feat: python-ldap 更新到 ldap3 (#214)

Co-authored-by: sherlock <sherlock@gmail.com>
2023-10-20 09:36:38 +08:00 · 2023-10-20 09:36:38 +08:00 · c869827ffd
parent bdd2adcfc2
commit c869827ffd
3 changed files with 10 additions and 10 deletions
--- a/cmdb-api/Pipfile
+++ b/cmdb-api/Pipfile
@ -24,7 +24,7 @@ supervisor = "==4.0.3"
 Flask-Login = "==0.6.2"
 Flask-Bcrypt = "==1.0.1"
 Flask-Cors = ">=3.0.8"
-python-ldap = "==3.4.0"
+ldap3 = "==2.9.1"
 pycryptodome = "==3.12.0"
 # Caching
 Flask-Caching = ">=1.0.0"
--- a/cmdb-api/api/models/acl.py
+++ b/cmdb-api/api/models/acl.py
@ -5,7 +5,8 @@ import copy
 import hashlib
 from datetime import datetime

-import ldap
+from ldap3 import Server, Connection, ALL
+from ldap3.core.exceptions import LDAPBindError, LDAPCertificateError
 from flask import current_app
 from flask_sqlalchemy import BaseQuery

@ -57,9 +58,7 @@ class UserQuery(BaseQuery):
        return user, authenticated

    def authenticate_with_ldap(self, username, password):
-        ldap_conn = ldap.initialize(current_app.config.get('LDAP_SERVER'))
-        ldap_conn.protocol_version = 3
-        ldap_conn.set_option(ldap.OPT_REFERRALS, 0)
+        server = Server(current_app.config.get('LDAP_SERVER'), get_info=ALL)
        if '@' in username:
            email = username
            who = current_app.config.get('LDAP_USER_DN').format(username.split('@')[0])
@ -70,11 +69,12 @@ class UserQuery(BaseQuery):
        username = username.split('@')[0]
        user = self.get_by_username(username)
        try:
-
            if not password:
-                raise ldap.INVALID_CREDENTIALS
+                raise LDAPCertificateError

-            ldap_conn.simple_bind_s(who, password)
+            conn = Connection(server, user=who, password=password)
+            conn.bind()
+            conn.unbind()

            if not user:
                from api.lib.perm.acl.user import UserCRUD
@ -84,7 +84,7 @@ class UserQuery(BaseQuery):
            op_record.apply_async(args=(None, username, OperateType.LOGIN, ["ACL"]), queue=ACL_QUEUE)

            return user, True
-        except ldap.INVALID_CREDENTIALS:
+        except LDAPBindError:
            return user, False

    def search(self, key):
--- a/cmdb-api/requirements.txt
+++ b/cmdb-api/requirements.txt
@ -32,7 +32,7 @@ Pillow==9.3.0
 pycryptodome==3.12.0
 PyJWT==2.4.0
 PyMySQL==1.1.0
-python-ldap==3.4.0
+ldap3==2.9.1
 PyYAML==6.0
 redis==4.6.0
 requests==2.31.0