From c232e52047258ad5f7bb408383a50a610f4e088b Mon Sep 17 00:00:00 2001
From: laodaming <11058467+laudamine@user.noreply.gitee.com>
Date: Fri, 17 Nov 2023 15:06:03 +0800
Subject: [PATCH 1/3] fix

---
 .../logic/getldaporganizationmemberslogic.go  | 101 ++++++++++++++++--
 .../internal/logic/getldapuserinfologic.go    |   6 +-
 server/ldap-admin/internal/types/types.go     |  16 ++-
 server_api/ldap-admin.api                     |  18 +++-
 utils/ldap_lib/ldap_group.go                  |  16 ++-
 5 files changed, 142 insertions(+), 15 deletions(-)

diff --git a/server/ldap-admin/internal/logic/getldaporganizationmemberslogic.go b/server/ldap-admin/internal/logic/getldaporganizationmemberslogic.go
index fb73cfc2..2e53a2a1 100644
--- a/server/ldap-admin/internal/logic/getldaporganizationmemberslogic.go
+++ b/server/ldap-admin/internal/logic/getldaporganizationmemberslogic.go
@@ -1,8 +1,12 @@
 package logic
 
 import (
+	"fmt"
 	"fusenapi/utils/auth"
 	"fusenapi/utils/basic"
+	"fusenapi/utils/ldap_lib"
+	"github.com/go-ldap/ldap/v3"
+	"strconv"
 	"strings"
 
 	"context"
@@ -36,12 +40,97 @@ func (l *GetLdapOrganizationMembersLogic) GetLdapOrganizationMembers(req *types.
 	if len(req.OrganizationDN) <= 3 || req.OrganizationDN[:3] != "ou=" {
 		return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "参数错误,无效的组织DN")
 	}
-	//先获取组织信息
-	/*ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN)
-	filter := "(objectClass=groupOfUniqueNames)"
-	fields := ""
-	ldapServer.Search(req.OrganizationDN, ldap.ScopeWholeSubtree, filter, nil, nil)*/
-	return resp.SetStatus(basic.CodeOK)
+	//先获取组织成员
+	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN)
+	//获取跟用户dn筛选排除该用户
+	rootDNSlice := strings.Split(l.svcCtx.Config.Ldap.RootDN, ",")
+	if len(rootDNSlice) == 0 {
+		return resp.SetStatusWithMessage(basic.CodeServiceErr, "根用户DN未设置")
+	}
+	rootCn := rootDNSlice[0]
+	filter := "(&(objectClass=groupOfUniqueNames)(!(" + rootCn + ")))"
+	fields := []string{"uniqueMember"} //只是查询成员
+	result, err := ldapServer.Search(req.OrganizationDN, ldap.ScopeWholeSubtree, filter, fields, nil)
+	if err != nil {
+		logx.Error(err)
+		return resp.SetStatusWithMessage(basic.CodeServiceErr, "查询ldap组织成员错误,"+err.Error())
+	}
+	//初始化filter
+	filterBuilder := strings.Builder{}
+	memberCount := 0
+	for _, entry := range result.Entries {
+		if entry.DN != req.OrganizationDN {
+			continue
+		}
+		for _, attr := range entry.Attributes {
+			if attr.Name != "uniqueMember" {
+				continue
+			}
+			memberCount = len(attr.Values)
+			fmt.Println(attr.Values)
+			for _, memberDn := range attr.Values {
+				//不需要根用户
+				if memberDn == l.svcCtx.Config.Ldap.RootDN {
+					continue
+				}
+				//解析dn成每个小的单元
+				cellList := strings.Split(memberDn, ",") //取cn邮箱
+				filterBuilder.WriteString(fmt.Sprintf("(&%s)", "("+cellList[0]+")"))
+			}
+			break
+		}
+		break
+	}
+	//从新赋值filter
+	filter = "(&(objectClass=posixAccount)(objectClass=inetOrgPerson)(|" + filterBuilder.String() + "))"
+	fmt.Println(filter)
+	//从用户基本组中找到员工
+	result, err = ldapServer.Search(l.svcCtx.Config.Ldap.PeopleGroupDN, ldap.ScopeWholeSubtree, filter, nil, nil)
+	if err != nil {
+		logx.Error(err)
+		return resp.SetStatusWithMessage(basic.CodeServiceErr, "查询ldap帐号信息失败,"+err.Error())
+	}
+	userList := make([]types.GetLdapOrganizationMembersItem, 0, memberCount)
+	for _, entry := range result.Entries {
+		userInfo := types.GetLdapOrganizationMembersItem{
+			UserDN: entry.DN,
+		}
+		for _, attr := range entry.Attributes {
+			switch attr.Name {
+			case "uidNumber": //用户id
+				if len(attr.Values) == 0 {
+					return resp.SetStatusWithMessage(basic.CodeServiceErr, "用户id不存在")
+				}
+				userInfo.UserId, err = strconv.ParseInt(attr.Values[0], 10, 64)
+				if err != nil {
+					logx.Error(err)
+					return resp.SetStatusWithMessage(basic.CodeServiceErr, "用户id转数字失败")
+				}
+			case "sn": //用户真名
+				userInfo.UserName = strings.Join(attr.Values, "")
+			case "mail": //邮箱
+				userInfo.Email = strings.Join(attr.Values, "")
+			case "mobile": //手机号
+				userInfo.Mobile = strings.Join(attr.Values, "")
+			case "postalAddress": //头像
+				userInfo.Avatar = strings.Join(attr.Values, "")
+			case "postalCode": //状态
+				if len(attr.Values) == 0 {
+					return resp.SetStatusWithMessage(basic.CodeServiceErr, "用户状态不存在")
+				}
+				userInfo.Status, err = strconv.ParseInt(attr.Values[0], 10, 64)
+				if err != nil {
+					logx.Error(err)
+					return resp.SetStatusWithMessage(basic.CodeServiceErr, "用户状态转数字失败")
+				}
+			}
+		}
+		//添加列表
+		userList = append(userList, userInfo)
+	}
+	return resp.SetStatusWithMessage(basic.CodeOK, "success", types.GetLdapOrganizationMembersRsp{
+		List: userList,
+	})
 }
 
 // 处理逻辑后 w,r 如:重定向, resp 必须重新处理
diff --git a/server/ldap-admin/internal/logic/getldapuserinfologic.go b/server/ldap-admin/internal/logic/getldapuserinfologic.go
index e754915e..31abb39f 100644
--- a/server/ldap-admin/internal/logic/getldapuserinfologic.go
+++ b/server/ldap-admin/internal/logic/getldapuserinfologic.go
@@ -38,7 +38,7 @@ func (l *GetLdapUserInfoLogic) GetLdapUserInfo(req *types.GetLdapUserInfoReq, us
 		return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "参数错误，用户DN错误")
 	}
 	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN)
-	res, err := ldapServer.Search(req.UserDN, ldap.ScopeWholeSubtree, "(objectClass=inetOrgPerson)", nil, nil)
+	res, err := ldapServer.Search(req.UserDN, ldap.ScopeWholeSubtree, "(&(objectClass=posixAccount)(objectClass=inetOrgPerson))", nil, nil)
 	if err != nil {
 		logx.Error(err)
 		return resp.SetStatusWithMessage(basic.CodeServiceErr, "获取用户信息失败:"+err.Error())
@@ -51,6 +51,9 @@ func (l *GetLdapUserInfoLogic) GetLdapUserInfo(req *types.GetLdapUserInfoReq, us
 		Status: 0,
 	}
 	for _, entry := range res.Entries {
+		if entry.DN != req.UserDN {
+			continue
+		}
 		apiRsp.UserDN = entry.DN
 		for _, attr := range entry.Attributes {
 			switch attr.Name {
@@ -82,6 +85,7 @@ func (l *GetLdapUserInfoLogic) GetLdapUserInfo(req *types.GetLdapUserInfoReq, us
 				}
 			}
 		}
+		break
 	}
 	if apiRsp.UserId == 0 {
 		return resp.SetStatusWithMessage(basic.CodeServiceErr, "查询到的不是用户信息!!!")
diff --git a/server/ldap-admin/internal/types/types.go b/server/ldap-admin/internal/types/types.go
index 964f9df3..55643628 100644
--- a/server/ldap-admin/internal/types/types.go
+++ b/server/ldap-admin/internal/types/types.go
@@ -158,7 +158,21 @@ type RemoveLdapOrganizationMemberReq struct {
 }
 
 type GetLdapOrganizationMembersReq struct {
-	OrganizationDN string `json:"organization_dn"`
+	OrganizationDN string `form:"organization_dn"`
+}
+
+type GetLdapOrganizationMembersRsp struct {
+	List []GetLdapOrganizationMembersItem `json:"list"`
+}
+
+type GetLdapOrganizationMembersItem struct {
+	UserId   int64  `json:"userId"`
+	UserDN   string `json:"user_dn"`
+	UserName string `json:"user_name"`          //用户名
+	Email    string `json:"email"`              //邮箱
+	Mobile   string `json:"mobile"`             //手机号
+	Avatar   string `json:"avatar"`             //头像地址
+	Status   int64  `json:"status,options=0|1"` //状态 1正常0离职
 }
 
 type Request struct {
diff --git a/server_api/ldap-admin.api b/server_api/ldap-admin.api
index 94503b22..7de5f756 100644
--- a/server_api/ldap-admin.api
+++ b/server_api/ldap-admin.api
@@ -19,14 +19,14 @@ service ldap-admin {
 	//删除权限组
 	@handler DeleteLdapGroupHandler
 	post /api/ldap-admin/delete_ldap_group(DeleteLdapGroupReq) returns (response);
-
+	
 	//获取API列表
 	@handler GetApisHandler
 	get /api/ldap-admin/get_apis(GetApisReq) returns (response);
 	//保存API
 	@handler SaveApiHandler
 	post /api/ldap-admin/save_api(SaveApiReq) returns (response);
-
+	
 	//保存菜单
 	@handler SaveMenuHandler
 	post /api/ldap-admin/save_menu(SaveMenuReq) returns (response);
@@ -224,5 +224,17 @@ type RemoveLdapOrganizationMemberReq {
 }
 //获取ldap组织成员列表
 type GetLdapOrganizationMembersReq {
-	OrganizationDN string `json:"organization_dn"`
+	OrganizationDN string `form:"organization_dn"`
+}
+type GetLdapOrganizationMembersRsp {
+	List []GetLdapOrganizationMembersItem `json:"list"`
+}
+type GetLdapOrganizationMembersItem {
+	UserId   int64  `json:"userId"`
+	UserDN   string `json:"user_dn"`
+	UserName string `json:"user_name"`          //用户名
+	Email    string `json:"email"`              //邮箱
+	Mobile   string `json:"mobile"`             //手机号
+	Avatar   string `json:"avatar"`             //头像地址
+	Status   int64  `json:"status,options=0|1"` //状态 1正常0离职
 }
\ No newline at end of file
diff --git a/utils/ldap_lib/ldap_group.go b/utils/ldap_lib/ldap_group.go
index 360f8bca..1828ce38 100644
--- a/utils/ldap_lib/ldap_group.go
+++ b/utils/ldap_lib/ldap_group.go
@@ -23,6 +23,9 @@ func NewLdap(conn *ldap.Conn, baseDN, rootDN string) *Ldap {
 
 // 更新资源(分组/用户)
 func (l *Ldap) Update(DN string, attr map[string][]string) error {
+	if DN == l.rootDN {
+		return errors.New("根用户不能更新")
+	}
 	modify := ldap.NewModifyRequest(DN, nil)
 	for key, v := range attr {
 		modify.Replace(key, v)
@@ -41,12 +44,18 @@ func (l *Ldap) Create(DN string, attr map[string][]string) error {
 
 // 删除资源(分组/用户)
 func (l *Ldap) Delete(DN string) error {
+	if DN == l.rootDN {
+		return errors.New("根用户不能删除")
+	}
 	del := ldap.NewDelRequest(DN, nil)
 	return l.conn.Del(del)
 }
 
 // 查询资源(分组/用户)
 func (l *Ldap) Search(DN string, scope int, filter string, attr []string, controls []ldap.Control) (resp *ldap.SearchResult, err error) {
+	if DN == l.rootDN {
+		return nil, errors.New("你没有权限查询根用户")
+	}
 	if filter == "" {
 		rootCn := strings.Split(l.rootDN, ",")
 		if len(rootCn) == 0 {
@@ -67,10 +76,6 @@ func (l *Ldap) Search(DN string, scope int, filter string, attr []string, contro
 
 // AddUserToGroup 添加用户到组织
 func (l *Ldap) AddUserToOrganization(organizationDN, userDN string) error {
-	//判断dn是否以ou开头
-	/*if organizationDN[:3] == "ou=" {
-		return errors.New("不能添加用户到OU组织单元")
-	}*/
 	modify := ldap.NewModifyRequest(organizationDN, nil)
 	modify.Add("uniqueMember", []string{userDN})
 	return l.conn.Modify(modify)
@@ -78,6 +83,9 @@ func (l *Ldap) AddUserToOrganization(organizationDN, userDN string) error {
 
 // DelUserFromGroup 将用户从分组删除
 func (l *Ldap) RemoveUserFromOrganization(groupDN, userDN string) error {
+	if userDN == l.rootDN {
+		return errors.New("根用户不能从分组删除")
+	}
 	modify := ldap.NewModifyRequest(groupDN, nil)
 	modify.Delete("uniqueMember", []string{userDN})
 	return l.conn.Modify(modify)

From 86216a64563342468458b554ea99dba14af69bb2 Mon Sep 17 00:00:00 2001
From: laodaming <11058467+laudamine@user.noreply.gitee.com>
Date: Fri, 17 Nov 2023 15:11:23 +0800
Subject: [PATCH 2/3] fix

---
 .../internal/logic/createldaporganizationlogic.go         | 8 ++++----
 server/ldap-admin/internal/types/types.go                 | 2 +-
 server_api/ldap-admin.api                                 | 2 +-
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/server/ldap-admin/internal/logic/createldaporganizationlogic.go b/server/ldap-admin/internal/logic/createldaporganizationlogic.go
index 08c1c5d6..71dd47a1 100644
--- a/server/ldap-admin/internal/logic/createldaporganizationlogic.go
+++ b/server/ldap-admin/internal/logic/createldaporganizationlogic.go
@@ -33,10 +33,10 @@ func NewCreateLdapOrganizationLogic(ctx context.Context, svcCtx *svc.ServiceCont
 // }
 
 func (l *CreateLdapOrganizationLogic) CreateLdapOrganization(req *types.CreateLdapOrganizationReq, userinfo *auth.UserInfo) (resp *basic.Response) {
-	req.OrganizationOu = strings.Trim(req.OrganizationOu, " ")
+	req.OrganizationEnName = strings.Trim(req.OrganizationEnName, " ")
 	req.ParentOrganizationDN = strings.Trim(req.ParentOrganizationDN, " ")
 	req.BusinessCategory = strings.Trim(req.BusinessCategory, " ")
-	if len(strings.Split(req.OrganizationOu, ",")) != 1 {
+	if len(strings.Split(req.OrganizationEnName, ",")) != 1 {
 		return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "参数错误,不合法的组织ou")
 	}
 	if req.ParentOrganizationDN == "" {
@@ -46,12 +46,12 @@ func (l *CreateLdapOrganizationLogic) CreateLdapOrganization(req *types.CreateLd
 		return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "参数错误,分类名不能为空")
 	}
 	//组装organization dn
-	organizationDN := "ou=" + req.OrganizationOu + "," + req.ParentOrganizationDN
+	organizationDN := "ou=" + req.OrganizationEnName + "," + req.ParentOrganizationDN
 	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN)
 	err := ldapServer.Create(organizationDN, map[string][]string{
 		"objectClass":      {"top", "groupOfUniqueNames"},
 		"cn":               {req.BusinessCategory},
-		"ou":               {req.OrganizationOu},
+		"ou":               {req.OrganizationEnName},
 		"businessCategory": {req.BusinessCategory},
 		"uniqueMember":     {l.svcCtx.Config.Ldap.RootDN}, //创建groupOfUniqueNames对象类型需要至少一个member,把root加进去
 	})
diff --git a/server/ldap-admin/internal/types/types.go b/server/ldap-admin/internal/types/types.go
index ce0e206c..e69efad2 100644
--- a/server/ldap-admin/internal/types/types.go
+++ b/server/ldap-admin/internal/types/types.go
@@ -107,7 +107,7 @@ type MenuItem struct {
 }
 
 type CreateLdapOrganizationReq struct {
-	OrganizationOu       string `json:"organization_ou"`        //组织ou
+	OrganizationEnName   string `json:"organization_en_name"`   //组织英文名
 	BusinessCategory     string `json:"business_category"`      //组织分类名称
 	ParentOrganizationDN string `json:"parent_organization_dn"` //父级dn
 }
diff --git a/server_api/ldap-admin.api b/server_api/ldap-admin.api
index 5ecbd87d..a20c7c01 100644
--- a/server_api/ldap-admin.api
+++ b/server_api/ldap-admin.api
@@ -178,7 +178,7 @@ type MenuItem {
 }
 //增加ldap组织
 type CreateLdapOrganizationReq {
-	OrganizationOu       string `json:"organization_ou"`        //组织ou
+	OrganizationEnName   string `json:"organization_en_name"`   //组织英文名
 	BusinessCategory     string `json:"business_category"`      //组织分类名称
 	ParentOrganizationDN string `json:"parent_organization_dn"` //父级dn
 }

From 648e200d87b32fc27cbf669cfa0f770567aa32fe Mon Sep 17 00:00:00 2001
From: laodaming <11058467+laudamine@user.noreply.gitee.com>
Date: Fri, 17 Nov 2023 15:16:34 +0800
Subject: [PATCH 3/3] fix

---
 .../logic/createldaporganizationlogic.go        | 17 +++++++++++------
 server/ldap-admin/internal/types/types.go       |  2 +-
 server_api/ldap-admin.api                       |  2 +-
 3 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/server/ldap-admin/internal/logic/createldaporganizationlogic.go b/server/ldap-admin/internal/logic/createldaporganizationlogic.go
index 71dd47a1..d1046fcf 100644
--- a/server/ldap-admin/internal/logic/createldaporganizationlogic.go
+++ b/server/ldap-admin/internal/logic/createldaporganizationlogic.go
@@ -3,6 +3,7 @@ package logic
 import (
 	"fusenapi/utils/auth"
 	"fusenapi/utils/basic"
+	"fusenapi/utils/chinese_to_pinyin"
 	"fusenapi/utils/ldap_lib"
 	"strings"
 
@@ -35,24 +36,28 @@ func NewCreateLdapOrganizationLogic(ctx context.Context, svcCtx *svc.ServiceCont
 func (l *CreateLdapOrganizationLogic) CreateLdapOrganization(req *types.CreateLdapOrganizationReq, userinfo *auth.UserInfo) (resp *basic.Response) {
 	req.OrganizationEnName = strings.Trim(req.OrganizationEnName, " ")
 	req.ParentOrganizationDN = strings.Trim(req.ParentOrganizationDN, " ")
-	req.BusinessCategory = strings.Trim(req.BusinessCategory, " ")
+	req.OrganizationName = strings.Trim(req.OrganizationName, " ")
 	if len(strings.Split(req.OrganizationEnName, ",")) != 1 {
-		return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "参数错误,不合法的组织ou")
+		return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "参数错误,组织英文名不符合规范")
+	}
+	//转拼音比较下
+	if req.OrganizationEnName != chinese_to_pinyin.ChineseToPinyin(req.OrganizationEnName) {
+		return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "参数错误,组织英文名不能包含中文")
 	}
 	if req.ParentOrganizationDN == "" {
 		return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "参数错误,父级DN不能为空")
 	}
-	if req.BusinessCategory == "" {
-		return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "参数错误,分类名不能为空")
+	if req.OrganizationName == "" {
+		return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "参数错误,组织中文名不能为空")
 	}
 	//组装organization dn
 	organizationDN := "ou=" + req.OrganizationEnName + "," + req.ParentOrganizationDN
 	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN)
 	err := ldapServer.Create(organizationDN, map[string][]string{
 		"objectClass":      {"top", "groupOfUniqueNames"},
-		"cn":               {req.BusinessCategory},
+		"cn":               {req.OrganizationName},
 		"ou":               {req.OrganizationEnName},
-		"businessCategory": {req.BusinessCategory},
+		"businessCategory": {req.OrganizationName},
 		"uniqueMember":     {l.svcCtx.Config.Ldap.RootDN}, //创建groupOfUniqueNames对象类型需要至少一个member,把root加进去
 	})
 	if err != nil {
diff --git a/server/ldap-admin/internal/types/types.go b/server/ldap-admin/internal/types/types.go
index e69efad2..d254450b 100644
--- a/server/ldap-admin/internal/types/types.go
+++ b/server/ldap-admin/internal/types/types.go
@@ -108,7 +108,7 @@ type MenuItem struct {
 
 type CreateLdapOrganizationReq struct {
 	OrganizationEnName   string `json:"organization_en_name"`   //组织英文名
-	BusinessCategory     string `json:"business_category"`      //组织分类名称
+	OrganizationName     string `json:"organization_name"`      //组织中文名称
 	ParentOrganizationDN string `json:"parent_organization_dn"` //父级dn
 }
 
diff --git a/server_api/ldap-admin.api b/server_api/ldap-admin.api
index a20c7c01..f9b5b52e 100644
--- a/server_api/ldap-admin.api
+++ b/server_api/ldap-admin.api
@@ -179,7 +179,7 @@ type MenuItem {
 //增加ldap组织
 type CreateLdapOrganizationReq {
 	OrganizationEnName   string `json:"organization_en_name"`   //组织英文名
-	BusinessCategory     string `json:"business_category"`      //组织分类名称
+	OrganizationName     string `json:"organization_name"`      //组织中文名称
 	ParentOrganizationDN string `json:"parent_organization_dn"` //父级dn
 }
 //删除ldap组织