import ldap from django.contrib.auth import get_user_model import environ # 1. 环境变量读取 env = environ.Env() # 2. LDAP服务器host和port server_uri = env('AUTH_LDAP_SERVER_URI', default='ldap://dns.paisat.cn:389') dn = env('AUTH_LDAP_BIND_DN',default='CN=Administrator,CN=Users,DC=sstc,DC=ctu') password = env('AUTH_LDAP_BIND_PASSWORD',default='WXWX2019!!!!!!') base_dn = env('BASE_DN',default='OU=all,DC=sstc,DC=ctu') filter_str = env('FILTER_STR',default='(sAMAccountName=%(user)s)') # 3. 连接LDAP服务器进行操作 def load_ldap_users(url=server_uri, dn=dn, pwd=password, search_dn=base_dn, search_filter='(&(sAMAccountName=*))'): Users = get_user_model() ldap_server = ldap.initialize(url) ldap_server.simple_bind_s(dn, pwd) ldap_users = ldap_server.search_ext_s(search_dn, ldap.SCOPE_SUBTREE, search_filter) temp_users = [] for user in ldap_users: username_field = user[-1]['sAMAccountName'][0] email_field = user[-1].get('mail', username_field + b'@sstc.ctu')[0] if isinstance(email_field, int): email_field = username_field + b'@sstc.ctu' user_dict = { 'username': username_field.decode(), 'name': user[-1]['name'][0].decode(), 'email': email_field.decode(), } temp_users.append(user_dict) db_user = Users.objects.filter(username=user_dict['username']) exsits = db_user.exists() if exsits: # 如果存在则更新 update_flag = False c_user = db_user.first() if c_user != user_dict['username']: c_user.username = user_dict['username'] update_flag = True if c_user.name != user_dict['name']: c_user.name = user_dict['name'] update_flag = True if c_user.email != user_dict['email']: c_user.email = user_dict['email'] update_flag = True if update_flag: c_user.set_password('wxwx2018!!!') c_user.save() else: user_dict['remark'] = '自动同步LDAP数据用户' user_dict['status'] = '1' user_dict['phone'] = '18888888888' user_dict['role'] = 'user' user_dict['accountId'] = 'user' user_single = Users.objects.create(**user_dict) user_single.set_password('wxwx2018!!!') user_single.save() # 6月3日新增组别