Merge pull request #3292 from jumpserver/dev_bai

[Update] LDAP 搜索添加分页配置
5 years ago · 2ff295e3b2
3 changed files with 41 additions and 15 deletions
--- a/apps/jumpserver/conf.py
+++ b/apps/jumpserver/conf.py
@ -384,7 +384,8 @@ defaults = {
    'SYSLOG_FACILITY': 'user',
    'PERM_SINGLE_ASSET_TO_UNGROUP_NODE': False,
    'WINDOWS_SSH_DEFAULT_SHELL': 'cmd',
-    'FLOWER_URL': "127.0.0.1:5555"
+    'FLOWER_URL': "127.0.0.1:5555",
+    'AUTH_LDAP_SEARCH_PAGED_SIZE': 1000,
 }


--- a/apps/jumpserver/settings.py
+++ b/apps/jumpserver/settings.py
@ -424,6 +424,7 @@ OTP_VALID_WINDOW = CONFIG.OTP_VALID_WINDOW

 # Auth LDAP settings
 AUTH_LDAP = False
+AUTH_LDAP_SEARCH_PAGED_SIZE = CONFIG.AUTH_LDAP_SEARCH_PAGED_SIZE
 AUTH_LDAP_SERVER_URI = 'ldap://localhost:389'
 AUTH_LDAP_BIND_DN = 'cn=admin,dc=jumpserver,dc=org'
 AUTH_LDAP_BIND_PASSWORD = ''
--- a/apps/settings/utils.py
+++ b/apps/settings/utils.py
@ -26,6 +26,8 @@ class LDAPUtil:
                 password=None, use_ssl=None, search_ougroup=None,
                 search_filter=None, attr_map=None, auth_ldap=None):
        # config
+        self.paged_size = settings.AUTH_LDAP_SEARCH_PAGED_SIZE
+
        if use_settings_config:
            self._load_config_from_settings()
        else:
@ -79,23 +81,45 @@ class LDAPUtil:
            user_item[attr] = value
        return user_item

+    def _search_user_items_ou(self, search_ou, cookie=None):
+        ok = self.connection.search(
+            search_ou, self.search_filter % ({"user": "*"}),
+            attributes=list(self.attr_map.values()),
+            paged_size=self.paged_size, paged_cookie=cookie
+        )
+        if not ok:
+            error = _("Search no entry matched in ou {}".format(search_ou))
+            raise LDAPOUGroupException(error)
+
+        user_items = []
+        for entry in self.connection.entries:
+            user_item = self._ldap_entry_to_user_item(entry)
+            user = self.get_user_by_username(user_item['username'])
+            user_item['existing'] = bool(user)
+            if user_item in user_items:
+                continue
+            user_items.append(user_item)
+        return user_items
+
+    def _cookie(self):
+        if self.paged_size is None:
+            cookie = None
+        else:
+            cookie = self.connection.result['controls']['1.2.840.113556.1.4.319']['value']['cookie']
+        return cookie
+
    def search_user_items(self):
        user_items = []
+        logger.info("Search user items")
        for search_ou in str(self.search_ougroup).split("|"):
-            ok = self.connection.search(
-                search_ou, self.search_filter % ({"user": "*"}),
-                attributes=list(self.attr_map.values())
-            )
-            if not ok:
-                error = _("Search no entry matched in ou {}".format(search_ou))
-                raise LDAPOUGroupException(error)
-            for entry in self.connection.entries:
-                user_item = self._ldap_entry_to_user_item(entry)
-                user = self.get_user_by_username(user_item['username'])
-                user_item['existing'] = bool(user)
-                if user_item in user_items:
-                    continue
-                user_items.append(user_item)
+            logger.info("Search user search ou: {}".format(search_ou))
+            _user_items = self._search_user_items_ou(search_ou)
+            user_items.extend(_user_items)
+            while self._cookie():
+                logger.info("Page Search user search ou: {}".format(search_ou))
+                _user_items = self._search_user_items_ou(search_ou, self._cookie())
+                user_items.extend(_user_items)
+        logger.info("Search user items end")
        return user_items

    def search_filter_user_items(self, username_list):