sources/ldap: improve messages of sync tasks in UI
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer
parent
dd290e264c
commit
ed6f5b98df
|
|
@ -17,11 +17,18 @@ class BaseLDAPSynchronizer:
|
||||||
|
|
||||||
_source: LDAPSource
|
_source: LDAPSource
|
||||||
_logger: BoundLogger
|
_logger: BoundLogger
|
||||||
|
_messages: list[str]
|
||||||
|
|
||||||
def __init__(self, source: LDAPSource):
|
def __init__(self, source: LDAPSource):
|
||||||
self._source = source
|
self._source = source
|
||||||
|
self._messages = []
|
||||||
self._logger = get_logger().bind(source=source, syncer=self.__class__.__name__)
|
self._logger = get_logger().bind(source=source, syncer=self.__class__.__name__)
|
||||||
|
|
||||||
|
@property
|
||||||
|
def messages(self) -> list[str]:
|
||||||
|
"""Get all UI messages"""
|
||||||
|
return self._messages
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def base_dn_users(self) -> str:
|
def base_dn_users(self) -> str:
|
||||||
"""Shortcut to get full base_dn for user lookups"""
|
"""Shortcut to get full base_dn for user lookups"""
|
||||||
|
|
@ -36,6 +43,11 @@ class BaseLDAPSynchronizer:
|
||||||
return f"{self._source.additional_group_dn},{self._source.base_dn}"
|
return f"{self._source.additional_group_dn},{self._source.base_dn}"
|
||||||
return self._source.base_dn
|
return self._source.base_dn
|
||||||
|
|
||||||
|
def message(self, *args, **kwargs):
|
||||||
|
"""Add message that is later added to the System Task and shown to the user"""
|
||||||
|
self._messages.append(" ".join(args))
|
||||||
|
self._logger.warning(*args, **kwargs)
|
||||||
|
|
||||||
def sync(self) -> int:
|
def sync(self) -> int:
|
||||||
"""Sync function, implemented in subclass"""
|
"""Sync function, implemented in subclass"""
|
||||||
raise NotImplementedError()
|
raise NotImplementedError()
|
||||||
|
|
|
||||||
|
|
@ -15,7 +15,7 @@ class GroupLDAPSynchronizer(BaseLDAPSynchronizer):
|
||||||
def sync(self) -> int:
|
def sync(self) -> int:
|
||||||
"""Iterate over all LDAP Groups and create authentik_core.Group instances"""
|
"""Iterate over all LDAP Groups and create authentik_core.Group instances"""
|
||||||
if not self._source.sync_groups:
|
if not self._source.sync_groups:
|
||||||
self._logger.warning("Group syncing is disabled for this Source")
|
self.message("Group syncing is disabled for this Source")
|
||||||
return -1
|
return -1
|
||||||
groups = self._source.connection.extend.standard.paged_search(
|
groups = self._source.connection.extend.standard.paged_search(
|
||||||
search_base=self.base_dn_groups,
|
search_base=self.base_dn_groups,
|
||||||
|
|
@ -28,8 +28,8 @@ class GroupLDAPSynchronizer(BaseLDAPSynchronizer):
|
||||||
attributes = group.get("attributes", {})
|
attributes = group.get("attributes", {})
|
||||||
group_dn = self._flatten(self._flatten(group.get("entryDN", group.get("dn"))))
|
group_dn = self._flatten(self._flatten(group.get("entryDN", group.get("dn"))))
|
||||||
if self._source.object_uniqueness_field not in attributes:
|
if self._source.object_uniqueness_field not in attributes:
|
||||||
self._logger.warning(
|
self.message(
|
||||||
"Cannot find uniqueness Field in attributes",
|
f"Cannot find uniqueness field in attributes: '{group_dn}",
|
||||||
attributes=attributes.keys(),
|
attributes=attributes.keys(),
|
||||||
dn=group_dn,
|
dn=group_dn,
|
||||||
)
|
)
|
||||||
|
|
|
||||||
|
|
@ -62,8 +62,8 @@ class MembershipLDAPSynchronizer(BaseLDAPSynchronizer):
|
||||||
# group_uniq might be a single string or an array with (hopefully) a single string
|
# group_uniq might be a single string or an array with (hopefully) a single string
|
||||||
if isinstance(group_uniq, list):
|
if isinstance(group_uniq, list):
|
||||||
if len(group_uniq) < 1:
|
if len(group_uniq) < 1:
|
||||||
self._logger.warning(
|
self.message(
|
||||||
"Group does not have a uniqueness attribute.",
|
f"Group does not have a uniqueness attribute: '{group_dn}'",
|
||||||
group=group_dn,
|
group=group_dn,
|
||||||
)
|
)
|
||||||
return None
|
return None
|
||||||
|
|
@ -71,8 +71,8 @@ class MembershipLDAPSynchronizer(BaseLDAPSynchronizer):
|
||||||
if group_uniq not in self.group_cache:
|
if group_uniq not in self.group_cache:
|
||||||
groups = Group.objects.filter(**{f"attributes__{LDAP_UNIQUENESS}": group_uniq})
|
groups = Group.objects.filter(**{f"attributes__{LDAP_UNIQUENESS}": group_uniq})
|
||||||
if not groups.exists():
|
if not groups.exists():
|
||||||
self._logger.warning(
|
self.message(
|
||||||
"Group does not exist in our DB yet, run sync_groups first.",
|
f"Group does not exist in our DB yet, run sync_groups first: '{group_dn}'",
|
||||||
group=group_dn,
|
group=group_dn,
|
||||||
)
|
)
|
||||||
return None
|
return None
|
||||||
|
|
|
||||||
|
|
@ -18,7 +18,7 @@ class UserLDAPSynchronizer(BaseLDAPSynchronizer):
|
||||||
def sync(self) -> int:
|
def sync(self) -> int:
|
||||||
"""Iterate over all LDAP Users and create authentik_core.User instances"""
|
"""Iterate over all LDAP Users and create authentik_core.User instances"""
|
||||||
if not self._source.sync_users:
|
if not self._source.sync_users:
|
||||||
self._logger.warning("User syncing is disabled for this Source")
|
self.message("User syncing is disabled for this Source")
|
||||||
return -1
|
return -1
|
||||||
users = self._source.connection.extend.standard.paged_search(
|
users = self._source.connection.extend.standard.paged_search(
|
||||||
search_base=self.base_dn_users,
|
search_base=self.base_dn_users,
|
||||||
|
|
@ -31,8 +31,8 @@ class UserLDAPSynchronizer(BaseLDAPSynchronizer):
|
||||||
attributes = user.get("attributes", {})
|
attributes = user.get("attributes", {})
|
||||||
user_dn = self._flatten(user.get("entryDN", user.get("dn")))
|
user_dn = self._flatten(user.get("entryDN", user.get("dn")))
|
||||||
if self._source.object_uniqueness_field not in attributes:
|
if self._source.object_uniqueness_field not in attributes:
|
||||||
self._logger.warning(
|
self.message(
|
||||||
"Cannot find uniqueness Field in attributes",
|
f"Cannot find uniqueness field in attributes: '{user_dn}",
|
||||||
attributes=attributes.keys(),
|
attributes=attributes.keys(),
|
||||||
dn=user_dn,
|
dn=user_dn,
|
||||||
)
|
)
|
||||||
|
|
@ -66,6 +66,7 @@ class UserLDAPSynchronizer(BaseLDAPSynchronizer):
|
||||||
pwd_last_set: datetime = attributes.get("pwdLastSet", datetime.now())
|
pwd_last_set: datetime = attributes.get("pwdLastSet", datetime.now())
|
||||||
pwd_last_set = pwd_last_set.replace(tzinfo=UTC)
|
pwd_last_set = pwd_last_set.replace(tzinfo=UTC)
|
||||||
if created or pwd_last_set >= ak_user.password_change_date:
|
if created or pwd_last_set >= ak_user.password_change_date:
|
||||||
|
self.message(f"'{ak_user.username}': Reset user's password")
|
||||||
self._logger.debug(
|
self._logger.debug(
|
||||||
"Reset user's password",
|
"Reset user's password",
|
||||||
user=ak_user.username,
|
user=ak_user.username,
|
||||||
|
|
|
||||||
|
|
@ -46,9 +46,9 @@ def ldap_sync(self: MonitoredTask, source_pk: str, sync_class: Optional[str] = N
|
||||||
sync = path_to_class(sync_class)
|
sync = path_to_class(sync_class)
|
||||||
self.set_uid(f"{slugify(source.name)}-{sync.__name__}")
|
self.set_uid(f"{slugify(source.name)}-{sync.__name__}")
|
||||||
try:
|
try:
|
||||||
messages = []
|
|
||||||
sync_inst = sync(source)
|
sync_inst = sync(source)
|
||||||
count = sync_inst.sync()
|
count = sync_inst.sync()
|
||||||
|
messages = sync_inst.messages
|
||||||
messages.append(f"Synced {count} objects.")
|
messages.append(f"Synced {count} objects.")
|
||||||
self.set_status(
|
self.set_status(
|
||||||
TaskResult(
|
TaskResult(
|
||||||
|
|
|
||||||
Reference in a new issue