diff --git a/server/ldap-admin/internal/logic/getldaporganizationmemberslogic.go b/server/ldap-admin/internal/logic/getldaporganizationmemberslogic.go index fb73cfc2..2e53a2a1 100644 --- a/server/ldap-admin/internal/logic/getldaporganizationmemberslogic.go +++ b/server/ldap-admin/internal/logic/getldaporganizationmemberslogic.go @@ -1,8 +1,12 @@ package logic import ( + "fmt" "fusenapi/utils/auth" "fusenapi/utils/basic" + "fusenapi/utils/ldap_lib" + "github.com/go-ldap/ldap/v3" + "strconv" "strings" "context" @@ -36,12 +40,97 @@ func (l *GetLdapOrganizationMembersLogic) GetLdapOrganizationMembers(req *types. if len(req.OrganizationDN) <= 3 || req.OrganizationDN[:3] != "ou=" { return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "参数错误,无效的组织DN") } - //先获取组织信息 - /*ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN) - filter := "(objectClass=groupOfUniqueNames)" - fields := "" - ldapServer.Search(req.OrganizationDN, ldap.ScopeWholeSubtree, filter, nil, nil)*/ - return resp.SetStatus(basic.CodeOK) + //先获取组织成员 + ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN) + //获取跟用户dn筛选排除该用户 + rootDNSlice := strings.Split(l.svcCtx.Config.Ldap.RootDN, ",") + if len(rootDNSlice) == 0 { + return resp.SetStatusWithMessage(basic.CodeServiceErr, "根用户DN未设置") + } + rootCn := rootDNSlice[0] + filter := "(&(objectClass=groupOfUniqueNames)(!(" + rootCn + ")))" + fields := []string{"uniqueMember"} //只是查询成员 + result, err := ldapServer.Search(req.OrganizationDN, ldap.ScopeWholeSubtree, filter, fields, nil) + if err != nil { + logx.Error(err) + return resp.SetStatusWithMessage(basic.CodeServiceErr, "查询ldap组织成员错误,"+err.Error()) + } + //初始化filter + filterBuilder := strings.Builder{} + memberCount := 0 + for _, entry := range result.Entries { + if entry.DN != req.OrganizationDN { + continue + } + for _, attr := range entry.Attributes { + if attr.Name != "uniqueMember" { + continue + } + memberCount = len(attr.Values) + fmt.Println(attr.Values) + for _, memberDn := range attr.Values { + //不需要根用户 + if memberDn == l.svcCtx.Config.Ldap.RootDN { + continue + } + //解析dn成每个小的单元 + cellList := strings.Split(memberDn, ",") //取cn邮箱 + filterBuilder.WriteString(fmt.Sprintf("(&%s)", "("+cellList[0]+")")) + } + break + } + break + } + //从新赋值filter + filter = "(&(objectClass=posixAccount)(objectClass=inetOrgPerson)(|" + filterBuilder.String() + "))" + fmt.Println(filter) + //从用户基本组中找到员工 + result, err = ldapServer.Search(l.svcCtx.Config.Ldap.PeopleGroupDN, ldap.ScopeWholeSubtree, filter, nil, nil) + if err != nil { + logx.Error(err) + return resp.SetStatusWithMessage(basic.CodeServiceErr, "查询ldap帐号信息失败,"+err.Error()) + } + userList := make([]types.GetLdapOrganizationMembersItem, 0, memberCount) + for _, entry := range result.Entries { + userInfo := types.GetLdapOrganizationMembersItem{ + UserDN: entry.DN, + } + for _, attr := range entry.Attributes { + switch attr.Name { + case "uidNumber": //用户id + if len(attr.Values) == 0 { + return resp.SetStatusWithMessage(basic.CodeServiceErr, "用户id不存在") + } + userInfo.UserId, err = strconv.ParseInt(attr.Values[0], 10, 64) + if err != nil { + logx.Error(err) + return resp.SetStatusWithMessage(basic.CodeServiceErr, "用户id转数字失败") + } + case "sn": //用户真名 + userInfo.UserName = strings.Join(attr.Values, "") + case "mail": //邮箱 + userInfo.Email = strings.Join(attr.Values, "") + case "mobile": //手机号 + userInfo.Mobile = strings.Join(attr.Values, "") + case "postalAddress": //头像 + userInfo.Avatar = strings.Join(attr.Values, "") + case "postalCode": //状态 + if len(attr.Values) == 0 { + return resp.SetStatusWithMessage(basic.CodeServiceErr, "用户状态不存在") + } + userInfo.Status, err = strconv.ParseInt(attr.Values[0], 10, 64) + if err != nil { + logx.Error(err) + return resp.SetStatusWithMessage(basic.CodeServiceErr, "用户状态转数字失败") + } + } + } + //添加列表 + userList = append(userList, userInfo) + } + return resp.SetStatusWithMessage(basic.CodeOK, "success", types.GetLdapOrganizationMembersRsp{ + List: userList, + }) } // 处理逻辑后 w,r 如:重定向, resp 必须重新处理 diff --git a/server/ldap-admin/internal/logic/getldapuserinfologic.go b/server/ldap-admin/internal/logic/getldapuserinfologic.go index e754915e..31abb39f 100644 --- a/server/ldap-admin/internal/logic/getldapuserinfologic.go +++ b/server/ldap-admin/internal/logic/getldapuserinfologic.go @@ -38,7 +38,7 @@ func (l *GetLdapUserInfoLogic) GetLdapUserInfo(req *types.GetLdapUserInfoReq, us return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "参数错误,用户DN错误") } ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN) - res, err := ldapServer.Search(req.UserDN, ldap.ScopeWholeSubtree, "(objectClass=inetOrgPerson)", nil, nil) + res, err := ldapServer.Search(req.UserDN, ldap.ScopeWholeSubtree, "(&(objectClass=posixAccount)(objectClass=inetOrgPerson))", nil, nil) if err != nil { logx.Error(err) return resp.SetStatusWithMessage(basic.CodeServiceErr, "获取用户信息失败:"+err.Error()) @@ -51,6 +51,9 @@ func (l *GetLdapUserInfoLogic) GetLdapUserInfo(req *types.GetLdapUserInfoReq, us Status: 0, } for _, entry := range res.Entries { + if entry.DN != req.UserDN { + continue + } apiRsp.UserDN = entry.DN for _, attr := range entry.Attributes { switch attr.Name { @@ -82,6 +85,7 @@ func (l *GetLdapUserInfoLogic) GetLdapUserInfo(req *types.GetLdapUserInfoReq, us } } } + break } if apiRsp.UserId == 0 { return resp.SetStatusWithMessage(basic.CodeServiceErr, "查询到的不是用户信息!!!") diff --git a/server/ldap-admin/internal/types/types.go b/server/ldap-admin/internal/types/types.go index 964f9df3..55643628 100644 --- a/server/ldap-admin/internal/types/types.go +++ b/server/ldap-admin/internal/types/types.go @@ -158,7 +158,21 @@ type RemoveLdapOrganizationMemberReq struct { } type GetLdapOrganizationMembersReq struct { - OrganizationDN string `json:"organization_dn"` + OrganizationDN string `form:"organization_dn"` +} + +type GetLdapOrganizationMembersRsp struct { + List []GetLdapOrganizationMembersItem `json:"list"` +} + +type GetLdapOrganizationMembersItem struct { + UserId int64 `json:"userId"` + UserDN string `json:"user_dn"` + UserName string `json:"user_name"` //用户名 + Email string `json:"email"` //邮箱 + Mobile string `json:"mobile"` //手机号 + Avatar string `json:"avatar"` //头像地址 + Status int64 `json:"status,options=0|1"` //状态 1正常0离职 } type Request struct { diff --git a/server_api/ldap-admin.api b/server_api/ldap-admin.api index 94503b22..7de5f756 100644 --- a/server_api/ldap-admin.api +++ b/server_api/ldap-admin.api @@ -19,14 +19,14 @@ service ldap-admin { //删除权限组 @handler DeleteLdapGroupHandler post /api/ldap-admin/delete_ldap_group(DeleteLdapGroupReq) returns (response); - + //获取API列表 @handler GetApisHandler get /api/ldap-admin/get_apis(GetApisReq) returns (response); //保存API @handler SaveApiHandler post /api/ldap-admin/save_api(SaveApiReq) returns (response); - + //保存菜单 @handler SaveMenuHandler post /api/ldap-admin/save_menu(SaveMenuReq) returns (response); @@ -224,5 +224,17 @@ type RemoveLdapOrganizationMemberReq { } //获取ldap组织成员列表 type GetLdapOrganizationMembersReq { - OrganizationDN string `json:"organization_dn"` + OrganizationDN string `form:"organization_dn"` +} +type GetLdapOrganizationMembersRsp { + List []GetLdapOrganizationMembersItem `json:"list"` +} +type GetLdapOrganizationMembersItem { + UserId int64 `json:"userId"` + UserDN string `json:"user_dn"` + UserName string `json:"user_name"` //用户名 + Email string `json:"email"` //邮箱 + Mobile string `json:"mobile"` //手机号 + Avatar string `json:"avatar"` //头像地址 + Status int64 `json:"status,options=0|1"` //状态 1正常0离职 } \ No newline at end of file diff --git a/utils/ldap_lib/ldap_group.go b/utils/ldap_lib/ldap_group.go index 360f8bca..1828ce38 100644 --- a/utils/ldap_lib/ldap_group.go +++ b/utils/ldap_lib/ldap_group.go @@ -23,6 +23,9 @@ func NewLdap(conn *ldap.Conn, baseDN, rootDN string) *Ldap { // 更新资源(分组/用户) func (l *Ldap) Update(DN string, attr map[string][]string) error { + if DN == l.rootDN { + return errors.New("根用户不能更新") + } modify := ldap.NewModifyRequest(DN, nil) for key, v := range attr { modify.Replace(key, v) @@ -41,12 +44,18 @@ func (l *Ldap) Create(DN string, attr map[string][]string) error { // 删除资源(分组/用户) func (l *Ldap) Delete(DN string) error { + if DN == l.rootDN { + return errors.New("根用户不能删除") + } del := ldap.NewDelRequest(DN, nil) return l.conn.Del(del) } // 查询资源(分组/用户) func (l *Ldap) Search(DN string, scope int, filter string, attr []string, controls []ldap.Control) (resp *ldap.SearchResult, err error) { + if DN == l.rootDN { + return nil, errors.New("你没有权限查询根用户") + } if filter == "" { rootCn := strings.Split(l.rootDN, ",") if len(rootCn) == 0 { @@ -67,10 +76,6 @@ func (l *Ldap) Search(DN string, scope int, filter string, attr []string, contro // AddUserToGroup 添加用户到组织 func (l *Ldap) AddUserToOrganization(organizationDN, userDN string) error { - //判断dn是否以ou开头 - /*if organizationDN[:3] == "ou=" { - return errors.New("不能添加用户到OU组织单元") - }*/ modify := ldap.NewModifyRequest(organizationDN, nil) modify.Add("uniqueMember", []string{userDN}) return l.conn.Modify(modify) @@ -78,6 +83,9 @@ func (l *Ldap) AddUserToOrganization(organizationDN, userDN string) error { // DelUserFromGroup 将用户从分组删除 func (l *Ldap) RemoveUserFromOrganization(groupDN, userDN string) error { + if userDN == l.rootDN { + return errors.New("根用户不能从分组删除") + } modify := ldap.NewModifyRequest(groupDN, nil) modify.Delete("uniqueMember", []string{userDN}) return l.conn.Modify(modify)