public_git
/
wg-portal
mirror of https://github.com/h44z/wg-portal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix: LDAP sync interval (#304) 

Configurable LDAP sync interval for each LDAP provider
This commit is contained in:
Dmytro Bondar 2024-09-22 11:49:23 +02:00 committed by GitHub
parent a46dabc1d3
commit 605841f2a0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 33 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@ -66,7 +66,6 @@ The following configuration options are available:
| log_level | advanced | warn | The loglevel, can be one of: trace, debug, info, warn, error. |
| log_pretty | advanced | false | Uses pretty, colorized log messages. |
| log_json | advanced | false | Logs in JSON format. |
| ldap_sync_interval | advanced | 15m | The time interval after which users will be synchronized from LDAP. |
| start_listen_port | advanced | 51820 | The first port number that will be used as listening port for new interfaces. |
| start_cidr_v4 | advanced | 10.11.12.0/24 | The first IPv4 subnet that will be used for new interfaces. |
| start_cidr_v6 | advanced | fdfd:d3ad:c0de:1234::0/64 | The first IPv6 subnet that will be used for new interfaces. |
@ -127,9 +126,9 @@ The following configuration options are available:
| field_map | auth/ldap | | Mapping of user fields. Internal fields: user_identifier, email, firstname, lastname, phone, department and memberof. |
| login_filter | auth/ldap | | LDAP filters for users that should be allowed to log in. {{login_identifier}} will be replaced with the login username. |
| admin_group | auth/ldap | | Users in this group are marked as administrators. |
| synchronize | auth/ldap | | Periodically synchronize users (name, department, phone, status, ...) to the WireGuard Portal database. |
| disable_missing | auth/ldap | | If synchronization is enabled, missing LDAP users will be disabled in WireGuard Portal. |
| sync_filter | auth/ldap | | LDAP filters for users that should be synchronized to WireGuard Portal. |
| sync_interval | auth/ldap | | The time interval after which users will be synchronized from LDAP. Empty value or `0` disables synchronization. |
| registration_enabled | auth/ldap | | If registration is enabled, new user accounts will created in WireGuard Portal. |
| debug | database | false | Debug database statements (log each statement). |
| slow_query_threshold | database | | A threshold for slow database queries. If the threshold is exceeded, a warning message will be logged. |

49
internal/app/users/user_manager.go
View File

@ -26,9 +26,8 @@ type Manager struct {
cfg *config.Config
bus evbus.MessageBus
syncInterval time.Duration
users UserDatabaseRepo
peers PeerDatabaseRepo
users UserDatabaseRepo
peers PeerDatabaseRepo
}
func NewUserManager(cfg *config.Config, bus evbus.MessageBus, users UserDatabaseRepo, peers PeerDatabaseRepo) (*Manager, error) {
@ -36,9 +35,8 @@ func NewUserManager(cfg *config.Config, bus evbus.MessageBus, users UserDatabase
cfg: cfg,
bus: bus,
syncInterval: 10 * time.Second,
users: users,
peers: peers,
users: users,
peers: peers,
}
return m, nil
}
@ -311,26 +309,29 @@ func (m Manager) validateDeletion(ctx context.Context, del *domain.User) error {
}
func (m Manager) runLdapSynchronizationService(ctx context.Context) {
running := true
for running {
select {
case <-ctx.Done():
running = false
continue
case <-time.After(m.syncInterval):
// select blocks until one of the cases evaluate to true
}
for _, ldapCfg := range m.cfg.Auth.Ldap { // LDAP Auth providers
go func(cfg config.LdapProvider) {
syncInterval := cfg.SyncInterval
if syncInterval == 0 {
logrus.Debugf("sync disabled for LDAP server: %s", cfg.ProviderName)
return
}
running := true
for running {
select {
case <-ctx.Done():
running = false
continue
case <-time.After(syncInterval * time.Second):
// select blocks until one of the cases evaluate to true
}
for _, ldapCfg := range m.cfg.Auth.Ldap { // LDAP Auth providers
if !ldapCfg.Synchronize {
continue // sync disabled
err := m.synchronizeLdapUsers(ctx, &cfg)
if err != nil {
logrus.Errorf("failed to synchronize LDAP users for %s: %v", cfg.ProviderName, err)
}
}
//logrus.Tracef(&ldapCfg)
err := m.synchronizeLdapUsers(ctx, &ldapCfg)
if err != nil {
logrus.Errorf("failed to synchronize LDAP users for %s: %v", ldapCfg.ProviderName, err)
}
}
}(ldapCfg)
}
}

8
internal/config/auth.go
View File

@ -1,6 +1,8 @@
package config
import (
"time"
"github.com/go-ldap/ldap/v3"
)
@ -50,10 +52,10 @@ type LdapProvider struct {
AdminGroupDN string `yaml:"admin_group"` // Members of this group receive admin rights in WG-Portal
ParsedAdminGroupDN *ldap.DN `yaml:"-"`
Synchronize bool `yaml:"synchronize"`
// If DisableMissing is true, missing users will be deactivated
DisableMissing bool `yaml:"disable_missing"`
SyncFilter string `yaml:"sync_filter"`
DisableMissing bool `yaml:"disable_missing"`
SyncFilter string `yaml:"sync_filter"`
SyncInterval time.Duration `yaml:"sync_interval"`
// If RegistrationEnabled is set to true, wg-portal will create new users that do not exist in the database.
RegistrationEnabled bool `yaml:"registration_enabled"`

1
internal/config/config.go
View File

@ -27,7 +27,6 @@ type Config struct {
LogLevel string `yaml:"log_level"`
LogPretty bool `yaml:"log_pretty"`
LogJson bool `yaml:"log_json"`
LdapSyncInterval time.Duration `yaml:"ldap_sync_interval"`
StartListenPort int `yaml:"start_listen_port"`
StartCidrV4 string `yaml:"start_cidr_v4"`
StartCidrV6 string `yaml:"start_cidr_v6"`