Skip to content
Projects
Groups
Snippets
Help
Loading...
Sign in
Toggle navigation
J
jumpserver
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
ops
jumpserver
Commits
dfedfc7e
Commit
dfedfc7e
authored
Oct 10, 2019
by
BaiJiangJie
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
[Update] LDAP 登录认证添加配置项:只有在用户列表中的用户会被允许认证
parent
7e7583e4
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
9 additions
and
0 deletions
+9
-0
ldap.py
apps/authentication/backends/ldap.py
+7
-0
conf.py
apps/jumpserver/conf.py
+1
-0
settings.py
apps/jumpserver/settings.py
+1
-0
No files found.
apps/authentication/backends/ldap.py
View file @
dfedfc7e
...
@@ -32,6 +32,13 @@ class LDAPAuthorizationBackend(LDAPBackend):
...
@@ -32,6 +32,13 @@ class LDAPAuthorizationBackend(LDAPBackend):
if
not
username
:
if
not
username
:
logger
.
info
(
'Authenticate failed: username is None'
)
logger
.
info
(
'Authenticate failed: username is None'
)
return
None
return
None
if
settings
.
AUTH_LDAP_USER_LOGIN_ONLY_IN_USERS
:
user_model
=
self
.
get_user_model
()
exist
=
user_model
.
objects
.
filter
(
username
=
username
)
.
exists
()
if
not
exist
:
msg
=
'Authentication failed: user ({}) is not in the user list'
logger
.
info
(
msg
.
format
(
username
))
return
None
ldap_user
=
LDAPUser
(
self
,
username
=
username
.
strip
(),
request
=
request
)
ldap_user
=
LDAPUser
(
self
,
username
=
username
.
strip
(),
request
=
request
)
user
=
self
.
authenticate_ldap_user
(
ldap_user
,
password
)
user
=
self
.
authenticate_ldap_user
(
ldap_user
,
password
)
logger
.
info
(
'Authenticate user: {}'
.
format
(
user
))
logger
.
info
(
'Authenticate user: {}'
.
format
(
user
))
...
...
apps/jumpserver/conf.py
View file @
dfedfc7e
...
@@ -378,6 +378,7 @@ defaults = {
...
@@ -378,6 +378,7 @@ defaults = {
'AUTH_LDAP_SYNC_IS_PERIODIC'
:
False
,
'AUTH_LDAP_SYNC_IS_PERIODIC'
:
False
,
'AUTH_LDAP_SYNC_INTERVAL'
:
None
,
'AUTH_LDAP_SYNC_INTERVAL'
:
None
,
'AUTH_LDAP_SYNC_CRONTAB'
:
None
,
'AUTH_LDAP_SYNC_CRONTAB'
:
None
,
'AUTH_LDAP_USER_LOGIN_ONLY_IN_USERS'
:
False
,
'HTTP_BIND_HOST'
:
'0.0.0.0'
,
'HTTP_BIND_HOST'
:
'0.0.0.0'
,
'HTTP_LISTEN_PORT'
:
8080
,
'HTTP_LISTEN_PORT'
:
8080
,
'WS_LISTEN_PORT'
:
8070
,
'WS_LISTEN_PORT'
:
8070
,
...
...
apps/jumpserver/settings.py
View file @
dfedfc7e
...
@@ -429,6 +429,7 @@ AUTH_LDAP_SEARCH_PAGED_SIZE = CONFIG.AUTH_LDAP_SEARCH_PAGED_SIZE
...
@@ -429,6 +429,7 @@ AUTH_LDAP_SEARCH_PAGED_SIZE = CONFIG.AUTH_LDAP_SEARCH_PAGED_SIZE
AUTH_LDAP_SYNC_IS_PERIODIC
=
CONFIG
.
AUTH_LDAP_SYNC_IS_PERIODIC
AUTH_LDAP_SYNC_IS_PERIODIC
=
CONFIG
.
AUTH_LDAP_SYNC_IS_PERIODIC
AUTH_LDAP_SYNC_INTERVAL
=
CONFIG
.
AUTH_LDAP_SYNC_INTERVAL
AUTH_LDAP_SYNC_INTERVAL
=
CONFIG
.
AUTH_LDAP_SYNC_INTERVAL
AUTH_LDAP_SYNC_CRONTAB
=
CONFIG
.
AUTH_LDAP_SYNC_CRONTAB
AUTH_LDAP_SYNC_CRONTAB
=
CONFIG
.
AUTH_LDAP_SYNC_CRONTAB
AUTH_LDAP_USER_LOGIN_ONLY_IN_USERS
=
CONFIG
.
AUTH_LDAP_USER_LOGIN_ONLY_IN_USERS
AUTH_LDAP_SERVER_URI
=
'ldap://localhost:389'
AUTH_LDAP_SERVER_URI
=
'ldap://localhost:389'
AUTH_LDAP_BIND_DN
=
'cn=admin,dc=jumpserver,dc=org'
AUTH_LDAP_BIND_DN
=
'cn=admin,dc=jumpserver,dc=org'
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
