ldap-sync: fix creation of only one user per LDAP sync (#375)

Before this fix, a too early `return` statement terminated the `updateLdapUsers()` function, whenever one not already existing user was created. Therefore, in each LDAP sync a maximum of one new user could be created (i.e., it took x LDAP sync cycles until x new LDAP users are registered in wg-portal). Depending on the LDAP `sync_interval` this can take a long time and produces unecessary long waiting times until users are available in wg-portal. Removing the early return statement, and move the remainder of the function into an `else` statement, so that all new users can be added in a single LDAP sync. Also adding a debug statement to better trace the behavior. Signed-off-by: klmmr <35450576+klmmr@users.noreply.github.com>
2025-02-26 21:56:22 +01:00 · 2025-02-26 21:56:22 +01:00 · eeb0c87c68
parent 67f076effe
commit eeb0c87c68
1 changed files with 34 additions and 35 deletions
--- a/internal/app/users/user_manager.go
+++ b/internal/app/users/user_manager.go
@ -506,50 +506,49 @@ func (m Manager) updateLdapUsers(
 		tctx, cancel := context.WithTimeout(ctx, 30*time.Second)
 		tctx = domain.SetUserInfo(tctx, domain.SystemAdminContextUserInfo())
 		// create new user
 		if existingUser == nil {
 			// create new user
 			logrus.Tracef("creating new user %s from provider %s...", user.Identifier, provider.ProviderName)
 			err := m.NewUser(tctx, user)
 			if err != nil {
 				cancel()
 				return fmt.Errorf("create error for user id %s: %w", user.Identifier, err)
 			}
 			cancel()
 			return nil
 		}
 		// update existing user
 		if provider.AutoReEnable && existingUser.DisabledReason == domain.DisabledReasonLdapMissing {
 			user.Disabled = nil
 			user.DisabledReason = ""
 		} else {
-			user.Disabled = existingUser.Disabled
+			// update existing user
-			user.DisabledReason = existingUser.DisabledReason
+			if provider.AutoReEnable && existingUser.DisabledReason == domain.DisabledReasonLdapMissing {
-		}
+				user.Disabled = nil
-		if existingUser.Source == domain.UserSourceLdap && userChangedInLdap(existingUser, user) {
+				user.DisabledReason = ""
-			err := m.users.SaveUser(tctx, user.Identifier, func(u *domain.User) (*domain.User, error) {
+			} else {
-				u.UpdatedAt = time.Now()
+				user.Disabled = existingUser.Disabled
-				u.UpdatedBy = domain.CtxSystemLdapSyncer
+				user.DisabledReason = existingUser.DisabledReason
 				u.Source = user.Source
 				u.ProviderName = user.ProviderName
 				u.Email = user.Email
 				u.Firstname = user.Firstname
 				u.Lastname = user.Lastname
 				u.Phone = user.Phone
 				u.Department = user.Department
 				u.IsAdmin = user.IsAdmin
 				u.Disabled = nil
 				u.DisabledReason = ""
 				return u, nil
 			})
 			if err != nil {
 				cancel()
 				return fmt.Errorf("update error for user id %s: %w", user.Identifier, err)
 			}
 			if existingUser.Source == domain.UserSourceLdap && userChangedInLdap(existingUser, user) {
 				err := m.users.SaveUser(tctx, user.Identifier, func(u *domain.User) (*domain.User, error) {
 					u.UpdatedAt = time.Now()
 					u.UpdatedBy = domain.CtxSystemLdapSyncer
 					u.Source = user.Source
 					u.ProviderName = user.ProviderName
 					u.Email = user.Email
 					u.Firstname = user.Firstname
 					u.Lastname = user.Lastname
 					u.Phone = user.Phone
 					u.Department = user.Department
 					u.IsAdmin = user.IsAdmin
 					u.Disabled = nil
 					u.DisabledReason = ""
-			if existingUser.IsDisabled() && !user.IsDisabled() {
+					return u, nil
-				m.bus.Publish(app.TopicUserEnabled, *user)
+				})
 				if err != nil {
 					cancel()
 					return fmt.Errorf("update error for user id %s: %w", user.Identifier, err)
 				}
 				if existingUser.IsDisabled() && !user.IsDisabled() {
 					m.bus.Publish(app.TopicUserEnabled, *user)
 				}
 			}
 		}