diff --git a/apps/jumpserver/conf.py b/apps/jumpserver/conf.py index 5fb1444df..23d66f2a5 100644 --- a/apps/jumpserver/conf.py +++ b/apps/jumpserver/conf.py @@ -384,7 +384,8 @@ defaults = { 'SYSLOG_FACILITY': 'user', 'PERM_SINGLE_ASSET_TO_UNGROUP_NODE': False, 'WINDOWS_SSH_DEFAULT_SHELL': 'cmd', - 'FLOWER_URL': "127.0.0.1:5555" + 'FLOWER_URL': "127.0.0.1:5555", + 'AUTH_LDAP_SEARCH_PAGED_SIZE': 1000, } diff --git a/apps/jumpserver/settings.py b/apps/jumpserver/settings.py index 894e4a2c5..7cdd22d15 100644 --- a/apps/jumpserver/settings.py +++ b/apps/jumpserver/settings.py @@ -424,6 +424,7 @@ OTP_VALID_WINDOW = CONFIG.OTP_VALID_WINDOW # Auth LDAP settings AUTH_LDAP = False +AUTH_LDAP_SEARCH_PAGED_SIZE = CONFIG.AUTH_LDAP_SEARCH_PAGED_SIZE AUTH_LDAP_SERVER_URI = 'ldap://localhost:389' AUTH_LDAP_BIND_DN = 'cn=admin,dc=jumpserver,dc=org' AUTH_LDAP_BIND_PASSWORD = '' diff --git a/apps/settings/utils.py b/apps/settings/utils.py index f9fa7ba96..7fc7510dd 100644 --- a/apps/settings/utils.py +++ b/apps/settings/utils.py @@ -26,6 +26,8 @@ class LDAPUtil: password=None, use_ssl=None, search_ougroup=None, search_filter=None, attr_map=None, auth_ldap=None): # config + self.paged_size = settings.AUTH_LDAP_SEARCH_PAGED_SIZE + if use_settings_config: self._load_config_from_settings() else: @@ -79,23 +81,45 @@ class LDAPUtil: user_item[attr] = value return user_item + def _search_user_items_ou(self, search_ou, cookie=None): + ok = self.connection.search( + search_ou, self.search_filter % ({"user": "*"}), + attributes=list(self.attr_map.values()), + paged_size=self.paged_size, paged_cookie=cookie + ) + if not ok: + error = _("Search no entry matched in ou {}".format(search_ou)) + raise LDAPOUGroupException(error) + + user_items = [] + for entry in self.connection.entries: + user_item = self._ldap_entry_to_user_item(entry) + user = self.get_user_by_username(user_item['username']) + user_item['existing'] = bool(user) + if user_item in user_items: + continue + user_items.append(user_item) + return user_items + + def _cookie(self): + if self.paged_size is None: + cookie = None + else: + cookie = self.connection.result['controls']['1.2.840.113556.1.4.319']['value']['cookie'] + return cookie + def search_user_items(self): user_items = [] + logger.info("Search user items") for search_ou in str(self.search_ougroup).split("|"): - ok = self.connection.search( - search_ou, self.search_filter % ({"user": "*"}), - attributes=list(self.attr_map.values()) - ) - if not ok: - error = _("Search no entry matched in ou {}".format(search_ou)) - raise LDAPOUGroupException(error) - for entry in self.connection.entries: - user_item = self._ldap_entry_to_user_item(entry) - user = self.get_user_by_username(user_item['username']) - user_item['existing'] = bool(user) - if user_item in user_items: - continue - user_items.append(user_item) + logger.info("Search user search ou: {}".format(search_ou)) + _user_items = self._search_user_items_ou(search_ou) + user_items.extend(_user_items) + while self._cookie(): + logger.info("Page Search user search ou: {}".format(search_ou)) + _user_items = self._search_user_items_ou(search_ou, self._cookie()) + user_items.extend(_user_items) + logger.info("Search user items end") return user_items def search_filter_user_items(self, username_list):