Merge pull request #3292 from jumpserver/dev_bai

[Update] LDAP 搜索添加分页配置

apps/jumpserver/conf.py

@@ -384,7 +384,8 @@ defaults = {
     'SYSLOG_FACILITY': 'user',
     'PERM_SINGLE_ASSET_TO_UNGROUP_NODE': False,
     'WINDOWS_SSH_DEFAULT_SHELL': 'cmd',
-    'FLOWER_URL': "127.0.0.1:5555"
+    'FLOWER_URL': "127.0.0.1:5555",
+    'AUTH_LDAP_SEARCH_PAGED_SIZE': 1000,
 }
 
 

apps/jumpserver/settings.py

@@ -424,6 +424,7 @@ OTP_VALID_WINDOW = CONFIG.OTP_VALID_WINDOW
 
 # Auth LDAP settings
 AUTH_LDAP = False
+AUTH_LDAP_SEARCH_PAGED_SIZE = CONFIG.AUTH_LDAP_SEARCH_PAGED_SIZE
 AUTH_LDAP_SERVER_URI = 'ldap://localhost:389'
 AUTH_LDAP_BIND_DN = 'cn=admin,dc=jumpserver,dc=org'
 AUTH_LDAP_BIND_PASSWORD = ''

apps/settings/utils.py

@@ -26,6 +26,8 @@ class LDAPUtil:
                  password=None, use_ssl=None, search_ougroup=None,
                  search_filter=None, attr_map=None, auth_ldap=None):
         # config
+        self.paged_size = settings.AUTH_LDAP_SEARCH_PAGED_SIZE
+
         if use_settings_config:
             self._load_config_from_settings()
         else:
@@ -79,23 +81,45 @@ class LDAPUtil:
             user_item[attr] = value
         return user_item
 
+    def _search_user_items_ou(self, search_ou, cookie=None):
+        ok = self.connection.search(
+            search_ou, self.search_filter % ({"user": "*"}),
+            attributes=list(self.attr_map.values()),
+            paged_size=self.paged_size, paged_cookie=cookie
+        )
+        if not ok:
+            error = _("Search no entry matched in ou {}".format(search_ou))
+            raise LDAPOUGroupException(error)
+
+        user_items = []
+        for entry in self.connection.entries:
+            user_item = self._ldap_entry_to_user_item(entry)
+            user = self.get_user_by_username(user_item['username'])
+            user_item['existing'] = bool(user)
+            if user_item in user_items:
+                continue
+            user_items.append(user_item)
+        return user_items
+
+    def _cookie(self):
+        if self.paged_size is None:
+            cookie = None
+        else:
+            cookie = self.connection.result['controls']['1.2.840.113556.1.4.319']['value']['cookie']
+        return cookie
+
     def search_user_items(self):
         user_items = []
+        logger.info("Search user items")
         for search_ou in str(self.search_ougroup).split("|"):
-            ok = self.connection.search(
-                search_ou, self.search_filter % ({"user": "*"}),
-                attributes=list(self.attr_map.values())
-            )
-            if not ok:
-                error = _("Search no entry matched in ou {}".format(search_ou))
-                raise LDAPOUGroupException(error)
-            for entry in self.connection.entries:
-                user_item = self._ldap_entry_to_user_item(entry)
-                user = self.get_user_by_username(user_item['username'])
-                user_item['existing'] = bool(user)
-                if user_item in user_items:
-                    continue
-                user_items.append(user_item)
+            logger.info("Search user search ou: {}".format(search_ou))
+            _user_items = self._search_user_items_ou(search_ou)
+            user_items.extend(_user_items)
+            while self._cookie():
+                logger.info("Page Search user search ou: {}".format(search_ou))
+                _user_items = self._search_user_items_ou(search_ou, self._cookie())
+                user_items.extend(_user_items)
+        logger.info("Search user items end")
         return user_items
 
     def search_filter_user_items(self, username_list):