auth with ldap

2025-08-07 07:04:58 +08:00 · 2020-04-01 20:30:44 +08:00
parent 486fcac138
commit ba2a6a65b5
6 changed files with 39 additions and 2 deletions
--- a/cmdb-api/api/models/acl.py
+++ b/cmdb-api/api/models/acl.py
@@ -5,6 +5,7 @@ import copy
 import hashlib
 from datetime import datetime

+import ldap
 from flask import current_app
 from flask_sqlalchemy import BaseQuery

@@ -50,6 +51,32 @@ class UserQuery(BaseQuery):

        return user, authenticated

+    def authenticate_with_ldap(self, username, password):
+        ldap_conn = ldap.initialize(current_app.config.get('LDAP_SERVER'))
+        ldap_conn.protocol_version = 3
+        ldap_conn.set_option(ldap.OPT_REFERRALS, 0)
+        if '@' in username:
+            who = '{0}@{1}'.format(username.split('@')[0], current_app.config.get('LDAP_DOMAIN'))
+        else:
+            who = '{0}@{1}'.format(username, current_app.config.get('LDAP_DOMAIN'))
+
+        username = username.split('@')[0]
+        user = self.get_by_username(username)
+        try:
+
+            if not password:
+                raise ldap.INVALID_CREDENTIALS
+
+            ldap_conn.simple_bind_s(who, password)
+
+            if not user:
+                from api.lib.perm.acl.user import UserCRUD
+                user = UserCRUD.add(username=username, email=who)
+
+            return user, True
+        except ldap.INVALID_CREDENTIALS:
+            return user, False
+
    def search(self, key):
        query = self.filter(db.or_(User.email == key,
                                   User.nickname.ilike('%' + key + '%'),