feat: LDAP User Auth support cache user_dn

2024-04-09 20:01:24 +08:00 · 2024-04-09 20:01:24 +08:00 · 3b70b4cf9e
parent 1e0ea3905e
commit 3b70b4cf9e
9 changed files with 92 additions and 52 deletions
--- a/apps/jumpserver/conf.py
+++ b/apps/jumpserver/conf.py
@ -277,6 +277,7 @@ class Config(dict):
        'AUTH_LDAP_START_TLS': False,
        'AUTH_LDAP_USER_ATTR_MAP': {"username": "cn", "name": "sn", "email": "mail"},
        'AUTH_LDAP_CONNECT_TIMEOUT': 10,
+        'AUTH_LDAP_CACHE_TIMEOUT': 3600 * 24 * 30,
        'AUTH_LDAP_SEARCH_PAGED_SIZE': 1000,
        'AUTH_LDAP_SYNC_IS_PERIODIC': False,
        'AUTH_LDAP_SYNC_INTERVAL': None,
--- a/apps/jumpserver/settings/auth.py
+++ b/apps/jumpserver/settings/auth.py
@ -42,7 +42,7 @@ AUTH_LDAP_CONNECTION_OPTIONS = {
    ldap.OPT_TIMEOUT: CONFIG.AUTH_LDAP_CONNECT_TIMEOUT,
    ldap.OPT_NETWORK_TIMEOUT: CONFIG.AUTH_LDAP_CONNECT_TIMEOUT
 }
-AUTH_LDAP_CACHE_TIMEOUT = 1
+AUTH_LDAP_CACHE_TIMEOUT = CONFIG.AUTH_LDAP_CACHE_TIMEOUT
 AUTH_LDAP_ALWAYS_UPDATE_USER = True

 AUTH_LDAP_SEARCH_PAGED_SIZE = CONFIG.AUTH_LDAP_SEARCH_PAGED_SIZE
--- a/apps/locale/ja/LC_MESSAGES/django.mo
+++ b/apps/locale/ja/LC_MESSAGES/django.mo
@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:dc970795864d73bc77baf03cb771b26d4f095ec7e6a7be915ec6387130ef5ccd
-size 176770
+oid sha256:fb95f4b9ba9c3b40c187a65481f7c19f7bc8039f669a34af7d5ae95e53643108
+size 177197
--- a/apps/locale/ja/LC_MESSAGES/django.po
+++ b/apps/locale/ja/LC_MESSAGES/django.po
@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-04-09 15:39+0800\n"
+"POT-Creation-Date: 2024-04-09 19:54+0800\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@ -469,7 +469,7 @@ msgstr "SSHキープッシュ方式"
 #: accounts/models/automations/gather_account.py:58
 #: accounts/serializers/account/backup.py:41
 #: accounts/serializers/automations/change_secret.py:58
-#: settings/serializers/auth/ldap.py:81
+#: settings/serializers/auth/ldap.py:90
 msgid "Recipient"
 msgstr "受信者"

@ -3372,7 +3372,7 @@ msgstr "コードエラー"
 #: authentication/templates/authentication/_msg_reset_password_code.html:9
 #: authentication/templates/authentication/_msg_rest_password_success.html:2
 #: authentication/templates/authentication/_msg_rest_public_key_success.html:2
-#: jumpserver/conf.py:464
+#: jumpserver/conf.py:465
 #: perms/templates/perms/_msg_item_permissions_expire.html:3
 #: perms/templates/perms/_msg_permed_items_expire.html:3
 #: tickets/templates/tickets/approve_check_password.html:32
@ -4020,16 +4020,16 @@ msgstr "特殊文字を含むべきではない"
 msgid "The mobile phone number format is incorrect"
 msgstr "携帯電話番号の形式が正しくありません"

-#: jumpserver/conf.py:458
+#: jumpserver/conf.py:459
 #, python-brace-format
 msgid "The verification code is: {code}"
 msgstr "認証コードは: {code}"

-#: jumpserver/conf.py:463
+#: jumpserver/conf.py:464
 msgid "Create account successfully"
 msgstr "アカウントを正常に作成"

-#: jumpserver/conf.py:465
+#: jumpserver/conf.py:466
 msgid "Your account has been created successfully"
 msgstr "アカウントが正常に作成されました"

@ -4202,7 +4202,7 @@ msgstr "ファイルキーこのフィールドは必須です"
 msgid "This file can not be delete"
 msgstr "このファイルを削除できません"

-#: ops/apps.py:9 ops/notifications.py:17 rbac/tree.py:57
+#: ops/apps.py:9 ops/notifications.py:18 rbac/tree.py:57
 msgid "App ops"
 msgstr "アプリ操作"

@ -4440,30 +4440,30 @@ msgstr "创建方式"
 msgid "VCS URL"
 msgstr "VCS URL"

-#: ops/notifications.py:18
+#: ops/notifications.py:19
 msgid "Server performance"
 msgstr "サーバーのパフォーマンス"

-#: ops/notifications.py:24
+#: ops/notifications.py:25
 msgid "Terminal health check warning"
 msgstr "ターミナルヘルスチェックの警告"

-#: ops/notifications.py:69
+#: ops/notifications.py:70
 #, python-brace-format
 msgid "The terminal is offline: {name}"
 msgstr "ターミナルはオフラインです: {name}"

-#: ops/notifications.py:74
+#: ops/notifications.py:75
 #, python-brace-format
 msgid "Disk used more than {max_threshold}%: => {value}"
 msgstr "{max_threshold}%: => {value} を超えるディスクを使用"

-#: ops/notifications.py:79
+#: ops/notifications.py:80
 #, python-brace-format
 msgid "Memory used more than {max_threshold}%: => {value}"
 msgstr "{max_threshold}%: => {value} を超える使用メモリ"

-#: ops/notifications.py:84
+#: ops/notifications.py:85
 #, python-brace-format
 msgid "CPU load more than {max_threshold}: => {value}"
 msgstr "{max_threshold} を超えるCPUロード: => {value}"
@ -5225,11 +5225,21 @@ msgstr ""
 msgid "Connect timeout (s)"
 msgstr "接続タイムアウト (秒)"

-#: settings/serializers/auth/ldap.py:79
+#: settings/serializers/auth/ldap.py:82
+msgid "User DN cache timeout (s)"
+msgstr "User DN キャッシュの有効期限 (秒)"
+
+#: settings/serializers/auth/ldap.py:84
+msgid ""
+"Caching the User DN obtained during user login authentication can "
+"effectivelyimprove the speed of user authentication., 0 means no cache"
+msgstr "ユーザーログイン認証時に取得したユーザー DN をキャッシュすることで、ユーザー認証の速度を効果的に向上させることができます"
+
+#: settings/serializers/auth/ldap.py:88
 msgid "Search paged size (piece)"
 msgstr "ページサイズを検索 (じょう)"

-#: settings/serializers/auth/ldap.py:84
+#: settings/serializers/auth/ldap.py:93
 msgid "Enable LDAP auth"
 msgstr "LDAP認証の有効化"

--- a/apps/locale/zh/LC_MESSAGES/django.mo
+++ b/apps/locale/zh/LC_MESSAGES/django.mo
@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:004b344b0cb837c9b043d956bf0cfa3357f4f38d0213a4319b20c141e2a3a329
-size 144651
+oid sha256:6f6656001387bf98569a93f668d5fa6d16dd462a329f79663c90e7b870e21a00
+size 145003
--- a/apps/locale/zh/LC_MESSAGES/django.po
+++ b/apps/locale/zh/LC_MESSAGES/django.po
@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: JumpServer 0.3.3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-04-09 15:39+0800\n"
+"POT-Creation-Date: 2024-04-09 19:54+0800\n"
 "PO-Revision-Date: 2021-05-20 10:54+0800\n"
 "Last-Translator: ibuler <ibuler@qq.com>\n"
 "Language-Team: JumpServer team<ibuler@qq.com>\n"
@ -468,7 +468,7 @@ msgstr "SSH 密钥推送方式"
 #: accounts/models/automations/gather_account.py:58
 #: accounts/serializers/account/backup.py:41
 #: accounts/serializers/automations/change_secret.py:58
-#: settings/serializers/auth/ldap.py:81
+#: settings/serializers/auth/ldap.py:90
 msgid "Recipient"
 msgstr "收件人"

@ -3338,7 +3338,7 @@ msgstr "代码错误"
 #: authentication/templates/authentication/_msg_reset_password_code.html:9
 #: authentication/templates/authentication/_msg_rest_password_success.html:2
 #: authentication/templates/authentication/_msg_rest_public_key_success.html:2
-#: jumpserver/conf.py:464
+#: jumpserver/conf.py:465
 #: perms/templates/perms/_msg_item_permissions_expire.html:3
 #: perms/templates/perms/_msg_permed_items_expire.html:3
 #: tickets/templates/tickets/approve_check_password.html:32
@ -3974,16 +3974,16 @@ msgstr "不能包含特殊字符"
 msgid "The mobile phone number format is incorrect"
 msgstr "手机号格式不正确"

-#: jumpserver/conf.py:458
+#: jumpserver/conf.py:459
 #, python-brace-format
 msgid "The verification code is: {code}"
 msgstr "验证码为: {code}"

-#: jumpserver/conf.py:463
+#: jumpserver/conf.py:464
 msgid "Create account successfully"
 msgstr "创建账号成功"

-#: jumpserver/conf.py:465
+#: jumpserver/conf.py:466
 msgid "Your account has been created successfully"
 msgstr "你的账号已创建成功"

@ -4146,7 +4146,7 @@ msgstr "文件密钥该字段是必填项。"
 msgid "This file can not be delete"
 msgstr "无法删除此文件"

-#: ops/apps.py:9 ops/notifications.py:17 rbac/tree.py:57
+#: ops/apps.py:9 ops/notifications.py:18 rbac/tree.py:57
 msgid "App ops"
 msgstr "作业中心"

@ -4384,30 +4384,30 @@ msgstr "创建方式"
 msgid "VCS URL"
 msgstr "VCS URL"

-#: ops/notifications.py:18
+#: ops/notifications.py:19
 msgid "Server performance"
 msgstr "监控告警"

-#: ops/notifications.py:24
+#: ops/notifications.py:25
 msgid "Terminal health check warning"
 msgstr "终端健康状况检查警告"

-#: ops/notifications.py:69
+#: ops/notifications.py:70
 #, python-brace-format
 msgid "The terminal is offline: {name}"
 msgstr "终端已离线: {name}"

-#: ops/notifications.py:74
+#: ops/notifications.py:75
 #, python-brace-format
 msgid "Disk used more than {max_threshold}%: => {value}"
 msgstr "硬盘使用率超过 {max_threshold}%: => {value}"

-#: ops/notifications.py:79
+#: ops/notifications.py:80
 #, python-brace-format
 msgid "Memory used more than {max_threshold}%: => {value}"
 msgstr "内存使用率超过 {max_threshold}%: => {value}"

-#: ops/notifications.py:84
+#: ops/notifications.py:85
 #, python-brace-format
 msgid "CPU load more than {max_threshold}: => {value}"
 msgstr "CPU 使用率超过 {max_threshold}: => {value}"
@ -5165,11 +5165,21 @@ msgstr ""
 msgid "Connect timeout (s)"
 msgstr "连接超时时间 (秒)"

-#: settings/serializers/auth/ldap.py:79
+#: settings/serializers/auth/ldap.py:82
+msgid "User DN cache timeout (s)"
+msgstr "User DN 缓存超时时间 (秒)"
+
+#: settings/serializers/auth/ldap.py:84
+msgid ""
+"Caching the User DN obtained during user login authentication can "
+"effectivelyimprove the speed of user authentication., 0 means no cache"
+msgstr "对用户登录认证时查询出的 User DN 进行缓存，可以有效提高用户认证的速度"
+
+#: settings/serializers/auth/ldap.py:88
 msgid "Search paged size (piece)"
 msgstr "搜索分页数量 (条)"

-#: settings/serializers/auth/ldap.py:84
+#: settings/serializers/auth/ldap.py:93
 msgid "Enable LDAP auth"
 msgstr "启用 LDAP 认证"

--- a/apps/locale/zh_Hant/LC_MESSAGES/django.mo
+++ b/apps/locale/zh_Hant/LC_MESSAGES/django.mo
@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:e9d6c38abd39ee75354acd8c9779542f5431aad189f0784828cc7fefe56e6163
-size 144754
+oid sha256:f03f5ea39632dc901af76222a14a2a1ce4d2c9899534c9134352b4c66feed525
+size 145108
--- a/apps/locale/zh_Hant/LC_MESSAGES/django.po
+++ b/apps/locale/zh_Hant/LC_MESSAGES/django.po
@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: JumpServer 0.3.3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-04-09 15:47+0800\n"
+"POT-Creation-Date: 2024-04-09 19:54+0800\n"
 "PO-Revision-Date: 2021-05-20 10:54+0800\n"
 "Last-Translator: ibuler <ibuler@qq.com>\n"
 "Language-Team: JumpServer team<ibuler@qq.com>\n"
@ -470,7 +470,7 @@ msgstr "SSH 金鑰推送方式"
 #: accounts/models/automations/gather_account.py:58
 #: accounts/serializers/account/backup.py:41
 #: accounts/serializers/automations/change_secret.py:58
-#: settings/serializers/auth/ldap.py:81
+#: settings/serializers/auth/ldap.py:90
 msgid "Recipient"
 msgstr "收件人"

@ -3340,7 +3340,7 @@ msgstr "代碼錯誤"
 #: authentication/templates/authentication/_msg_reset_password_code.html:9
 #: authentication/templates/authentication/_msg_rest_password_success.html:2
 #: authentication/templates/authentication/_msg_rest_public_key_success.html:2
-#: jumpserver/conf.py:464
+#: jumpserver/conf.py:465
 #: perms/templates/perms/_msg_item_permissions_expire.html:3
 #: perms/templates/perms/_msg_permed_items_expire.html:3
 #: tickets/templates/tickets/approve_check_password.html:32
@ -3976,16 +3976,16 @@ msgstr "不能包含特殊字元"
 msgid "The mobile phone number format is incorrect"
 msgstr "手機號碼格式不正確"

-#: jumpserver/conf.py:458
+#: jumpserver/conf.py:459
 #, python-brace-format
 msgid "The verification code is: {code}"
 msgstr "驗證碼為: {code}"

-#: jumpserver/conf.py:463
+#: jumpserver/conf.py:464
 msgid "Create account successfully"
 msgstr "創建帳號成功"

-#: jumpserver/conf.py:465
+#: jumpserver/conf.py:466
 msgid "Your account has been created successfully"
 msgstr "你的帳號已創建成功"

@ -4147,7 +4147,7 @@ msgstr "文件金鑰該欄位是必填項。"
 msgid "This file can not be delete"
 msgstr "無法刪除此文件"

-#: ops/apps.py:9 ops/notifications.py:17 rbac/tree.py:57
+#: ops/apps.py:9 ops/notifications.py:18 rbac/tree.py:57
 msgid "App ops"
 msgstr "作業中心"

@ -4385,30 +4385,30 @@ msgstr "創建方式"
 msgid "VCS URL"
 msgstr "VCS URL"

-#: ops/notifications.py:18
+#: ops/notifications.py:19
 msgid "Server performance"
 msgstr "監控告警"

-#: ops/notifications.py:24
+#: ops/notifications.py:25
 msgid "Terminal health check warning"
 msgstr "終端健康狀況檢查警告"

-#: ops/notifications.py:69
+#: ops/notifications.py:70
 #, python-brace-format
 msgid "The terminal is offline: {name}"
 msgstr "終端已離線: {name}"

-#: ops/notifications.py:74
+#: ops/notifications.py:75
 #, python-brace-format
 msgid "Disk used more than {max_threshold}%: => {value}"
 msgstr "硬碟使用率超過 {max_threshold}%: => {value}"

-#: ops/notifications.py:79
+#: ops/notifications.py:80
 #, python-brace-format
 msgid "Memory used more than {max_threshold}%: => {value}"
 msgstr "記憶體使用率超過 {max_threshold}%: => {value}"

-#: ops/notifications.py:84
+#: ops/notifications.py:85
 #, python-brace-format
 msgid "CPU load more than {max_threshold}: => {value}"
 msgstr "CPU 使用率超過 {max_threshold}: => {value}"
@ -5166,11 +5166,21 @@ msgstr ""
 msgid "Connect timeout (s)"
 msgstr "連接超時時間 (秒)"

-#: settings/serializers/auth/ldap.py:79
+#: settings/serializers/auth/ldap.py:82
+msgid "User DN cache timeout (s)"
+msgstr "快取逾時時間 (秒)"
+
+#: settings/serializers/auth/ldap.py:84
+msgid ""
+"Caching the User DN obtained during user login authentication can "
+"effectivelyimprove the speed of user authentication., 0 means no cache"
+msgstr "對於使用者登錄認證時查詢的使用者 DN 進行快取，可以有效提高使用者認證的速度"
+
+#: settings/serializers/auth/ldap.py:88
 msgid "Search paged size (piece)"
 msgstr "搜索分頁數量 (條)"

-#: settings/serializers/auth/ldap.py:84
+#: settings/serializers/auth/ldap.py:93
 msgid "Enable LDAP auth"
 msgstr "啟用 LDAP 認證"

--- a/apps/settings/serializers/auth/ldap.py
+++ b/apps/settings/serializers/auth/ldap.py
@ -76,6 +76,15 @@ class LDAPSettingSerializer(serializers.Serializer):
        min_value=1, max_value=300,
        required=False, label=_('Connect timeout (s)'),
    )
+    AUTH_LDAP_CACHE_TIMEOUT = serializers.IntegerField(
+        min_value=0, max_value=3600 * 24 * 30 * 12,
+        default=3600 * 24 * 30,
+        required=False, label=_('User DN cache timeout (s)'),
+        help_text=_(
+            'Caching the User DN obtained during user login authentication can effectively'
+            'improve the speed of user authentication., 0 means no cache'
+        )
+    )
    AUTH_LDAP_SEARCH_PAGED_SIZE = serializers.IntegerField(required=False, label=_('Search paged size (piece)'))
    AUTH_LDAP_SYNC_RECEIVERS = serializers.ListField(
        required=False, label=_('Recipient'), max_length=36