• falcon适配ldap密码同步


    问题

    小米的openfalcon在使用ldap首次登陆成功后,会在本地创建同名的账号, 这就有个问题当你更新了ldap的密码时,openfalcon是没有同步本地账号密码的功能

    二次改造

    1. 方便我们debug, 先把日志的debug打开,默认是没有运行时日志的,只有console日志

      # 编辑文件 dashboard/rrd/utils/logger.py
        
      import sys
      from rrd import config
      import logging
      file_handler = logging.FileHandler(filename='/data1/dev/open-falcon/dashboard/var/running.log')
      formatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s')
      file_handler.setFormatter(formatter)
      logging.getLogger().addHandler(file_handler)
      logging.getLogger().setLevel(logging.DEBUG)
    2. 添加两个util方法 dashboard/rrd/view/utils.py

      def get_Apitoken(name, password):
          d = {"name": name, "password": password}
          h = {"Content-type":"application/json"}
          r = requests.post("%s/user/login" %(config.API_ADDR,),
                  data=json.dumps(d), headers=h)
          if r.status_code != 200:
              raise Exception("%s %s" %(r.status_code, r.text))
          sig = json.loads(r.text)["sig"]
          return json.dumps({"name":name,"sig":sig})
       
      def get_user_id(name, Apitoken):
          h = {"Content-type":"application/json","Apitoken":Apitoken}
          r = requests.get("%s/user/name/%s" %(config.API_ADDR,name), headers=h)
          if r.status_code != 200:
              user_id = -1
              return user_id
          user_id = json.loads(r.text)["id"]
          return user_id
    3. 重构登陆函数

      diff --git a/rrd/view/auth/auth.py b/rrd/view/auth/auth.py
      index c203c4c..a546b95 100644
      --- a/rrd/view/auth/auth.py
      +++ b/rrd/view/auth/auth.py
      @@ -17,6 +17,7 @@
       from flask import request, g, abort, render_template, redirect
       from flask.ext.babel import refresh
       import requests
      +import traceback
       import json
       from rrd import app
       from rrd import config
      @@ -48,6 +49,7 @@ def auth_login():
               if ldap == "1":
                   try:
                       ldap_info = view_utils.ldap_login_user(name, password)
      +                log.debug("ldap_info: %s" %ldap_info)
                       h = {"Content-type":"application/json"}
                       d = {
      @@ -58,12 +60,20 @@ def auth_login():
                           "phone": ldap_info['phone'],
                       }
      -                r = requests.post("%s/user/create" %(config.API_ADDR,),
      +                Apitoken = view_utils.get_Apitoken('admin''admin_password')
      +                user_id = view_utils.get_user_id(name, Apitoken)
      +                log.debug('apitoken:%s, user_id:%s' %(Apitoken, user_id))
      +
      +                if user_id > 0:
      +                    r = requests.put("%s/admin/change_user_passwd" %(config.API_ADDR), data=json.dumps({"user_id":user_id,"passwor
      +                    log.debug('ldap login success and synchronize user password')
      +                else:
      +                    r = requests.post("%s/user/create" %(config.API_ADDR,),
                               data=json.dumps(d), headers=h)
      -                log.debug("%s:%s" %(r.status_code, r.text))
      +                    log.debug("create user status %s:%s" %(r.status_code, r.text))
      -                #TODO: update password in db if ldap password changed
                   except Exception as e:
      +                log.debug(traceback.format_exc())
                       ret["msg"] = str(e)
                       return json.dumps(ret)

  • 相关阅读:
    产生财务计帐周期
    判断指定年份是否为闰年
    判断是否是闰年
    Regex quick reference
    组合外键(FOREIGN KEY)
    多列组合为主键(PRIMARY KEY)
    获取字符串开始的地址(案例)
    获取字符串结尾的电话号码(案例)
    ms sql server line feed
    如何产生连续时间?(案例)
  • 原文地址:https://www.cnblogs.com/txwsqk/p/9967510.html
Copyright © 2020-2023  润新知