github/jumpserver
1
0
Fork 0
mirror of https://github.com/jumpserver/jumpserver.git synced 2025-05-05 06:36:51 +00:00
Code Issues Projects Releases Wiki Activity

fix: 修复只配置DC域时,LDAP用户认证失败的问题

Browse Source
This commit is contained in:
Bai 2020-12-11 17:38:33 +08:00 committed by Jiangjie.Bai
parent 213221beae
commit e056430fce
2 changed files with 26 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
apps/authentication/backends/ldap.py
View File

@ -82,6 +82,12 @@ class LDAPAuthorizationBackend(LDAPBackend):
class LDAPUser(_LDAPUser): class LDAPUser(_LDAPUser):
def _search_for_user_dn_from_ldap_util(self):
from settings.utils import LDAPServerUtil
util = LDAPServerUtil()
user_dn = util.search_for_user_dn(self._username)
return user_dn
def _search_for_user_dn(self): def _search_for_user_dn(self):
""" """
This method was overridden because the AUTH_LDAP_USER_SEARCH This method was overridden because the AUTH_LDAP_USER_SEARCH
@ -107,7 +113,10 @@ class LDAPUser(_LDAPUser):
if results is not None and len(results) == 1: if results is not None and len(results) == 1:
(user_dn, self._user_attrs) = next(iter(results)) (user_dn, self._user_attrs) = next(iter(results))
else: else:
user_dn = None # 解决直接配置DC域用户认证失败的问题(库不能从整棵树中搜索)
user_dn = self._search_for_user_dn_from_ldap_util()
self._user_dn = user_dn
self._user_attrs = self._load_user_attrs()
return user_dn return user_dn

20
apps/settings/utils/ldap.py
View File

@ -146,8 +146,10 @@ class LDAPServerUtil(object):
) )
@timeit @timeit
def search_user_entries(self): def search_user_entries(self, search_users=None, search_value=None):
logger.info("Search user entries") logger.info("Search user entries")
self.search_users = search_users
self.search_value = search_value
user_entries = list() user_entries = list()
search_ous = str(self.config.search_ou).split('|') search_ous = str(self.config.search_ou).split('|')
for search_ou in search_ous: for search_ou in search_ous:
@ -180,12 +182,22 @@ class LDAPServerUtil(object):
users.append(user) users.append(user)
return users return users
@timeit
def search_for_user_dn(self, username):
user_entries = self.search_user_entries(search_users=[username])
if len(user_entries) == 1:
user_entry = user_entries[0]
user_dn = user_entry.entry_dn
else:
user_dn = None
return user_dn
@timeit @timeit
def search(self, search_users=None, search_value=None): def search(self, search_users=None, search_value=None):
logger.info("Search ldap users") logger.info("Search ldap users")
self.search_users = search_users user_entries = self.search_user_entries(
self.search_value = search_value search_users=search_users, search_value=search_value
user_entries = self.search_user_entries() )
users = self.user_entries_to_dict(user_entries) users = self.user_entries_to_dict(user_entries)
return users return users