trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sources/ldap: check pwdLastSet when syncing Users

This commit is contained in:
Jens Langhammer 2021-03-02 21:05:00 +01:00
parent 74d240dfd4
commit e8c9b70ae8
1 changed files with 16 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
authentik/sources/ldap/sync/users.py
View File

@ -1,7 +1,10 @@
"""Sync LDAP Users into authentik""" """Sync LDAP Users into authentik"""
from datetime import datetime
import ldap3 import ldap3
import ldap3.core.exceptions import ldap3.core.exceptions
from django.db.utils import IntegrityError from django.db.utils import IntegrityError
from pytz import UTC
from authentik.core.models import User from authentik.core.models import User
from authentik.sources.ldap.sync.base import LDAP_UNIQUENESS, BaseLDAPSynchronizer from authentik.sources.ldap.sync.base import LDAP_UNIQUENESS, BaseLDAPSynchronizer
@ -53,11 +56,21 @@ class UserLDAPSynchronizer(BaseLDAPSynchronizer):
) )
) )
else: else:
if created:
ak_user.set_unusable_password()
ak_user.save()
self._logger.debug( self._logger.debug(
"Synced User", user=ak_user.username, created=created "Synced User", user=ak_user.username, created=created
) )
user_count += 1 user_count += 1
# pylint: disable=no-value-for-parameter
pwd_last_set = UTC.localize(
attributes.get("pwdLastSet", datetime.now())
)
if created or pwd_last_set >= ak_user.password_change_date:
self._logger.debug(
"Reset user's password",
user=ak_user.username,
created=created,
pwd_last_set=pwd_last_set,
)
ak_user.set_unusable_password()
ak_user.save()
return user_count return user_count