UniqueSoft/wg-portal
2
0
Fork 0
mirror of https://github.com/h44z/wg-portal synced 2025-02-26 05:49:14 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: LDAP sync interval (#304)

Browse Source 
Configurable LDAP sync interval for each LDAP provider
This commit is contained in:
Dmytro Bondar 2024-09-22 11:49:23 +02:00 committed by GitHub
parent a46dabc1d3
commit 605841f2a0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 33 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@ -66,7 +66,6 @@ The following configuration options are available:
| log_level | advanced | warn | The loglevel, can be one of: trace, debug, info, warn, error. | | log_level | advanced | warn | The loglevel, can be one of: trace, debug, info, warn, error. |
| log_pretty | advanced | false | Uses pretty, colorized log messages. | | log_pretty | advanced | false | Uses pretty, colorized log messages. |
| log_json | advanced | false | Logs in JSON format. | | log_json | advanced | false | Logs in JSON format. |
| ldap_sync_interval | advanced | 15m | The time interval after which users will be synchronized from LDAP. |
| start_listen_port | advanced | 51820 | The first port number that will be used as listening port for new interfaces. | | start_listen_port | advanced | 51820 | The first port number that will be used as listening port for new interfaces. |
| start_cidr_v4 | advanced | 10.11.12.0/24 | The first IPv4 subnet that will be used for new interfaces. | | start_cidr_v4 | advanced | 10.11.12.0/24 | The first IPv4 subnet that will be used for new interfaces. |
| start_cidr_v6 | advanced | fdfd:d3ad:c0de:1234::0/64 | The first IPv6 subnet that will be used for new interfaces. | | start_cidr_v6 | advanced | fdfd:d3ad:c0de:1234::0/64 | The first IPv6 subnet that will be used for new interfaces. |
@ -127,9 +126,9 @@ The following configuration options are available:
| field_map | auth/ldap | | Mapping of user fields. Internal fields: user_identifier, email, firstname, lastname, phone, department and memberof. | | field_map | auth/ldap | | Mapping of user fields. Internal fields: user_identifier, email, firstname, lastname, phone, department and memberof. |
| login_filter | auth/ldap | | LDAP filters for users that should be allowed to log in. {{login_identifier}} will be replaced with the login username. | | login_filter | auth/ldap | | LDAP filters for users that should be allowed to log in. {{login_identifier}} will be replaced with the login username. |
| admin_group | auth/ldap | | Users in this group are marked as administrators. | | admin_group | auth/ldap | | Users in this group are marked as administrators. |
| synchronize | auth/ldap | | Periodically synchronize users (name, department, phone, status, ...) to the WireGuard Portal database. |
| disable_missing | auth/ldap | | If synchronization is enabled, missing LDAP users will be disabled in WireGuard Portal. | | disable_missing | auth/ldap | | If synchronization is enabled, missing LDAP users will be disabled in WireGuard Portal. |
| sync_filter | auth/ldap | | LDAP filters for users that should be synchronized to WireGuard Portal. | | sync_filter | auth/ldap | | LDAP filters for users that should be synchronized to WireGuard Portal. |
| sync_interval | auth/ldap | | The time interval after which users will be synchronized from LDAP. Empty value or `0` disables synchronization. |
| registration_enabled | auth/ldap | | If registration is enabled, new user accounts will created in WireGuard Portal. | | registration_enabled | auth/ldap | | If registration is enabled, new user accounts will created in WireGuard Portal. |
| debug | database | false | Debug database statements (log each statement). | | debug | database | false | Debug database statements (log each statement). |
| slow_query_threshold | database | | A threshold for slow database queries. If the threshold is exceeded, a warning message will be logged. | | slow_query_threshold | database | | A threshold for slow database queries. If the threshold is exceeded, a warning message will be logged. |

21
internal/app/users/user_manager.go
View File

@ -26,7 +26,6 @@ type Manager struct {
cfg *config.Config cfg *config.Config
bus evbus.MessageBus bus evbus.MessageBus
syncInterval time.Duration
users UserDatabaseRepo users UserDatabaseRepo
peers PeerDatabaseRepo peers PeerDatabaseRepo
} }
@ -36,7 +35,6 @@ func NewUserManager(cfg *config.Config, bus evbus.MessageBus, users UserDatabase
cfg: cfg, cfg: cfg,
bus: bus, bus: bus,
syncInterval: 10 * time.Second,
users: users, users: users,
peers: peers, peers: peers,
} }
@ -311,26 +309,29 @@ func (m Manager) validateDeletion(ctx context.Context, del *domain.User) error {
} }
func (m Manager) runLdapSynchronizationService(ctx context.Context) { func (m Manager) runLdapSynchronizationService(ctx context.Context) {
for _, ldapCfg := range m.cfg.Auth.Ldap { // LDAP Auth providers
go func(cfg config.LdapProvider) {
syncInterval := cfg.SyncInterval
if syncInterval == 0 {
logrus.Debugf("sync disabled for LDAP server: %s", cfg.ProviderName)
return
}
running := true running := true
for running { for running {
select { select {
case <-ctx.Done(): case <-ctx.Done():
running = false running = false
continue continue
case <-time.After(m.syncInterval): case <-time.After(syncInterval * time.Second):
// select blocks until one of the cases evaluate to true // select blocks until one of the cases evaluate to true
} }
for _, ldapCfg := range m.cfg.Auth.Ldap { // LDAP Auth providers err := m.synchronizeLdapUsers(ctx, &cfg)
if !ldapCfg.Synchronize {
continue // sync disabled
}
//logrus.Tracef(&ldapCfg)
err := m.synchronizeLdapUsers(ctx, &ldapCfg)
if err != nil { if err != nil {
logrus.Errorf("failed to synchronize LDAP users for %s: %v", ldapCfg.ProviderName, err) logrus.Errorf("failed to synchronize LDAP users for %s: %v", cfg.ProviderName, err)
} }
} }
}(ldapCfg)
} }
} }

4
internal/config/auth.go
View File

@ -1,6 +1,8 @@
package config package config
import ( import (
"time"
"github.com/go-ldap/ldap/v3" "github.com/go-ldap/ldap/v3"
) )
@ -50,10 +52,10 @@ type LdapProvider struct {
AdminGroupDN string `yaml:"admin_group"` // Members of this group receive admin rights in WG-Portal AdminGroupDN string `yaml:"admin_group"` // Members of this group receive admin rights in WG-Portal
ParsedAdminGroupDN *ldap.DN `yaml:"-"` ParsedAdminGroupDN *ldap.DN `yaml:"-"`
Synchronize bool `yaml:"synchronize"`
// If DisableMissing is true, missing users will be deactivated // If DisableMissing is true, missing users will be deactivated
DisableMissing bool `yaml:"disable_missing"` DisableMissing bool `yaml:"disable_missing"`
SyncFilter string `yaml:"sync_filter"` SyncFilter string `yaml:"sync_filter"`
SyncInterval time.Duration `yaml:"sync_interval"`
// If RegistrationEnabled is set to true, wg-portal will create new users that do not exist in the database. // If RegistrationEnabled is set to true, wg-portal will create new users that do not exist in the database.
RegistrationEnabled bool `yaml:"registration_enabled"` RegistrationEnabled bool `yaml:"registration_enabled"`

1
internal/config/config.go
View File

@ -27,7 +27,6 @@ type Config struct {
LogLevel string `yaml:"log_level"` LogLevel string `yaml:"log_level"`
LogPretty bool `yaml:"log_pretty"` LogPretty bool `yaml:"log_pretty"`
LogJson bool `yaml:"log_json"` LogJson bool `yaml:"log_json"`
LdapSyncInterval time.Duration `yaml:"ldap_sync_interval"`
StartListenPort int `yaml:"start_listen_port"` StartListenPort int `yaml:"start_listen_port"`
StartCidrV4 string `yaml:"start_cidr_v4"` StartCidrV4 string `yaml:"start_cidr_v4"`
StartCidrV6 string `yaml:"start_cidr_v6"` StartCidrV6 string `yaml:"start_cidr_v6"`