USE_LDAP_SYNC_ONLY (#6977)

2025-09-18 08:16:07 +00:00 · 2024-10-31 17:25:28 +08:00
parent 20fde74744
commit de830a6154
4 changed files with 5 additions and 4 deletions
--- a/seahub/api2/serializers.py
+++ b/seahub/api2/serializers.py
@@ -14,7 +14,7 @@ from seahub.two_factor.models import default_device
 from seahub.two_factor.views.login import is_device_remembered
 from seahub.utils.two_factor_auth import has_two_factor_auth, \
        two_factor_auth_enabled, verify_two_factor_token
-from seahub.settings import ENABLE_LDAP
+from seahub.settings import ENABLE_LDAP, USE_LDAP_SYNC_ONLY
 from constance import config

 logger = logging.getLogger(__name__)
@@ -92,7 +92,7 @@ class AuthTokenSerializer(serializers.Serializer):
                # convert login id or contact email to username if any
                user = authenticate(username=username, password=password)
                # After local user authentication process is completed, authenticate LDAP user
-                if user is None and ENABLE_LDAP:
+                if user is None and ENABLE_LDAP and not USE_LDAP_SYNC_ONLY:
                    user = authenticate(ldap_user=username, password=password)

                if user is None:
--- a/seahub/auth/forms.py
+++ b/seahub/auth/forms.py
@@ -71,7 +71,7 @@ class AuthenticationForm(forms.Form):
                username = Profile.objects.convert_login_str_to_username(username)
                self.user_cache = authenticate(username=username, password=password)
                # After local user authentication process is completed, authenticate LDAP user
-                if self.user_cache is None and settings.ENABLE_LDAP:
+                if self.user_cache is None and settings.ENABLE_LDAP and not settings.USE_LDAP_SYNC_ONLY:
                    self.user_cache = authenticate(ldap_user=username, password=password)

                if self.user_cache is None:
--- a/seahub/settings.py
+++ b/seahub/settings.py
@@ -335,6 +335,7 @@ LDAP_USER_ROLE_ATTR = ''
 ACTIVATE_USER_WHEN_IMPORT = True

 SSO_LDAP_USE_SAME_UID = False
+USE_LDAP_SYNC_ONLY = False

 # enable ldap sasl auth
 ENABLE_SASL = False
--- a/seahub/views/sysadmin.py
+++ b/seahub/views/sysadmin.py
@@ -816,7 +816,7 @@ def sys_sudo_mode(request):
        if password:
            user = authenticate(username=username, password=password)
            # After local user authentication process is completed, authenticate LDAP user
-            if user is None and settings.ENABLE_LDAP:
+            if user is None and settings.ENABLE_LDAP and not settings.USE_LDAP_SYNC_ONLY:
                user = authenticate(ldap_user=username, password=password)
            if user:
                update_sudo_mode_ts(request)