7x31
/
cmdb
mirror of https://github.com/veops/cmdb.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[更新] python-ldap 更新到 ldap3

This commit is contained in:
sherlock 2023-10-19 23:43:45 +08:00
parent 6d052eaffc
commit a5f7b6d3d7
3 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cmdb-api/Pipfile
View File

@ -24,7 +24,7 @@ supervisor = "==4.0.3"
Flask-Login = "==0.6.2" Flask-Login = "==0.6.2"
Flask-Bcrypt = "==1.0.1" Flask-Bcrypt = "==1.0.1"
Flask-Cors = ">=3.0.8" Flask-Cors = ">=3.0.8"
python-ldap = "==3.4.0" ldap3 = "==2.9.1"
pycryptodome = "==3.12.0" pycryptodome = "==3.12.0"
# Caching # Caching
Flask-Caching = ">=1.0.0" Flask-Caching = ">=1.0.0"

16
cmdb-api/api/models/acl.py
View File

@ -5,7 +5,8 @@ import copy
import hashlib import hashlib
from datetime import datetime from datetime import datetime
import ldap from ldap3 import Server, Connection, ALL
from ldap3.core.exceptions import LDAPBindError, LDAPCertificateError
from flask import current_app from flask import current_app
from flask_sqlalchemy import BaseQuery from flask_sqlalchemy import BaseQuery
@ -57,9 +58,7 @@ class UserQuery(BaseQuery):
return user, authenticated return user, authenticated
def authenticate_with_ldap(self, username, password): def authenticate_with_ldap(self, username, password):
ldap_conn = ldap.initialize(current_app.config.get('LDAP_SERVER')) server = Server(current_app.config.get('LDAP_SERVER'), get_info=ALL)
ldap_conn.protocol_version = 3
ldap_conn.set_option(ldap.OPT_REFERRALS, 0)
if '@' in username: if '@' in username:
email = username email = username
who = current_app.config.get('LDAP_USER_DN').format(username.split('@')[0]) who = current_app.config.get('LDAP_USER_DN').format(username.split('@')[0])
@ -70,11 +69,12 @@ class UserQuery(BaseQuery):
username = username.split('@')[0] username = username.split('@')[0]
user = self.get_by_username(username) user = self.get_by_username(username)
try: try:
if not password: if not password:
raise ldap.INVALID_CREDENTIALS raise LDAPCertificateError
ldap_conn.simple_bind_s(who, password) conn = Connection(server, user=who, password=password)
conn.bind()
conn.unbind()
if not user: if not user:
from api.lib.perm.acl.user import UserCRUD from api.lib.perm.acl.user import UserCRUD
@ -84,7 +84,7 @@ class UserQuery(BaseQuery):
op_record.apply_async(args=(None, username, OperateType.LOGIN, ["ACL"]), queue=ACL_QUEUE) op_record.apply_async(args=(None, username, OperateType.LOGIN, ["ACL"]), queue=ACL_QUEUE)
return user, True return user, True
except ldap.INVALID_CREDENTIALS: except LDAPBindError:
return user, False return user, False
def search(self, key): def search(self, key):

2
cmdb-api/requirements.txt
View File

@ -32,7 +32,7 @@ Pillow==9.3.0
pycryptodome==3.12.0 pycryptodome==3.12.0
PyJWT==2.4.0 PyJWT==2.4.0
PyMySQL==1.1.0 PyMySQL==1.1.0
python-ldap==3.4.0 ldap3==2.9.1
PyYAML==6.0 PyYAML==6.0
redis==4.6.0 redis==4.6.0
requests==2.31.0 requests==2.31.0