From 4b7cd79682cf92cf43c4daa059f6df90d2af9873 Mon Sep 17 00:00:00 2001
From: BaiJiangJie <bugatti_it@163.com>
Date: Fri, 27 Sep 2019 14:04:10 +0800
Subject: [PATCH 1/3] =?UTF-8?q?[Feature]=20=E6=B7=BB=E5=8A=A0=E5=90=8C?=
 =?UTF-8?q?=E6=AD=A5=20LDAP/AD=20=E7=94=A8=E6=88=B7=E7=9A=84=E5=AE=9A?=
 =?UTF-8?q?=E6=97=B6=E4=BB=BB=E5=8A=A11?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/settings/utils.py |  2 +-
 apps/users/tasks.py    | 25 +++++++++++++++++++++++++
 2 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/apps/settings/utils.py b/apps/settings/utils.py
index 7fc7510dd..b66e66a38 100644
--- a/apps/settings/utils.py
+++ b/apps/settings/utils.py
@@ -186,7 +186,7 @@ class LDAPUtil:
         result = {'total': len(user_items), 'succeed': succeed, 'failed': failed}
         return result
 
-    def sync_users(self, username_list):
+    def sync_users(self, username_list=None):
         user_items = self.search_filter_user_items(username_list)
         result = self.create_or_update_users(user_items)
         return result
diff --git a/apps/users/tasks.py b/apps/users/tasks.py
index cbdfd4848..6c6faf603 100644
--- a/apps/users/tasks.py
+++ b/apps/users/tasks.py
@@ -10,6 +10,8 @@ from .models import User
 from .utils import (
     send_password_expiration_reminder_mail, send_user_expiration_reminder_mail
 )
+from settings.utils import LDAPUtil
+from django.conf import settings
 
 
 logger = get_logger(__file__)
@@ -66,3 +68,26 @@ def check_user_expired_periodic():
     }
     create_or_update_celery_periodic_tasks(tasks)
 
+
+@shared_task
+def sync_ldap_user():
+    logger.info("Start sync ldap user periodic task")
+    util = LDAPUtil()
+    result = util.sync_users()
+    logger.info("Result: {}".format(result))
+
+
+@shared_task
+@after_app_ready_start
+def sync_ldap_user_periodic():
+    if not settings.AUTH_LDAP:
+        return
+    tasks = {
+        'sync_ldap_user_periodic': {
+            'task': sync_ldap_user.name,
+            'interval': None,
+            'crontab': '* * * * *',
+            'enabled': True,
+        }
+    }
+    create_or_update_celery_periodic_tasks(tasks)

From 8b7c5b1545fbb034e5bb3f641c3f9854793f8c40 Mon Sep 17 00:00:00 2001
From: BaiJiangJie <bugatti_it@163.com>
Date: Fri, 27 Sep 2019 18:19:19 +0800
Subject: [PATCH 2/3] =?UTF-8?q?[Feature]=20=E6=B7=BB=E5=8A=A0=E5=90=8C?=
 =?UTF-8?q?=E6=AD=A5=20LDAP/AD=20=E7=94=A8=E6=88=B7=E7=9A=84=E5=AE=9A?=
 =?UTF-8?q?=E6=97=B6=E4=BB=BB=E5=8A=A12=EF=BC=88=E6=B7=BB=E5=8A=A0?=
 =?UTF-8?q?=E5=90=8C=E6=AD=A5=E5=8F=82=E6=95=B0=E9=85=8D=E7=BD=AE=E9=A1=B9?=
 =?UTF-8?q?=EF=BC=89?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/jumpserver/conf.py     |  5 ++++-
 apps/jumpserver/settings.py |  4 ++++
 apps/settings/utils.py      |  3 ++-
 apps/users/tasks.py         | 14 ++++++++++++--
 4 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/apps/jumpserver/conf.py b/apps/jumpserver/conf.py
index 44fddfc63..d89415eed 100644
--- a/apps/jumpserver/conf.py
+++ b/apps/jumpserver/conf.py
@@ -374,6 +374,10 @@ defaults = {
     'RADIUS_SERVER': 'localhost',
     'RADIUS_PORT': 1812,
     'RADIUS_SECRET': '',
+    'AUTH_LDAP_SEARCH_PAGED_SIZE': 1000,
+    'AUTH_LDAP_SYNC_IS_PERIODIC': False,
+    'AUTH_LDAP_SYNC_INTERVAL': None,
+    'AUTH_LDAP_SYNC_CRONTAB': None,
     'HTTP_BIND_HOST': '0.0.0.0',
     'HTTP_LISTEN_PORT': 8080,
     'WS_LISTEN_PORT': 8070,
@@ -386,7 +390,6 @@ defaults = {
     'PERM_SINGLE_ASSET_TO_UNGROUP_NODE': False,
     'WINDOWS_SSH_DEFAULT_SHELL': 'cmd',
     'FLOWER_URL': "127.0.0.1:5555",
-    'AUTH_LDAP_SEARCH_PAGED_SIZE': 1000,
     'DEFAULT_ORG_SHOW_ALL_USERS': True,
 }
 
diff --git a/apps/jumpserver/settings.py b/apps/jumpserver/settings.py
index b5184de1a..d2eb26ca7 100644
--- a/apps/jumpserver/settings.py
+++ b/apps/jumpserver/settings.py
@@ -425,6 +425,10 @@ OTP_VALID_WINDOW = CONFIG.OTP_VALID_WINDOW
 # Auth LDAP settings
 AUTH_LDAP = False
 AUTH_LDAP_SEARCH_PAGED_SIZE = CONFIG.AUTH_LDAP_SEARCH_PAGED_SIZE
+AUTH_LDAP_SYNC_IS_PERIODIC = CONFIG.AUTH_LDAP_SYNC_IS_PERIODIC
+AUTH_LDAP_SYNC_INTERVAL = CONFIG.AUTH_LDAP_SYNC_INTERVAL
+AUTH_LDAP_SYNC_CRONTAB = CONFIG.AUTH_LDAP_SYNC_CRONTAB
+
 AUTH_LDAP_SERVER_URI = 'ldap://localhost:389'
 AUTH_LDAP_BIND_DN = 'cn=admin,dc=jumpserver,dc=org'
 AUTH_LDAP_BIND_PASSWORD = ''
diff --git a/apps/settings/utils.py b/apps/settings/utils.py
index b66e66a38..657aa4600 100644
--- a/apps/settings/utils.py
+++ b/apps/settings/utils.py
@@ -170,7 +170,7 @@ class LDAPUtil:
         email = construct_user_email(username, email)
         return email
 
-    def create_or_update_users(self, user_items, force_update=True):
+    def create_or_update_users(self, user_items):
         succeed = failed = 0
         for user_item in user_items:
             exist = user_item.pop('existing', False)
@@ -180,6 +180,7 @@ class LDAPUtil:
             else:
                 ok, error = self.update_user(user_item)
             if not ok:
+                logger.info("Failed User: {}".format(user_item))
                 failed += 1
             else:
                 succeed += 1
diff --git a/apps/users/tasks.py b/apps/users/tasks.py
index 6c6faf603..16f208fbd 100644
--- a/apps/users/tasks.py
+++ b/apps/users/tasks.py
@@ -82,11 +82,21 @@ def sync_ldap_user():
 def sync_ldap_user_periodic():
     if not settings.AUTH_LDAP:
         return
+    if not settings.AUTH_LDAP_SYNC_IS_PERIODIC:
+        return
+
+    interval = settings.AUTH_LDAP_SYNC_INTERVAL
+    if isinstance(interval, int):
+        interval = interval * 3600
+    else:
+        interval = None
+    crontab = settings.AUTH_LDAP_SYNC_CRONTAB
+
     tasks = {
         'sync_ldap_user_periodic': {
             'task': sync_ldap_user.name,
-            'interval': None,
-            'crontab': '* * * * *',
+            'interval': interval,
+            'crontab': crontab,
             'enabled': True,
         }
     }

From fa1a167f8e6f7851183b979aab18d23cf9d3d5ca Mon Sep 17 00:00:00 2001
From: BaiJiangJie <bugatti_it@163.com>
Date: Fri, 27 Sep 2019 18:30:13 +0800
Subject: [PATCH 3/3] =?UTF-8?q?[Feature]=20=E6=B7=BB=E5=8A=A0=E5=90=8C?=
 =?UTF-8?q?=E6=AD=A5=20LDAP/AD=20=E7=94=A8=E6=88=B7=E7=9A=84=E5=AE=9A?=
 =?UTF-8?q?=E6=97=B6=E4=BB=BB=E5=8A=A13?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/users/tasks.py | 2 +-
 config_example.yml  | 7 +++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/apps/users/tasks.py b/apps/users/tasks.py
index 16f208fbd..e0051e939 100644
--- a/apps/users/tasks.py
+++ b/apps/users/tasks.py
@@ -2,6 +2,7 @@
 #
 
 from celery import shared_task
+from django.conf import settings
 
 from ops.celery.utils import create_or_update_celery_periodic_tasks
 from ops.celery.decorator import after_app_ready_start
@@ -11,7 +12,6 @@ from .utils import (
     send_password_expiration_reminder_mail, send_user_expiration_reminder_mail
 )
 from settings.utils import LDAPUtil
-from django.conf import settings
 
 
 logger = get_logger(__file__)
diff --git a/config_example.yml b/config_example.yml
index 2008ff917..911e7b8ee 100644
--- a/config_example.yml
+++ b/config_example.yml
@@ -72,6 +72,13 @@ REDIS_PORT: 6379
 # RADIUS_PORT: 1812
 # RADIUS_SECRET: 
 
+# LDAP/AD 设置定时同步参数
+# 启用/禁用
+# AUTH_LDAP_SYNC_IS_PERIODIC: True
+# 单位: 时
+# AUTH_LDAP_SYNC_INTERVAL: 12
+# Crontab 表达式
+# AUTH_LDAP_SYNC_CRONTAB: * 6 * * *
 
 # OTP settings
 # OTP/MFA 配置