添加用户完成

pull/6/head
ibuler 10 years ago
parent bc5b32bcea
commit 14da0f18ab

@ -8,6 +8,7 @@ password = mysql234
database = jumpserver
[ldap]
ldap_enable = 1
host_url = ldap://127.0.0.1:389
base_dn = dc=jumpserver,dc=org
root_dn = cn=admin,dc=jumpserver,dc=org

@ -13,6 +13,7 @@ from Crypto.PublicKey import RSA
import crypt
from django.shortcuts import render_to_response
from django.core.exceptions import ObjectDoesNotExist
from juser.models import UserGroup, User
from connect import PyCrypt, KEY
@ -20,11 +21,13 @@ from connect import BASE_DIR
from connect import CONF
cryptor = PyCrypt(KEY)
ldap_host_url = CONF.get('ldap', 'host_url')
ldap_base_dn = CONF.get('ldap', 'base_dn')
ldap_root_dn = CONF.get('ldap', 'root_dn')
ldap_root_pwd = CONF.get('ldap', 'root_pw')
CRYPTOR = PyCrypt(KEY)
LDAP_ENABLE = CONF.get('ldap', 'ldap_enable')
if LDAP_ENABLE:
LDAP_HOST_URL = CONF.get('ldap', 'host_url')
LDAP_BASE_DN = CONF.get('ldap', 'base_dn')
LDAP_ROOT_DN = CONF.get('ldap', 'root_dn')
LDAP_ROOT_PW = CONF.get('ldap', 'root_pw')
def md5_crypt(string):
@ -58,10 +61,10 @@ class AddError(Exception):
class LDAPMgmt():
def __init__(self,
host_url=ldap_host_url,
base_dn=ldap_base_dn,
root_cn=ldap_root_dn,
root_pw=ldap_root_pwd):
host_url=LDAP_HOST_URL,
base_dn=LDAP_BASE_DN,
root_cn=LDAP_ROOT_DN,
root_pw=LDAP_ROOT_PW):
self.ldap_host = host_url
self.ldap_base_dn = base_dn
self.conn = ldap.initialize(host_url)
@ -163,6 +166,14 @@ def db_add_user(**kwargs):
user.user_group = group_select
def db_del_user(username):
try:
user = User.objects.get(username=username)
user.delete()
except ObjectDoesNotExist:
pass
def gen_ssh_key(username, password=None, length=2048):
private_key_dir = os.path.join(BASE_DIR, 'keys/jumpserver/')
private_key_file = os.path.join(private_key_dir, username)
@ -188,8 +199,12 @@ def server_add_user(username, password, ssh_key_pwd1):
gen_ssh_key(username, ssh_key_pwd1)
def server_del_user(username):
bash('userdel -r %s' % username)
def ldap_add_user(username, ldap_pwd):
user_dn = "uid=%s,ou=People,%s" % (username, ldap_base_dn)
user_dn = "uid=%s,ou=People,%s" % (username, LDAP_BASE_DN)
password_sha512 = gen_sha512(gen_rand_pwd(6), ldap_pwd)
user = User.objects.get(username=username)
@ -206,13 +221,13 @@ def ldap_add_user(username, ldap_pwd):
'gidNumber': [str(user.id)],
'homeDirectory': [str('/home/%s' % username)]}
group_dn = "cn=%s,ou=Group,%s" % (username, ldap_base_dn)
group_dn = "cn=%s,ou=Group,%s" % (username, LDAP_BASE_DN)
group_attr = {'objectClass': ['posixGroup', 'top'],
'cn': [str(username)],
'userPassword': ['{crypt}x'],
'gidNumber': [str(user.id)]}
sudo_dn = 'cn=%s,ou=Sudoers,%s' % (username, ldap_base_dn)
sudo_dn = 'cn=%s,ou=Sudoers,%s' % (username, LDAP_BASE_DN)
sudo_attr = {'objectClass': ['top', 'sudoRole'],
'cn': ['%s' % str(username)],
'sudoCommand': ['/bin/pwd'],
@ -228,9 +243,15 @@ def ldap_add_user(username, ldap_pwd):
ldap_conn.add(sudo_dn, sudo_attr)
def db_del_user(username):
user = User.objects.get(username=username)
user.delete()
def ldap_del_user(username):
user_dn = "uid=%s,ou=People,%s" % (username, LDAP_BASE_DN)
group_dn = "cn=%s,ou=Group,%s" % (username, LDAP_BASE_DN)
sudo_dn = 'cn=%s,ou=Sudoers,%s' % (username, LDAP_BASE_DN)
ldap_conn = LDAPMgmt()
ldap_conn.delete(user_dn)
ldap_conn.delete(group_dn)
ldap_conn.delete(sudo_dn)
def user_add(request):
@ -265,16 +286,29 @@ def user_add(request):
pass
else:
time_now = time.time()
db_add_user(username=username,
password=md5_crypt(password),
name=name, email=email,
groups=groups, role=role_post,
ssh_pwd=cryptor.encrypt(ssh_pwd),
ssh_key_pwd1=cryptor.encrypt(ssh_key_pwd1),
ldap_pwd=cryptor.encrypt(ldap_pwd),
is_active=is_active,
date_joined=time_now)
msg = u'添加用户成功'
try:
db_add_user(username=username,
password=md5_crypt(password),
name=name, email=email,
groups=groups, role=role_post,
ssh_pwd=CRYPTOR.encrypt(ssh_pwd),
ssh_key_pwd1=CRYPTOR.encrypt(ssh_key_pwd1),
ldap_pwd=CRYPTOR.encrypt(ldap_pwd),
is_active=is_active,
date_joined=time_now)
server_add_user(username, password, ssh_key_pwd1)
if LDAP_ENABLE:
ldap_add_user(username, ldap_pwd)
msg = '添加用户%s成功!'
except Exception, e:
error = '添加用户%s失败 %s' % e
db_del_user(username)
server_del_user(username)
if LDAP_ENABLE:
ldap_del_user(username)
return render_to_response('juser/user_add.html', locals())

Loading…
Cancel
Save