github/jumpserver
1
0
Fork 0
mirror of https://github.com/jumpserver/jumpserver.git synced 2025-07-04 10:36:37 +00:00
Code Issues Projects Releases Wiki Activity

fix: Radius login failed

Browse Source
This commit is contained in:
wangruidong 2024-11-15 15:36:47 +08:00 committed by Bryan
parent 98d7ecbf3e
commit f03263eedf
1 changed files with 34 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
apps/authentication/backends/ldap.py
View File

@ -3,8 +3,9 @@
import abc import abc
import ldap import ldap
from django.conf import settings from django.conf import settings
from django.core.cache import cache
from django.core.exceptions import ImproperlyConfigured, ObjectDoesNotExist from django.core.exceptions import ImproperlyConfigured, ObjectDoesNotExist
from django_auth_ldap.backend import _LDAPUser, LDAPBackend from django_auth_ldap.backend import _LDAPUser, LDAPBackend, valid_cache_key
from django_auth_ldap.config import _LDAPConfig, LDAPSearch, LDAPSearchUnion from django_auth_ldap.config import _LDAPConfig, LDAPSearch, LDAPSearchUnion
from users.utils import construct_user_email from users.utils import construct_user_email
@ -146,30 +147,53 @@ class LDAPHAAuthorizationBackend(JMSBaseAuthBackend, LDAPBaseBackend):
class LDAPUser(_LDAPUser): class LDAPUser(_LDAPUser):
def __init__(self, backend, username=None, user=None, request=None):
super().__init__(backend=backend, username=username, user=user, request=request)
config_prefix = "" if isinstance(self.backend, LDAPAuthorizationBackend) else "_ha"
self.user_dn_cache_key = valid_cache_key(
f"django_auth_ldap{config_prefix}.user_dn.{self._username}"
)
self.category = f"ldap{config_prefix}"
self.search_filter = getattr(settings, f"AUTH_LDAP{config_prefix.upper()}_SEARCH_FILTER", None)
self.search_ou = getattr(settings, f"AUTH_LDAP{config_prefix.upper()}_SEARCH_OU", None)
def _search_for_user_dn_from_ldap_util(self): def _search_for_user_dn_from_ldap_util(self):
from settings.utils import LDAPServerUtil from settings.utils import LDAPServerUtil
util = LDAPServerUtil() util = LDAPServerUtil(category=self.category)
user_dn = util.search_for_user_dn(self._username) user_dn = util.search_for_user_dn(self._username)
return user_dn return user_dn
def _load_user_dn(self):
"""
Populates self._user_dn with the distinguished name of our user.
This will either construct the DN from a template in
AUTH_LDAP_USER_DN_TEMPLATE or connect to the server and search for it.
If we have to search, we'll cache the DN.
"""
if self._using_simple_bind_mode():
self._user_dn = self._construct_simple_user_dn()
else:
if self.settings.CACHE_TIMEOUT > 0:
self._user_dn = cache.get_or_set(
self.user_dn_cache_key, self._search_for_user_dn, self.settings.CACHE_TIMEOUT
)
else:
self._user_dn = self._search_for_user_dn()
def _search_for_user_dn(self): def _search_for_user_dn(self):
""" """
This method was overridden because the AUTH_LDAP_USER_SEARCH This method was overridden because the AUTH_LDAP_USER_SEARCH
configuration in the settings.py file configuration in the settings.py file
is configured with a `lambda` problem value is configured with a `lambda` problem value
""" """
if isinstance(self.backend, LDAPAuthorizationBackend):
search_filter = settings.AUTH_LDAP_SEARCH_FILTER
search_ou = settings.AUTH_LDAP_SEARCH_OU
else:
search_filter = settings.AUTH_LDAP_HA_SEARCH_FILTER
search_ou = settings.AUTH_LDAP_HA_SEARCH_OU
user_search_union = [ user_search_union = [
LDAPSearch( LDAPSearch(
USER_SEARCH, ldap.SCOPE_SUBTREE, USER_SEARCH, ldap.SCOPE_SUBTREE,
search_filter self.search_filter
) )
for USER_SEARCH in str(search_ou).split("|") for USER_SEARCH in str(self.search_ou).split("|")
] ]
search = LDAPSearchUnion(*user_search_union) search = LDAPSearchUnion(*user_search_union)