sources/ldap: check pwdLastSet when syncing Users
This commit is contained in:
parent
74d240dfd4
commit
e8c9b70ae8
|
@ -1,7 +1,10 @@
|
||||||
"""Sync LDAP Users into authentik"""
|
"""Sync LDAP Users into authentik"""
|
||||||
|
from datetime import datetime
|
||||||
|
|
||||||
import ldap3
|
import ldap3
|
||||||
import ldap3.core.exceptions
|
import ldap3.core.exceptions
|
||||||
from django.db.utils import IntegrityError
|
from django.db.utils import IntegrityError
|
||||||
|
from pytz import UTC
|
||||||
|
|
||||||
from authentik.core.models import User
|
from authentik.core.models import User
|
||||||
from authentik.sources.ldap.sync.base import LDAP_UNIQUENESS, BaseLDAPSynchronizer
|
from authentik.sources.ldap.sync.base import LDAP_UNIQUENESS, BaseLDAPSynchronizer
|
||||||
|
@ -53,11 +56,21 @@ class UserLDAPSynchronizer(BaseLDAPSynchronizer):
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
else:
|
else:
|
||||||
if created:
|
|
||||||
ak_user.set_unusable_password()
|
|
||||||
ak_user.save()
|
|
||||||
self._logger.debug(
|
self._logger.debug(
|
||||||
"Synced User", user=ak_user.username, created=created
|
"Synced User", user=ak_user.username, created=created
|
||||||
)
|
)
|
||||||
user_count += 1
|
user_count += 1
|
||||||
|
# pylint: disable=no-value-for-parameter
|
||||||
|
pwd_last_set = UTC.localize(
|
||||||
|
attributes.get("pwdLastSet", datetime.now())
|
||||||
|
)
|
||||||
|
if created or pwd_last_set >= ak_user.password_change_date:
|
||||||
|
self._logger.debug(
|
||||||
|
"Reset user's password",
|
||||||
|
user=ak_user.username,
|
||||||
|
created=created,
|
||||||
|
pwd_last_set=pwd_last_set,
|
||||||
|
)
|
||||||
|
ak_user.set_unusable_password()
|
||||||
|
ak_user.save()
|
||||||
return user_count
|
return user_count
|
||||||
|
|
Reference in a new issue