diff --git a/apps/assets/utils.py b/apps/assets/utils.py
index 0f80adec6..e0b316ad7 100644
--- a/apps/assets/utils.py
+++ b/apps/assets/utils.py
@@ -136,7 +136,10 @@ class TreeService(Tree):
         if assets:
             return assets
         assets = set(self.assets(nid))
-        children = self.children(nid)
+        try:
+            children = self.children(nid)
+        except NodeIDAbsentError:
+            children = []
         for child in children:
             assets.update(self.all_assets(child.identifier))
         self.all_nodes_assets_map[nid] = assets
diff --git a/apps/audits/models.py b/apps/audits/models.py
index 31471edbe..5b53d1c85 100644
--- a/apps/audits/models.py
+++ b/apps/audits/models.py
@@ -6,6 +6,7 @@ from django.utils.translation import ugettext_lazy as _
 from django.utils import timezone
 
 from orgs.mixins.models import OrgModelMixin
+from orgs.utils import current_org
 
 __all__ = [
     'FTPLog', 'OperateLog', 'PasswordChangeLog', 'UserLoginLog',
@@ -104,6 +105,9 @@ class UserLoginLog(models.Model):
                 Q(city__contains=keyword) |
                 Q(username__contains=keyword)
             )
+        if not current_org.is_root():
+            username_list = current_org.get_org_members().values_list('username', flat=True)
+            login_logs = login_logs.filter(username__in=username_list)
         return login_logs
 
     class Meta:
diff --git a/apps/authentication/signals_handlers.py b/apps/authentication/signals_handlers.py
index 7033cf777..c0b48c61d 100644
--- a/apps/authentication/signals_handlers.py
+++ b/apps/authentication/signals_handlers.py
@@ -47,7 +47,7 @@ def on_openid_login_success(sender, user=None, request=None, **kwargs):
 
 @receiver(populate_user)
 def on_ldap_create_user(sender, user, ldap_user, **kwargs):
-    if user and user.name != 'admin':
+    if user and user.username != 'admin':
         user.source = user.SOURCE_LDAP
         user.save()
 
diff --git a/apps/authentication/templates/authentication/_access_key_modal.html b/apps/authentication/templates/authentication/_access_key_modal.html
index 5686c212d..ac5b26d54 100644
--- a/apps/authentication/templates/authentication/_access_key_modal.html
+++ b/apps/authentication/templates/authentication/_access_key_modal.html
@@ -21,7 +21,7 @@
 <div class="uc pull-left m-r-0 m-t-10">
     <button class="btn btn-primary btn-sm" id="create-btn" href="#"> {% trans "Create" %} </button>
 </div>
-<table class="table table-striped table-bordered table-hover " id="access_key_list_table">
+<table class="table table-striped table-bordered table-hover " id="access_key_list_table" style="width: 100%">
     <thead>
     <tr>
         <th class="text-center">
diff --git a/apps/jumpserver/conf.py b/apps/jumpserver/conf.py
index a9cc3b49b..27231af4b 100644
--- a/apps/jumpserver/conf.py
+++ b/apps/jumpserver/conf.py
@@ -380,6 +380,7 @@ defaults = {
     'AUTH_LDAP_SYNC_INTERVAL': None,
     'AUTH_LDAP_SYNC_CRONTAB': None,
     'AUTH_LDAP_USER_LOGIN_ONLY_IN_USERS': False,
+    'AUTH_LDAP_OPTIONS_OPT_REFERRALS': -1,
     'HTTP_BIND_HOST': '0.0.0.0',
     'HTTP_LISTEN_PORT': 8080,
     'WS_LISTEN_PORT': 8070,
diff --git a/apps/jumpserver/settings.py b/apps/jumpserver/settings.py
index 60d3f21cc..6f36f529a 100644
--- a/apps/jumpserver/settings.py
+++ b/apps/jumpserver/settings.py
@@ -441,6 +441,7 @@ AUTH_LDAP_START_TLS = False
 AUTH_LDAP_USER_ATTR_MAP = {"username": "cn", "name": "sn", "email": "mail"}
 AUTH_LDAP_GLOBAL_OPTIONS = {
     ldap.OPT_X_TLS_REQUIRE_CERT: ldap.OPT_X_TLS_NEVER,
+    ldap.OPT_REFERRALS: CONFIG.AUTH_LDAP_OPTIONS_OPT_REFERRALS
 }
 LDAP_CERT_FILE = os.path.join(PROJECT_DIR, "data", "certs", "ldap_ca.pem")
 if os.path.isfile(LDAP_CERT_FILE):
diff --git a/apps/perms/api/user_remote_app_permission.py b/apps/perms/api/user_remote_app_permission.py
index 868c92015..51a9217ce 100644
--- a/apps/perms/api/user_remote_app_permission.py
+++ b/apps/perms/api/user_remote_app_permission.py
@@ -53,6 +53,8 @@ class UserGrantedRemoteAppsAsTreeApi(UserGrantedRemoteAppsApi):
     permission_classes = (IsOrgAdminOrAppUser,)
 
     def get_serializer(self, remote_apps=None, *args, **kwargs):
+        if remote_apps is None:
+            remote_apps = []
         only_remote_app = self.request.query_params.get('only', '0') == '1'
         tree_root = None
         data = []
diff --git a/apps/terminal/api/command.py b/apps/terminal/api/command.py
index c18de010f..1dfd0ad3b 100644
--- a/apps/terminal/api/command.py
+++ b/apps/terminal/api/command.py
@@ -29,6 +29,9 @@ class CommandQueryMixin:
     default_days_ago = 5
 
     def get_queryset(self):
+        # 解决访问 /docs/ 问题
+        if hasattr(self, 'swagger_fake_view'):
+            return self.command_store.model.objects.none()
         date_from, date_to = self.get_date_range()
         q = self.request.query_params
         multi_command_storage = get_multi_command_storage()
diff --git a/config_example.yml b/config_example.yml
index 786de3257..4b01fd10f 100644
--- a/config_example.yml
+++ b/config_example.yml
@@ -73,16 +73,23 @@ REDIS_PORT: 6379
 # RADIUS_SECRET: 
 
 # LDAP/AD settings
+# LDAP 搜索分页数量
+# AUTH_LDAP_SEARCH_PAGED_SIZE: 1000
+#
 # 定时同步用户
-# 启用/禁用
+# 启用 / 禁用
 # AUTH_LDAP_SYNC_IS_PERIODIC: True
-# 单位: 时
+# 同步间隔 (单位: 时) (优先）
 # AUTH_LDAP_SYNC_INTERVAL: 12
 # Crontab 表达式
 # AUTH_LDAP_SYNC_CRONTAB: * 6 * * *
 #
 # LDAP 用户登录时仅允许在用户列表中的用户执行 LDAP Server 认证
 # AUTH_LDAP_USER_LOGIN_ONLY_IN_USERS: False
+#
+# LDAP 认证时如果日志中出现以下信息将参数设置为 0 (详情参见：https://www.python-ldap.org/en/latest/faq.html)
+# In order to perform this operation a successful bind must be completed on the connection
+# AUTH_LDAP_OPTIONS_OPT_REFERRALS: -1
 
 
 # OTP settings