From 49fca02bf7f6d60ca7f5e18f6baf21bf1672cba0 Mon Sep 17 00:00:00 2001
From: Fanch <fanch@kaz.bzh>
Date: Wed, 15 Oct 2025 20:35:41 +0200
Subject: [PATCH] pahekoldap

---
 bin/checkPahekoLdap.py | 80 ++++++++++++++++++++++++++++++++----------
 1 file changed, 61 insertions(+), 19 deletions(-)

diff --git a/bin/checkPahekoLdap.py b/bin/checkPahekoLdap.py
index f0dc9fc..6f0afbe 100755
--- a/bin/checkPahekoLdap.py
+++ b/bin/checkPahekoLdap.py
@@ -9,45 +9,84 @@ paheko = Paheko()
 categorie_membres = paheko.get_categorie_id("Membres")
 membres = paheko.get_users_in_categorie(categorie_membres)
 
-def test_quota(paheko_entry, ldap_entry):
-    quota_disque = int(paheko_entry["quota_disque"].strip("'"))
-    quota_cloud = int(ldap_entry[1]['nextcloudQuota'][0][:-3])
-    quota_mail = int(ldap_entry[1]['mailQuota'][0][:-1])
-    # if f"{quota_disque}G".encode() == ldap_entry[1]['mailQuota'][0]:
-    #     ok = True
+def test_services(paheko_entry, ldap_entry):
+    # Vérifie que les services orga activés sont bien désactivés sur le mutu. Juste nextcloud pour l'instant.
+    is_orga = paheko_entry["admin_orga"].strip("'") == "Oui"
+    if is_orga:
+        paheko_has_cloud = paheko_entry["cloud"].strip("'") == "Oui"
+        ldap_cloud_enabled = ldap_entry[1]['nextcloudEnabled'][0] == b"TRUE"
+        return not (paheko_has_cloud and ldap_cloud_enabled)
 
-    if quota_disque == quota_cloud and quota_disque == quota_mail:
+    return True
+
+def test_quota(paheko_entry, ldap_entry):
+    quota_paheko = int(paheko_entry["quota_disque"].strip("'"))
+    quota_nextcloud = int(ldap_entry[1]['nextcloudQuota'][0][:-3])
+    quota_mail = int(ldap_entry[1]['mailQuota'][0][:-1])
+    quota_global = int(ldap_entry[1]['quota'][0])
+    is_orga = paheko_entry["admin_orga"].strip("'") == "Oui"
+    has_mail = ldap_entry[1]['mailEnabled'][0] == b"TRUE"
+    has_nextcloud = ldap_entry[1]['nextcloudEnabled'][0] == b"TRUE"
+
+    if quota_paheko != quota_global:
+        return False
+
+    quota_given = 0
+    if has_mail:
+        quota_given += quota_mail
+    if has_nextcloud:
+        quota_given += quota_nextcloud
+
+    if is_orga:
+        linked_emails = paheko_entry["emails_rattaches"]
+        if linked_emails:
+            for linked_email in linked_emails.splitlines():
+                ldap_linked_entry = ldap.get_email(linked_email)
+                if ldap_linked_entry:
+                    quota_given += int(ldap_linked_entry[0][1]['mailQuota'][0][:-1])
+
+    # beaucoup ont en fait xGO de mail et xGO de cloud pour xGO en tout, à corriger à terme.
+    if quota_global * 2 == quota_given or 1 + quota_global * 2 == quota_given:
         return True
-    elif quota_disque == quota_cloud + quota_mail:
+
+    # On laisse 1GO de rab' pour tous ceux qui ont 10 de cloud et 1 de mail.
+    if quota_given <= quota_global + 1:
         return True
+
+    return False
+
+
+def test_mail_secours(paheko_entry, ldap_entry):
+    # Vérifie que le mail de secours dans le LDAP correspond à celui dans paheko.
+    if paheko_entry["email_secours"]:
+        return paheko_entry["email_secours"].strip("'").encode() == ldap_entry[1]['mailDeSecours'][0]
     else:
         return False
 
-def test_mail_secours(paheko_entry, ldap_entry):
-    try:
-        if paheko_entry["email_secours"]:
-            return paheko_entry["email_secours"].strip("'").encode()== ldap_entry[1]['mailDeSecours'][0]
-        else:
-            return False
-    except e:
-        print(paheko_entry)
-        print(ldap_entry)
-        raise e
+
 
 with Ldap() as ldap:
     try:
         not_in_ldap = []
         mail_secours = []
         quota = []
+        services = []
         for membre in membres:
             ldap_entry = ldap.get_email(membre["email"])
             if ldap_entry:
                 ldap_entry = ldap_entry[0]
+
                 if not test_mail_secours(membre, ldap_entry):
                     mail_secours.append(f"{membre['email']}: Paheko {membre['email_secours']}, LDAP {ldap_entry[1]['mailDeSecours'][0].decode()}")
 
+                if not test_services(membre, ldap_entry):
+                    services.append(f"{membre['email']}: Paheko {membre['cloud']}, LDAP {ldap_entry[1]['nextcloudEnabled'][0].decode()}")
+
                 if not test_quota(membre, ldap_entry):
-                    quota.append(f"{membre['email']}: Paheko {membre['quota_disque']}, LDAP mail {ldap_entry[1]['mailQuota'][0].decode()} cloud {ldap_entry[1]['nextcloudQuota'][0].decode()}")
+                    suffix = ""
+                    if membre['emails_rattaches']:
+                        suffix = " rattachés\n  " + "\n  ".join(membre['emails_rattaches'].splitlines())
+                    quota.append(f"{membre['email']}: Paheko {membre['quota_disque']}, LDAP mail {ldap_entry[1]['mailQuota'][0].decode()} cloud {ldap_entry[1]['nextcloudQuota'][0].decode()} quotaGlobal {ldap_entry[1]['quota'][0].decode()}{suffix}")
 
             else:
                 not_in_ldap.append(f"{membre['email']} / id : {membre['id']}")
@@ -62,5 +101,8 @@ print("\n".join(not_in_ldap))
 print("\nMails de secours pas ok dans le LDAP :")
 print("\n".join(mail_secours))
 
+print("\nServices pas ok dans le LDAP (ont nextcloud commun + dédié) :")
+print("\n".join(services))
+
 print("\nQuotas pas ok dans le LDAP :")
 print("\n".join(quota))