mirror of https://github.com/jumpserver/jumpserver
feat: ldap一键导入及设置用户组织
feng626
Jiangjie.Bai
parent
ef36b2e662
commit
c8758f417d
|
|
@ -41,7 +41,7 @@ def import_string(dotted_path):
|
||||||
except AttributeError as err:
|
except AttributeError as err:
|
||||||
raise ImportError('Module "%s" does not define a "%s" attribute/class' % (
|
raise ImportError('Module "%s" does not define a "%s" attribute/class' % (
|
||||||
module_path, class_name)
|
module_path, class_name)
|
||||||
) from err
|
) from err
|
||||||
|
|
||||||
|
|
||||||
def is_absolute_uri(uri):
|
def is_absolute_uri(uri):
|
||||||
|
|
@ -176,6 +176,7 @@ class Config(dict):
|
||||||
'AUTH_LDAP_SYNC_IS_PERIODIC': False,
|
'AUTH_LDAP_SYNC_IS_PERIODIC': False,
|
||||||
'AUTH_LDAP_SYNC_INTERVAL': None,
|
'AUTH_LDAP_SYNC_INTERVAL': None,
|
||||||
'AUTH_LDAP_SYNC_CRONTAB': None,
|
'AUTH_LDAP_SYNC_CRONTAB': None,
|
||||||
|
'AUTH_LDAP_SYNC_ORG_ID': '00000000-0000-0000-0000-000000000002',
|
||||||
'AUTH_LDAP_USER_LOGIN_ONLY_IN_USERS': False,
|
'AUTH_LDAP_USER_LOGIN_ONLY_IN_USERS': False,
|
||||||
'AUTH_LDAP_OPTIONS_OPT_REFERRALS': -1,
|
'AUTH_LDAP_OPTIONS_OPT_REFERRALS': -1,
|
||||||
|
|
||||||
|
|
@ -272,7 +273,7 @@ class Config(dict):
|
||||||
'FEISHU_APP_ID': '',
|
'FEISHU_APP_ID': '',
|
||||||
'FEISHU_APP_SECRET': '',
|
'FEISHU_APP_SECRET': '',
|
||||||
|
|
||||||
'LOGIN_REDIRECT_TO_BACKEND': '', # 'OPENID / CAS / SAML2
|
'LOGIN_REDIRECT_TO_BACKEND': '', # 'OPENID / CAS / SAML2
|
||||||
'LOGIN_REDIRECT_MSG_ENABLED': True,
|
'LOGIN_REDIRECT_MSG_ENABLED': True,
|
||||||
|
|
||||||
'SMS_ENABLED': False,
|
'SMS_ENABLED': False,
|
||||||
|
|
|
||||||
|
|
@ -43,6 +43,7 @@ AUTH_LDAP_SEARCH_PAGED_SIZE = CONFIG.AUTH_LDAP_SEARCH_PAGED_SIZE
|
||||||
AUTH_LDAP_SYNC_IS_PERIODIC = CONFIG.AUTH_LDAP_SYNC_IS_PERIODIC
|
AUTH_LDAP_SYNC_IS_PERIODIC = CONFIG.AUTH_LDAP_SYNC_IS_PERIODIC
|
||||||
AUTH_LDAP_SYNC_INTERVAL = CONFIG.AUTH_LDAP_SYNC_INTERVAL
|
AUTH_LDAP_SYNC_INTERVAL = CONFIG.AUTH_LDAP_SYNC_INTERVAL
|
||||||
AUTH_LDAP_SYNC_CRONTAB = CONFIG.AUTH_LDAP_SYNC_CRONTAB
|
AUTH_LDAP_SYNC_CRONTAB = CONFIG.AUTH_LDAP_SYNC_CRONTAB
|
||||||
|
AUTH_LDAP_SYNC_ORG_ID = CONFIG.AUTH_LDAP_SYNC_ORG_ID
|
||||||
AUTH_LDAP_USER_LOGIN_ONLY_IN_USERS = CONFIG.AUTH_LDAP_USER_LOGIN_ONLY_IN_USERS
|
AUTH_LDAP_USER_LOGIN_ONLY_IN_USERS = CONFIG.AUTH_LDAP_USER_LOGIN_ONLY_IN_USERS
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -195,7 +195,9 @@ class LDAPUserImportAPI(APIView):
|
||||||
def get_ldap_users(self):
|
def get_ldap_users(self):
|
||||||
username_list = self.request.data.get('username_list', [])
|
username_list = self.request.data.get('username_list', [])
|
||||||
cache_police = self.request.query_params.get('cache_police', True)
|
cache_police = self.request.query_params.get('cache_police', True)
|
||||||
if cache_police in LDAP_USE_CACHE_FLAGS:
|
if '*' in username_list:
|
||||||
|
users = LDAPServerUtil().search()
|
||||||
|
elif cache_police in LDAP_USE_CACHE_FLAGS:
|
||||||
users = LDAPCacheUtil().search(search_users=username_list)
|
users = LDAPCacheUtil().search(search_users=username_list)
|
||||||
else:
|
else:
|
||||||
users = LDAPServerUtil().search(search_users=username_list)
|
users = LDAPServerUtil().search(search_users=username_list)
|
||||||
|
|
@ -234,4 +236,3 @@ class LDAPCacheRefreshAPI(generics.RetrieveAPIView):
|
||||||
logger.error(str(e))
|
logger.error(str(e))
|
||||||
return Response(data={'msg': str(e)}, status=400)
|
return Response(data={'msg': str(e)}, status=400)
|
||||||
return Response(data={'msg': 'success'})
|
return Response(data={'msg': 'success'})
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,3 @@
|
||||||
|
|
||||||
from django.utils.translation import ugettext_lazy as _
|
from django.utils.translation import ugettext_lazy as _
|
||||||
from rest_framework import serializers
|
from rest_framework import serializers
|
||||||
|
|
||||||
|
|
@ -40,8 +39,9 @@ class LDAPSettingSerializer(serializers.Serializer):
|
||||||
help_text=_('eg: ldap://localhost:389')
|
help_text=_('eg: ldap://localhost:389')
|
||||||
)
|
)
|
||||||
AUTH_LDAP_BIND_DN = serializers.CharField(required=False, max_length=1024, label=_('Bind DN'))
|
AUTH_LDAP_BIND_DN = serializers.CharField(required=False, max_length=1024, label=_('Bind DN'))
|
||||||
AUTH_LDAP_BIND_PASSWORD = serializers.CharField(max_length=1024, write_only=True, required=False,
|
AUTH_LDAP_BIND_PASSWORD = serializers.CharField(
|
||||||
label=_('Password'))
|
max_length=1024, write_only=True, required=False, label=_('Password')
|
||||||
|
)
|
||||||
AUTH_LDAP_SEARCH_OU = serializers.CharField(
|
AUTH_LDAP_SEARCH_OU = serializers.CharField(
|
||||||
max_length=1024, allow_blank=True, required=False, label=_('User OU'),
|
max_length=1024, allow_blank=True, required=False, label=_('User OU'),
|
||||||
help_text=_('Use | split multi OUs')
|
help_text=_('Use | split multi OUs')
|
||||||
|
|
@ -55,6 +55,9 @@ class LDAPSettingSerializer(serializers.Serializer):
|
||||||
help_text=_('User attr map present how to map LDAP user attr to '
|
help_text=_('User attr map present how to map LDAP user attr to '
|
||||||
'jumpserver, username,name,email is jumpserver attr')
|
'jumpserver, username,name,email is jumpserver attr')
|
||||||
)
|
)
|
||||||
|
AUTH_LDAP_SYNC_ORG_ID = serializers.CharField(
|
||||||
|
required=False, label=_('Organization'), max_length=36
|
||||||
|
)
|
||||||
AUTH_LDAP_SYNC_IS_PERIODIC = serializers.BooleanField(
|
AUTH_LDAP_SYNC_IS_PERIODIC = serializers.BooleanField(
|
||||||
required=False, label=_('Periodic perform')
|
required=False, label=_('Periodic perform')
|
||||||
)
|
)
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,6 @@
|
||||||
# -*- coding: utf-8 -*-
|
# -*- coding: utf-8 -*-
|
||||||
#
|
#
|
||||||
|
|
||||||
import sys
|
|
||||||
from celery import shared_task
|
from celery import shared_task
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
|
|
||||||
|
|
@ -11,6 +10,7 @@ from ops.celery.utils import (
|
||||||
)
|
)
|
||||||
from ops.celery.decorator import after_app_ready_start
|
from ops.celery.decorator import after_app_ready_start
|
||||||
from common.utils import get_logger
|
from common.utils import get_logger
|
||||||
|
from orgs.models import Organization
|
||||||
from .models import User
|
from .models import User
|
||||||
from users.notifications import UserExpirationReminderMsg
|
from users.notifications import UserExpirationReminderMsg
|
||||||
from settings.utils import LDAPServerUtil, LDAPImportUtil
|
from settings.utils import LDAPServerUtil, LDAPImportUtil
|
||||||
|
|
@ -81,7 +81,9 @@ def import_ldap_user():
|
||||||
util_server = LDAPServerUtil()
|
util_server = LDAPServerUtil()
|
||||||
util_import = LDAPImportUtil()
|
util_import = LDAPImportUtil()
|
||||||
users = util_server.search()
|
users = util_server.search()
|
||||||
errors = util_import.perform_import(users)
|
org_id = settings.AUTH_LDAP_SYNC_ORG_ID
|
||||||
|
org = Organization.get_instance(org_id)
|
||||||
|
errors = util_import.perform_import(users, org)
|
||||||
if errors:
|
if errors:
|
||||||
logger.error("Imported LDAP users errors: {}".format(errors))
|
logger.error("Imported LDAP users errors: {}".format(errors))
|
||||||
else:
|
else:
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue