feat: ldap一键导入及设置用户组织

2022-04-01 15:33:14 +08:00 · 2022-04-01 15:33:14 +08:00 · c8758f417d
parent ef36b2e662
commit c8758f417d
5 changed files with 17 additions and 9 deletions
--- a/apps/jumpserver/conf.py
+++ b/apps/jumpserver/conf.py
@ -41,7 +41,7 @@ def import_string(dotted_path):
    except AttributeError as err:
        raise ImportError('Module "%s" does not define a "%s" attribute/class' % (
            module_path, class_name)
-        ) from err
+                          ) from err


 def is_absolute_uri(uri):
@ -176,6 +176,7 @@ class Config(dict):
        'AUTH_LDAP_SYNC_IS_PERIODIC': False,
        'AUTH_LDAP_SYNC_INTERVAL': None,
        'AUTH_LDAP_SYNC_CRONTAB': None,
+        'AUTH_LDAP_SYNC_ORG_ID': '00000000-0000-0000-0000-000000000002',
        'AUTH_LDAP_USER_LOGIN_ONLY_IN_USERS': False,
        'AUTH_LDAP_OPTIONS_OPT_REFERRALS': -1,

@ -272,7 +273,7 @@ class Config(dict):
        'FEISHU_APP_ID': '',
        'FEISHU_APP_SECRET': '',

-        'LOGIN_REDIRECT_TO_BACKEND':  '',  # 'OPENID / CAS / SAML2
+        'LOGIN_REDIRECT_TO_BACKEND': '',  # 'OPENID / CAS / SAML2
        'LOGIN_REDIRECT_MSG_ENABLED': True,

        'SMS_ENABLED': False,
--- a/apps/jumpserver/settings/auth.py
+++ b/apps/jumpserver/settings/auth.py
@ -43,6 +43,7 @@ AUTH_LDAP_SEARCH_PAGED_SIZE = CONFIG.AUTH_LDAP_SEARCH_PAGED_SIZE
 AUTH_LDAP_SYNC_IS_PERIODIC = CONFIG.AUTH_LDAP_SYNC_IS_PERIODIC
 AUTH_LDAP_SYNC_INTERVAL = CONFIG.AUTH_LDAP_SYNC_INTERVAL
 AUTH_LDAP_SYNC_CRONTAB = CONFIG.AUTH_LDAP_SYNC_CRONTAB
+AUTH_LDAP_SYNC_ORG_ID = CONFIG.AUTH_LDAP_SYNC_ORG_ID
 AUTH_LDAP_USER_LOGIN_ONLY_IN_USERS = CONFIG.AUTH_LDAP_USER_LOGIN_ONLY_IN_USERS


--- a/apps/settings/api/ldap.py
+++ b/apps/settings/api/ldap.py
@ -195,7 +195,9 @@ class LDAPUserImportAPI(APIView):
    def get_ldap_users(self):
        username_list = self.request.data.get('username_list', [])
        cache_police = self.request.query_params.get('cache_police', True)
-        if cache_police in LDAP_USE_CACHE_FLAGS:
+        if '*' in username_list:
+            users = LDAPServerUtil().search()
+        elif cache_police in LDAP_USE_CACHE_FLAGS:
            users = LDAPCacheUtil().search(search_users=username_list)
        else:
            users = LDAPServerUtil().search(search_users=username_list)
@ -234,4 +236,3 @@ class LDAPCacheRefreshAPI(generics.RetrieveAPIView):
            logger.error(str(e))
            return Response(data={'msg': str(e)}, status=400)
        return Response(data={'msg': 'success'})
-
--- a/apps/settings/serializers/auth/ldap.py
+++ b/apps/settings/serializers/auth/ldap.py
@ -1,4 +1,3 @@
-
 from django.utils.translation import ugettext_lazy as _
 from rest_framework import serializers

@ -40,8 +39,9 @@ class LDAPSettingSerializer(serializers.Serializer):
        help_text=_('eg: ldap://localhost:389')
    )
    AUTH_LDAP_BIND_DN = serializers.CharField(required=False, max_length=1024, label=_('Bind DN'))
-    AUTH_LDAP_BIND_PASSWORD = serializers.CharField(max_length=1024, write_only=True, required=False,
-                                                    label=_('Password'))
+    AUTH_LDAP_BIND_PASSWORD = serializers.CharField(
+        max_length=1024, write_only=True, required=False, label=_('Password')
+    )
    AUTH_LDAP_SEARCH_OU = serializers.CharField(
        max_length=1024, allow_blank=True, required=False, label=_('User OU'),
        help_text=_('Use | split multi OUs')
@ -55,6 +55,9 @@ class LDAPSettingSerializer(serializers.Serializer):
        help_text=_('User attr map present how to map LDAP user attr to '
                    'jumpserver, username,name,email is jumpserver attr')
    )
+    AUTH_LDAP_SYNC_ORG_ID = serializers.CharField(
+        required=False, label=_('Organization'), max_length=36
+    )
    AUTH_LDAP_SYNC_IS_PERIODIC = serializers.BooleanField(
        required=False, label=_('Periodic perform')
    )
--- a/apps/users/tasks.py
+++ b/apps/users/tasks.py
@ -1,7 +1,6 @@
 # -*- coding: utf-8 -*-
 #

-import sys
 from celery import shared_task
 from django.conf import settings

@ -11,6 +10,7 @@ from ops.celery.utils import (
 )
 from ops.celery.decorator import after_app_ready_start
 from common.utils import get_logger
+from orgs.models import Organization
 from .models import User
 from users.notifications import UserExpirationReminderMsg
 from settings.utils import LDAPServerUtil, LDAPImportUtil
@ -81,7 +81,9 @@ def import_ldap_user():
    util_server = LDAPServerUtil()
    util_import = LDAPImportUtil()
    users = util_server.search()
-    errors = util_import.perform_import(users)
+    org_id = settings.AUTH_LDAP_SYNC_ORG_ID
+    org = Organization.get_instance(org_id)
+    errors = util_import.perform_import(users, org)
    if errors:
        logger.error("Imported LDAP users errors: {}".format(errors))
    else: