yearning v1.3.2

cheekboy · Oct 17, 2018 · bb42755 · bb42755
1 parent 7d1abe4
commit bb42755
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 7 deletions.
diff --git a/src/core/api/setting.py b/src/core/api/setting.py
@@ -37,7 +37,8 @@ def put(self, request, args: str = None):
                     host=ldap['host'],
                     type=ldap['type'],
                     sc=ldap['sc'],
-                    domain=ldap['domain'])
+                    domain=ldap['domain'],
+                    ou=ldap['ou'])
                 if ldap_test:
                     return Response('ldap连接成功!')
                 else:

diff --git a/src/libs/util.py b/src/libs/util.py
@@ -84,7 +84,7 @@ def conf_path() -> object:
                     _conf.get('mysql', 'password'), _conf.get('host', 'ipaddress'))
 
 
-def test_auth(username, password, host, type, sc, domain):
+def test_auth(username, password, host, type, sc, domain, ou):
     if type == '1':
         user = username + '@' + domain
     elif type == '2':
@@ -97,8 +97,36 @@ def test_auth(username, password, host, type, sc, domain):
         password=password)
     ret = c.bind()
     if ret:
-        c.unbind()
-        return True
+        if ou:
+            res = c.search(
+                search_base=sc,
+                search_filter='(cn={})'.format(username),
+                search_scope=SUBTREE,
+                attributes=['cn', 'uid', 'mail'],
+            )
+            if res:
+                entry = c.response[0]
+                dn = entry['dn']
+                attr_dict = entry['attributes']
+
+                # check password by dn
+                try:
+                    conn2 = Connection(ldap3.Server(host, get_info=ldap3.ALL), user=dn, password=password,
+                                       check_names=True, lazy=False, raise_exceptions=False)
+                    conn2.bind()
+                    if conn2.result["description"] == "success":
+                        print((True, attr_dict["mail"], attr_dict["cn"], attr_dict["uid"]))
+                        c.unbind()
+                        conn2.unbind()
+                        return True
+                    else:
+                        print("auth fail")
+                        return False
+                except:
+                    print("auth fail")
+                    return False
+        else:
+            return True
     else:
         return False
 
@@ -109,14 +137,14 @@ def auth(username, password):
     # 后台录入的验证用户信息，连接到ldap后通过查询登陆的用户名所在的OU，DN信息，然后进一步去ldap服务器进行账户和密码验证。
     LDAP_ADMIN_USER = ldap['user']
     LDAP_ADMIN_PASS = ldap['password']
-    
+
     LDAP_SERVER = ldap['host']
     LDAP_DOMAIN = ldap['domain']
     LDAP_TYPE = ldap['type']
     LDAP_SCBASE = ldap['sc']
     # 这里前端可以做个基础DN录入，搜索范围锁定在这个DN下
     SEARCH_BASE = ldap['sc']
-    
+
     if LDAP_TYPE == '1':
         user = username + '@' + LDAP_DOMAIN
     elif LDAP_TYPE == '2':

diff --git a/webpage/src/components/management/setting.vue b/webpage/src/components/management/setting.vue
@@ -63,7 +63,7 @@
                     <Input placeholder="LDAP dc 相关设置,采用域名认证可不填写" v-model="ldap.sc"></Input>
                   </FormItem>
                   <FormItem >
-                    <Checkbox v-model="message.ou">启用多ou</Checkbox>
+                    <Checkbox v-model="ldap.ou">启用多ou</Checkbox>
                   </FormItem>
                   <FormItem label="LDAP_域名:">
                     <Input placeholder="LDAP Domain" v-model="ldap.domain"></Input>