falcon适配ldap密码同步

问题

小米的openfalcon在使用ldap首次登陆成功后,会在本地创建同名的账号, 这就有个问题当你更新了ldap的密码时,openfalcon是没有同步本地账号密码的功能

二次改造

1. 方便我们debug, 先把日志的debug打开,默认是没有运行时日志的,只有console日志

   # 编辑文件 dashboard/rrd/utils/logger.py    import  sys from rrd  import  config import  logging file_handler = logging.FileHandler(filename= '/data1/dev/open-falcon/dashboard/var/running.log' ) formatter = logging.Formatter( '%(asctime)s - %(name)s - %(levelname)s - %(message)s' ) file_handler.setFormatter(formatter) logging.getLogger().addHandler(file_handler) logging.getLogger().setLevel(logging.DEBUG)

2. 添加两个util方法 dashboard/rrd/view/utils.py

   def get_Apitoken(name, password):      d = { "name" : name,  "password" : password}      h = { "Content-type" : "application/json" }      r = requests.post( "%s/user/login"  %(config.API_ADDR,), \              data=json.dumps(d), headers=h)      if  r.status_code !=  200 :          raise Exception( "%s %s"  %(r.status_code, r.text))      sig = json.loads(r.text)[ "sig" ]      return  json.dumps({ "name" :name, "sig" :sig})   def get_user_id(name, Apitoken):      h = { "Content-type" : "application/json" , "Apitoken" :Apitoken}      r = requests.get( "%s/user/name/%s"  %(config.API_ADDR,name), headers=h)      if  r.status_code !=  200 :          user_id = - 1          return  user_id      user_id = json.loads(r.text)[ "id" ]      return  user_id

3. 重构登陆函数

   diff --git a/rrd/view/auth/auth.py b/rrd/view/auth/auth.py index c203c4c..a546b95  100644 --- a/rrd/view/auth/auth.py +++ b/rrd/view/auth/auth.py @@ - 17 , 6  + 17 , 7  @@   from flask  import  request, g, abort, render_template, redirect   from flask.ext.babel  import  refresh   import  requests + import  traceback   import  json   from rrd  import  app   from rrd  import  config @@ - 48 , 6  + 49 , 7  @@ def auth_login():           if  ldap ==  "1" :               try :                   ldap_info = view_utils.ldap_login_user(name, password) +                log.debug( "ldap_info: %s"  %ldap_info)                   h = { "Content-type" : "application/json" }                   d = { @@ - 58 , 12  + 60 , 20  @@ def auth_login():                       "phone" : ldap_info[ 'phone' ],                   } -                r = requests.post( "%s/user/create"  %(config.API_ADDR,), \ +                Apitoken = view_utils.get_Apitoken( 'admin' ,  'admin_password' ) +                user_id = view_utils.get_user_id(name, Apitoken) +                log.debug( 'apitoken:%s, user_id:%s'  %(Apitoken, user_id)) + +                 if  user_id >  0 : +                    r = requests.put( "%s/admin/change_user_passwd"  %(config.API_ADDR), data=json.dumps({ "user_id" :user_id,"passwor +                    log.debug( 'ldap login success and synchronize user password' ) +                 else : +                    r = requests.post( "%s/user/create"  %(config.API_ADDR,), \                           data=json.dumps(d), headers=h) -                log.debug( "%s:%s"  %(r.status_code, r.text)) +                    log.debug( "create user status %s:%s"  %(r.status_code, r.text)) -                #TODO: update password in db  if  ldap password changed               except Exception as e: +                log.debug(traceback.format_exc())                   ret[ "msg" ] = str(e)                   return  json.dumps(ret)

   完