github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

perf: 优化 LDAP 用户导入/同步时支持 is_active 为 -1 的情况

pull/10996/head
Bai 2023-07-18 10:10:24 +08:00 committed by Bryan
parent 1d6bdc9b6b
commit f466904a1c
2 changed files with 13 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
apps/authentication/backends/ldap.py
View File

@ -9,6 +9,7 @@ from django_auth_ldap.config import _LDAPConfig, LDAPSearch, LDAPSearchUnion
from users.utils import construct_user_email from users.utils import construct_user_email
from common.const import LDAP_AD_ACCOUNT_DISABLE from common.const import LDAP_AD_ACCOUNT_DISABLE
from common.utils.http import is_true
from .base import JMSBaseAuthBackend from .base import JMSBaseAuthBackend
logger = _LDAPConfig.get_logger() logger = _LDAPConfig.get_logger()
@ -162,10 +163,11 @@ class LDAPUser(_LDAPUser):
try: try:
value = self.attrs[attr][0] value = self.attrs[attr][0]
value = value.strip() value = value.strip()
if attr.lower() == 'useraccountcontrol' \ if field == 'is_active':
and field == 'is_active' and value: if attr.lower() == 'useraccountcontrol' and value:
value = int(value) & LDAP_AD_ACCOUNT_DISABLE \ value = int(value) & LDAP_AD_ACCOUNT_DISABLE != LDAP_AD_ACCOUNT_DISABLE
!= LDAP_AD_ACCOUNT_DISABLE else:
value = is_true(value)
except LookupError: except LookupError:
logger.warning("{} does not have a value for the attribute {}".format(self.dn, attr)) logger.warning("{} does not have a value for the attribute {}".format(self.dn, attr))
else: else:

8
apps/settings/utils/ldap.py
View File

@ -28,6 +28,7 @@ from authentication.backends.ldap import LDAPAuthorizationBackend, LDAPUser
from common.const import LDAP_AD_ACCOUNT_DISABLE from common.const import LDAP_AD_ACCOUNT_DISABLE
from common.db.utils import close_old_connections from common.db.utils import close_old_connections
from common.utils import timeit, get_logger from common.utils import timeit, get_logger
from common.utils.http import is_true
from orgs.utils import tmp_to_org from orgs.utils import tmp_to_org
from users.models import User, UserGroup from users.models import User, UserGroup
from users.utils import construct_user_email from users.utils import construct_user_email
@ -185,9 +186,12 @@ class LDAPServerUtil(object):
if not hasattr(entry, mapping): if not hasattr(entry, mapping):
continue continue
value = getattr(entry, mapping).value or '' value = getattr(entry, mapping).value or ''
if attr == 'is_active' and mapping.lower() == 'useraccountcontrol' \ if attr == 'is_active':
and value: if mapping.lower() == 'useraccountcontrol' and value:
value = int(value) & LDAP_AD_ACCOUNT_DISABLE != LDAP_AD_ACCOUNT_DISABLE value = int(value) & LDAP_AD_ACCOUNT_DISABLE != LDAP_AD_ACCOUNT_DISABLE
else:
value = is_true(value)
if attr == 'groups' and mapping.lower() == 'memberof': if attr == 'groups' and mapping.lower() == 'memberof':
# AD: {'groups': 'memberOf'} # AD: {'groups': 'memberOf'}
if isinstance(value, str) and value: if isinstance(value, str) and value: