From bb244b8338b2d297a2f69fcce78e73b331bd0588 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sat, 4 Jun 2022 18:03:00 +0200 Subject: [PATCH] providers/ldap: fix session cache being lost on provider refresh Signed-off-by: Jens Langhammer --- internal/outpost/ldap/bind/memory/memory.go | 20 +++++++++++++------- internal/outpost/ldap/refresh.go | 2 +- 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/internal/outpost/ldap/bind/memory/memory.go b/internal/outpost/ldap/bind/memory/memory.go index 11f7e5acd..379cc44bc 100644 --- a/internal/outpost/ldap/bind/memory/memory.go +++ b/internal/outpost/ldap/bind/memory/memory.go @@ -23,15 +23,21 @@ type SessionBinder struct { sessions *ttlcache.Cache[Credentials, ldap.LDAPResultCode] } -func NewSessionBinder(si server.LDAPServerInstance) *SessionBinder { +func NewSessionBinder(si server.LDAPServerInstance, oldBinder bind.Binder) *SessionBinder { sb := &SessionBinder{ - DirectBinder: *direct.NewDirectBinder(si), - si: si, - log: log.WithField("logger", "authentik.outpost.ldap.binder.session"), - sessions: ttlcache.New(ttlcache.WithDisableTouchOnHit[Credentials, ldap.LDAPResultCode]()), + si: si, + log: log.WithField("logger", "authentik.outpost.ldap.binder.session"), + } + if oldSb, ok := oldBinder.(*SessionBinder); ok { + sb.DirectBinder = oldSb.DirectBinder + sb.sessions = oldSb.sessions + sb.log.Info("re-initialised session binder") + } else { + sb.sessions = ttlcache.New(ttlcache.WithDisableTouchOnHit[Credentials, ldap.LDAPResultCode]()) + sb.DirectBinder = *direct.NewDirectBinder(si) + go sb.sessions.Start() + sb.log.Info("initialised session binder") } - go sb.sessions.Start() - sb.log.Info("initialised session binder") return sb } diff --git a/internal/outpost/ldap/refresh.go b/internal/outpost/ldap/refresh.go index 6d469e754..329e973b7 100644 --- a/internal/outpost/ldap/refresh.go +++ b/internal/outpost/ldap/refresh.go @@ -83,7 +83,7 @@ func (ls *LDAPServer) Refresh() error { providers[idx].searcher = directsearch.NewDirectSearcher(providers[idx]) } if *provider.BindMode.Ptr() == api.LDAPAPIACCESSMODE_CACHED { - providers[idx].binder = memorybind.NewSessionBinder(providers[idx]) + providers[idx].binder = memorybind.NewSessionBinder(providers[idx], providers[idx].binder) } else if *provider.BindMode.Ptr() == api.LDAPAPIACCESSMODE_DIRECT { providers[idx].binder = directbind.NewDirectBinder(providers[idx]) }