如何清理NextCloud过期账号?
- By : Will
- Category : Bash, Cloud storage
Bash
1 前言
一个问题,一篇文章,一出故事。
笔者生产环境的NextCloud有用户离职后重新入职后发现同名或同邮箱用户,因此我们产生清理过期用户的需求。当前的环境详细请参阅如下链接,
笔者使用官方的清理方法失败,详见如下,
2 最佳实践
2.1 查询当前用户报告
sudo -u apache /usr/bin/php --define apc.enable_cli=1 /var/www/nextcloud/occ user:report
可见如下输出,
+----------------+-------+ | User Report | | +----------------+-------+ | Database | 3 | | LDAP | 36009 | | | | | total users | 36012 | | | | | active users | 899 | | disabled users | 2 | +----------------+-------+
2.2 编写脚本清理
2.2.1 创建清理脚本
vim ~/scripts/nextCloudUserTool.sh
加入如下配置,
#!/bin/bash
mysqlUser="nextcloud"
mysqlPasswd="nextcloudpwd"
mysqlHost="127.0.0.1"
mysqlDB="nextcloud"
mysqlTab="oc_accounts"
removeDays="360"
apacheUser="apache"
phpBin="/usr/bin/php"
nextOcc="/var/www/nextcloud/occ"
log="/var/log/nextcloud/ldapUser.log"
users=`mysql -u"$mysqlUser" -p"$mysqlPasswd" -h "$mysqlHost" -e "select uid from $mysqlDB.$mysqlTab \G;" | grep 'uid:' | awk -F' ' '{print $2}'`
for i in $users; do
exeMsg=`sudo -u "$apacheUser" "$phpBin" --define apc.enable_cli=1 "$nextOcc" ldap:check-user "$i"`
if [ "$exeMsg" = "Lost connection to LDAP server." ]; then
continue
fi
if [ "$exeMsg" = "The user is still available on LDAP." ]; then
continue
fi
if [ `echo "$exeMsg" | grep "Clean up the user's remnants by" | wc -l` != 1 ]; then
continue
fi
userInfo=`sudo -u "$apacheUser" "$phpBin" --define apc.enable_cli=1 "$nextOcc" user:info "$i"`
displayName=`echo "$userInfo" | grep "display_name:" | awk -F': ' '{print $2}'`
email=`echo "$userInfo" | grep "email:" | awk -F': ' '{print $2}'`
lastSeen=`echo "$userInfo" | grep "last_seen:" | awk -F': ' '{print $2}' | awk -F'T' '{print $1" "$2}' | awk -F'+' '{print $1}'`
backend=`echo "$userInfo" | grep "backend:" | awk -F': ' '{print $2}'`
enabled=`echo "$userInfo" | grep "enabled:" | awk -F': ' '{print $2}'`
if [ "$enabled" = "false" ]; then
continue
fi
if [ "$backend" = "Database" ]; then
continue
fi
now=`date '+%Y-%m-%d %H:%M:%S'`
formatNow=`date -d "$now" +%s`
formatLastSeen=`date -d "$lastSeen" +%s`
lastSeenDays="$((($formatNow - $formatLastSeen)/86400))"
if [ "$lastSeenDays" -gt "$removeDays" ]; then
sudo -u "$apacheUser" "$phpBin" --define apc.enable_cli=1 "$nextOcc" user:delete "$i"
if [ $? == 0 ]; then
echo "`date +'%Y-%m-%d %H:%M:%S'` deleted '""$i""' '""$displayName""' '""$email""' '""$lastSeen""'" | tee -a "$log"
fi
else
sudo -u "$apacheUser" "$phpBin" --define apc.enable_cli=1 "$nextOcc" user:disable "$i"
if [ $? == 0 ]; then
echo "`date +'%Y-%m-%d %H:%M:%S'` disable '""$i""' '""$displayName""' '""$email""' '""$lastSeen""'" | tee -a "$log"
fi
fi
done
然后,使用如下命令测试脚本执行,
sh ~/scripts/nextCloudUserTool.sh
可使用如下命令查看日志,
tail -f /var/log/nextcloud/ldapUser.log
可见如下日志,
#... 2022-05-25 10:40:19 disable '1845c102-2a1011eb-8112eb63-06a7ea03' 'user01' 'user01@cmdschool.org' '2021-09-14 07:50:39' 2022-05-25 10:42:29 disable '19a85701-f3e211e6-b718eb63-06a7ea03' 'user02' 'user02@cmdschool.org' '2021-09-18 05:20:22' 2022-05-25 10:49:20 deleted '1db35a82-cb6c11e8-8112eb63-06a7ea03' 'user03' 'user03@cmdschool.org' '2019-03-25 15:26:38' 2022-05-25 10:55:25 disable '254d8001-a22011e9-8112eb63-06a7ea03' 'user04' 'user04@cmdschool.org' '2021-10-19 04:01:39'
2.2.2 配置脚本触发
crontab -e
加入如下配置,
0 0 */1 * * sh ~/scripts/nextCloudUserTool.sh
没有评论