diff --git a/apps/jumpserver/settings.py b/apps/jumpserver/settings.py index 2645ec867..161074741 100644 --- a/apps/jumpserver/settings.py +++ b/apps/jumpserver/settings.py @@ -13,8 +13,12 @@ https://docs.djangoproject.com/en/1.10/ref/settings/ import os import sys +import ldap +from django_auth_ldap.config import LDAPSearch + from django.urls import reverse_lazy + # Build paths inside the project like this: os.path.join(BASE_DIR, ...) BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) PROJECT_DIR = os.path.dirname(BASE_DIR) @@ -232,14 +236,13 @@ LOGGING = { }, 'django_auth_ldap': { 'handlers': ['console', 'ansible_logs'], - 'level': LOG_LEVEL, + 'level': "INFO", } } } # Internationalization # https://docs.djangoproject.com/en/1.10/topics/i18n/ - LANGUAGE_CODE = 'en-us' TIME_ZONE = 'Asia/Shanghai' @@ -312,7 +315,12 @@ if CONFIG.AUTH_LDAP: AUTH_LDAP_SERVER_URI = CONFIG.AUTH_LDAP_SERVER_URI AUTH_LDAP_BIND_DN = CONFIG.AUTH_LDAP_BIND_DN AUTH_LDAP_BIND_PASSWORD = CONFIG.AUTH_LDAP_BIND_PASSWORD -AUTH_LDAP_USER_DN_TEMPLATE = CONFIG.AUTH_LDAP_USER_DN_TEMPLATE +# AUTH_LDAP_USER_DN_TEMPLATE = CONFIG.AUTH_LDAP_USER_DN_TEMPLATE +AUTH_LDAP_USER_SEARCH = LDAPSearch( + CONFIG.AUTH_LDAP_SEARCH_OU, + ldap.SCOPE_SUBTREE, + CONFIG.AUTH_LDAP_SEARCH_FILTER +) AUTH_LDAP_START_TLS = CONFIG.AUTH_LDAP_START_TLS AUTH_LDAP_USER_ATTR_MAP = CONFIG.AUTH_LDAP_USER_ATTR_MAP diff --git a/config_example.py b/config_example.py index fe63ac309..f209ee261 100644 --- a/config_example.py +++ b/config_example.py @@ -100,7 +100,8 @@ class Config: AUTH_LDAP_SERVER_URI = 'ldap://localhost:389' AUTH_LDAP_BIND_DN = 'cn=admin,dc=jumpserver,dc=org' AUTH_LDAP_BIND_PASSWORD = '' - AUTH_LDAP_USER_DN_TEMPLATE = "uid=%(user)s,ou=people,dc=jumpserver,dc=org" + AUTH_LDAP_SEARCH_OU = 'ou=tech,dc=jumpserver,dc=org' + AUTH_LDAP_SEARCH_FILTER = '(cn=%(user)s)' AUTH_LDAP_USER_ATTR_MAP = { "username": "cn", "name": "sn",