From e056430fce10dbc8994fd58ce1bc9c9044cb593c Mon Sep 17 00:00:00 2001
From: Bai <bugatti_it@163.com>
Date: Fri, 11 Dec 2020 17:38:33 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=E5=8F=AA=E9=85=8D?=
 =?UTF-8?q?=E7=BD=AEDC=E5=9F=9F=E6=97=B6=EF=BC=8CLDAP=E7=94=A8=E6=88=B7?=
 =?UTF-8?q?=E8=AE=A4=E8=AF=81=E5=A4=B1=E8=B4=A5=E7=9A=84=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/authentication/backends/ldap.py | 11 ++++++++++-
 apps/settings/utils/ldap.py          | 20 ++++++++++++++++----
 2 files changed, 26 insertions(+), 5 deletions(-)

diff --git a/apps/authentication/backends/ldap.py b/apps/authentication/backends/ldap.py
index ac3cfc254..5a5e16081 100644
--- a/apps/authentication/backends/ldap.py
+++ b/apps/authentication/backends/ldap.py
@@ -82,6 +82,12 @@ class LDAPAuthorizationBackend(LDAPBackend):
 
 class LDAPUser(_LDAPUser):
 
+    def _search_for_user_dn_from_ldap_util(self):
+        from settings.utils import LDAPServerUtil
+        util = LDAPServerUtil()
+        user_dn = util.search_for_user_dn(self._username)
+        return user_dn
+
     def _search_for_user_dn(self):
         """
         This method was overridden because the AUTH_LDAP_USER_SEARCH
@@ -107,7 +113,10 @@ class LDAPUser(_LDAPUser):
         if results is not None and len(results) == 1:
             (user_dn, self._user_attrs) = next(iter(results))
         else:
-            user_dn = None
+            # 解决直接配置DC域，用户认证失败的问题(库不能从整棵树中搜索)
+            user_dn = self._search_for_user_dn_from_ldap_util()
+            self._user_dn = user_dn
+            self._user_attrs = self._load_user_attrs()
 
         return user_dn
 
diff --git a/apps/settings/utils/ldap.py b/apps/settings/utils/ldap.py
index 5ca455380..45bdd6018 100644
--- a/apps/settings/utils/ldap.py
+++ b/apps/settings/utils/ldap.py
@@ -146,8 +146,10 @@ class LDAPServerUtil(object):
         )
 
     @timeit
-    def search_user_entries(self):
+    def search_user_entries(self, search_users=None, search_value=None):
         logger.info("Search user entries")
+        self.search_users = search_users
+        self.search_value = search_value
         user_entries = list()
         search_ous = str(self.config.search_ou).split('|')
         for search_ou in search_ous:
@@ -180,12 +182,22 @@ class LDAPServerUtil(object):
             users.append(user)
         return users
 
+    @timeit
+    def search_for_user_dn(self, username):
+        user_entries = self.search_user_entries(search_users=[username])
+        if len(user_entries) == 1:
+            user_entry = user_entries[0]
+            user_dn = user_entry.entry_dn
+        else:
+            user_dn = None
+        return user_dn
+
     @timeit
     def search(self, search_users=None, search_value=None):
         logger.info("Search ldap users")
-        self.search_users = search_users
-        self.search_value = search_value
-        user_entries = self.search_user_entries()
+        user_entries = self.search_user_entries(
+            search_users=search_users, search_value=search_value
+        )
         users = self.user_entries_to_dict(user_entries)
         return users