增加多OU支持 (#1262)

* 增加多OU支持 * Update models.py need to import LDAPSearchUnion

增加多OU支持 (#1262)
* 增加多OU支持 * Update models.py need to import LDAPSearchUnion
337338eb · pufer · 老广 · aa3bc7b5 · 337338eb · 337338eb
Commit 337338eb authored Aug 07, 2018 by pufer Committed by 老广 Aug 07, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 27 additions and 22 deletions

api.py apps/common/api.py +13 -12

forms.py apps/common/forms.py +2 -1

models.py apps/common/models.py +6 -5

settings.py apps/jumpserver/settings.py +6 -4

No files found.
--- a/apps/common/api.py
+++ b/apps/common/api.py
@@ -48,7 +48,7 @@ class LDAPTestingAPI(APIView):
            bind_dn = serializer.validated_data["AUTH_LDAP_BIND_DN"]
            password = serializer.validated_data["AUTH_LDAP_BIND_PASSWORD"]
            use_ssl = serializer.validated_data.get("AUTH_LDAP_START_TLS", False)
-            search_ou = serializer.validated_data["AUTH_LDAP_SEARCH_OU"]
+            search_ougroup = serializer.validated_data["AUTH_LDAP_SEARCH_OU"]
            search_filter = serializer.validated_data["AUTH_LDAP_SEARCH_FILTER"]
            attr_map = serializer.validated_data["AUTH_LDAP_USER_ATTR_MAP"]
@@ -64,18 +64,19 @@ class LDAPTestingAPI(APIView):
            except Exception as e:
                return Response({"error": str(e)}, status=401)
-            ok = conn.search(search_ou, search_filter % ({"user": "*"}),
-                             attributes=list(attr_map.values()))
-            if not ok:
-                return Response({"error": "Search no entry matched"}, status=401)
            users = []
-            for entry in conn.entries:
+            for search_ou in str(search_ougroup).split("|"):
-                user = {}
+                ok = conn.search(search_ou, search_filter % ({"user": "*"}),
-                for attr, mapping in attr_map.items():
+                                 attributes=list(attr_map.values()))
-                    if hasattr(entry, mapping):
+                if not ok:
-                        user[attr] = getattr(entry, mapping)
+                    return Response({"error": _("Search no entry matched in ou {}").format(search_ou)}, status=401)
-                users.append(user)
+                for entry in conn.entries:
+                    user = {}
+                    for attr, mapping in attr_map.items():
+                        if hasattr(entry, mapping):
+                            user[attr] = getattr(entry, mapping)
+                    users.append(user)
            if len(users) > 0:
                return Response({"msg": _("Match {} s users").format(len(users))})
            else:

--- a/apps/common/forms.py
+++ b/apps/common/forms.py
@@ -114,7 +114,8 @@ class LDAPSettingForm(BaseForm):
        widget=forms.PasswordInput, required=False
    )
    AUTH_LDAP_SEARCH_OU = forms.CharField(
-        label=_("User OU"), initial='ou=tech,dc=jumpserver,dc=org'
+        label=_("User OU"), initial='ou=tech,dc=jumpserver,dc=org',
+        help_text=_("Use | split User OUs")
    )
    AUTH_LDAP_SEARCH_FILTER = forms.CharField(
        label=_("User search filter"), initial='(cn=%(user)s)',

--- a/apps/common/models.py
+++ b/apps/common/models.py
@@ -5,7 +5,7 @@ from django.db import models
 from django.db.utils import ProgrammingError, OperationalError
 from django.utils.translation import ugettext_lazy as _
 from django.conf import settings
-from django_auth_ldap.config import LDAPSearch
+from django_auth_ldap.config import LDAPSearch, LDAPSearchUnion
 class SettingQuerySet(models.QuerySet):
@@ -72,10 +72,11 @@ class Setting(models.Model):
                settings.AUTHENTICATION_BACKENDS.remove(settings.AUTH_LDAP_BACKEND)
        if self.name == "AUTH_LDAP_SEARCH_FILTER":
-            settings.AUTH_LDAP_USER_SEARCH = LDAPSearch(
+            settings.AUTH_LDAP_USER_SEARCH_UNION = [
-                settings.AUTH_LDAP_SEARCH_OU, ldap.SCOPE_SUBTREE,
+                LDAPSearch(USER_SEARCH, ldap.SCOPE_SUBTREE, settings.AUTH_LDAP_SEARCH_FILTER)
-                settings.AUTH_LDAP_SEARCH_FILTER,
+                for USER_SEARCH in str(settings.AUTH_LDAP_SEARCH_OU).split("|")
-            )
+            ]
+            settings.AUTH_LDAP_USER_SEARCH = LDAPSearchUnion(*settings.AUTH_LDAP_USER_SEARCH_UNION)
    class Meta:
        db_table = "settings"

--- a/apps/jumpserver/settings.py
+++ b/apps/jumpserver/settings.py
@@ -14,7 +14,7 @@ import os
 import sys
 import ldap
-from django_auth_ldap.config import LDAPSearch
+from django_auth_ldap.config import LDAPSearch, LDAPSearchUnion
 from django.urls import reverse_lazy
 # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
@@ -356,9 +356,11 @@ AUTH_LDAP_SEARCH_OU = CONFIG.AUTH_LDAP_SEARCH_OU
 AUTH_LDAP_SEARCH_FILTER = CONFIG.AUTH_LDAP_SEARCH_FILTER
 AUTH_LDAP_START_TLS = CONFIG.AUTH_LDAP_START_TLS
 AUTH_LDAP_USER_ATTR_MAP = CONFIG.AUTH_LDAP_USER_ATTR_MAP
-AUTH_LDAP_USER_SEARCH = LDAPSearch(
+AUTH_LDAP_USER_SEARCH_UNION = [
-    AUTH_LDAP_SEARCH_OU, ldap.SCOPE_SUBTREE, AUTH_LDAP_SEARCH_FILTER,
+    LDAPSearch(USER_SEARCH, ldap.SCOPE_SUBTREE, AUTH_LDAP_SEARCH_FILTER)
-)
+    for USER_SEARCH in str(AUTH_LDAP_SEARCH_OU).split("|")
+]
+AUTH_LDAP_USER_SEARCH = LDAPSearchUnion(*AUTH_LDAP_USER_SEARCH_UNION)
 AUTH_LDAP_GROUP_SEARCH_OU = CONFIG.AUTH_LDAP_GROUP_SEARCH_OU
 AUTH_LDAP_GROUP_SEARCH_FILTER = CONFIG.AUTH_LDAP_GROUP_SEARCH_FILTER
 AUTH_LDAP_GROUP_SEARCH = LDAPSearch(