diff --git a/README.md b/README.md index d1c24e83..e9fd1801 100644 --- a/README.md +++ b/README.md @@ -66,7 +66,6 @@ The following configuration options are available: | log_level | advanced | warn | The loglevel, can be one of: trace, debug, info, warn, error. | | log_pretty | advanced | false | Uses pretty, colorized log messages. | | log_json | advanced | false | Logs in JSON format. | -| ldap_sync_interval | advanced | 15m | The time interval after which users will be synchronized from LDAP. | | start_listen_port | advanced | 51820 | The first port number that will be used as listening port for new interfaces. | | start_cidr_v4 | advanced | 10.11.12.0/24 | The first IPv4 subnet that will be used for new interfaces. | | start_cidr_v6 | advanced | fdfd:d3ad:c0de:1234::0/64 | The first IPv6 subnet that will be used for new interfaces. | @@ -127,9 +126,9 @@ The following configuration options are available: | field_map | auth/ldap | | Mapping of user fields. Internal fields: user_identifier, email, firstname, lastname, phone, department and memberof. | | login_filter | auth/ldap | | LDAP filters for users that should be allowed to log in. {{login_identifier}} will be replaced with the login username. | | admin_group | auth/ldap | | Users in this group are marked as administrators. | -| synchronize | auth/ldap | | Periodically synchronize users (name, department, phone, status, ...) to the WireGuard Portal database. | | disable_missing | auth/ldap | | If synchronization is enabled, missing LDAP users will be disabled in WireGuard Portal. | | sync_filter | auth/ldap | | LDAP filters for users that should be synchronized to WireGuard Portal. | +| sync_interval | auth/ldap | | The time interval after which users will be synchronized from LDAP. Empty value or `0` disables synchronization. | | registration_enabled | auth/ldap | | If registration is enabled, new user accounts will created in WireGuard Portal. | | debug | database | false | Debug database statements (log each statement). | | slow_query_threshold | database | | A threshold for slow database queries. If the threshold is exceeded, a warning message will be logged. | diff --git a/internal/app/users/user_manager.go b/internal/app/users/user_manager.go index ed9bf574..4c9464ee 100644 --- a/internal/app/users/user_manager.go +++ b/internal/app/users/user_manager.go @@ -26,9 +26,8 @@ type Manager struct { cfg *config.Config bus evbus.MessageBus - syncInterval time.Duration - users UserDatabaseRepo - peers PeerDatabaseRepo + users UserDatabaseRepo + peers PeerDatabaseRepo } func NewUserManager(cfg *config.Config, bus evbus.MessageBus, users UserDatabaseRepo, peers PeerDatabaseRepo) (*Manager, error) { @@ -36,9 +35,8 @@ func NewUserManager(cfg *config.Config, bus evbus.MessageBus, users UserDatabase cfg: cfg, bus: bus, - syncInterval: 10 * time.Second, - users: users, - peers: peers, + users: users, + peers: peers, } return m, nil } @@ -311,26 +309,29 @@ func (m Manager) validateDeletion(ctx context.Context, del *domain.User) error { } func (m Manager) runLdapSynchronizationService(ctx context.Context) { - running := true - for running { - select { - case <-ctx.Done(): - running = false - continue - case <-time.After(m.syncInterval): - // select blocks until one of the cases evaluate to true - } - - for _, ldapCfg := range m.cfg.Auth.Ldap { // LDAP Auth providers - if !ldapCfg.Synchronize { - continue // sync disabled + for _, ldapCfg := range m.cfg.Auth.Ldap { // LDAP Auth providers + go func(cfg config.LdapProvider) { + syncInterval := cfg.SyncInterval + if syncInterval == 0 { + logrus.Debugf("sync disabled for LDAP server: %s", cfg.ProviderName) + return } - //logrus.Tracef(&ldapCfg) - err := m.synchronizeLdapUsers(ctx, &ldapCfg) - if err != nil { - logrus.Errorf("failed to synchronize LDAP users for %s: %v", ldapCfg.ProviderName, err) + running := true + for running { + select { + case <-ctx.Done(): + running = false + continue + case <-time.After(syncInterval * time.Second): + // select blocks until one of the cases evaluate to true + } + + err := m.synchronizeLdapUsers(ctx, &cfg) + if err != nil { + logrus.Errorf("failed to synchronize LDAP users for %s: %v", cfg.ProviderName, err) + } } - } + }(ldapCfg) } } @@ -388,7 +389,7 @@ func (m Manager) updateLdapUsers(ctx context.Context, providerName string, rawUs tctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) defer cancel() tctx = domain.SetUserInfo(tctx, domain.SystemAdminContextUserInfo()) - + if existingUser == nil { err := m.NewUser(tctx, user) if err != nil { @@ -397,7 +398,7 @@ func (m Manager) updateLdapUsers(ctx context.Context, providerName string, rawUs } if existingUser != nil && existingUser.Source == domain.UserSourceLdap && userChangedInLdap(existingUser, user) { - + err := m.users.SaveUser(tctx, user.Identifier, func(u *domain.User) (*domain.User, error) { u.UpdatedAt = time.Now() u.UpdatedBy = "ldap_sync" diff --git a/internal/config/auth.go b/internal/config/auth.go index 805342b5..1fd4e2fe 100644 --- a/internal/config/auth.go +++ b/internal/config/auth.go @@ -1,6 +1,8 @@ package config import ( + "time" + "github.com/go-ldap/ldap/v3" ) @@ -50,10 +52,10 @@ type LdapProvider struct { AdminGroupDN string `yaml:"admin_group"` // Members of this group receive admin rights in WG-Portal ParsedAdminGroupDN *ldap.DN `yaml:"-"` - Synchronize bool `yaml:"synchronize"` // If DisableMissing is true, missing users will be deactivated - DisableMissing bool `yaml:"disable_missing"` - SyncFilter string `yaml:"sync_filter"` + DisableMissing bool `yaml:"disable_missing"` + SyncFilter string `yaml:"sync_filter"` + SyncInterval time.Duration `yaml:"sync_interval"` // If RegistrationEnabled is set to true, wg-portal will create new users that do not exist in the database. RegistrationEnabled bool `yaml:"registration_enabled"` diff --git a/internal/config/config.go b/internal/config/config.go index fd5bf897..94100c23 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -27,7 +27,6 @@ type Config struct { LogLevel string `yaml:"log_level"` LogPretty bool `yaml:"log_pretty"` LogJson bool `yaml:"log_json"` - LdapSyncInterval time.Duration `yaml:"ldap_sync_interval"` StartListenPort int `yaml:"start_listen_port"` StartCidrV4 string `yaml:"start_cidr_v4"` StartCidrV6 string `yaml:"start_cidr_v6"`