cdtestplant_v1/apps/user/tools/ldap_tools.py

import ldap
from django.contrib.auth import get_user_model
import environ

# 1. 环境变量读取
env = environ.Env()

# 2. LDAP服务器host和port
server_uri = env('AUTH_LDAP_SERVER_URI', default='ldap://dns.paisat.cn:389')
dn = env('AUTH_LDAP_BIND_DN',default='CN=Administrator,CN=Users,DC=sstc,DC=ctu')
password = env('AUTH_LDAP_BIND_PASSWORD',default='WXWX2019!!!!!!')
base_dn = env('BASE_DN',default='OU=all,DC=sstc,DC=ctu')
filter_str = env('FILTER_STR',default='(sAMAccountName=%(user)s)')

# 3. 连接LDAP服务器进行操作
def load_ldap_users(url=server_uri,
                    dn=dn,
                    pwd=password,
                    search_dn=base_dn,
                    search_filter='(&(sAMAccountName=*))'):
    Users = get_user_model()

    ldap_server = ldap.initialize(url)
    ldap_server.simple_bind_s(dn, pwd)
    ldap_users = ldap_server.search_ext_s(search_dn,
                                          ldap.SCOPE_SUBTREE,
                                          search_filter)

    temp_users = []
    for user in ldap_users:
        username_field = user[-1]['sAMAccountName'][0]
        email_field = user[-1].get('mail', username_field + b'@sstc.ctu')[0]
        if isinstance(email_field, int):
            email_field = username_field + b'@sstc.ctu'
        user_dict = {
            'username': username_field.decode(),
            'name': user[-1]['name'][0].decode(),
            'email': email_field.decode(),
        }
        temp_users.append(user_dict)
        db_user = Users.objects.filter(username=user_dict['username'])
        exsits = db_user.exists()
        if exsits:
            # 如果存在则更新
            update_flag = False
            c_user = db_user.first()
            if c_user != user_dict['username']:
                c_user.username = user_dict['username']
                update_flag = True
            if c_user.name != user_dict['name']:
                c_user.name = user_dict['name']
                update_flag = True
            if c_user.email != user_dict['email']:
                c_user.email = user_dict['email']
                update_flag = True
            if update_flag:
                c_user.set_password('wxwx2018!!!')
                c_user.save()
        else:
            user_dict['remark'] = '自动同步LDAP数据用户'
            user_dict['status'] = '1'
            user_dict['phone'] = '18888888888'
            user_dict['role'] = 'user'
            user_dict['accountId'] = 'user'
            user_single = Users.objects.create(**user_dict)
            user_single.set_password('wxwx2018!!!')
            user_single.save()
            # 6月3日新增组别