[Update] LDAP 认证添加配置项 OPT_REFERRALS（解决问题: In order to perform this operation a successful bind must be completed on the connection)

apps/jumpserver/conf.py

@@ -380,6 +380,7 @@ defaults = {
     'AUTH_LDAP_SYNC_INTERVAL': None,
     'AUTH_LDAP_SYNC_CRONTAB': None,
     'AUTH_LDAP_USER_LOGIN_ONLY_IN_USERS': False,
+    'AUTH_LDAP_OPTIONS_OPT_REFERRALS': -1,
     'HTTP_BIND_HOST': '0.0.0.0',
     'HTTP_LISTEN_PORT': 8080,
     'WS_LISTEN_PORT': 8070,

apps/jumpserver/settings.py

@@ -440,6 +440,7 @@ AUTH_LDAP_START_TLS = False
 AUTH_LDAP_USER_ATTR_MAP = {"username": "cn", "name": "sn", "email": "mail"}
 AUTH_LDAP_GLOBAL_OPTIONS = {
     ldap.OPT_X_TLS_REQUIRE_CERT: ldap.OPT_X_TLS_NEVER,
+    ldap.OPT_REFERRALS: CONFIG.AUTH_LDAP_OPTIONS_OPT_REFERRALS
 }
 LDAP_CERT_FILE = os.path.join(PROJECT_DIR, "data", "certs", "ldap_ca.pem")
 if os.path.isfile(LDAP_CERT_FILE):

config_example.yml

@@ -83,6 +83,10 @@ REDIS_PORT: 6379
 #
 # LDAP 用户登录时仅允许在用户列表中的用户执行 LDAP Server 认证
 # AUTH_LDAP_USER_LOGIN_ONLY_IN_USERS: False
+#
+# LDAP 认证时如果出现以下信息将参数设置为 0 (详情参见：https://www.python-ldap.org/en/latest/faq.html)
+# In order to perform this operation a successful bind must be completed on the connection
+# AUTH_LDAP_OPTIONS_OPT_REFERRALS: -1
 
 
 # OTP settings