diff --git a/apps/assets/models/node.py b/apps/assets/models/node.py
index 72000d9f1..710586e6f 100644
--- a/apps/assets/models/node.py
+++ b/apps/assets/models/node.py
@@ -491,6 +491,10 @@ class Node(OrgModelMixin, SomeNodesMixin, FamilyMixin, NodeAssetsMixin):
         sort_key_func = lambda n: [int(i) for i in n.key.split(':')]
         nodes_sorted = sorted(list(nodes), key=sort_key_func)
         nodes_mapper = {n.key: n for n in nodes_sorted}
+        if not self.is_org_root():
+            # 如果是org_root，那么parent_key为'', parent为自己，所以这种情况不处理
+            # 更新自己时，自己的parent_key获取不到
+            nodes_mapper.update({self.parent_key: self.parent})
         for node in nodes_sorted:
             parent = nodes_mapper.get(node.parent_key)
             if not parent:
diff --git a/apps/authentication/backends/ldap.py b/apps/authentication/backends/ldap.py
index 5a5e16081..5551c83d4 100644
--- a/apps/authentication/backends/ldap.py
+++ b/apps/authentication/backends/ldap.py
@@ -115,8 +115,12 @@ class LDAPUser(_LDAPUser):
         else:
             # 解决直接配置DC域，用户认证失败的问题(库不能从整棵树中搜索)
             user_dn = self._search_for_user_dn_from_ldap_util()
-            self._user_dn = user_dn
-            self._user_attrs = self._load_user_attrs()
+            if user_dn is None:
+                self._user_dn = None
+                self._user_attrs = None
+            else:
+                self._user_dn = user_dn
+                self._user_attrs = self._load_user_attrs()
 
         return user_dn
 
diff --git a/apps/ops/models/adhoc.py b/apps/ops/models/adhoc.py
index 95a1106b1..aa2884105 100644
--- a/apps/ops/models/adhoc.py
+++ b/apps/ops/models/adhoc.py
@@ -180,8 +180,10 @@ class AdHoc(OrgModelMixin):
     def run(self):
         try:
             hid = current_task.request.id
+            if AdHocExecution.objects.filter(id=hid).exists():
+                hid = uuid.uuid4()
         except AttributeError:
-            hid = str(uuid.uuid4())
+            hid = uuid.uuid4()
         execution = AdHocExecution(
             id=hid, adhoc=self, task=self.task,
             task_display=str(self.task)[:128],
diff --git a/apps/ops/utils.py b/apps/ops/utils.py
index e4fa85812..04d35a2fa 100644
--- a/apps/ops/utils.py
+++ b/apps/ops/utils.py
@@ -3,7 +3,7 @@ from django.utils.translation import ugettext_lazy as _
 
 from common.utils import get_logger, get_object_or_none
 from common.tasks import send_mail_async
-from orgs.utils import tmp_to_org, org_aware_func
+from orgs.utils import org_aware_func
 
 from .models import Task, AdHoc
 
diff --git a/apps/perms/signals_handler.py b/apps/perms/signals_handler.py
index 5b33fcb35..95df4c4f2 100644
--- a/apps/perms/signals_handler.py
+++ b/apps/perms/signals_handler.py
@@ -7,10 +7,11 @@ from perms.tasks import create_rebuild_user_tree_task, \
     create_rebuild_user_tree_task_by_related_nodes_or_assets
 from users.models import User, UserGroup
 from assets.models import Asset, SystemUser
+from applications.models import Application, Category
 from common.utils import get_logger
 from common.exceptions import M2MReverseNotAllowed
 from common.const.signals import POST_ADD, POST_REMOVE, POST_CLEAR
-from .models import AssetPermission, RemoteAppPermission
+from .models import AssetPermission, RemoteAppPermission, ApplicationPermission
 
 
 logger = get_logger(__file__)
@@ -244,3 +245,93 @@ def on_node_asset_change(action, instance, reverse, pk_set, **kwargs):
         node_pk_set = pk_set
 
     create_rebuild_user_tree_task_by_related_nodes_or_assets.delay(node_pk_set, asset_pk_set)
+
+
+@receiver(m2m_changed, sender=ApplicationPermission.system_users.through)
+def on_application_permission_system_users_changed(sender, instance: ApplicationPermission, action, reverse, pk_set, **kwargs):
+    if instance.category != Category.remote_app:
+        return
+
+    if reverse:
+        raise M2MReverseNotAllowed
+
+    if action != POST_ADD:
+        return
+
+    system_users = SystemUser.objects.filter(pk__in=pk_set)
+    logger.debug("Application permission system_users change signal received")
+    attrs = instance.applications.all().values_list('attrs', flat=True)
+
+    assets_id = [attr['asset'] for attr in attrs if attr.get('asset')]
+    if not assets_id:
+        return
+
+    for system_user in system_users:
+        system_user.assets.add(*assets_id)
+        if system_user.username_same_with_user:
+            users_id = instance.users.all().values_list('id', flat=True)
+            groups_id = instance.user_groups.all().values_list('id', flat=True)
+            system_user.groups.add(*groups_id)
+            system_user.users.add(*users_id)
+
+
+@receiver(m2m_changed, sender=ApplicationPermission.users.through)
+def on_application_permission_users_changed(sender, instance, action, reverse, pk_set, **kwargs):
+    if instance.category != Category.remote_app:
+        return
+
+    if reverse:
+        raise M2MReverseNotAllowed
+
+    if action != POST_ADD:
+        return
+
+    logger.debug("Application permission users change signal received")
+    users_id = User.objects.filter(pk__in=pk_set).values_list('id', flat=True)
+    system_users = instance.system_users.all()
+
+    for system_user in system_users:
+        if system_user.username_same_with_user:
+            system_user.users.add(*users_id)
+
+
+@receiver(m2m_changed, sender=ApplicationPermission.user_groups.through)
+def on_application_permission_user_groups_changed(sender, instance, action, reverse, pk_set, **kwargs):
+    if instance.category != Category.remote_app:
+        return
+
+    if reverse:
+        raise M2MReverseNotAllowed
+
+    if action != POST_ADD:
+        return
+
+    logger.debug("Application permission user groups change signal received")
+    groups_id = UserGroup.objects.filter(pk__in=pk_set).values_list('id', flat=True)
+    system_users = instance.system_users.all()
+
+    for system_user in system_users:
+        if system_user.username_same_with_user:
+            system_user.groups.add(*groups_id)
+
+
+@receiver(m2m_changed, sender=ApplicationPermission.applications.through)
+def on_application_permission_applications_changed(sender, instance, action, reverse, pk_set, **kwargs):
+    if instance.category != Category.remote_app:
+        return
+
+    if reverse:
+        raise M2MReverseNotAllowed
+
+    if action != POST_ADD:
+        return
+
+    attrs = Application.objects.filter(id__in=pk_set).values_list('attrs', flat=True)
+    assets_id = [attr['asset'] for attr in attrs if attr.get('asset')]
+    if not assets_id:
+        return
+
+    system_users = instance.system_users.all()
+
+    for system_user in system_users:
+        system_user.assets.add(*assets_id)
diff --git a/apps/settings/utils/ldap.py b/apps/settings/utils/ldap.py
index 9b7cd34a2..e4264f0e6 100644
--- a/apps/settings/utils/ldap.py
+++ b/apps/settings/utils/ldap.py
@@ -186,7 +186,6 @@ class LDAPServerUtil(object):
             user[attr] = value
         return user
 
-    @timeit
     def user_entries_to_dict(self, user_entries):
         users = []
         for user_entry in user_entries:
@@ -194,7 +193,6 @@ class LDAPServerUtil(object):
             users.append(user)
         return users
 
-    @timeit
     def search_for_user_dn(self, username):
         user_entries = self.search_user_entries(search_users=[username])
         if len(user_entries) == 1: