--- /dev/null	2025-03-06 09:53:01.319999824 +0100
+++ ../Classes/Command/RemoveUsers.php	2025-04-09 12:08:28.281575566 +0200
@@ -0,0 +1,205 @@
+<?php
+declare(strict_types=1);
+
+/*
+ * This file is part of the TYPO3 CMS project.
+ *
+ * It is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License, either version 2
+ * of the License, or any later version.
+ *
+ * For the full copyright and license information, please read the
+ * LICENSE.txt file that was distributed with this source code.
+ *
+ * The TYPO3 project - inspiring people to share!
+ */
+
+namespace Causal\IgLdapSsoAuth\Command;
+
+use Causal\IgLdapSsoAuth\Domain\Model\Configuration;
+use Causal\IgLdapSsoAuth\Domain\Repository\ConfigurationRepository;
+use Causal\IgLdapSsoAuth\Library\Authentication;
+use Causal\IgLdapSsoAuth\Library\Ldap;
+use Causal\IgLdapSsoAuth\Utility\UserImportUtility;
+use Psr\Log\LoggerInterface;
+use Symfony\Component\Console\Command\Command;
+use Symfony\Component\Console\Input\InputArgument;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Output\OutputInterface;
+use Symfony\Component\Console\Style\SymfonyStyle;
+use TYPO3\CMS\Core\Database\ConnectionPool;
+use TYPO3\CMS\Core\Utility\GeneralUtility;
+use Wseils\Wseils\Utility\DatabaseUtility;
+
+
+class RemoveUsers extends Command
+{
+    protected SymfonyStyle $io;
+
+    protected array $options;
+
+    protected Configuration $configuration;
+
+    /**
+     * @param ConfigurationRepository $configurationRepository
+     * @param LoggerInterface $logger
+     */
+    public function __construct(
+        private readonly ConfigurationRepository $configurationRepository,
+        private readonly LoggerInterface $logger
+    )
+    {
+        parent::__construct();
+    }
+
+    protected function configure()
+    {
+        $this
+            ->addArgument(
+                'configuration',
+                InputArgument::REQUIRED,
+                'UID of the LDAP configuration to use'
+            );
+    }
+
+    /**
+     * @param InputInterface $input
+     * @param OutputInterface $output
+     * @return int
+     */
+    protected function execute(InputInterface $input, OutputInterface $output): int
+    {
+        
+        $this->io = new SymfonyStyle($input, $output);
+        $this->io->title($this->getDescription());
+
+        $configuration = $this->configurationRepository->findByUid((int)$input->getArgument('configuration'));
+        if ($configuration === null) {
+            $this->io->error('Unknown configuration: ' . $input->getArgument('configuration'));
+            return Command::FAILURE;
+        }
+
+        $this->options = $input->getOptions();
+        $this->configuration = $configuration;
+
+        $this->doAction();
+
+        return Command::SUCCESS;
+    }
+
+    /**
+     * @return int
+     */
+    protected function doAction(): int
+    {
+        $context = 'fe';
+        $importUtility = GeneralUtility::makeInstance(
+            UserImportUtility::class,
+            $this->configuration,
+            $context
+        );
+        $config = $importUtility->getConfiguration();
+        $this->io->info('Remove non used users');
+
+        // Start by connecting to the designated LDAP/AD server
+        $ldapInstance = Ldap::getInstance();
+
+        $success = $ldapInstance->connect(\Causal\IgLdapSsoAuth\Library\Configuration::getLdapConfiguration());
+
+        $failures = 0;
+        if (!$success) {
+            $failures++;
+            $this->io->error('Could not connect to LDAP server');
+            unset($importUtility);
+        }
+
+        $ldapUsers = $importUtility->fetchLdapUsers(false, $ldapInstance);
+        // Consider that fetching no users from LDAP is an error
+        if (empty($ldapUsers)) {
+            $failures++;
+            $this->io->error('No users found in LDAP server');
+            unset($importUtility);
+        }
+
+        // Start a database transaction with all our changes
+        $tableConnection = GeneralUtility::makeInstance(ConnectionPool::class)
+            ->getConnectionForTable('fe_users');
+
+        $aLDAPuser = [];
+        foreach($ldapUsers as $ldapUser) {
+            $aLDAPuser[] = $ldapUser['mail'][0];
+        }
+        
+        $feUsers = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable('fe_users');
+        $feUsers = $feUsers->select('email')
+            ->from('fe_users')
+            ->where('tx_igldapssoauth_id = '. $this->configuration->getUid())->executeQuery()
+            ->fetchAll();
+
+        $aFeusers = [];
+        foreach($feUsers as $feUser) {
+            $aFeusers[] = $feUser['email'];
+        }
+
+        $aEmailToRemove = array_diff($aFeusers, $aLDAPuser);
+
+        // S'il y a des comptes fe_users absents du LDAP, on les supprime
+        if(count($aEmailToRemove)) {
+           
+            $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable('fe_users');
+            $queryBuilder
+            ->update('fe_users')
+            ->where(
+                $queryBuilder->expr()->in(
+                    'email',
+                    $queryBuilder->createNamedParameter($aEmailToRemove, \TYPO3\CMS\Core\Database\Connection::PARAM_STR_ARRAY)
+                ),
+                $queryBuilder->expr()->eq(
+                    'tx_igldapssoauth_id',
+                    $queryBuilder->createNamedParameter($this->configuration->getUid(), \PDO::PARAM_INT)
+                )
+            )
+            ->set('deleted', 1)
+            ->executeStatement();
+
+            unset($queryBuilder);
+
+			// Instanciation du connecteur de base de données
+			$eiffelWeb = GeneralUtility::makeInstance(DatabaseUtility::class);
+            if(!empty($eiffelWeb)) {
+				$queryBuilderEiffel = $eiffelWeb->queryBuilder();                
+				$oUpdateEiffel = $queryBuilderEiffel
+					->update('fe_users')
+					->where(
+                        $queryBuilderEiffel->expr()->in(
+                            'username',
+                            $queryBuilderEiffel->createNamedParameter($aEmailToRemove, \TYPO3\CMS\Core\Database\Connection::PARAM_STR_ARRAY)
+                        ),
+                        $queryBuilderEiffel->expr()->eq(
+                            'tx_igldapssoauth_id',
+                            $queryBuilderEiffel->createNamedParameter($this->configuration->getUid(), \PDO::PARAM_INT)
+                        )
+					)
+                    ->set('deleted', 1)
+                    ->executeStatement();
+
+                unset($oUpdateEiffel);
+                unset($queryBuilderEiffel);
+                unset($eiffelWeb);
+            }
+        }
+        
+        // Clean up
+        unset($importUtility);
+        $ldapInstance->disconnectAll();
+
+        if ($failures > 0) {
+            $message = 'Check your settings or your network connection.';
+            $this->logger->error($message);
+            $this->io->error($message);
+            return Command::FAILURE;
+        }
+
+        return Command::SUCCESS;
+    }
+}