Browse Source

[Update] LDAP 导入搜索添加分页配置

pull/3289/head
BaiJiangJie 5 years ago
parent
commit
25fcbf37c3
  1. 1
      apps/jumpserver/conf.py
  2. 1
      apps/jumpserver/settings.py
  3. 51
      apps/settings/utils.py

1
apps/jumpserver/conf.py

@ -380,6 +380,7 @@ defaults = {
'SECURITY_MFA_VERIFY_TTL': 3600, 'SECURITY_MFA_VERIFY_TTL': 3600,
'ASSETS_PERM_CACHE_ENABLE': False, 'ASSETS_PERM_CACHE_ENABLE': False,
'PERM_SINGLE_ASSET_TO_UNGROUP_NODE': False, 'PERM_SINGLE_ASSET_TO_UNGROUP_NODE': False,
'AUTH_LDAP_SEARCH_PAGED_SIZE': None,
} }

1
apps/jumpserver/settings.py

@ -424,6 +424,7 @@ OTP_VALID_WINDOW = CONFIG.OTP_VALID_WINDOW
# Auth LDAP settings # Auth LDAP settings
AUTH_LDAP = False AUTH_LDAP = False
AUTH_LDAP_SEARCH_PAGED_SIZE = CONFIG.AUTH_LDAP_SEARCH_PAGED_SIZE
AUTH_LDAP_SERVER_URI = 'ldap://localhost:389' AUTH_LDAP_SERVER_URI = 'ldap://localhost:389'
AUTH_LDAP_BIND_DN = 'cn=admin,dc=jumpserver,dc=org' AUTH_LDAP_BIND_DN = 'cn=admin,dc=jumpserver,dc=org'
AUTH_LDAP_BIND_PASSWORD = '' AUTH_LDAP_BIND_PASSWORD = ''

51
apps/settings/utils.py

@ -47,6 +47,7 @@ class LDAPUtil:
self.search_filter = settings.AUTH_LDAP_SEARCH_FILTER self.search_filter = settings.AUTH_LDAP_SEARCH_FILTER
self.attr_map = settings.AUTH_LDAP_USER_ATTR_MAP self.attr_map = settings.AUTH_LDAP_USER_ATTR_MAP
self.auth_ldap = settings.AUTH_LDAP self.auth_ldap = settings.AUTH_LDAP
self.paged_size = settings.AUTH_LDAP_SEARCH_PAGED_SIZE
@property @property
def connection(self): def connection(self):
@ -79,23 +80,45 @@ class LDAPUtil:
user_item[attr] = value user_item[attr] = value
return user_item return user_item
def _search_user_items_ou(self, search_ou, cookie=None):
ok = self.connection.search(
search_ou, self.search_filter % ({"user": "*"}),
attributes=list(self.attr_map.values()),
paged_size=self.paged_size, paged_cookie=cookie
)
if not ok:
error = _("Search no entry matched in ou {}".format(search_ou))
raise LDAPOUGroupException(error)
user_items = []
for entry in self.connection.entries:
user_item = self._ldap_entry_to_user_item(entry)
user = self.get_user_by_username(user_item['username'])
user_item['existing'] = bool(user)
if user_item in user_items:
continue
user_items.append(user_item)
return user_items
def _cookie(self):
if self.paged_size is None:
cookie = None
else:
cookie = self.connection.result['controls']['1.2.840.113556.1.4.319']['value']['cookie']
return cookie
def search_user_items(self): def search_user_items(self):
user_items = [] user_items = []
logger.info("Search user items")
for search_ou in str(self.search_ougroup).split("|"): for search_ou in str(self.search_ougroup).split("|"):
ok = self.connection.search( logger.info("Search user search ou: {}".format(search_ou))
search_ou, self.search_filter % ({"user": "*"}), _user_items = self._search_user_items_ou(search_ou)
attributes=list(self.attr_map.values()) user_items.extend(_user_items)
) while self._cookie():
if not ok: logger.info("Page Search user search ou: {}".format(search_ou))
error = _("Search no entry matched in ou {}".format(search_ou)) _user_items = self._search_user_items_ou(search_ou, self._cookie())
raise LDAPOUGroupException(error) user_items.extend(_user_items)
for entry in self.connection.entries: logger.info("Search user items end")
user_item = self._ldap_entry_to_user_item(entry)
user = self.get_user_by_username(user_item['username'])
user_item['existing'] = bool(user)
if user_item in user_items:
continue
user_items.append(user_item)
return user_items return user_items
def search_filter_user_items(self, username_list): def search_filter_user_items(self, username_list):

Loading…
Cancel
Save