LDAP regular Sync of User attributes

[liszca]

• Gitea version (or commit ref):
• Git version: 1.12.4
• Operating system: Debian 10
• Database (use [x]):
  • PostgreSQL
  • MySQL
  • MSSQL
  • SQLite
• Can you reproduce the bug at https://try.gitea.io:
  • Yes (provide example URL)
  • No
  • Not relevant
• Log gist:

Description

The user attribute synchronisation does not work as expected:
If I change my E-Mail address in LDAP, it will never change in Gitea, same for removed users. A test against deaktivated users by LDAP shows they cannot login (which is good), but in the Users account it will stay listed as "Activated".

Is it posible to trigger a periodical sync to have all "Mail" and LDAP-Account status synchronized?

...

Screenshots

[liszca]

Ok, shame on me I found a button, but how can I let cron do this Job:

[lafriks]

By default it would synchronize users every 24h if you have enabled it in authorization source:

https://github.com/go-gitea/gitea/blob/master/custom/conf/app.example.ini#L921

[liszca]

Thanks for the code in the app.ini, that was what i was looking for.
Is refresh every 30 Minutes "30m" ?

Is it possible to do the LDAP configuration in this file too?

[olexiyb]

@lafriks default is good, but it looks like the example from config does not work anymore. We need to sync from LDAP every several minutes to get the latest ssh keys, I remember it worked fine but does not in the latest release.

[olexiyb]

Thanks for the code in the app.ini, that was what i was looking for.
Is refresh every 30 Minutes "30m" ?

Is it possible to do the LDAP configuration in this file too?

https://docs.gitea.io/en-us/authentication/

[liszca]

https://github.com/go-gitea/gitea/blob/master/custom/conf/app.example.ini#L921

I configured it like the following but it didn't work as expected, my expectations where after Gitea restart it would do a sync befause of RUN_AT_START = true, but that didn't happen 90 minutes later nothing changed.

[cron.sync_external_users]
RUN_AT_START = true
SCHEDULE = @every 24h
UPDATE_EXISTING = true

[liszca]

@lafriks default is good, but it looks like the example from config does not work anymore. We need to sync from LDAP every several minutes to get the latest ssh keys, I remember it worked fine but does not in the latest release.

Which release was it, so I can switch if its not to old ...

[olexiyb]

@lafriks default is good, but it looks like the example from config does not work anymore. We need to sync from LDAP every several minutes to get the latest ssh keys, I remember it worked fine but does not in the latest release.

Which release was it, so I can switch if its not to old ...

The last release it was working fine was 1.10, but this one missing many features

[liszca]

The last release it was working fine was 1.10, but this one missing many features

Is Migration missing?

[olexiyb]

The last release it was working fine was 1.10, but this one missing many features

Is Migration missing?

No

[liszca]

About 1.10.6 I can already say that RUN_AT_START = true is not working

[liszca]

Can you change this from question to BUG?

[liszca]

1.9.6 is working, changed Mail address is already changed after server is started.

[olexiyb]

I tried to debug and it looks like the bug is in

go-ini/ini#240

This function

func GetCronSettings(name string, config interface{}) (interface{}, error) {
	cfg := Cfg.Section("cron." + name)
	log.Info("GetCronSettings name=%s cfg=%+v", name, cfg)
	err := cfg.MapTo(config)
	log.Info("GetCronSettings name=%s err=%+v config=%+v", name, err, config)
	return config, err
}

I can see data reading fine, but result of MapTo is wrong

[liszca]

How does it look if you debug 1.9.6?

[zeripath]

1.9.6 has completely different code so this would not be the same.

[olexiyb]

[cron.update_mirrors]
ENABLED = false
SCHEDULE = @every 2m

using

type BaseConfig struct {
	Enabled         bool
	RunAtStart      bool
	Schedule        string
	NoSuccessNotice bool
}

is reading and mapping fine, but all other structs not working.

[zeripath]

yeah just testing this and it seems like the mapping to the extended structs isn't working.

[zeripath]

hmm...

That's annoying.

[zeripath]

Simplest fix is to just expand out the configs completely - (and of course fix go-ini to cope with the structs as another pr)

Agh but that wouldn't work.

[zeripath]

We need an ini:"extends" option similar to xorm - that's gonna need a PR to ini

[zeripath]

go-ini/ini#269

[zeripath]

I've put in a workaround in as #12939