fix: 修复只配置DC域时，LDAP用户认证失败的问题

2020-12-11 17:38:33 +08:00 · 2020-12-11 17:38:33 +08:00 · e056430fce
parent 213221beae
commit e056430fce
2 changed files with 26 additions and 5 deletions
--- a/apps/authentication/backends/ldap.py
+++ b/apps/authentication/backends/ldap.py
@ -82,6 +82,12 @@ class LDAPAuthorizationBackend(LDAPBackend):

 class LDAPUser(_LDAPUser):

+    def _search_for_user_dn_from_ldap_util(self):
+        from settings.utils import LDAPServerUtil
+        util = LDAPServerUtil()
+        user_dn = util.search_for_user_dn(self._username)
+        return user_dn
+
    def _search_for_user_dn(self):
        """
        This method was overridden because the AUTH_LDAP_USER_SEARCH
@ -107,7 +113,10 @@ class LDAPUser(_LDAPUser):
        if results is not None and len(results) == 1:
            (user_dn, self._user_attrs) = next(iter(results))
        else:
-            user_dn = None
+            # 解决直接配置DC域，用户认证失败的问题(库不能从整棵树中搜索)
+            user_dn = self._search_for_user_dn_from_ldap_util()
+            self._user_dn = user_dn
+            self._user_attrs = self._load_user_attrs()

        return user_dn

--- a/apps/settings/utils/ldap.py
+++ b/apps/settings/utils/ldap.py
@ -146,8 +146,10 @@ class LDAPServerUtil(object):
        )

    @timeit
-    def search_user_entries(self):
+    def search_user_entries(self, search_users=None, search_value=None):
        logger.info("Search user entries")
+        self.search_users = search_users
+        self.search_value = search_value
        user_entries = list()
        search_ous = str(self.config.search_ou).split('|')
        for search_ou in search_ous:
@ -180,12 +182,22 @@ class LDAPServerUtil(object):
            users.append(user)
        return users

+    @timeit
+    def search_for_user_dn(self, username):
+        user_entries = self.search_user_entries(search_users=[username])
+        if len(user_entries) == 1:
+            user_entry = user_entries[0]
+            user_dn = user_entry.entry_dn
+        else:
+            user_dn = None
+        return user_dn
+
    @timeit
    def search(self, search_users=None, search_value=None):
        logger.info("Search ldap users")
-        self.search_users = search_users
-        self.search_value = search_value
-        user_entries = self.search_user_entries()
+        user_entries = self.search_user_entries(
+            search_users=search_users, search_value=search_value
+        )
        users = self.user_entries_to_dict(user_entries)
        return users