feat: ldap一键导入及设置用户组织

apps/jumpserver/conf.py

@@ -176,6 +176,7 @@ class Config(dict):
         'AUTH_LDAP_SYNC_IS_PERIODIC': False,
         'AUTH_LDAP_SYNC_INTERVAL': None,
         'AUTH_LDAP_SYNC_CRONTAB': None,
+        'AUTH_LDAP_SYNC_ORG_ID': '00000000-0000-0000-0000-000000000002',
         'AUTH_LDAP_USER_LOGIN_ONLY_IN_USERS': False,
         'AUTH_LDAP_OPTIONS_OPT_REFERRALS': -1,
 

apps/jumpserver/settings/auth.py

@@ -43,6 +43,7 @@ AUTH_LDAP_SEARCH_PAGED_SIZE = CONFIG.AUTH_LDAP_SEARCH_PAGED_SIZE
 AUTH_LDAP_SYNC_IS_PERIODIC = CONFIG.AUTH_LDAP_SYNC_IS_PERIODIC
 AUTH_LDAP_SYNC_INTERVAL = CONFIG.AUTH_LDAP_SYNC_INTERVAL
 AUTH_LDAP_SYNC_CRONTAB = CONFIG.AUTH_LDAP_SYNC_CRONTAB
+AUTH_LDAP_SYNC_ORG_ID = CONFIG.AUTH_LDAP_SYNC_ORG_ID
 AUTH_LDAP_USER_LOGIN_ONLY_IN_USERS = CONFIG.AUTH_LDAP_USER_LOGIN_ONLY_IN_USERS
 
 

apps/settings/api/ldap.py

@@ -195,7 +195,9 @@ class LDAPUserImportAPI(APIView):
     def get_ldap_users(self):
         username_list = self.request.data.get('username_list', [])
         cache_police = self.request.query_params.get('cache_police', True)
-        if cache_police in LDAP_USE_CACHE_FLAGS:
+        if '*' in username_list:
+            users = LDAPServerUtil().search()
+        elif cache_police in LDAP_USE_CACHE_FLAGS:
             users = LDAPCacheUtil().search(search_users=username_list)
         else:
             users = LDAPServerUtil().search(search_users=username_list)
@@ -234,4 +236,3 @@ class LDAPCacheRefreshAPI(generics.RetrieveAPIView):
             logger.error(str(e))
             return Response(data={'msg': str(e)}, status=400)
         return Response(data={'msg': 'success'})
-

apps/settings/serializers/auth/ldap.py

@@ -1,4 +1,3 @@
-
 from django.utils.translation import ugettext_lazy as _
 from rest_framework import serializers
 
@@ -40,8 +39,9 @@ class LDAPSettingSerializer(serializers.Serializer):
         help_text=_('eg: ldap://localhost:389')
     )
     AUTH_LDAP_BIND_DN = serializers.CharField(required=False, max_length=1024, label=_('Bind DN'))
-    AUTH_LDAP_BIND_PASSWORD = serializers.CharField(max_length=1024, write_only=True, required=False,
+    AUTH_LDAP_BIND_PASSWORD = serializers.CharField(
-                                                    label=_('Password'))
+        max_length=1024, write_only=True, required=False, label=_('Password')
+    )
     AUTH_LDAP_SEARCH_OU = serializers.CharField(
         max_length=1024, allow_blank=True, required=False, label=_('User OU'),
         help_text=_('Use | split multi OUs')
@@ -55,6 +55,9 @@ class LDAPSettingSerializer(serializers.Serializer):
         help_text=_('User attr map present how to map LDAP user attr to '
                     'jumpserver, username,name,email is jumpserver attr')
     )
+    AUTH_LDAP_SYNC_ORG_ID = serializers.CharField(
+        required=False, label=_('Organization'), max_length=36
+    )
     AUTH_LDAP_SYNC_IS_PERIODIC = serializers.BooleanField(
         required=False, label=_('Periodic perform')
     )

apps/users/tasks.py

@@ -1,7 +1,6 @@
 # -*- coding: utf-8 -*-
 #
 
-import sys
 from celery import shared_task
 from django.conf import settings
 
@@ -11,6 +10,7 @@ from ops.celery.utils import (
 )
 from ops.celery.decorator import after_app_ready_start
 from common.utils import get_logger
+from orgs.models import Organization
 from .models import User
 from users.notifications import UserExpirationReminderMsg
 from settings.utils import LDAPServerUtil, LDAPImportUtil
@@ -81,7 +81,9 @@ def import_ldap_user():
     util_server = LDAPServerUtil()
     util_import = LDAPImportUtil()
     users = util_server.search()
-    errors = util_import.perform_import(users)
+    org_id = settings.AUTH_LDAP_SYNC_ORG_ID
+    org = Organization.get_instance(org_id)
+    errors = util_import.perform_import(users, org)
     if errors:
         logger.error("Imported LDAP users errors: {}".format(errors))
     else: