From 0076228ef5d251f836f3ea1c07110c83fe8ce9b2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=AC=A2=E4=B9=90=E9=A9=AC?= <38058090+SkywalkerSpace@users.noreply.github.com> Date: Sun, 19 Jan 2025 10:40:37 +0800 Subject: [PATCH] LDAP_FOLLOW_REFERRALS (#7384) --- seahub/api2/endpoints/admin/users.py | 15 ++++++++------- seahub/base/accounts.py | 17 +++++++++-------- seahub/utils/ldap.py | 2 ++ 3 files changed, 19 insertions(+), 15 deletions(-) diff --git a/seahub/api2/endpoints/admin/users.py b/seahub/api2/endpoints/admin/users.py index 2f7582a7cbc..e12b81dc437 100644 --- a/seahub/api2/endpoints/admin/users.py +++ b/seahub/api2/endpoints/admin/users.py @@ -73,7 +73,8 @@ MULTI_LDAP_1_ADMIN_PASSWORD, MULTI_LDAP_1_LOGIN_ATTR, \ MULTI_LDAP_1_PROVIDER, MULTI_LDAP_1_FILTER, \ MULTI_LDAP_1_ENABLE_SASL, MULTI_LDAP_1_SASL_MECHANISM, MULTI_LDAP_1_USER_OBJECT_CLASS, \ - MULTI_LDAP_1_PROVIDER, MULTI_LDAP_1_FILTER, MULTI_LDAP_1_ENABLE_SASL, MULTI_LDAP_1_SASL_MECHANISM + MULTI_LDAP_1_PROVIDER, MULTI_LDAP_1_FILTER, MULTI_LDAP_1_ENABLE_SASL, MULTI_LDAP_1_SASL_MECHANISM, \ + LDAP_FOLLOW_REFERRALS, MULTI_LDAP_1_FOLLOW_REFERRALS logger = logging.getLogger(__name__) json_content_type = 'application/json; charset=utf-8' @@ -111,11 +112,11 @@ def get_user_objs_from_ccnet(email_list): return user_objs, None -def ldap_bind(server_url, dn, authc_id, password, enable_sasl, sasl_mechanism): +def ldap_bind(server_url, dn, authc_id, password, enable_sasl, sasl_mechanism, follow_referrals): bind_conn = ldap.initialize(server_url) try: - bind_conn.set_option(ldap.OPT_REFERRALS, 0) + bind_conn.set_option(ldap.OPT_REFERRALS, 1 if follow_referrals else 0) except Exception as e: raise Exception('Failed to set referrals option: %s' % e) @@ -139,9 +140,9 @@ def ldap_bind(server_url, dn, authc_id, password, enable_sasl, sasl_mechanism): def get_ldap_users(server_url, admin_dn, admin_password, enable_sasl, sasl_mechanism, base_dn, - login_attr, serch_filter, object_class): + login_attr, serch_filter, object_class, follow_referrals): try: - admin_bind = ldap_bind(server_url, admin_dn, admin_dn, admin_password, enable_sasl, sasl_mechanism) + admin_bind = ldap_bind(server_url, admin_dn, admin_dn, admin_password, enable_sasl, sasl_mechanism, follow_referrals) except Exception as e: raise Exception(e) @@ -940,7 +941,7 @@ def get(self, request): try: ldap_users = get_ldap_users(LDAP_SERVER_URL, LDAP_ADMIN_DN, LDAP_ADMIN_PASSWORD, ENABLE_SASL, SASL_MECHANISM, LDAP_BASE_DN, LDAP_LOGIN_ATTR, - LDAP_FILTER, LDAP_USER_OBJECT_CLASS) + LDAP_FILTER, LDAP_USER_OBJECT_CLASS, LDAP_FOLLOW_REFERRALS) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' @@ -953,7 +954,7 @@ def get(self, request): MULTI_LDAP_1_ADMIN_PASSWORD, MULTI_LDAP_1_ENABLE_SASL, MULTI_LDAP_1_SASL_MECHANISM, MULTI_LDAP_1_BASE_DN, MULTI_LDAP_1_LOGIN_ATTR, MULTI_LDAP_1_FILTER, - MULTI_LDAP_1_USER_OBJECT_CLASS) + MULTI_LDAP_1_USER_OBJECT_CLASS, MULTI_LDAP_1_FOLLOW_REFERRALS) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' diff --git a/seahub/base/accounts.py b/seahub/base/accounts.py index 07c0d74c031..5c3f4f5f2fa 100644 --- a/seahub/base/accounts.py +++ b/seahub/base/accounts.py @@ -54,7 +54,8 @@ MULTI_LDAP_1_ADMIN_PASSWORD, MULTI_LDAP_1_LOGIN_ATTR, \ MULTI_LDAP_1_PROVIDER, MULTI_LDAP_1_FILTER, MULTI_LDAP_1_CONTACT_EMAIL_ATTR, \ MULTI_LDAP_1_USER_ROLE_ATTR, MULTI_LDAP_1_ENABLE_SASL, MULTI_LDAP_1_SASL_MECHANISM, \ - MULTI_LDAP_1_SASL_AUTHC_ID_ATTR, LDAP_UPDATE_USER_WHEN_LOGIN + MULTI_LDAP_1_SASL_AUTHC_ID_ATTR, LDAP_UPDATE_USER_WHEN_LOGIN, \ + LDAP_FOLLOW_REFERRALS, MULTI_LDAP_1_FOLLOW_REFERRALS logger = logging.getLogger(__name__) @@ -884,11 +885,11 @@ def get_user(self, username): user = None return user - def ldap_bind(self, server_url, dn, authc_id, password, enable_sasl, sasl_mechanism): + def ldap_bind(self, server_url, dn, authc_id, password, enable_sasl, sasl_mechanism, follow_referrals): bind_conn = ldap.initialize(server_url) try: - bind_conn.set_option(ldap.OPT_REFERRALS, 0) + bind_conn.set_option(ldap.OPT_REFERRALS, 1 if follow_referrals else 0) except Exception as e: raise Exception('Failed to set referrals option: %s' % e) @@ -912,9 +913,9 @@ def ldap_bind(self, server_url, dn, authc_id, password, enable_sasl, sasl_mechan def search_user(self, server_url, admin_dn, admin_password, enable_sasl, sasl_mechanism, sasl_authc_id_attr, base_dn, login_attr_conf, login_attr, password, serch_filter, - contact_email_attr, role_attr): + contact_email_attr, role_attr, follow_referrals): try: - admin_bind = self.ldap_bind(server_url, admin_dn, admin_dn, admin_password, enable_sasl, sasl_mechanism) + admin_bind = self.ldap_bind(server_url, admin_dn, admin_dn, admin_password, enable_sasl, sasl_mechanism, follow_referrals) except Exception as e: raise Exception(e) @@ -949,7 +950,7 @@ def search_user(self, server_url, admin_dn, admin_password, enable_sasl, sasl_me raise Exception('parse ldap result failed: %s' % e) try: - user_bind = self.ldap_bind(server_url, dn, authc_id, password, enable_sasl, sasl_mechanism) + user_bind = self.ldap_bind(server_url, dn, authc_id, password, enable_sasl, sasl_mechanism, follow_referrals) except Exception as e: raise Exception(e) @@ -971,7 +972,7 @@ def authenticate(self, ldap_user=None, password=None): nickname, contact_email, user_role = self.search_user( LDAP_SERVER_URL, LDAP_ADMIN_DN, LDAP_ADMIN_PASSWORD, ENABLE_SASL, SASL_MECHANISM, SASL_AUTHC_ID_ATTR, LDAP_BASE_DN, LDAP_LOGIN_ATTR, login_attr, password, LDAP_FILTER, - LDAP_CONTACT_EMAIL_ATTR, LDAP_USER_ROLE_ATTR) + LDAP_CONTACT_EMAIL_ATTR, LDAP_USER_ROLE_ATTR, LDAP_FOLLOW_REFERRALS) ldap_provider = LDAP_PROVIDER except Exception as e: if ENABLE_MULTI_LDAP: @@ -986,7 +987,7 @@ def authenticate(self, ldap_user=None, password=None): MULTI_LDAP_1_SERVER_URL, MULTI_LDAP_1_ADMIN_DN, MULTI_LDAP_1_ADMIN_PASSWORD, MULTI_LDAP_1_ENABLE_SASL, MULTI_LDAP_1_SASL_MECHANISM, MULTI_LDAP_1_SASL_AUTHC_ID_ATTR, MULTI_LDAP_1_BASE_DN, MULTI_LDAP_1_LOGIN_ATTR, login_attr, password, MULTI_LDAP_1_FILTER, - MULTI_LDAP_1_CONTACT_EMAIL_ATTR, MULTI_LDAP_1_USER_ROLE_ATTR) + MULTI_LDAP_1_CONTACT_EMAIL_ATTR, MULTI_LDAP_1_USER_ROLE_ATTR, MULTI_LDAP_1_FOLLOW_REFERRALS) ldap_provider = MULTI_LDAP_1_PROVIDER except Exception as e: logger.error(e) diff --git a/seahub/utils/ldap.py b/seahub/utils/ldap.py index 5ceacb0729b..0f592761df1 100644 --- a/seahub/utils/ldap.py +++ b/seahub/utils/ldap.py @@ -14,6 +14,7 @@ LDAP_PROVIDER = getattr(settings, 'LDAP_PROVIDER', 'ldap') LDAP_USER_OBJECT_CLASS = getattr(settings, 'LDAP_USER_OBJECT_CLASS', 'person') +LDAP_FOLLOW_REFERRALS = getattr(settings, 'LDAP_FOLLOW_REFERRALS', True) # multi ldap ENABLE_MULTI_LDAP = getattr(settings, 'ENABLE_MULTI_LDAP', False) @@ -28,6 +29,7 @@ MULTI_LDAP_1_FILTER = getattr(settings, 'MULTI_LDAP_1_FILTER', '') MULTI_LDAP_1_ENABLE_SASL = getattr(settings, 'MULTI_LDAP_1_ENABLE_SASL', False) MULTI_LDAP_1_SASL_MECHANISM = getattr(settings, 'MULTI_LDAP_1_SASL_MECHANISM', '') +MULTI_LDAP_1_FOLLOW_REFERRALS = getattr(settings, 'MULTI_LDAP_1_FOLLOW_REFERRALS', True) MULTI_LDAP_1_CONTACT_EMAIL_ATTR = getattr(settings, 'MULTI_LDAP_1_CONTACT_EMAIL_ATTR', '') MULTI_LDAP_1_USER_ROLE_ATTR = getattr(settings, 'MULTI_LDAP_1_USER_ROLE_ATTR', '')