronize.hasMore()) {
SearchResult adData = (SearchResult) usersToSynchronize.next();
Attributes attributes = adData.getAttributes();
if (attributes.get("userPrincipalName") == null) {
- logger.warn("Utilisateur sans login ignoré : " + attributes.toString());
+ logger.warn("Utilisateur sans login ignoré [sync] : " + attributes.toString());
} else {
ActiveDirectoryUser adUser = new ActiveDirectoryUser(attributes);
logger.debug("Synchronisation utilisateur : " + adUser.getLogin());
usersToSynchronize.close();
}
}
+ } while (ldapNextPage(adContext));
+
+ // -------- Traitement paginé des utilisateurs supprimés des groupes xemelios -------------
+ do {
+ usersToSynchronize = getAdUsers(adContext, ldapFilterUserNotXemelios, null);
+ try {
+ while (usersToSynchronize != null && usersToSynchronize.hasMore()) {
+ SearchResult adData = (SearchResult) usersToSynchronize.next();
+ Attributes attributes = adData.getAttributes();
+
+ if (attributes.get("userPrincipalName") == null) {
+ logger.warn("Utilisateur sans login ignoré [unsync] : " + attributes.toString());
+ } else {
+ ActiveDirectoryUser adUser = new ActiveDirectoryUser(attributes);
+ Long userId = getUserIdFromGuid(connection, adUser.getGuid());
- // ------ On passe à la page suivante -------------
- Control[] controls = adContext.getResponseControls();
- if (controls != null) {
- for (int i = 0; i < controls.length; i++) {
- if (controls[i] instanceof PagedResultsResponseControl) {
- PagedResultsResponseControl prrc = (PagedResultsResponseControl) controls[i];
- // total = prrc.getResultSize();
- cookie = prrc.getCookie();
+ if (userId != null) {
+ unsynchronizeUser(connection, userId);
+ deletedUserSyncCount++;
+ }
}
}
+ } finally {
+ if (usersToSynchronize != null) {
+ usersToSynchronize.close();
+ }
}
-
- // page suivante
- adContext.setRequestControls(new Control[] { new PagedResultsControl(resultPageSize, cookie, Control.CRITICAL) });
- } while (cookie != null);
+ } while (ldapNextPage(adContext));
// on enregistre la date de synchronisation
updateLastSyncParameter(adCurrentTime);
} catch (Throwable t) {
logger.error("Synchonisation LDAP", t);
} finally {
- logger.info("Fin de la synchronisation LDAP : " + pageCount + " pages reçues, " + newUserSyncCount + " utilisateurs créés, " + updatedUserSyncCount + " mis à jour, " + noneUserSyncCount + " non-synchronisés");
+ logger.info("Fin de la synchronisation LDAP : " + newUserSyncCount + " utilisateurs créés, " + updatedUserSyncCount + " mis à jour, " + noneUserSyncCount + " non-synchronisés, " + deletedUserSyncCount + " supprimés");
clearLock();
connection.rollback();
pool.releaseConnection(connection);
traitement.setEnd(System.currentTimeMillis());
}
- protected NamingEnumeration<?> getAdUsers(DirContext adContext, String baseDn, String filter, String syncDate) throws NamingException {
+ protected NamingEnumeration<?> getAdUsers(DirContext adContext, String filter, String syncDate) throws NamingException {
SearchControls searchCtrl = new SearchControls();
searchCtrl.setSearchScope(SearchControls.SUBTREE_SCOPE);
- return adContext.search(baseDn, builFilter(filter, syncDate), searchCtrl);
+ return adContext.search(adBaseDn, builFilter(filter, syncDate), searchCtrl);
+ }
+
+ protected boolean ldapNextPage(LdapContext adContext) throws NamingException, IOException {
+ byte[] cookie = null;
+ Control[] controls = adContext.getResponseControls();
+
+ if (controls != null) {
+ for (int i = 0; i < controls.length; i++) {
+ if (controls[i] instanceof PagedResultsResponseControl) {
+ PagedResultsResponseControl prrc = (PagedResultsResponseControl) controls[i];
+ // total = prrc.getResultSize();
+ cookie = prrc.getCookie();
+ }
+ }
+ }
+
+ // page suivante
+ adContext.setRequestControls(new Control[] { new PagedResultsControl(resultPageSize, cookie, Control.CRITICAL) });
+
+ return (cookie != null);
}
protected SyncType synchronizeUser(Connection connection, ActiveDirectoryUser adUser) throws SQLException {
}
}
+ protected void unsynchronizeUser(Connection connection, Long userId) throws SQLException {
+ String cleanProfiles = queryProvider.getQuery("unsynchronizeUser.cleanProfiles");
+ String cleanDocuments = queryProvider.getQuery("unsynchronizeUser.cleanDocuments");
+ String cleanCollectivites = queryProvider.getQuery("unsynchronizeUser.cleanCollectivites");
+ String deleteUser = queryProvider.getQuery("unsynchronizeUser.deleteUser");
+ SimplePStmtBinderBuilder binder = new SimplePStmtBinderBuilder();
+
+ binder.add(userId);
+
+ JdbcUtils.executeUpdate(connection, cleanProfiles, binder.toPStmtBinder());
+ JdbcUtils.executeUpdate(connection, cleanDocuments, binder.toPStmtBinder());
+ JdbcUtils.executeUpdate(connection, cleanCollectivites, binder.toPStmtBinder());
+ JdbcUtils.executeUpdate(connection, deleteUser, binder.toPStmtBinder());
+ }
+
protected Long getUserIdFromLogin(Connection connection, String login) throws SQLException {
String getUserIdQuery = queryProvider.getQuery("getUserIdFromLogin");
SimplePStmtBinderBuilder binder = new SimplePStmtBinderBuilder();
insertXemeliosUser=\
INSERT INTO AUTH_UTILISATEUR(UTI_ID, UTI_OBJ_GUID, UTI_LOGIN, UTI_PASSWORD, UTI_PRENOM, UTI_NOM, UTI_ACTIF, UTI_ALL_FONC, UTI_ALL_DOC, UTI_ALL_COL, UTI_CRC) \
- VALUES(SQ_AUTH_UTILISATEURS.NEXTVAL, ?, ?, '*', ?, ?, ?, 0, 0, 0, ?)
+ VALUES(SQ_AUTH_UTILISATEURS.NEXTVAL, ?, ?, '*', ?, ?, ?, 0, 1, 0, ?)
updateXemeliosUser=\
UPDATE AUTH_UTILISATEUR \
SELECT DISTINCT UTI.UTI_ID, 'SIRET', REF_COLL.IDCOLL \
FROM AUTH_UTILISATEUR UTI \
JOIN REF_CRC_DEPT ON REF_CRC_DEPT.RFC_CRC_NOM = UTI.UTI_CRC \
- JOIN REF_COLL_SPL_IX REF_COLL ON SUBSTR(REF_COLL.CODIC, 0, 3) = LPAD(REF_CRC_DEPT.RFC_DEP_CODE, 3, '0')
\ No newline at end of file
+ JOIN REF_COLL_SPL_IX REF_COLL ON SUBSTR(REF_COLL.CODIC, 0, 3) = LPAD(REF_CRC_DEPT.RFC_DEP_CODE, 3, '0')
+
+
+unsynchronizeUser.cleanProfiles=DELETE FROM AUTH_UTI_PRF WHERE UTI_ID = ?
+
+unsynchronizeUser.cleanDocuments=DELETE FROM AUTH_HAB_DOC WHERE UTI_ID = ?
+
+unsynchronizeUser.cleanCollectivites=DELETE FROM AUTH_HAB_COL WHERE UTI_ID = ?
+
+unsynchronizeUser.deleteUser=DELETE FROM AUTH_UTILISATEUR WHERE UTI_ID = ?
\ No newline at end of file