如何清理NextCloud过期账号?

Bash

1 前言

一个问题,一篇文章,一出故事。
笔者生产环境的NextCloud有用户离职后重新入职后发现同名或同邮箱用户,因此我们产生清理过期用户的需求。当前的环境详细请参阅如下链接,

如何部署CentOS 8.x nextCloud?


笔者使用官方的清理方法失败,详见如下,

如何清理Nextcloud LDAP用户?

2 最佳实践

2.1 查询当前用户报告

sudo -u apache /usr/bin/php --define apc.enable_cli=1 /var/www/nextcloud/occ user:report

可见如下输出,

+----------------+-------+
| User Report    |       |
+----------------+-------+
| Database       | 3     |
| LDAP           | 36009 |
|                |       |
| total users    | 36012 |
|                |       |
| active users   | 899   |
| disabled users | 2     |
+----------------+-------+

2.2 编写脚本清理

2.2.1 创建清理脚本

vim ~/scripts/nextCloudUserTool.sh

加入如下配置,

#!/bin/bash

mysqlUser="nextcloud"
mysqlPasswd="nextcloudpwd"
mysqlHost="127.0.0.1"
mysqlDB="nextcloud"
mysqlTab="oc_accounts"
removeDays="360"
apacheUser="apache"
phpBin="/usr/bin/php"
nextOcc="/var/www/nextcloud/occ"
log="/var/log/nextcloud/ldapUser.log"

users=`mysql -u"$mysqlUser" -p"$mysqlPasswd" -h "$mysqlHost" -e "select uid from $mysqlDB.$mysqlTab \G;" | grep 'uid:' | awk -F' ' '{print $2}'`
for i in $users; do
	exeMsg=`sudo -u "$apacheUser" "$phpBin" --define apc.enable_cli=1 "$nextOcc" ldap:check-user "$i"`
	if [ "$exeMsg" = "Lost connection to LDAP server." ]; then
		continue
	fi
	if [ "$exeMsg" = "The user is still available on LDAP." ]; then
		continue
	fi
	if [ `echo "$exeMsg" | grep "Clean up the user's remnants by" | wc -l` != 1 ]; then
		continue
	fi
	userInfo=`sudo -u "$apacheUser" "$phpBin" --define apc.enable_cli=1 "$nextOcc" user:info "$i"`
	displayName=`echo "$userInfo" | grep "display_name:" | awk -F': ' '{print $2}'`
	email=`echo "$userInfo" | grep "email:" | awk -F': ' '{print $2}'`
	lastSeen=`echo "$userInfo" | grep "last_seen:" | awk -F': ' '{print $2}' | awk -F'T' '{print $1" "$2}' | awk -F'+' '{print $1}'`
	backend=`echo "$userInfo" | grep "backend:" | awk -F': ' '{print $2}'`
	enabled=`echo "$userInfo" | grep "enabled:" | awk -F': ' '{print $2}'`
	if [ "$enabled" = "false" ]; then
		continue
	fi
	if [ "$backend" = "Database" ]; then
		continue
	fi
	now=`date '+%Y-%m-%d %H:%M:%S'`
	formatNow=`date -d "$now" +%s`
	formatLastSeen=`date -d "$lastSeen" +%s`
	lastSeenDays="$((($formatNow - $formatLastSeen)/86400))"
	if [ "$lastSeenDays" -gt "$removeDays" ]; then
		sudo -u "$apacheUser" "$phpBin" --define apc.enable_cli=1 "$nextOcc" user:delete "$i"	
		if [ $? == 0 ]; then
			echo "`date +'%Y-%m-%d %H:%M:%S'` deleted '""$i""' '""$displayName""' '""$email""' '""$lastSeen""'" | tee -a "$log"
		fi
	else
		sudo -u "$apacheUser" "$phpBin" --define apc.enable_cli=1 "$nextOcc" user:disable "$i"
		if [ $? == 0 ]; then
			echo "`date +'%Y-%m-%d %H:%M:%S'` disable '""$i""' '""$displayName""' '""$email""' '""$lastSeen""'" | tee -a "$log"
		fi
	fi
done

然后,使用如下命令测试脚本执行,

sh ~/scripts/nextCloudUserTool.sh

可使用如下命令查看日志,

tail -f /var/log/nextcloud/ldapUser.log

可见如下日志,

#...
2022-05-25 10:40:19 disable '1845c102-2a1011eb-8112eb63-06a7ea03' 'user01' 'user01@cmdschool.org' '2021-09-14 07:50:39'
2022-05-25 10:42:29 disable '19a85701-f3e211e6-b718eb63-06a7ea03' 'user02' 'user02@cmdschool.org' '2021-09-18 05:20:22'
2022-05-25 10:49:20 deleted '1db35a82-cb6c11e8-8112eb63-06a7ea03' 'user03' 'user03@cmdschool.org' '2019-03-25 15:26:38'
2022-05-25 10:55:25 disable '254d8001-a22011e9-8112eb63-06a7ea03' 'user04' 'user04@cmdschool.org' '2021-10-19 04:01:39'

2.2.2 配置脚本触发

crontab -e

加入如下配置,

0 0 */1 * * sh ~/scripts/nextCloudUserTool.sh
没有评论

发表评论

Cloud storage
如何解除NextCloud禁用的IP地址?

1 前言 一个问题,一篇文章,一出故事。 笔者需要解除nextCloud密码暴力破解的名单,于是产生 …

Cloud storage
如何安装配置twofactor_admin?

1 前言 一个问题,一篇文章,一出故事。 笔记的生产环境的nextcloud需要启用2FA(twof …

Bash
如何命令查找docker集群实例关键字?

1 前言 一个问题,一篇文章,一出故事。 笔者定位某个IP地址在集群中的位置,于是笔者想到使用循环去 …