resync email field on user login about laravel-enterprise-starter-kit HOT 3 CLOSED

Hello Tamer,

Should not be too hard, but I would put it in the "eloquent-ldap" package not in the laravel application itself.

Here are a few tips:
Look at the Class "EloquentLDAPUserProvider", Find the function retrieveByCredentials(...) on line 128. Near the end, on line 149 to 155, there is an if statement that creates the user is it was not found in the internal database and ldap auth is enabled. After that and before the function returns I would make a call to a new function to refresh LDAP users. You can base your code on the code in the function createUserFromLDAP($userName) as it will be pretty close to what you need. Also I would wrap your new code with a configuration option so that you can turn it off once you are done.

lastly, you may want to think of a more permanent solution. There are a lot of uses case where a user's personal information (first and last name, but also username and email) will change, such as marriage and other legal name changes or move to other group or department. The best way I found to deal with this is to have a separate maintenance script running on a regular schedule to pull from LDAP/AD and "fix" or update the user's record in the application database. This time around I want to implement it as a schedule maintenance module within the application, but I have not even completed the design of the modules... so... soon maybe, if I don't change my mind...

Does that help at least a little?
Let me know if you want to chat more about this.

Cheers and good luck.
/s

from laravel-enterprise-starter-kit.

Apologies for the delay in response. You are more than helpful, as usual.

The script idea is definitely the way to go for a more permanent solution, but it requires privileged access to the ldap server to query all users information. In my current production environment I can see it is OK, given ~200 users base. But in another environment I plan on reusing l51esk for, with ~2500 users base, the said script can get a little bit more complicated, don't you think?

Wish you a prosperous year.

from laravel-enterprise-starter-kit.

Hello Tamer,

Happy New Year to yourself as well.

I think that by default any user that binds or connect to the Active Directory can search and read the properties of all users and groups, unless your organization has configured a different system. They may have secured some OUs that require specific privileges, you will have to ask your Active Directory administrator. Either way, I would request that a service account be created for this task, with sufficient privileges. That will keep things clean and audit-able.

I find that the maintenance script has more value the more users there are. At one client that has over 40,000 users with around 12,000 to 16,000 users active at any given time. The turn-around for Active Directory changes to be replicated to various applications went from 24-48 hours to 10 minutes. The new advise to our users is: Go grab a coffee your account will be updated by the time you are back!

Ciao.
/s

from laravel-enterprise-starter-kit.