fix

utils/ldap_lib/ldap_group.go

@@ -23,6 +23,9 @@ func NewLdap(conn *ldap.Conn, baseDN, rootDN string) *Ldap {
 
 // 更新资源(分组/用户)
 func (l *Ldap) Update(DN string, attr map[string][]string) error {
+	if DN == l.rootDN {
+		return errors.New("根用户不能更新")
+	}
 	modify := ldap.NewModifyRequest(DN, nil)
 	for key, v := range attr {
 		modify.Replace(key, v)
@@ -41,12 +44,18 @@ func (l *Ldap) Create(DN string, attr map[string][]string) error {
 
 // 删除资源(分组/用户)
 func (l *Ldap) Delete(DN string) error {
+	if DN == l.rootDN {
+		return errors.New("根用户不能删除")
+	}
 	del := ldap.NewDelRequest(DN, nil)
 	return l.conn.Del(del)
 }
 
 // 查询资源(分组/用户)
 func (l *Ldap) Search(DN string, scope int, filter string, attr []string, controls []ldap.Control) (resp *ldap.SearchResult, err error) {
+	if DN == l.rootDN {
+		return nil, errors.New("你没有权限查询根用户")
+	}
 	if filter == "" {
 		rootCn := strings.Split(l.rootDN, ",")
 		if len(rootCn) == 0 {
@@ -67,10 +76,6 @@ func (l *Ldap) Search(DN string, scope int, filter string, attr []string, contro
 
 // AddUserToGroup 添加用户到组织
 func (l *Ldap) AddUserToOrganization(organizationDN, userDN string) error {
-	//判断dn是否以ou开头
-	/*if organizationDN[:3] == "ou=" {
-		return errors.New("不能添加用户到OU组织单元")
-	}*/
 	modify := ldap.NewModifyRequest(organizationDN, nil)
 	modify.Add("uniqueMember", []string{userDN})
 	return l.conn.Modify(modify)
@@ -78,6 +83,9 @@ func (l *Ldap) AddUserToOrganization(organizationDN, userDN string) error {
 
 // DelUserFromGroup 将用户从分组删除
 func (l *Ldap) RemoveUserFromOrganization(groupDN, userDN string) error {
+	if userDN == l.rootDN {
+		return errors.New("根用户不能从分组删除")
+	}
 	modify := ldap.NewModifyRequest(groupDN, nil)
 	modify.Delete("uniqueMember", []string{userDN})
 	return l.conn.Modify(modify)