fix: LDAP sync interval (#304)

Dmytro Bondar · web-flow · commit 605841f2a0b2 · 2024-09-22T11:49:23.000+02:00
Configurable LDAP sync interval for each LDAP provider
diff --git a/README.md b/README.md
@@ -66,7 +66,6 @@ The following configuration options are available:
 | log_level                       | advanced   | warn                                       | The loglevel, can be one of: trace, debug, info, warn, error.                                                                           |
 | log_pretty                      | advanced   | false                                      | Uses pretty, colorized log messages.                                                                                                    |
 | log_json                        | advanced   | false                                      | Logs in JSON format.                                                                                                                    |
-| ldap_sync_interval              | advanced   | 15m                                        | The time interval after which users will be synchronized from LDAP.                                                                     |
 | start_listen_port               | advanced   | 51820                                      | The first port number that will be used as listening port for new interfaces.                                                           |
 | start_cidr_v4                   | advanced   | 10.11.12.0/24                              | The first IPv4 subnet that will be used for new interfaces.                                                                             |
 | start_cidr_v6                   | advanced   | fdfd:d3ad:c0de:1234::0/64                  | The first IPv6 subnet that will be used for new interfaces.                                                                             |
@@ -127,9 +126,9 @@ The following configuration options are available:
 | field_map                       | auth/ldap  |                                            | Mapping of user fields. Internal fields: user_identifier, email, firstname, lastname, phone, department and memberof.                   |
 | login_filter                    | auth/ldap  |                                            | LDAP filters for users that should be allowed to log in. {{login_identifier}} will be replaced with the login username.                 |
 | admin_group                     | auth/ldap  |                                            | Users in this group are marked as administrators.                                                                                       |
-| synchronize                     | auth/ldap  |                                            | Periodically synchronize users (name, department, phone, status, ...) to the WireGuard Portal database.                                 |
 | disable_missing                 | auth/ldap  |                                            | If synchronization is enabled, missing LDAP users will be disabled in WireGuard Portal.                                                 |
 | sync_filter                     | auth/ldap  |                                            | LDAP filters for users that should be synchronized to WireGuard Portal.                                                                 |
+| sync_interval                   | auth/ldap  |                                            | The time interval after which users will be synchronized from LDAP. Empty value or `0` disables synchronization.                        |
 | registration_enabled            | auth/ldap  |                                            | If registration is enabled, new user accounts will created in WireGuard Portal.                                                         |
 | debug                           | database   | false                                      | Debug database statements (log each statement).                                                                                         |
 | slow_query_threshold            | database   |                                            | A threshold for slow database queries. If the threshold is exceeded, a warning message will be logged.                                  |
diff --git a/internal/app/users/user_manager.go b/internal/app/users/user_manager.go
@@ -26,19 +26,17 @@ type Manager struct {
 	cfg *config.Config
 	bus evbus.MessageBus
 
-	syncInterval time.Duration
-	users        UserDatabaseRepo
-	peers        PeerDatabaseRepo
+	users UserDatabaseRepo
+	peers PeerDatabaseRepo
 }
 
 func NewUserManager(cfg *config.Config, bus evbus.MessageBus, users UserDatabaseRepo, peers PeerDatabaseRepo) (*Manager, error) {
 	m := &Manager{
 		cfg: cfg,
 		bus: bus,
 
-		syncInterval: 10 * time.Second,
-		users:        users,
-		peers:        peers,
+		users: users,
+		peers: peers,
 	}
 	return m, nil
 }
@@ -311,26 +309,29 @@ func (m Manager) validateDeletion(ctx context.Context, del *domain.User) error {
 }
 
 func (m Manager) runLdapSynchronizationService(ctx context.Context) {
-	running := true
-	for running {
-		select {
-		case <-ctx.Done():
-			running = false
-			continue
-		case <-time.After(m.syncInterval):
-			// select blocks until one of the cases evaluate to true
-		}
-
-		for _, ldapCfg := range m.cfg.Auth.Ldap { // LDAP Auth providers
-			if !ldapCfg.Synchronize {
-				continue // sync disabled
+	for _, ldapCfg := range m.cfg.Auth.Ldap { // LDAP Auth providers
+		go func(cfg config.LdapProvider) {
+			syncInterval := cfg.SyncInterval
+			if syncInterval == 0 {
+				logrus.Debugf("sync disabled for LDAP server: %s", cfg.ProviderName)
+				return
 			}
-			//logrus.Tracef(&ldapCfg)
-			err := m.synchronizeLdapUsers(ctx, &ldapCfg)
-			if err != nil {
-				logrus.Errorf("failed to synchronize LDAP users for %s: %v", ldapCfg.ProviderName, err)
+			running := true
+			for running {
+				select {
+				case <-ctx.Done():
+					running = false
+					continue
+				case <-time.After(syncInterval * time.Second):
+					// select blocks until one of the cases evaluate to true
+				}
+
+				err := m.synchronizeLdapUsers(ctx, &cfg)
+				if err != nil {
+					logrus.Errorf("failed to synchronize LDAP users for %s: %v", cfg.ProviderName, err)
+				}
 			}
-		}
+		}(ldapCfg)
 	}
 }
 
@@ -388,7 +389,7 @@ func (m Manager) updateLdapUsers(ctx context.Context, providerName string, rawUs
 		tctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
 		defer cancel()
 		tctx = domain.SetUserInfo(tctx, domain.SystemAdminContextUserInfo())
-		
+
 		if existingUser == nil {
 			err := m.NewUser(tctx, user)
 			if err != nil {
@@ -397,7 +398,7 @@ func (m Manager) updateLdapUsers(ctx context.Context, providerName string, rawUs
 		}
 
 		if existingUser != nil && existingUser.Source == domain.UserSourceLdap && userChangedInLdap(existingUser, user) {
-		
+
 			err := m.users.SaveUser(tctx, user.Identifier, func(u *domain.User) (*domain.User, error) {
 				u.UpdatedAt = time.Now()
 				u.UpdatedBy = "ldap_sync"
diff --git a/internal/config/auth.go b/internal/config/auth.go
@@ -1,6 +1,8 @@
 package config
 
 import (
+	"time"
+
 	"github.com/go-ldap/ldap/v3"
 )
 
@@ -50,10 +52,10 @@ type LdapProvider struct {
 	AdminGroupDN       string   `yaml:"admin_group"`  // Members of this group receive admin rights in WG-Portal
 	ParsedAdminGroupDN *ldap.DN `yaml:"-"`
 
-	Synchronize bool `yaml:"synchronize"`
 	// If DisableMissing is true, missing users will be deactivated
-	DisableMissing bool   `yaml:"disable_missing"`
-	SyncFilter     string `yaml:"sync_filter"`
+	DisableMissing bool          `yaml:"disable_missing"`
+	SyncFilter     string        `yaml:"sync_filter"`
+	SyncInterval   time.Duration `yaml:"sync_interval"`
 
 	// If RegistrationEnabled is set to true, wg-portal will create new users that do not exist in the database.
 	RegistrationEnabled bool `yaml:"registration_enabled"`
diff --git a/internal/config/config.go b/internal/config/config.go
@@ -27,7 +27,6 @@ type Config struct {
 		LogLevel            string        `yaml:"log_level"`
 		LogPretty           bool          `yaml:"log_pretty"`
 		LogJson             bool          `yaml:"log_json"`
-		LdapSyncInterval    time.Duration `yaml:"ldap_sync_interval"`
 		StartListenPort     int           `yaml:"start_listen_port"`
 		StartCidrV4         string        `yaml:"start_cidr_v4"`
 		StartCidrV6         string        `yaml:"start_cidr_v6"`
