From 60c0e5999ea7a213f4576932011a12e197a21d6f Mon Sep 17 00:00:00 2001
From: Tao Chen <tachen@phys.ethz.ch>
Date: Mon, 27 Mar 2023 23:00:59 +0200
Subject: [PATCH 01/17] add cron

---
 Dockerfile            | 35 +++++++++++++++++++++++++---------
 docker/cron_task.sh   | 42 +++++++++++++++++++++++++++++++++++++++++
 docker/entrypoint.sh  | 44 +++++++++++++++++++++++++++++++++++++++++++
 docker/healthcheck.sh | 15 +++++++++++++++
 4 files changed, 127 insertions(+), 9 deletions(-)
 create mode 100755 docker/cron_task.sh
 create mode 100644 docker/entrypoint.sh
 create mode 100755 docker/healthcheck.sh

diff --git a/Dockerfile b/Dockerfile
index 744faf0..9c97158 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,21 +1,38 @@
 FROM mlocati/php-extension-installer:latest AS installer
 FROM php:7.4.9-cli-alpine3.12
+# USER root
 
 COPY --from=installer /usr/bin/install-php-extensions /usr/bin/
 
-RUN apk add --no-cache bash curl && \
-    rm -rf /var/cache/apk/*
-
+RUN apk add --no-cache bash curl git tini \
+    && rm -rf /var/cache/apk/* \
+    && install-php-extensions ldap \
+    && mkdir -p /app
+    # && chown -R www-data:www-data /app
 # Install PHP extensions
-RUN install-php-extensions ldap
+# RUN install-php-extensions ldap
+
+WORKDIR /app
+# USER www-data
 
 # INSTALL COMPOSER
 SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
-RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/bin --filename=composer
+RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/bin --filename=composer \
+    && git clone git@github.com:Adambean/gitlab-ce-ldap-sync.git /app \
+    && composer install
 
-WORKDIR /app
-COPY . .
+ADD ./docker /tmp/docker
+RUN cp /tmp/docker/entrypoint.sh /entrypoint.sh \
+    && chmod +x /entrypoint.sh \
+    && cp /tmp/docker/healthcheck.sh /healthcheck.sh \
+    && chmod +x /healthcheck.sh \
+    && cp /tmp/cron_task.sh /cron_task.sh \
+    && chmod +x /cron_task.sh \
+    && rm -rf /tmp/docker
+
+
+ENTRYPOINT ["tini", "--", "/entrypoint.sh"]
 
-RUN composer install
+HEALTHCHECK --timeout=5s CMD ["/healthcheck.sh"]
 
-CMD ["update-ca-certificates", "&&", "php", "bin/console", "ldap:sync"]
+# CMD ["update-ca-certificates", "&&", "php", "bin/console", "ldap:sync"]
diff --git a/docker/cron_task.sh b/docker/cron_task.sh
new file mode 100755
index 0000000..09feebc
--- /dev/null
+++ b/docker/cron_task.sh
@@ -0,0 +1,42 @@
+#/bin/ash
+###
+ # @Descripttion: 
+ # @version: 
+ # @Author: Tao Chen
+ # @Date: 2023-03-27 18:11:58
+ # @LastEditors: Tao Chen
+ # @LastEditTime: 2023-03-27 22:59:20
+### 
+# update-ca-certificates
+set -e
+
+if [ -z "$WORK_DIR" ]; then
+    WORK_DIR=/app
+fi
+
+if [ -z "$CONFIG_FILE" ]; then
+    CONFIG_FILE=$WORK_DIR/config.yml
+else
+    ln -s $WORK_DIR/config.yml /app/config.yml
+fi
+
+if [ -z "$DRY_RUN" ]; then
+    DRY_RUN=false
+fi
+
+if [ -z "DEBUG_V" ]; then
+    DEBUG_V="v"
+fi
+
+PHP_SCRIPT=$WORK_DIR/bin/console
+if [ $DRY_RUN = true ]; then
+    $CMD="update-ca-certificates && php $PHP_SCRIPT ldap:sync -d -$DEBUG_V"
+else
+    $CMD="update-ca-certificates && php $PHP_SCRIPT ldap:sync -$DEBUG_V"
+fi
+
+echo "================================"
+echo "Start to run cron task : $CMD"
+eval $CMD
+echo "End"
+echo "================================"
diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
new file mode 100644
index 0000000..9a6189c
--- /dev/null
+++ b/docker/entrypoint.sh
@@ -0,0 +1,44 @@
+#/bin/ash
+###
+ # @Descripttion: 
+ # @version: 
+ # @Author: Tao Chen
+ # @Date: 2023-03-27 18:11:58
+ # @LastEditors: Tao Chen
+ # @LastEditTime: 2023-03-27 22:59:26
+### 
+
+if [ -z "$SYNC_INTERVAL_DAY" ]; then
+    SYNC_INTERVAL_DAY=0
+fi
+
+if [ -z "$SYNC_INTERVAL_HOUR" ]; then
+    SYNC_INTERVAL_HOUR=0
+fi
+
+if [ -z "$SYNC_INTERVAL_MINUTE" ]; then
+    SYNC_INTERVAL_MINUTE=5
+fi
+
+if [ $SYNC_INTERVAL_DAY -gt 0 ]; then
+    DAY_SYMBOL="*/$SYNC_INTERVAL_DAY"
+else
+    DAY_SYMBOL="*"
+fi
+
+if [ $SYNC_INTERVAL_HOUR -gt 0 ]; then
+    HOUR_SYMBOL="*/$SYNC_INTERVAL_HOUR"
+else
+    HOUR_SYMBOL="*"
+fi
+
+if [ $SYNC_INTERVAL_MINUTE -gt 0 ]; then
+    MINUTE_SYMBOL="*/$SYNC_INTERVAL_MINUTE"
+else
+    MINUTE_SYMBOL="*"
+fi
+
+echo "$MINUTE_SYMBOL $SYNC_INTERVAL_HOUR $SYNC_INTERVAL_DAY * * /cron-task.sh" > /var/spool/cron/crontabs/root
+
+echo "Starting crond"
+exec crond -f -l 0
\ No newline at end of file
diff --git a/docker/healthcheck.sh b/docker/healthcheck.sh
new file mode 100755
index 0000000..f098746
--- /dev/null
+++ b/docker/healthcheck.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+###
+ # @Descripttion: 
+ # @version: 
+ # @Author: Tao Chen
+ # @Date: 2023-03-27 22:36:03
+ # @LastEditors: Tao Chen
+ # @LastEditTime: 2023-03-27 23:00:32
+### 
+
+#!/usr/bin/env bash
+set -x
+
+# Make sure cron daemon is still running
+ps -o comm | grep crond || exit 1

From e4592886fc42705bf03bd073eff862fb6b88348b Mon Sep 17 00:00:00 2001
From: Tao Chen <tachen@phys.ethz.ch>
Date: Mon, 27 Mar 2023 23:03:50 +0200
Subject: [PATCH 02/17] while error, add remain user

---
 src/LdapSyncCommand.php | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/LdapSyncCommand.php b/src/LdapSyncCommand.php
index 541654c..6109044 100644
--- a/src/LdapSyncCommand.php
+++ b/src/LdapSyncCommand.php
@@ -1655,9 +1655,13 @@ private function deployGitlabUsersAndGroups(array $config, string $gitlabInstanc
                     continue;
                 }
 
-                $this->logger->info(sprintf("Adding user #%d \"%s\" to group #%d \"%s\" [%s].", $gitlabUserId, $gitlabUserName, $gitlabGroupId, $gitlabGroupName, $gitlabGroupPath));
-                $gitlabGroupMember = null;
-
+                // $this->logger->info(sprintf("Adding user #%d \"%s\" to group #%d \"%s\" [%s].", $gitlabUserId, $gitlabUserName, $gitlabGroupId, $gitlabGroupName, $gitlabGroupPath));
+                // $gitlabGroupMember = null;
+                try {
+                    !$this->dryRun ? ($gitlabGroupMember = $gitlab->api("groups")->addMember($gitlabGroupId, $gitlabUserId, $config["gitlab"]["options"]["newMemberAccessLevel"])) : $this->logger->warning("Operation skipped due to dry run.");
+                } catch (\Exception $e) {
+                    $this->logger->error(sprintf("Gitlab failure: %s", $e->getMessage()), ["error" => $e]);
+                }
                 !$this->dryRun ? ($gitlabGroupMember = $gitlab->api("groups")->addMember($gitlabGroupId, $gitlabUserId, $config["gitlab"]["options"]["newMemberAccessLevel"])) : $this->logger->warning("Operation skipped due to dry run.");
 
                 $gitlabGroupMemberId = (is_array($gitlabGroupMember) && isset($gitlabGroupMember["id"]) && is_int($gitlabGroupMember["id"])) ? $gitlabGroupMember["id"] : sprintf("dry:%s:%d", $gitlabGroupPath, $gitlabUserId);

From 197f1c9bc5825a89cb83a117c89879e3c518af99 Mon Sep 17 00:00:00 2001
From: Tao Chen <tachen@phys.ethz.ch>
Date: Mon, 27 Mar 2023 23:14:34 +0200
Subject: [PATCH 03/17] add exapmle_config file

---
 Dockerfile                |  1 +
 docker/cron_task.sh       | 14 ++++++-----
 docker/example_config.yml | 50 +++++++++++++++++++++++++++++++++++++++
 3 files changed, 59 insertions(+), 6 deletions(-)
 create mode 100644 docker/example_config.yml

diff --git a/Dockerfile b/Dockerfile
index 9c97158..c68cf5f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -28,6 +28,7 @@ RUN cp /tmp/docker/entrypoint.sh /entrypoint.sh \
     && chmod +x /healthcheck.sh \
     && cp /tmp/cron_task.sh /cron_task.sh \
     && chmod +x /cron_task.sh \
+    && cp /tmp/docker/example_config.yml /app/example_config.yml \
     && rm -rf /tmp/docker
 
 
diff --git a/docker/cron_task.sh b/docker/cron_task.sh
index 09feebc..a1656ba 100755
--- a/docker/cron_task.sh
+++ b/docker/cron_task.sh
@@ -5,20 +5,22 @@
  # @Author: Tao Chen
  # @Date: 2023-03-27 18:11:58
  # @LastEditors: Tao Chen
- # @LastEditTime: 2023-03-27 22:59:20
+ # @LastEditTime: 2023-03-27 23:13:46
 ### 
 # update-ca-certificates
 set -e
 
-if [ -z "$WORK_DIR" ]; then
-    WORK_DIR=/app
-fi
+WORK_DIR=/app
 
 if [ -z "$CONFIG_FILE" ]; then
     CONFIG_FILE=$WORK_DIR/config.yml
-else
-    ln -s $WORK_DIR/config.yml /app/config.yml
 fi
+if [ ! -f "$CONFIG_FILE" ]; then
+    echo "Config file not found, use default config file."
+    $CONFIG_FILE=$WORK_DIR/config.yml.dist
+fi
+
+ln -s $CONFIG_FILE $WORK_DIR/config.yml
 
 if [ -z "$DRY_RUN" ]; then
     DRY_RUN=false
diff --git a/docker/example_config.yml b/docker/example_config.yml
new file mode 100644
index 0000000..406eff6
--- /dev/null
+++ b/docker/example_config.yml
@@ -0,0 +1,50 @@
+# If you don't know what you're doing check "README.md" for more details before
+# filing a request for help.
+
+ldap:
+    debug:                  false
+    winCompatibilityMode:   false
+
+    server:
+        host:                           ~
+        port:                           ~
+        version:                        3
+        encryption:                     ~
+
+        bindDn:                         ~
+        bindPassword:                   ~
+
+    queries:
+        baseDn:                         ''
+
+        userDn:                         ''
+        userFilter:                     "(objectClass=inetOrgPerson)"
+        userUniqueAttribute:            "uid"
+        userMatchAttribute:             "uid"
+        userNameAttribute:              "cn"
+        userEmailAttribute:             "mail"
+
+        groupDn:                        ''
+        groupFilter:                    "(objectClass=groupOfUniqueNames)"
+        groupUniqueAttribute:           "cn"
+        groupMemberAttribute:           "memberUid"
+
+gitlab:
+    debug: false
+
+    options:
+        userNamesToIgnore:              []
+        groupNamesToIgnore:             []
+
+        createEmptyGroups:              false
+        deleteExtraGroups:              false
+        newMemberAccessLevel:           30
+
+        groupNamesOfAdministrators:     []
+        groupNamesOfExternal:           []
+
+    instances:
+        example:
+            url:            ~
+            token:          ~
+            ldapServerName: ~

From a377e5c4df75dab22878b7175a92c86622d0d03a Mon Sep 17 00:00:00 2001
From: Tao Chen <tachen@phys.ethz.ch>
Date: Mon, 27 Mar 2023 23:24:05 +0200
Subject: [PATCH 04/17] add README

---
 docker/README.md     | 29 +++++++++++++++++++++++++++++
 docker/cron_task.sh  |  2 +-
 docker/entrypoint.sh |  8 ++++++++
 3 files changed, 38 insertions(+), 1 deletion(-)
 create mode 100644 docker/README.md

diff --git a/docker/README.md b/docker/README.md
new file mode 100644
index 0000000..fa65384
--- /dev/null
+++ b/docker/README.md
@@ -0,0 +1,29 @@
+## how to use docker
+
+### Volume
+    - /etc/localtime:/etc/localtime:ro
+    - ./config.yml:/app/config.yml
+you can mount config.yml at /app/config.yml as default. If you mount at different location, you shoulf
+set the CONFIG_FILE as your file location
+
+### Enviriment
+
+#### SYNC_INTERVAL_DAY
+default is 0;
+
+#### SYNC_INTERVAL_HOUR
+default is 0;
+
+#### SYNC_INTERVAL_MINUTE
+default is 5;
+
+#### CONFIG_FILE
+where is the config.yml. default is /app/config.yml
+
+#### DRY_RUN
+default is false. If you set as true, this docker don't sysn really.
+
+#### DEBUG_V
+default is "v".
+
+
diff --git a/docker/cron_task.sh b/docker/cron_task.sh
index a1656ba..9246e3e 100755
--- a/docker/cron_task.sh
+++ b/docker/cron_task.sh
@@ -5,7 +5,7 @@
  # @Author: Tao Chen
  # @Date: 2023-03-27 18:11:58
  # @LastEditors: Tao Chen
- # @LastEditTime: 2023-03-27 23:13:46
+ # @LastEditTime: 2023-03-27 23:23:53
 ### 
 # update-ca-certificates
 set -e
diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
index 9a6189c..ce569cf 100644
--- a/docker/entrypoint.sh
+++ b/docker/entrypoint.sh
@@ -1,4 +1,12 @@
 #/bin/ash
+###
+ # @Descripttion: 
+ # @version: 
+ # @Author: Tao Chen
+ # @Date: 2023-03-27 18:11:58
+ # @LastEditors: Tao Chen
+ # @LastEditTime: 2023-03-27 23:18:07
+### 
 ###
  # @Descripttion: 
  # @version: 

From 7e91663b5fb07290aac69de421fef9664f968ab1 Mon Sep 17 00:00:00 2001
From: Tao Chen <tachen@phys.ethz.ch>
Date: Mon, 27 Mar 2023 23:25:42 +0200
Subject: [PATCH 05/17] use local file

---
 Dockerfile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index c68cf5f..7a7dd8a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -13,12 +13,13 @@ RUN apk add --no-cache bash curl git tini \
 # RUN install-php-extensions ldap
 
 WORKDIR /app
+COPY . .
 # USER www-data
 
 # INSTALL COMPOSER
+#     && git clone git@github.com:Adambean/gitlab-ce-ldap-sync.git /app \
 SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
 RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/bin --filename=composer \
-    && git clone git@github.com:Adambean/gitlab-ce-ldap-sync.git /app \
     && composer install
 
 ADD ./docker /tmp/docker

From 8f8a4356d92f4985487bb8803840159b42106c71 Mon Sep 17 00:00:00 2001
From: Tao Chen <tachen@phys.ethz.ch>
Date: Mon, 27 Mar 2023 23:27:23 +0200
Subject: [PATCH 06/17] correct wrong path

---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 7a7dd8a..f02e092 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -27,7 +27,7 @@ RUN cp /tmp/docker/entrypoint.sh /entrypoint.sh \
     && chmod +x /entrypoint.sh \
     && cp /tmp/docker/healthcheck.sh /healthcheck.sh \
     && chmod +x /healthcheck.sh \
-    && cp /tmp/cron_task.sh /cron_task.sh \
+    && cp /tmp/docker/cron_task.sh /cron_task.sh \
     && chmod +x /cron_task.sh \
     && cp /tmp/docker/example_config.yml /app/example_config.yml \
     && rm -rf /tmp/docker

From 1a788b89deef9ad5129e9f064fc46c159ffcf42b Mon Sep 17 00:00:00 2001
From: Tao Chen <tachen@phys.ethz.ch>
Date: Tue, 28 Mar 2023 00:01:48 +0200
Subject: [PATCH 07/17] debug

---
 Dockerfile            |  2 +-
 docker/cron_task.sh   | 35 +++++++++++++++++++++++------------
 docker/entrypoint.sh  | 17 ++++++-----------
 docker/healthcheck.sh |  3 +--
 4 files changed, 31 insertions(+), 26 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index f02e092..c7236c5 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,7 +4,7 @@ FROM php:7.4.9-cli-alpine3.12
 
 COPY --from=installer /usr/bin/install-php-extensions /usr/bin/
 
-RUN apk add --no-cache bash curl git tini \
+RUN apk add --no-cache bash curl tini\
     && rm -rf /var/cache/apk/* \
     && install-php-extensions ldap \
     && mkdir -p /app
diff --git a/docker/cron_task.sh b/docker/cron_task.sh
index 9246e3e..4e60738 100755
--- a/docker/cron_task.sh
+++ b/docker/cron_task.sh
@@ -1,44 +1,55 @@
-#/bin/ash
+#!/bin/bash
 ###
  # @Descripttion: 
  # @version: 
  # @Author: Tao Chen
  # @Date: 2023-03-27 18:11:58
  # @LastEditors: Tao Chen
- # @LastEditTime: 2023-03-27 23:23:53
+ # @LastEditTime: 2023-03-28 00:01:25
 ### 
-# update-ca-certificates
+
+echo "-------------------------------------------------------------"
+echo " Executing Cron Tasks: $(date)"
+echo "-------------------------------------------------------------"
+
 set -e
 
 WORK_DIR=/app
+CONFIG_FILE_DEFAULT=$WORK_DIR/config.yml
 
 if [ -z "$CONFIG_FILE" ]; then
-    CONFIG_FILE=$WORK_DIR/config.yml
+    CONFIG_FILE=$CONFIG_FILE_DEFAULT
 fi
+
 if [ ! -f "$CONFIG_FILE" ]; then
     echo "Config file not found, use default config file."
     $CONFIG_FILE=$WORK_DIR/config.yml.dist
 fi
 
-ln -s $CONFIG_FILE $WORK_DIR/config.yml
+if [ ! -f "$CONFIG_FILE_DEFAULT" ]; then
+    ln -s $CONFIG_FILE $WORK_DIR/config.yml
+fi
+
 
 if [ -z "$DRY_RUN" ]; then
     DRY_RUN=false
 fi
 
-if [ -z "DEBUG_V" ]; then
-    DEBUG_V="v"
+if [ -z "$DEBUG_V" ]; then
+    DEBUG_V="-vvvv"
+elif [ $DEBUG_V = "NULL" ]; then
+    DEBUG_V=""
+else
+    DEBUG_V=-$DEBUG_V
 fi
 
 PHP_SCRIPT=$WORK_DIR/bin/console
 if [ $DRY_RUN = true ]; then
-    $CMD="update-ca-certificates && php $PHP_SCRIPT ldap:sync -d -$DEBUG_V"
+    CMD="update-ca-certificates && php $PHP_SCRIPT ldap:sync -d $DEBUG_V"
 else
-    $CMD="update-ca-certificates && php $PHP_SCRIPT ldap:sync -$DEBUG_V"
+    CMD="update-ca-certificates && php $PHP_SCRIPT ldap:sync $DEBUG_V"
 fi
 
-echo "================================"
 echo "Start to run cron task : $CMD"
 eval $CMD
-echo "End"
-echo "================================"
+echo "Done"
diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
index ce569cf..88c528c 100644
--- a/docker/entrypoint.sh
+++ b/docker/entrypoint.sh
@@ -1,21 +1,14 @@
-#/bin/ash
+#!/bin/bash
 ###
  # @Descripttion: 
  # @version: 
  # @Author: Tao Chen
  # @Date: 2023-03-27 18:11:58
  # @LastEditors: Tao Chen
- # @LastEditTime: 2023-03-27 23:18:07
-### 
-###
- # @Descripttion: 
- # @version: 
- # @Author: Tao Chen
- # @Date: 2023-03-27 18:11:58
- # @LastEditors: Tao Chen
- # @LastEditTime: 2023-03-27 22:59:26
+ # @LastEditTime: 2023-03-28 00:01:34
 ### 
 
+
 if [ -z "$SYNC_INTERVAL_DAY" ]; then
     SYNC_INTERVAL_DAY=0
 fi
@@ -46,7 +39,9 @@ else
     MINUTE_SYMBOL="*"
 fi
 
-echo "$MINUTE_SYMBOL $SYNC_INTERVAL_HOUR $SYNC_INTERVAL_DAY * * /cron-task.sh" > /var/spool/cron/crontabs/root
+CRON_TASK="$MINUTE_SYMBOL $HOUR_SYMBOL $DAY_SYMBOL * * /cron-task.sh"
+echo "Cron task: $CRON_TASK"
+echo  $CRON_TASK > /var/spool/cron/crontabs/root
 
 echo "Starting crond"
 exec crond -f -l 0
\ No newline at end of file
diff --git a/docker/healthcheck.sh b/docker/healthcheck.sh
index f098746..42a3ab9 100755
--- a/docker/healthcheck.sh
+++ b/docker/healthcheck.sh
@@ -5,10 +5,9 @@
  # @Author: Tao Chen
  # @Date: 2023-03-27 22:36:03
  # @LastEditors: Tao Chen
- # @LastEditTime: 2023-03-27 23:00:32
+ # @LastEditTime: 2023-03-28 00:01:44
 ### 
 
-#!/usr/bin/env bash
 set -x
 
 # Make sure cron daemon is still running

From 9d85aa5f8fee56ade50ba67cc696986865acc0f3 Mon Sep 17 00:00:00 2001
From: Tao Chen <tachen@phys.ethz.ch>
Date: Tue, 28 Mar 2023 00:34:56 +0200
Subject: [PATCH 08/17] debug

---
 Dockerfile            |  2 +-
 docker/cron_task.sh   |  2 +-
 docker/entrypoint.sh  | 13 +++++++++----
 docker/healthcheck.sh |  2 +-
 4 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index c7236c5..6b2804b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -18,7 +18,7 @@ COPY . .
 
 # INSTALL COMPOSER
 #     && git clone git@github.com:Adambean/gitlab-ce-ldap-sync.git /app \
-SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
+SHELL ["/bin/bash", "-eo", "pipefail", "-c"]
 RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/bin --filename=composer \
     && composer install
 
diff --git a/docker/cron_task.sh b/docker/cron_task.sh
index 4e60738..4d7a432 100755
--- a/docker/cron_task.sh
+++ b/docker/cron_task.sh
@@ -5,7 +5,7 @@
  # @Author: Tao Chen
  # @Date: 2023-03-27 18:11:58
  # @LastEditors: Tao Chen
- # @LastEditTime: 2023-03-28 00:01:25
+ # @LastEditTime: 2023-03-28 00:33:53
 ### 
 
 echo "-------------------------------------------------------------"
diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
index 88c528c..11194f4 100644
--- a/docker/entrypoint.sh
+++ b/docker/entrypoint.sh
@@ -5,7 +5,7 @@
  # @Author: Tao Chen
  # @Date: 2023-03-27 18:11:58
  # @LastEditors: Tao Chen
- # @LastEditTime: 2023-03-28 00:01:34
+ # @LastEditTime: 2023-03-28 00:33:41
 ### 
 
 
@@ -39,9 +39,14 @@ else
     MINUTE_SYMBOL="*"
 fi
 
-CRON_TASK="$MINUTE_SYMBOL $HOUR_SYMBOL $DAY_SYMBOL * * /cron-task.sh"
-echo "Cron task: $CRON_TASK"
-echo  $CRON_TASK > /var/spool/cron/crontabs/root
+CRON_FILE=/var/spool/cron/crontabs/root
+# if [ -f "$CRON_FILE" ]; then
+#     rm -rf $CRON_FILE
+# fi
+
+CRON_TASK_CMD="$MINUTE_SYMBOL $HOUR_SYMBOL $DAY_SYMBOL * * /cron_task.sh"
+echo "Cron task: $CRON_TASK_CMD"
+echo "$CRON_TASK_CMD" > $CRON_FILE
 
 echo "Starting crond"
 exec crond -f -l 0
\ No newline at end of file
diff --git a/docker/healthcheck.sh b/docker/healthcheck.sh
index 42a3ab9..46ee762 100755
--- a/docker/healthcheck.sh
+++ b/docker/healthcheck.sh
@@ -5,7 +5,7 @@
  # @Author: Tao Chen
  # @Date: 2023-03-27 22:36:03
  # @LastEditors: Tao Chen
- # @LastEditTime: 2023-03-28 00:01:44
+ # @LastEditTime: 2023-03-28 00:34:08
 ### 
 
 set -x

From 2976418a95a39d17576eda583362f1388b9223a9 Mon Sep 17 00:00:00 2001
From: Tao Chen <tachen@phys.ethz.ch>
Date: Tue, 28 Mar 2023 00:39:01 +0200
Subject: [PATCH 09/17] modify DEBUG_V

---
 docker/README.md    | 2 +-
 docker/cron_task.sh | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/docker/README.md b/docker/README.md
index fa65384..1bbe524 100644
--- a/docker/README.md
+++ b/docker/README.md
@@ -24,6 +24,6 @@ where is the config.yml. default is /app/config.yml
 default is false. If you set as true, this docker don't sysn really.
 
 #### DEBUG_V
-default is "v".
+default is "v". if set as "NULL", there are no output
 
 
diff --git a/docker/cron_task.sh b/docker/cron_task.sh
index 4d7a432..48396ea 100755
--- a/docker/cron_task.sh
+++ b/docker/cron_task.sh
@@ -5,7 +5,7 @@
  # @Author: Tao Chen
  # @Date: 2023-03-27 18:11:58
  # @LastEditors: Tao Chen
- # @LastEditTime: 2023-03-28 00:33:53
+ # @LastEditTime: 2023-03-28 00:38:26
 ### 
 
 echo "-------------------------------------------------------------"
@@ -36,7 +36,7 @@ if [ -z "$DRY_RUN" ]; then
 fi
 
 if [ -z "$DEBUG_V" ]; then
-    DEBUG_V="-vvvv"
+    DEBUG_V="-v"
 elif [ $DEBUG_V = "NULL" ]; then
     DEBUG_V=""
 else

From bc61f2fe04e74a0ea2a79b32b9ef0c7595e92c0d Mon Sep 17 00:00:00 2001
From: Tao Chen <tachen@phys.ethz.ch>
Date: Tue, 28 Mar 2023 00:46:35 +0200
Subject: [PATCH 10/17] <Gitlab failure: "access_level" >. add remain user

---
 src/LdapSyncCommand.php | 13 ++++---------
 1 file changed, 4 insertions(+), 9 deletions(-)

diff --git a/src/LdapSyncCommand.php b/src/LdapSyncCommand.php
index 6109044..7d6e5b9 100644
--- a/src/LdapSyncCommand.php
+++ b/src/LdapSyncCommand.php
@@ -75,8 +75,7 @@ public function configure(): void
             ->setDescription("Sync LDAP users and groups with a Gitlab CE/EE self-hosted installation.")
             ->addOption("dryrun", "d", InputOption::VALUE_NONE, "Dry run: Do not persist any changes.")
             ->addOption("continueOnFail", null, InputOption::VALUE_NONE, "Do not abort on certain errors. (Continue running if possible.)")
-            ->addArgument("instance", InputArgument::OPTIONAL, "Sync with a specific instance, or leave unspecified to work with all.")
-        ;
+            ->addArgument("instance", InputArgument::OPTIONAL, "Sync with a specific instance, or leave unspecified to work with all.");
     }
 
     /**
@@ -308,7 +307,6 @@ private function validateConfig(array &$config, array &$problems = null): bool
 
             $this->logger->$type(sprintf("Configuration: %s", $message));
             $problems[$type][] = $message;
-
         };
 
         // << LDAP
@@ -1103,8 +1101,7 @@ private function deployGitlabUsersAndGroups(array $config, string $gitlabInstanc
 
         $this->logger->debug("Gitlab: Connecting");
         $gitlab = \Gitlab\Client::create($gitlabConfig["url"])
-            ->authenticate($gitlabConfig["token"], \Gitlab\Client::AUTH_HTTP_TOKEN)
-        ;
+            ->authenticate($gitlabConfig["token"], \Gitlab\Client::AUTH_HTTP_TOKEN);
 
         // << Handle users
         $usersSync = [
@@ -1655,15 +1652,13 @@ private function deployGitlabUsersAndGroups(array $config, string $gitlabInstanc
                     continue;
                 }
 
-                // $this->logger->info(sprintf("Adding user #%d \"%s\" to group #%d \"%s\" [%s].", $gitlabUserId, $gitlabUserName, $gitlabGroupId, $gitlabGroupName, $gitlabGroupPath));
-                // $gitlabGroupMember = null;
+                $this->logger->info(sprintf("Adding user #%d \"%s\" to group #%d \"%s\" [%s].", $gitlabUserId, $gitlabUserName, $gitlabGroupId, $gitlabGroupName, $gitlabGroupPath));
+                $gitlabGroupMember = null;
                 try {
                     !$this->dryRun ? ($gitlabGroupMember = $gitlab->api("groups")->addMember($gitlabGroupId, $gitlabUserId, $config["gitlab"]["options"]["newMemberAccessLevel"])) : $this->logger->warning("Operation skipped due to dry run.");
                 } catch (\Exception $e) {
                     $this->logger->error(sprintf("Gitlab failure: %s", $e->getMessage()), ["error" => $e]);
                 }
-                !$this->dryRun ? ($gitlabGroupMember = $gitlab->api("groups")->addMember($gitlabGroupId, $gitlabUserId, $config["gitlab"]["options"]["newMemberAccessLevel"])) : $this->logger->warning("Operation skipped due to dry run.");
-
                 $gitlabGroupMemberId = (is_array($gitlabGroupMember) && isset($gitlabGroupMember["id"]) && is_int($gitlabGroupMember["id"])) ? $gitlabGroupMember["id"] : sprintf("dry:%s:%d", $gitlabGroupPath, $gitlabUserId);
                 $userGroupMembersSync["new"][$gitlabUserId] = $gitlabUserName;
 

From 7c3a54515c3aa2219e7c3a0bcda18b87e7a665ae Mon Sep 17 00:00:00 2001
From: Tao Chen <tachen@phys.ethz.ch>
Date: Tue, 28 Mar 2023 00:47:37 +0200
Subject: [PATCH 11/17] execute  cron_task.sh at container begining

---
 docker/entrypoint.sh | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
index 11194f4..101ec99 100644
--- a/docker/entrypoint.sh
+++ b/docker/entrypoint.sh
@@ -5,7 +5,7 @@
  # @Author: Tao Chen
  # @Date: 2023-03-27 18:11:58
  # @LastEditors: Tao Chen
- # @LastEditTime: 2023-03-28 00:33:41
+ # @LastEditTime: 2023-03-28 00:46:55
 ### 
 
 
@@ -45,6 +45,15 @@ CRON_FILE=/var/spool/cron/crontabs/root
 # fi
 
 CRON_TASK_CMD="$MINUTE_SYMBOL $HOUR_SYMBOL $DAY_SYMBOL * * /cron_task.sh"
+
+echo "-------------------------------------------------------------"
+echo " Start at : $(date)"
+echo "-------------------------------------------------------------"
+echo "manual excute: /cron_task.sh"
+bash /cron_task.sh
+echo "Done"
+echo "-------------------------------------------------------------"
+
 echo "Cron task: $CRON_TASK_CMD"
 echo "$CRON_TASK_CMD" > $CRON_FILE
 

From 7d946623032f35a1a4b5c139711c667af4735635 Mon Sep 17 00:00:00 2001
From: Tao Chen <tachen@phys.ethz.ch>
Date: Tue, 28 Mar 2023 00:50:31 +0200
Subject: [PATCH 12/17] add an example

---
 docker/README.md | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/docker/README.md b/docker/README.md
index 1bbe524..3e44b48 100644
--- a/docker/README.md
+++ b/docker/README.md
@@ -27,3 +27,29 @@ default is false. If you set as true, this docker don't sysn really.
 default is "v". if set as "NULL", there are no output
 
 
+## Example
+```yaml
+version: "3.7"
+
+services:
+
+    gitlab-ldap-sync:
+        build: 
+            context: ./ldap-sync/github
+            dockerfile: Dockerfile
+        image: my/gitlab-ldap-sync
+        container_name: gitlab-ldap-sync
+        hostname: gitlab-ldap-sync
+        privileged: false
+        network_mode: host
+        volumes:
+            - /etc/localtime:/etc/localtime:ro
+            - ./ldap-sync/config.yml:/app/config.yml
+        environment:
+            DRY_RUN: false
+            SYNC_INTERVAL_MINUTE: 5
+            DEBUG_V: "v"
+```
+
+
+

From 839ef064e1dce0a4a58d2c5c7b8a832a3196deaf Mon Sep 17 00:00:00 2001
From: Tao Chen <tachen@phys.ethz.ch>
Date: Mon, 8 May 2023 21:24:50 +0200
Subject: [PATCH 13/17] update

---
 Dockerfile            |  4 ++--
 docker.sh             | 51 +++++++++++++++++++++++++++++++++++++++++++
 docker/README.md      | 24 ++++++++++++++++++++
 docker/cron_task.sh   | 32 +++++++++++++++++----------
 docker/entrypoint.sh  | 29 +++++++++++++++---------
 docker/healthcheck.sh |  1 -
 6 files changed, 117 insertions(+), 24 deletions(-)
 create mode 100644 docker.sh

diff --git a/Dockerfile b/Dockerfile
index f02e092..6b2804b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,7 +4,7 @@ FROM php:7.4.9-cli-alpine3.12
 
 COPY --from=installer /usr/bin/install-php-extensions /usr/bin/
 
-RUN apk add --no-cache bash curl git tini \
+RUN apk add --no-cache bash curl tini\
     && rm -rf /var/cache/apk/* \
     && install-php-extensions ldap \
     && mkdir -p /app
@@ -18,7 +18,7 @@ COPY . .
 
 # INSTALL COMPOSER
 #     && git clone git@github.com:Adambean/gitlab-ce-ldap-sync.git /app \
-SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
+SHELL ["/bin/bash", "-eo", "pipefail", "-c"]
 RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/bin --filename=composer \
     && composer install
 
diff --git a/docker.sh b/docker.sh
new file mode 100644
index 0000000..021c68c
--- /dev/null
+++ b/docker.sh
@@ -0,0 +1,51 @@
+#!/bin/bash
+
+DEFAULT_REPO="iamtaochen"
+DEFAULT_NAME="gitlab-ldap-sync"
+
+MODE=$1; shift
+if [ -z "$MODE" ]; then
+    MODE="build"
+fi
+
+function build() {
+    NAME=$1
+    if [ -z "$NAME" ]; then
+        NAME=$DEFAULT_NAME
+    fi
+    TAG=$2
+    if [ -z "$TAG" ]; then
+        TAG="latest"
+    fi
+    docker build -t $NAME:$TAG .
+}
+
+function push()
+{
+    NAME=$1
+    if [ -z "$NAME" ]; then
+        NAME=$DEFAULT_NAME
+    fi
+    TAG=$2
+    if [ -z "$TAG" ]; then
+        TAG="latest"
+    fi
+    REPO=$3
+    if [ -z "$REPO" ]; then
+        REPO=$DEFAULT_REPO
+    fi
+    IMAG=$NAME:$TAG
+    REMOTE=$REPO/$IMAG
+    docker tag $IMAG $REMOTE
+    docker push $REMOTE
+}
+
+if [ "$MODE" == "build" ]; then
+    build $@
+elif [ "$MODE" == "push" ]; then
+    push $@
+elif [ "$MODE" == "all" ]; then
+    build $@
+    push $@
+fi
+
diff --git a/docker/README.md b/docker/README.md
index fa65384..4f11075 100644
--- a/docker/README.md
+++ b/docker/README.md
@@ -27,3 +27,27 @@ default is false. If you set as true, this docker don't sysn really.
 default is "v".
 
 
+## Example
+```yaml
+version: "3.7"
+
+services:
+
+    gitlab-ldap-sync:
+        build: 
+            context: ./ldap-sync/github
+            dockerfile: Dockerfile
+        image: my/gitlab-ldap-sync
+        container_name: gitlab-ldap-sync
+        hostname: gitlab-ldap-sync
+        privileged: false
+        network_mode: host
+        volumes:
+            - /etc/localtime:/etc/localtime:ro
+            - ./ldap-sync/config.yml:/app/config.yml
+        environment:
+            DRY_RUN: false
+            SYNC_INTERVAL_MINUTE: 5
+            DEBUG_V: "v"
+```
+
diff --git a/docker/cron_task.sh b/docker/cron_task.sh
index 9246e3e..ae03871 100755
--- a/docker/cron_task.sh
+++ b/docker/cron_task.sh
@@ -1,4 +1,4 @@
-#/bin/ash
+#!/bin/bash
 ###
  # @Descripttion: 
  # @version: 
@@ -7,38 +7,48 @@
  # @LastEditors: Tao Chen
  # @LastEditTime: 2023-03-27 23:23:53
 ### 
-# update-ca-certificates
+echo "-------------------------------------------------------------"
+echo " Executing Cron Tasks: $(date)"
+echo "-------------------------------------------------------------"
+
 set -e
 
 WORK_DIR=/app
+CONFIG_FILE_DEFAULT=$WORK_DIR/config.yml
 
 if [ -z "$CONFIG_FILE" ]; then
-    CONFIG_FILE=$WORK_DIR/config.yml
+    CONFIG_FILE=$CONFIG_FILE_DEFAULT
 fi
+
 if [ ! -f "$CONFIG_FILE" ]; then
     echo "Config file not found, use default config file."
     $CONFIG_FILE=$WORK_DIR/config.yml.dist
 fi
 
-ln -s $CONFIG_FILE $WORK_DIR/config.yml
+if [ ! -f "$CONFIG_FILE_DEFAULT" ]; then
+    ln -s $CONFIG_FILE $WORK_DIR/config.yml
+fi
+
 
 if [ -z "$DRY_RUN" ]; then
     DRY_RUN=false
 fi
 
-if [ -z "DEBUG_V" ]; then
-    DEBUG_V="v"
+if [ -z "$DEBUG_V" ]; then
+    DEBUG_V="-v"
+elif [ $DEBUG_V = "NULL" ]; then
+    DEBUG_V=""
+else
+    DEBUG_V=-$DEBUG_V
 fi
 
 PHP_SCRIPT=$WORK_DIR/bin/console
 if [ $DRY_RUN = true ]; then
-    $CMD="update-ca-certificates && php $PHP_SCRIPT ldap:sync -d -$DEBUG_V"
+    CMD="update-ca-certificates && php $PHP_SCRIPT ldap:sync -d $DEBUG_V"
 else
-    $CMD="update-ca-certificates && php $PHP_SCRIPT ldap:sync -$DEBUG_V"
+    CMD="update-ca-certificates && php $PHP_SCRIPT ldap:sync $DEBUG_V"
 fi
 
-echo "================================"
 echo "Start to run cron task : $CMD"
 eval $CMD
-echo "End"
-echo "================================"
+echo "Done"
diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
index ce569cf..7a037c6 100644
--- a/docker/entrypoint.sh
+++ b/docker/entrypoint.sh
@@ -1,4 +1,4 @@
-#/bin/ash
+#!/bin/bash
 ###
  # @Descripttion: 
  # @version: 
@@ -7,14 +7,7 @@
  # @LastEditors: Tao Chen
  # @LastEditTime: 2023-03-27 23:18:07
 ### 
-###
- # @Descripttion: 
- # @version: 
- # @Author: Tao Chen
- # @Date: 2023-03-27 18:11:58
- # @LastEditors: Tao Chen
- # @LastEditTime: 2023-03-27 22:59:26
-### 
+
 
 if [ -z "$SYNC_INTERVAL_DAY" ]; then
     SYNC_INTERVAL_DAY=0
@@ -46,7 +39,23 @@ else
     MINUTE_SYMBOL="*"
 fi
 
-echo "$MINUTE_SYMBOL $SYNC_INTERVAL_HOUR $SYNC_INTERVAL_DAY * * /cron-task.sh" > /var/spool/cron/crontabs/root
+CRON_FILE=/var/spool/cron/crontabs/root
+# if [ -f "$CRON_FILE" ]; then
+#     rm -rf $CRON_FILE
+# fi
+
+CRON_TASK_CMD="$MINUTE_SYMBOL $HOUR_SYMBOL $DAY_SYMBOL * * /cron_task.sh"
+
+echo "-------------------------------------------------------------"
+echo " Start at : $(date)"
+echo "-------------------------------------------------------------"
+echo "manual excute: /cron_task.sh"
+bash /cron_task.sh
+echo "Done"
+echo "-------------------------------------------------------------"
+
+echo "Cron task: $CRON_TASK_CMD"
+echo "$CRON_TASK_CMD" > $CRON_FILE
 
 echo "Starting crond"
 exec crond -f -l 0
\ No newline at end of file
diff --git a/docker/healthcheck.sh b/docker/healthcheck.sh
index f098746..8a96c58 100755
--- a/docker/healthcheck.sh
+++ b/docker/healthcheck.sh
@@ -8,7 +8,6 @@
  # @LastEditTime: 2023-03-27 23:00:32
 ### 
 
-#!/usr/bin/env bash
 set -x
 
 # Make sure cron daemon is still running

From 46d250933d42620ca22b868f8ccbbb564a33f075 Mon Sep 17 00:00:00 2001
From: Tao Chen <tachen@phys.ethz.ch>
Date: Mon, 8 May 2023 21:24:55 +0200
Subject: [PATCH 14/17] update

---
 src/LdapSyncCommand.php | 13 ++++---------
 1 file changed, 4 insertions(+), 9 deletions(-)

diff --git a/src/LdapSyncCommand.php b/src/LdapSyncCommand.php
index 6109044..7d6e5b9 100644
--- a/src/LdapSyncCommand.php
+++ b/src/LdapSyncCommand.php
@@ -75,8 +75,7 @@ public function configure(): void
             ->setDescription("Sync LDAP users and groups with a Gitlab CE/EE self-hosted installation.")
             ->addOption("dryrun", "d", InputOption::VALUE_NONE, "Dry run: Do not persist any changes.")
             ->addOption("continueOnFail", null, InputOption::VALUE_NONE, "Do not abort on certain errors. (Continue running if possible.)")
-            ->addArgument("instance", InputArgument::OPTIONAL, "Sync with a specific instance, or leave unspecified to work with all.")
-        ;
+            ->addArgument("instance", InputArgument::OPTIONAL, "Sync with a specific instance, or leave unspecified to work with all.");
     }
 
     /**
@@ -308,7 +307,6 @@ private function validateConfig(array &$config, array &$problems = null): bool
 
             $this->logger->$type(sprintf("Configuration: %s", $message));
             $problems[$type][] = $message;
-
         };
 
         // << LDAP
@@ -1103,8 +1101,7 @@ private function deployGitlabUsersAndGroups(array $config, string $gitlabInstanc
 
         $this->logger->debug("Gitlab: Connecting");
         $gitlab = \Gitlab\Client::create($gitlabConfig["url"])
-            ->authenticate($gitlabConfig["token"], \Gitlab\Client::AUTH_HTTP_TOKEN)
-        ;
+            ->authenticate($gitlabConfig["token"], \Gitlab\Client::AUTH_HTTP_TOKEN);
 
         // << Handle users
         $usersSync = [
@@ -1655,15 +1652,13 @@ private function deployGitlabUsersAndGroups(array $config, string $gitlabInstanc
                     continue;
                 }
 
-                // $this->logger->info(sprintf("Adding user #%d \"%s\" to group #%d \"%s\" [%s].", $gitlabUserId, $gitlabUserName, $gitlabGroupId, $gitlabGroupName, $gitlabGroupPath));
-                // $gitlabGroupMember = null;
+                $this->logger->info(sprintf("Adding user #%d \"%s\" to group #%d \"%s\" [%s].", $gitlabUserId, $gitlabUserName, $gitlabGroupId, $gitlabGroupName, $gitlabGroupPath));
+                $gitlabGroupMember = null;
                 try {
                     !$this->dryRun ? ($gitlabGroupMember = $gitlab->api("groups")->addMember($gitlabGroupId, $gitlabUserId, $config["gitlab"]["options"]["newMemberAccessLevel"])) : $this->logger->warning("Operation skipped due to dry run.");
                 } catch (\Exception $e) {
                     $this->logger->error(sprintf("Gitlab failure: %s", $e->getMessage()), ["error" => $e]);
                 }
-                !$this->dryRun ? ($gitlabGroupMember = $gitlab->api("groups")->addMember($gitlabGroupId, $gitlabUserId, $config["gitlab"]["options"]["newMemberAccessLevel"])) : $this->logger->warning("Operation skipped due to dry run.");
-
                 $gitlabGroupMemberId = (is_array($gitlabGroupMember) && isset($gitlabGroupMember["id"]) && is_int($gitlabGroupMember["id"])) ? $gitlabGroupMember["id"] : sprintf("dry:%s:%d", $gitlabGroupPath, $gitlabUserId);
                 $userGroupMembersSync["new"][$gitlabUserId] = $gitlabUserName;
 

From 4296f58847c4dae6230e9e988f381d2ddfa591e5 Mon Sep 17 00:00:00 2001
From: Tao Chen <tachen@phys.ethz.ch>
Date: Mon, 8 May 2023 21:32:28 +0200
Subject: [PATCH 15/17] update

---
 docker.sh | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 mode change 100644 => 100755 docker.sh

diff --git a/docker.sh b/docker.sh
old mode 100644
new mode 100755

From cc7f64724c1fcd6069b6fc1d940e03ad5074144f Mon Sep 17 00:00:00 2001
From: Tao Chen <tachen@phys.ethz.ch>
Date: Mon, 8 May 2023 21:48:00 +0200
Subject: [PATCH 16/17] getBuiltInUserNames add 'visual-review-bot'

---
 src/LdapSyncCommand.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/LdapSyncCommand.php b/src/LdapSyncCommand.php
index 4b5a556..7de029c 100644
--- a/src/LdapSyncCommand.php
+++ b/src/LdapSyncCommand.php
@@ -1788,7 +1788,7 @@ private function generateRandomPassword(int $length): string
      */
     private function getBuiltInUserNames()
     {
-        return ["root", "ghost", "support-bot", "alert-bot"];
+        return ["root", "ghost", "support-bot", "alert-bot","visual-review-bot"];
     }
 
     /**

From 3ed36f089ccda98ac7ce463035c8c6cb7dc6fe65 Mon Sep 17 00:00:00 2001
From: Tao Chen <tachen@phys.ethz.ch>
Date: Mon, 8 May 2023 23:22:41 +0200
Subject: [PATCH 17/17] add unsyncExtraGroups

---
 docker/README.md        |  5 +++++
 src/LdapSyncCommand.php | 23 ++++++++++++++++-------
 2 files changed, 21 insertions(+), 7 deletions(-)

diff --git a/docker/README.md b/docker/README.md
index 1fc3f81..e47a0fb 100644
--- a/docker/README.md
+++ b/docker/README.md
@@ -77,3 +77,8 @@ services:
             DEBUG_V: "v"
 ```
 
+
+### addingtion
+config.yml add new setting.
+`gitlab.options.unsyncExtraGroups` default is `false`
+if set true, this script would ignore the groups cerated in gitlab but not in LDAP
diff --git a/src/LdapSyncCommand.php b/src/LdapSyncCommand.php
index 7de029c..3e98bec 100644
--- a/src/LdapSyncCommand.php
+++ b/src/LdapSyncCommand.php
@@ -562,7 +562,16 @@ private function validateConfig(array &$config, array &$problems = null): bool
                 } elseif (!is_bool($config["gitlab"]["options"]["createEmptyGroups"])) {
                     $addProblem("error", "gitlab->options->createEmptyGroups is not a boolean.");
                 }
-
+                if (!isset($config["gitlab"]["options"]["unsyncExtraGroups"])) {
+                    $addProblem("warning", "gitlab->options->unsyncExtraGroups missing. (Assuming true.)");
+                    $config["gitlab"]["options"]["unsyncExtraGroups"] = true;
+                } elseif ("" === $config["gitlab"]["options"]["unsyncExtraGroups"]) {
+                    $addProblem("warning", "gitlab->options->unsyncExtraGroups not specified. (Assuming true.)");
+                    $config["gitlab"]["options"]["unsyncExtraGroups"] = true;
+                } elseif (!is_bool($config["gitlab"]["options"]["unsyncExtraGroups"])) {
+                    $addProblem("error", "gitlab->options->unsyncExtraGroups is not a boolean.");
+                }
+                
                 if (!isset($config["gitlab"]["options"]["deleteExtraGroups"])) {
                     $addProblem("warning", "gitlab->options->deleteExtraGroups missing. (Assuming false.)");
                     $config["gitlab"]["options"]["deleteExtraGroups"] = false;
@@ -1459,6 +1468,7 @@ private function deployGitlabUsersAndGroups(array $config, string $gitlabInstanc
             $ldapGroupMembers = $ldapGroupsSafe[$gitlabGroupName];
 
             $gitlabGroupPath = $slugifyGitlabPath->slugify($gitlabGroupName);
+            $groupsSync["extra"][$gitlabGroupId] = $gitlabGroupName;
             if ((is_array($ldapGroupMembers) && !empty($ldapGroupMembers)) || !$config["gitlab"]["options"]["deleteExtraGroups"]) {
                 $this->logger->info(sprintf("Not deleting Gitlab group #%d \"%s\" [%s]: Has members in directory group, or config gitlab->options->deleteExtraGroups is disabled.", $gitlabGroupId, $gitlabGroupName, $gitlabGroupPath));
                 continue;
@@ -1478,12 +1488,8 @@ private function deployGitlabUsersAndGroups(array $config, string $gitlabInstanc
             $gitlabGroup = null;
 
             !$this->dryRun ? ($gitlabGroup = $gitlab->api("groups")->remove($gitlabGroupId)) : $this->logger->warning("Operation skipped due to dry run.");
-
-            $groupsSync["extra"][$gitlabGroupId] = $gitlabGroupName;
-
             $this->gitlabApiCoolDown();
         }
-
         asort($groupsSync["extra"]);
         $this->logger->notice(sprintf("%d Gitlab group(s) deleted.", $groupsSync["extraNum"] = count($groupsSync["extra"])));
 
@@ -1544,8 +1550,12 @@ private function deployGitlabUsersAndGroups(array $config, string $gitlabInstanc
         $usersToSyncMembership  = ($usersSync["found"] + $usersSync["new"] + $usersSync["update"]);
         asort($usersToSyncMembership);
         $groupsToSyncMembership = ($groupsSync["found"] + $groupsSync["new"] + $groupsSync["update"]);
+        if ($config["gitlab"]["options"]["unsyncExtraGroups"])
+        {
+            $this->logger->info("unsyncExtraGroups is enabled, so unsyncing extra groups from directory groups...");
+            $groupsToSyncMembership = array_diff($groupsToSyncMembership, $groupsSync["extra"]);
+        }
         asort($groupsToSyncMembership);
-
         $this->logger->notice("Synchronising Gitlab group members with directory group members...");
         foreach ($groupsToSyncMembership as $gitlabGroupId => $gitlabGroupName) {
             if ("Root" == $gitlabGroupName) {
@@ -1669,7 +1679,6 @@ private function deployGitlabUsersAndGroups(array $config, string $gitlabInstanc
 
             asort($userGroupMembersSync["new"]);
             $this->logger->notice(sprintf("%d Gitlab group \"%s\" [%s] member(s) added.", $userGroupMembersSync["newNum"] = count($userGroupMembersSync["new"]), $gitlabGroupName, $gitlabGroupPath));
-
             // Delete extra group members
             $this->logger->notice("Deleting extra group members...");
             foreach ($userGroupMembersSync["found"] as $gitlabUserId => $gitlabUserName) {