From 2ff895719be712a69696595332be448f1c5b03df Mon Sep 17 00:00:00 2001
From: Christoph Reiter <reiter.christoph@gmail.com>
Date: Thu, 24 Mar 2022 16:48:25 +0100
Subject: [PATCH] Add a health check for the LDAP attributes

We check that at least one person in LDAP has the specified attribute,
or we error out.
---
 src/Service/HealthCheck.php |  1 +
 src/Service/LDAPApi.php     | 36 ++++++++++++++++++++++++++++++++++++
 2 files changed, 37 insertions(+)

diff --git a/src/Service/HealthCheck.php b/src/Service/HealthCheck.php
index 835648c..e72c6ea 100644
--- a/src/Service/HealthCheck.php
+++ b/src/Service/HealthCheck.php
@@ -41,6 +41,7 @@ class HealthCheck implements CheckInterface
     {
         $results = [];
         $results[] = $this->checkMethod('Check if we can connect to the LDAP server', [$this->ldap, 'checkConnection']);
+        $results[] = $this->checkMethod('Check if all attributes are available', [$this->ldap, 'checkAttributes']);
 
         return $results;
     }
diff --git a/src/Service/LDAPApi.php b/src/Service/LDAPApi.php
index 85c814a..cac8b9e 100644
--- a/src/Service/LDAPApi.php
+++ b/src/Service/LDAPApi.php
@@ -111,6 +111,42 @@ class LDAPApi implements LoggerAwareInterface, ServiceSubscriberInterface
         $builder->first();
     }
 
+    public function checkAttributeExists(string $attribute): bool
+    {
+        $provider = $this->getProvider();
+        $builder = $this->getCachedBuilder($provider);
+
+        /** @var User $user */
+        $user = $builder
+            ->where('objectClass', '=', $provider->getSchema()->person())
+            ->whereHas($attribute)
+            ->first();
+
+        return $user !== null;
+    }
+
+    public function checkAttributes()
+    {
+        $attributes = [
+            $this->identifierAttributeName,
+            $this->givenNameAttributeName,
+            $this->familyNameAttributeName,
+            $this->emailAttributeName,
+            $this->birthdayAttributeName,
+        ];
+
+        $missing = [];
+        foreach ($attributes as $attr) {
+            if ($attr !== '' && !$this->checkAttributeExists($attr)) {
+                $missing[] = $attr;
+            }
+        }
+
+        if (count($missing) > 0) {
+            throw new \RuntimeException('The following LDAP attributes were not found: '.join(', ', $missing));
+        }
+    }
+
     public function setDeploymentEnvironment(string $env)
     {
         $this->deploymentEnv = $env;
-- 
GitLab