mirror of https://github.com/jumpserver/jumpserver
Merge pull request #3295 from jumpserver/dev_ldap_sync_timing
[Feature] LDAP/AD 添加定时同步任务pull/3298/head
commit
2f48595cd8
|
@ -374,6 +374,10 @@ defaults = {
|
||||||
'RADIUS_SERVER': 'localhost',
|
'RADIUS_SERVER': 'localhost',
|
||||||
'RADIUS_PORT': 1812,
|
'RADIUS_PORT': 1812,
|
||||||
'RADIUS_SECRET': '',
|
'RADIUS_SECRET': '',
|
||||||
|
'AUTH_LDAP_SEARCH_PAGED_SIZE': 1000,
|
||||||
|
'AUTH_LDAP_SYNC_IS_PERIODIC': False,
|
||||||
|
'AUTH_LDAP_SYNC_INTERVAL': None,
|
||||||
|
'AUTH_LDAP_SYNC_CRONTAB': None,
|
||||||
'HTTP_BIND_HOST': '0.0.0.0',
|
'HTTP_BIND_HOST': '0.0.0.0',
|
||||||
'HTTP_LISTEN_PORT': 8080,
|
'HTTP_LISTEN_PORT': 8080,
|
||||||
'WS_LISTEN_PORT': 8070,
|
'WS_LISTEN_PORT': 8070,
|
||||||
|
@ -386,7 +390,6 @@ defaults = {
|
||||||
'PERM_SINGLE_ASSET_TO_UNGROUP_NODE': False,
|
'PERM_SINGLE_ASSET_TO_UNGROUP_NODE': False,
|
||||||
'WINDOWS_SSH_DEFAULT_SHELL': 'cmd',
|
'WINDOWS_SSH_DEFAULT_SHELL': 'cmd',
|
||||||
'FLOWER_URL': "127.0.0.1:5555",
|
'FLOWER_URL': "127.0.0.1:5555",
|
||||||
'AUTH_LDAP_SEARCH_PAGED_SIZE': 1000,
|
|
||||||
'DEFAULT_ORG_SHOW_ALL_USERS': True,
|
'DEFAULT_ORG_SHOW_ALL_USERS': True,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -425,6 +425,10 @@ OTP_VALID_WINDOW = CONFIG.OTP_VALID_WINDOW
|
||||||
# Auth LDAP settings
|
# Auth LDAP settings
|
||||||
AUTH_LDAP = False
|
AUTH_LDAP = False
|
||||||
AUTH_LDAP_SEARCH_PAGED_SIZE = CONFIG.AUTH_LDAP_SEARCH_PAGED_SIZE
|
AUTH_LDAP_SEARCH_PAGED_SIZE = CONFIG.AUTH_LDAP_SEARCH_PAGED_SIZE
|
||||||
|
AUTH_LDAP_SYNC_IS_PERIODIC = CONFIG.AUTH_LDAP_SYNC_IS_PERIODIC
|
||||||
|
AUTH_LDAP_SYNC_INTERVAL = CONFIG.AUTH_LDAP_SYNC_INTERVAL
|
||||||
|
AUTH_LDAP_SYNC_CRONTAB = CONFIG.AUTH_LDAP_SYNC_CRONTAB
|
||||||
|
|
||||||
AUTH_LDAP_SERVER_URI = 'ldap://localhost:389'
|
AUTH_LDAP_SERVER_URI = 'ldap://localhost:389'
|
||||||
AUTH_LDAP_BIND_DN = 'cn=admin,dc=jumpserver,dc=org'
|
AUTH_LDAP_BIND_DN = 'cn=admin,dc=jumpserver,dc=org'
|
||||||
AUTH_LDAP_BIND_PASSWORD = ''
|
AUTH_LDAP_BIND_PASSWORD = ''
|
||||||
|
|
|
@ -170,7 +170,7 @@ class LDAPUtil:
|
||||||
email = construct_user_email(username, email)
|
email = construct_user_email(username, email)
|
||||||
return email
|
return email
|
||||||
|
|
||||||
def create_or_update_users(self, user_items, force_update=True):
|
def create_or_update_users(self, user_items):
|
||||||
succeed = failed = 0
|
succeed = failed = 0
|
||||||
for user_item in user_items:
|
for user_item in user_items:
|
||||||
exist = user_item.pop('existing', False)
|
exist = user_item.pop('existing', False)
|
||||||
|
@ -180,13 +180,14 @@ class LDAPUtil:
|
||||||
else:
|
else:
|
||||||
ok, error = self.update_user(user_item)
|
ok, error = self.update_user(user_item)
|
||||||
if not ok:
|
if not ok:
|
||||||
|
logger.info("Failed User: {}".format(user_item))
|
||||||
failed += 1
|
failed += 1
|
||||||
else:
|
else:
|
||||||
succeed += 1
|
succeed += 1
|
||||||
result = {'total': len(user_items), 'succeed': succeed, 'failed': failed}
|
result = {'total': len(user_items), 'succeed': succeed, 'failed': failed}
|
||||||
return result
|
return result
|
||||||
|
|
||||||
def sync_users(self, username_list):
|
def sync_users(self, username_list=None):
|
||||||
user_items = self.search_filter_user_items(username_list)
|
user_items = self.search_filter_user_items(username_list)
|
||||||
result = self.create_or_update_users(user_items)
|
result = self.create_or_update_users(user_items)
|
||||||
return result
|
return result
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
#
|
#
|
||||||
|
|
||||||
from celery import shared_task
|
from celery import shared_task
|
||||||
|
from django.conf import settings
|
||||||
|
|
||||||
from ops.celery.utils import create_or_update_celery_periodic_tasks
|
from ops.celery.utils import create_or_update_celery_periodic_tasks
|
||||||
from ops.celery.decorator import after_app_ready_start
|
from ops.celery.decorator import after_app_ready_start
|
||||||
|
@ -10,6 +11,7 @@ from .models import User
|
||||||
from .utils import (
|
from .utils import (
|
||||||
send_password_expiration_reminder_mail, send_user_expiration_reminder_mail
|
send_password_expiration_reminder_mail, send_user_expiration_reminder_mail
|
||||||
)
|
)
|
||||||
|
from settings.utils import LDAPUtil
|
||||||
|
|
||||||
|
|
||||||
logger = get_logger(__file__)
|
logger = get_logger(__file__)
|
||||||
|
@ -66,3 +68,36 @@ def check_user_expired_periodic():
|
||||||
}
|
}
|
||||||
create_or_update_celery_periodic_tasks(tasks)
|
create_or_update_celery_periodic_tasks(tasks)
|
||||||
|
|
||||||
|
|
||||||
|
@shared_task
|
||||||
|
def sync_ldap_user():
|
||||||
|
logger.info("Start sync ldap user periodic task")
|
||||||
|
util = LDAPUtil()
|
||||||
|
result = util.sync_users()
|
||||||
|
logger.info("Result: {}".format(result))
|
||||||
|
|
||||||
|
|
||||||
|
@shared_task
|
||||||
|
@after_app_ready_start
|
||||||
|
def sync_ldap_user_periodic():
|
||||||
|
if not settings.AUTH_LDAP:
|
||||||
|
return
|
||||||
|
if not settings.AUTH_LDAP_SYNC_IS_PERIODIC:
|
||||||
|
return
|
||||||
|
|
||||||
|
interval = settings.AUTH_LDAP_SYNC_INTERVAL
|
||||||
|
if isinstance(interval, int):
|
||||||
|
interval = interval * 3600
|
||||||
|
else:
|
||||||
|
interval = None
|
||||||
|
crontab = settings.AUTH_LDAP_SYNC_CRONTAB
|
||||||
|
|
||||||
|
tasks = {
|
||||||
|
'sync_ldap_user_periodic': {
|
||||||
|
'task': sync_ldap_user.name,
|
||||||
|
'interval': interval,
|
||||||
|
'crontab': crontab,
|
||||||
|
'enabled': True,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
create_or_update_celery_periodic_tasks(tasks)
|
||||||
|
|
|
@ -72,6 +72,13 @@ REDIS_PORT: 6379
|
||||||
# RADIUS_PORT: 1812
|
# RADIUS_PORT: 1812
|
||||||
# RADIUS_SECRET:
|
# RADIUS_SECRET:
|
||||||
|
|
||||||
|
# LDAP/AD 设置定时同步参数
|
||||||
|
# 启用/禁用
|
||||||
|
# AUTH_LDAP_SYNC_IS_PERIODIC: True
|
||||||
|
# 单位: 时
|
||||||
|
# AUTH_LDAP_SYNC_INTERVAL: 12
|
||||||
|
# Crontab 表达式
|
||||||
|
# AUTH_LDAP_SYNC_CRONTAB: * 6 * * *
|
||||||
|
|
||||||
# OTP settings
|
# OTP settings
|
||||||
# OTP/MFA 配置
|
# OTP/MFA 配置
|
||||||
|
|
Loading…
Reference in New Issue