perf: 优化 LDAP 用户导入/同步时支持 is_active 为 -1 的情况

2023-07-18 10:10:24 +08:00 · 2023-07-18 10:10:24 +08:00 · f466904a1c
parent 1d6bdc9b6b
commit f466904a1c
2 changed files with 13 additions and 7 deletions
--- a/apps/authentication/backends/ldap.py
+++ b/apps/authentication/backends/ldap.py
@ -9,6 +9,7 @@ from django_auth_ldap.config import _LDAPConfig, LDAPSearch, LDAPSearchUnion

 from users.utils import construct_user_email
 from common.const import LDAP_AD_ACCOUNT_DISABLE
+from common.utils.http import is_true
 from .base import JMSBaseAuthBackend

 logger = _LDAPConfig.get_logger()
@ -162,10 +163,11 @@ class LDAPUser(_LDAPUser):
            try:
                value = self.attrs[attr][0]
                value = value.strip()
-                if attr.lower() == 'useraccountcontrol' \
-                        and field == 'is_active' and value:
-                    value = int(value) & LDAP_AD_ACCOUNT_DISABLE \
-                            != LDAP_AD_ACCOUNT_DISABLE
+                if field == 'is_active':
+                    if attr.lower() == 'useraccountcontrol' and value:
+                        value = int(value) & LDAP_AD_ACCOUNT_DISABLE != LDAP_AD_ACCOUNT_DISABLE
+                    else:
+                        value = is_true(value)
            except LookupError:
                logger.warning("{} does not have a value for the attribute {}".format(self.dn, attr))
            else:
--- a/apps/settings/utils/ldap.py
+++ b/apps/settings/utils/ldap.py
@ -28,6 +28,7 @@ from authentication.backends.ldap import LDAPAuthorizationBackend, LDAPUser
 from common.const import LDAP_AD_ACCOUNT_DISABLE
 from common.db.utils import close_old_connections
 from common.utils import timeit, get_logger
+from common.utils.http import is_true
 from orgs.utils import tmp_to_org
 from users.models import User, UserGroup
 from users.utils import construct_user_email
@ -185,9 +186,12 @@ class LDAPServerUtil(object):
            if not hasattr(entry, mapping):
                continue
            value = getattr(entry, mapping).value or ''
-            if attr == 'is_active' and mapping.lower() == 'useraccountcontrol' \
-                    and value:
-                value = int(value) & LDAP_AD_ACCOUNT_DISABLE != LDAP_AD_ACCOUNT_DISABLE
+            if attr == 'is_active':
+                if mapping.lower() == 'useraccountcontrol' and value:
+                    value = int(value) & LDAP_AD_ACCOUNT_DISABLE != LDAP_AD_ACCOUNT_DISABLE
+                else:
+                    value = is_true(value)
+
            if attr == 'groups' and mapping.lower() == 'memberof':
                # AD: {'groups': 'memberOf'}
                if isinstance(value, str) and value: