7x31
/
cmdb
mirror of https://github.com/veops/cmdb.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

feat: python-ldap 更新到 ldap3 (#214) 

Co-authored-by: sherlock <sherlock@gmail.com>
This commit is contained in:
kdyq007 2023-10-20 09:36:38 +08:00 committed by GitHub
parent 42d870ea4e
commit 8d177266dc
3 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cmdb-api/Pipfile
View File

@ -24,7 +24,7 @@ supervisor = "==4.0.3"
Flask-Login = "==0.6.2" Flask-Login = "==0.6.2"
Flask-Bcrypt = "==1.0.1" Flask-Bcrypt = "==1.0.1"
Flask-Cors = ">=3.0.8" Flask-Cors = ">=3.0.8"
python-ldap = "==3.4.0" ldap3 = "==2.9.1"
pycryptodome = "==3.12.0" pycryptodome = "==3.12.0"
# Caching # Caching
Flask-Caching = ">=1.0.0" Flask-Caching = ">=1.0.0"

16
cmdb-api/api/models/acl.py
View File

@ -5,7 +5,8 @@ import copy
import hashlib import hashlib
from datetime import datetime from datetime import datetime
import ldap from ldap3 import Server, Connection, ALL
from ldap3.core.exceptions import LDAPBindError, LDAPCertificateError
from flask import current_app from flask import current_app
from flask_sqlalchemy import BaseQuery from flask_sqlalchemy import BaseQuery
@ -57,9 +58,7 @@ class UserQuery(BaseQuery):
return user, authenticated return user, authenticated
def authenticate_with_ldap(self, username, password): def authenticate_with_ldap(self, username, password):
ldap_conn = ldap.initialize(current_app.config.get('LDAP_SERVER')) server = Server(current_app.config.get('LDAP_SERVER'), get_info=ALL)
ldap_conn.protocol_version = 3
ldap_conn.set_option(ldap.OPT_REFERRALS, 0)
if '@' in username: if '@' in username:
email = username email = username
who = current_app.config.get('LDAP_USER_DN').format(username.split('@')[0]) who = current_app.config.get('LDAP_USER_DN').format(username.split('@')[0])
@ -70,11 +69,12 @@ class UserQuery(BaseQuery):
username = username.split('@')[0] username = username.split('@')[0]
user = self.get_by_username(username) user = self.get_by_username(username)
try: try:
if not password: if not password:
raise ldap.INVALID_CREDENTIALS raise LDAPCertificateError
ldap_conn.simple_bind_s(who, password) conn = Connection(server, user=who, password=password)
conn.bind()
conn.unbind()
if not user: if not user:
from api.lib.perm.acl.user import UserCRUD from api.lib.perm.acl.user import UserCRUD
@ -84,7 +84,7 @@ class UserQuery(BaseQuery):
op_record.apply_async(args=(None, username, OperateType.LOGIN, ["ACL"]), queue=ACL_QUEUE) op_record.apply_async(args=(None, username, OperateType.LOGIN, ["ACL"]), queue=ACL_QUEUE)
return user, True return user, True
except ldap.INVALID_CREDENTIALS: except LDAPBindError:
return user, False return user, False
def search(self, key): def search(self, key):

2
cmdb-api/requirements.txt
View File

@ -32,7 +32,7 @@ Pillow==9.3.0
pycryptodome==3.12.0 pycryptodome==3.12.0
PyJWT==2.4.0 PyJWT==2.4.0
PyMySQL==1.1.0 PyMySQL==1.1.0
python-ldap==3.4.0 ldap3==2.9.1
PyYAML==6.0 PyYAML==6.0
redis==4.6.0 redis==4.6.0
requests==2.31.0 requests==2.31.0