From 8b7c5b1545fbb034e5bb3f641c3f9854793f8c40 Mon Sep 17 00:00:00 2001 From: BaiJiangJie Date: Fri, 27 Sep 2019 18:19:19 +0800 Subject: [PATCH] =?UTF-8?q?[Feature]=20=E6=B7=BB=E5=8A=A0=E5=90=8C?= =?UTF-8?q?=E6=AD=A5=20LDAP/AD=20=E7=94=A8=E6=88=B7=E7=9A=84=E5=AE=9A?= =?UTF-8?q?=E6=97=B6=E4=BB=BB=E5=8A=A12=EF=BC=88=E6=B7=BB=E5=8A=A0?= =?UTF-8?q?=E5=90=8C=E6=AD=A5=E5=8F=82=E6=95=B0=E9=85=8D=E7=BD=AE=E9=A1=B9?= =?UTF-8?q?=EF=BC=89?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/jumpserver/conf.py | 5 ++++- apps/jumpserver/settings.py | 4 ++++ apps/settings/utils.py | 3 ++- apps/users/tasks.py | 14 ++++++++++++-- 4 files changed, 22 insertions(+), 4 deletions(-) diff --git a/apps/jumpserver/conf.py b/apps/jumpserver/conf.py index 44fddfc63..d89415eed 100644 --- a/apps/jumpserver/conf.py +++ b/apps/jumpserver/conf.py @@ -374,6 +374,10 @@ defaults = { 'RADIUS_SERVER': 'localhost', 'RADIUS_PORT': 1812, 'RADIUS_SECRET': '', + 'AUTH_LDAP_SEARCH_PAGED_SIZE': 1000, + 'AUTH_LDAP_SYNC_IS_PERIODIC': False, + 'AUTH_LDAP_SYNC_INTERVAL': None, + 'AUTH_LDAP_SYNC_CRONTAB': None, 'HTTP_BIND_HOST': '0.0.0.0', 'HTTP_LISTEN_PORT': 8080, 'WS_LISTEN_PORT': 8070, @@ -386,7 +390,6 @@ defaults = { 'PERM_SINGLE_ASSET_TO_UNGROUP_NODE': False, 'WINDOWS_SSH_DEFAULT_SHELL': 'cmd', 'FLOWER_URL': "127.0.0.1:5555", - 'AUTH_LDAP_SEARCH_PAGED_SIZE': 1000, 'DEFAULT_ORG_SHOW_ALL_USERS': True, } diff --git a/apps/jumpserver/settings.py b/apps/jumpserver/settings.py index b5184de1a..d2eb26ca7 100644 --- a/apps/jumpserver/settings.py +++ b/apps/jumpserver/settings.py @@ -425,6 +425,10 @@ OTP_VALID_WINDOW = CONFIG.OTP_VALID_WINDOW # Auth LDAP settings AUTH_LDAP = False AUTH_LDAP_SEARCH_PAGED_SIZE = CONFIG.AUTH_LDAP_SEARCH_PAGED_SIZE +AUTH_LDAP_SYNC_IS_PERIODIC = CONFIG.AUTH_LDAP_SYNC_IS_PERIODIC +AUTH_LDAP_SYNC_INTERVAL = CONFIG.AUTH_LDAP_SYNC_INTERVAL +AUTH_LDAP_SYNC_CRONTAB = CONFIG.AUTH_LDAP_SYNC_CRONTAB + AUTH_LDAP_SERVER_URI = 'ldap://localhost:389' AUTH_LDAP_BIND_DN = 'cn=admin,dc=jumpserver,dc=org' AUTH_LDAP_BIND_PASSWORD = '' diff --git a/apps/settings/utils.py b/apps/settings/utils.py index b66e66a38..657aa4600 100644 --- a/apps/settings/utils.py +++ b/apps/settings/utils.py @@ -170,7 +170,7 @@ class LDAPUtil: email = construct_user_email(username, email) return email - def create_or_update_users(self, user_items, force_update=True): + def create_or_update_users(self, user_items): succeed = failed = 0 for user_item in user_items: exist = user_item.pop('existing', False) @@ -180,6 +180,7 @@ class LDAPUtil: else: ok, error = self.update_user(user_item) if not ok: + logger.info("Failed User: {}".format(user_item)) failed += 1 else: succeed += 1 diff --git a/apps/users/tasks.py b/apps/users/tasks.py index 6c6faf603..16f208fbd 100644 --- a/apps/users/tasks.py +++ b/apps/users/tasks.py @@ -82,11 +82,21 @@ def sync_ldap_user(): def sync_ldap_user_periodic(): if not settings.AUTH_LDAP: return + if not settings.AUTH_LDAP_SYNC_IS_PERIODIC: + return + + interval = settings.AUTH_LDAP_SYNC_INTERVAL + if isinstance(interval, int): + interval = interval * 3600 + else: + interval = None + crontab = settings.AUTH_LDAP_SYNC_CRONTAB + tasks = { 'sync_ldap_user_periodic': { 'task': sync_ldap_user.name, - 'interval': None, - 'crontab': '* * * * *', + 'interval': interval, + 'crontab': crontab, 'enabled': True, } }