fix

2023-11-20 17:16:17 +08:00 · 2023-11-20 17:16:17 +08:00 · f9f5275694
commit f9f5275694
parent 7febe9dddc
20 changed files with 295 additions and 37 deletions
--- a/server/ldap-admin/internal/handler/getldapusershandler.go
+++ b/server/ldap-admin/internal/handler/getldapusershandler.go
@ -0,0 +1,35 @@
+package handler
+
+import (
+	"net/http"
+	"reflect"
+
+	"fusenapi/utils/basic"
+
+	"fusenapi/server/ldap-admin/internal/logic"
+	"fusenapi/server/ldap-admin/internal/svc"
+	"fusenapi/server/ldap-admin/internal/types"
+)
+
+func GetLdapUsersHandler(svcCtx *svc.ServiceContext) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+
+		var req types.GetLdapUsersReq
+		userinfo, err := basic.RequestParse(w, r, svcCtx, &req)
+		if err != nil {
+			return
+		}
+
+		// 创建一个业务逻辑层实例
+		l := logic.NewGetLdapUsersLogic(r.Context(), svcCtx)
+
+		rl := reflect.ValueOf(l)
+		basic.BeforeLogic(w, r, rl)
+
+		resp := l.GetLdapUsers(&req, userinfo)
+
+		if !basic.AfterLogic(w, r, rl, resp) {
+			basic.NormalAfterLogic(w, r, resp)
+		}
+	}
+}
--- a/server/ldap-admin/internal/handler/routes.go
+++ b/server/ldap-admin/internal/handler/routes.go
@ -142,6 +142,11 @@ func RegisterHandlers(server *rest.Server, serverCtx *svc.ServiceContext) {
 				Path:    "/api/ldap-admin/create_ldap_user_base_group",
 				Handler: CreateLdapUserBaseGroupHandler(serverCtx),
 			},
+			{
+				Method:  http.MethodGet,
+				Path:    "/api/ldap-admin/get_ldap_users",
+				Handler: GetLdapUsersHandler(serverCtx),
+			},
 		},
 	)
 }
--- a/server/ldap-admin/internal/logic/addldaporganizationmemberlogic.go
+++ b/server/ldap-admin/internal/logic/addldaporganizationmemberlogic.go
@ -46,7 +46,7 @@ func (l *AddLdapOrganizationMemberLogic) AddLdapOrganizationMember(req *types.Ad
 	if !email.IsEmailValid(cnEmail) {
 		return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "错误的用户cn")
 	}
-	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN)
+	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
 	err := ldapServer.AddUserToOrganization(req.OrganizationDN, req.UserDN)
 	if err != nil {
 		logx.Error(err)
--- a/server/ldap-admin/internal/logic/createldaporganizationlogic.go
+++ b/server/ldap-admin/internal/logic/createldaporganizationlogic.go
@ -52,7 +52,7 @@ func (l *CreateLdapOrganizationLogic) CreateLdapOrganization(req *types.CreateLd
 	}
 	//组装organization dn
 	organizationDN := "ou=" + req.OrganizationEnName + "," + req.ParentOrganizationDN
-	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN)
+	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
 	err := ldapServer.Create(organizationDN, map[string][]string{
 		"objectClass":      {"top", "groupOfUniqueNames"},
 		"cn":               {req.OrganizationEnName},
--- a/server/ldap-admin/internal/logic/createldapuserbasegrouplogic.go
+++ b/server/ldap-admin/internal/logic/createldapuserbasegrouplogic.go
@ -32,7 +32,7 @@ func NewCreateLdapUserBaseGroupLogic(ctx context.Context, svcCtx *svc.ServiceCon
 // }

 func (l *CreateLdapUserBaseGroupLogic) CreateLdapUserBaseGroup(req *types.Request, userinfo *auth.UserInfo) (resp *basic.Response) {
-	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN)
+	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
 	err := ldapServer.Create(l.svcCtx.Config.Ldap.PeopleGroupDN, map[string][]string{
 		"objectClass":      {"top", "organizationalUnit"},
 		"ou":               {"FusenTeam"},
--- a/server/ldap-admin/internal/logic/createldapuserlogic.go
+++ b/server/ldap-admin/internal/logic/createldapuserlogic.go
@ -51,7 +51,7 @@ func (l *CreateLdapUserLogic) CreateLdapUser(req *types.CreateLdapUserReq, useri
 	if !email.IsEmailValid(req.Email) {
 		return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "参数错误，邮箱格式不正确")
 	}
-	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN)
+	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
 	//把用户名转pinyin
 	userNamePinyin := chinese_to_pinyin.ChineseToPinyin(req.UserName)
 	//新增一条记录获取递增用户id
--- a/server/ldap-admin/internal/logic/deleteldaporganizationlogic.go
+++ b/server/ldap-admin/internal/logic/deleteldaporganizationlogic.go
@ -37,7 +37,7 @@ func (l *DeleteLdapOrganizationLogic) DeleteLdapOrganization(req *types.DeleteLd
 	if len(req.OrganizationDN) <= 3 || req.OrganizationDN[:3] != "ou=" {
 		return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "参数错误，无效的组织DN")
 	}
-	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN)
+	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
 	if err := ldapServer.Delete(req.OrganizationDN); err != nil {
 		logx.Error(err)
 		return resp.SetStatusWithMessage(basic.CodeServiceErr, "删除ldap组织失败,"+err.Error())
--- a/server/ldap-admin/internal/logic/deleteldapuserlogic.go
+++ b/server/ldap-admin/internal/logic/deleteldapuserlogic.go
@ -37,7 +37,7 @@ func (l *DeleteLdapUserLogic) DeleteLdapUser(req *types.DeleteLdapUserReq, useri
 	if len(req.UserDN) <= 3 || req.UserDN[:3] != "cn=" {
 		return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "参数错误，无效的用户DN")
 	}
-	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN)
+	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
 	err := ldapServer.Update(req.UserDN, map[string][]string{
 		"postalCode": {"0"},
 	})
--- a/server/ldap-admin/internal/logic/getldaporganizationmemberslogic.go
+++ b/server/ldap-admin/internal/logic/getldaporganizationmemberslogic.go
@ -41,7 +41,7 @@ func (l *GetLdapOrganizationMembersLogic) GetLdapOrganizationMembers(req *types.
 		return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "参数错误,无效的组织DN")
 	}
 	//先获取组织成员
-	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN)
+	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
 	//获取跟用户dn筛选排除该用户
 	rootDNSlice := strings.Split(l.svcCtx.Config.Ldap.RootDN, ",")
 	if len(rootDNSlice) == 0 {
@ -114,6 +114,15 @@ func (l *GetLdapOrganizationMembersLogic) GetLdapOrganizationMembers(req *types.
 				user.Mobile = strings.Join(attr.Values, "")
 			case "postalAddress": //头像
 				user.Avatar = strings.Join(attr.Values, "")
+			case "employeeType": //人员类型
+				if len(attr.Values) == 0 {
+					return resp.SetStatusWithMessage(basic.CodeServiceErr, "用户类型不存在")
+				}
+				user.EmployeeType, err = strconv.ParseInt(attr.Values[0], 10, 64)
+				if err != nil {
+					logx.Error(err)
+					return resp.SetStatusWithMessage(basic.CodeServiceErr, "用户类型转数字失败")
+				}
 			case "postalCode": //状态
 				if len(attr.Values) == 0 {
 					return resp.SetStatusWithMessage(basic.CodeServiceErr, "用户状态不存在")
--- a/server/ldap-admin/internal/logic/getldaporganizationslogic.go
+++ b/server/ldap-admin/internal/logic/getldaporganizationslogic.go
@ -48,7 +48,7 @@ func (l *GetLdapOrganizationsLogic) GetLdapOrganizations(req *types.Request, use
 	if len(rootCn) == 0 {
 		return resp.SetStatusWithMessage(basic.CodeServiceErr, "root用户DN未设置")
 	}
-	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN)
+	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
 	peopleDNSlice := strings.Split(l.svcCtx.Config.Ldap.PeopleGroupDN, ",")
 	if len(peopleDNSlice) <= 1 {
 		return resp.SetStatusWithMessage(basic.CodeServiceErr, "基础用户组的DN未配置")
--- a/server/ldap-admin/internal/logic/getldapuserinfologic.go
+++ b/server/ldap-admin/internal/logic/getldapuserinfologic.go
@ -39,7 +39,7 @@ func (l *GetLdapUserInfoLogic) GetLdapUserInfo(req *types.GetLdapUserInfoReq, us
 	if !email.IsEmailValid(cnEmail) {
 		return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "错误的用户cn")
 	}
-	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN)
+	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
 	user, err := ldapServer.GetLdapUserInfo(req.UserDN)
 	if err != nil {
 		logx.Error(err)
--- a/server/ldap-admin/internal/logic/getldapuserslogic.go
+++ b/server/ldap-admin/internal/logic/getldapuserslogic.go
@ -0,0 +1,66 @@
+package logic
+
+import (
+	"fusenapi/utils/auth"
+	"fusenapi/utils/basic"
+	"fusenapi/utils/ldap_lib"
+	"strings"
+
+	"context"
+
+	"fusenapi/server/ldap-admin/internal/svc"
+	"fusenapi/server/ldap-admin/internal/types"
+
+	"github.com/zeromicro/go-zero/core/logx"
+)
+
+type GetLdapUsersLogic struct {
+	logx.Logger
+	ctx    context.Context
+	svcCtx *svc.ServiceContext
+}
+
+func NewGetLdapUsersLogic(ctx context.Context, svcCtx *svc.ServiceContext) *GetLdapUsersLogic {
+	return &GetLdapUsersLogic{
+		Logger: logx.WithContext(ctx),
+		ctx:    ctx,
+		svcCtx: svcCtx,
+	}
+}
+
+// 处理进入前逻辑w,r
+// func (l *GetLdapUsersLogic) BeforeLogic(w http.ResponseWriter, r *http.Request) {
+// }
+
+func (l *GetLdapUsersLogic) GetLdapUsers(req *types.GetLdapUsersReq, userinfo *auth.UserInfo) (resp *basic.Response) {
+	req.PageCookie = strings.Trim(req.PageCookie, " ")
+	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
+	pageSize := uint32(20)
+	list, cookie, err := ldapServer.GetLdapBaseTeamUserList(pageSize, req.PageCookie)
+	if err != nil {
+		logx.Error(err)
+		return resp.SetStatusWithMessage(basic.CodeServiceErr, "查询用户列表报错,"+err.Error())
+	}
+	rspList := make([]types.GetLdapUsersItem, 0, len(list))
+	for _, v := range list {
+		rspList = append(rspList, types.GetLdapUsersItem{
+			UserId:       v.UserId,
+			UserDN:       v.UserDN,
+			UserName:     v.UserName,
+			Email:        v.Email,
+			Mobile:       v.Mobile,
+			Avatar:       v.Avatar,
+			EmployeeType: v.EmployeeType,
+			Status:       v.Status,
+		})
+	}
+	return resp.SetStatusWithMessage(basic.CodeOK, "success", types.GetLdapUsersRsp{
+		List:         rspList,
+		PagingCookie: cookie,
+	})
+}
+
+// 处理逻辑后 w,r 如:重定向, resp 必须重新处理
+// func (l *GetLdapUsersLogic) AfterLogic(w http.ResponseWriter, r *http.Request, resp *basic.Response) {
+// // httpx.OkJsonCtx(r.Context(), w, resp)
+// }
--- a/server/ldap-admin/internal/logic/removeldaporganizationmemberlogic.go
+++ b/server/ldap-admin/internal/logic/removeldaporganizationmemberlogic.go
@ -46,7 +46,7 @@ func (l *RemoveLdapOrganizationMemberLogic) RemoveLdapOrganizationMember(req *ty
 	if !email.IsEmailValid(cnEmail) {
 		return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "错误的用户cn")
 	}
-	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN)
+	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
 	err := ldapServer.RemoveUserFromOrganization(req.OrganizationDN, req.UserDN)
 	if err != nil {
 		logx.Error(err)
--- a/server/ldap-admin/internal/logic/updateldaporganizationlogic.go
+++ b/server/ldap-admin/internal/logic/updateldaporganizationlogic.go
@ -40,7 +40,7 @@ func (l *UpdateLdapOrganizationLogic) UpdateLdapOrganization(req *types.UpdateLd
 	if len(req.OrganizationDN) <= 3 || req.OrganizationDN[:3] != "ou=" {
 		return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "参数错误，无效的组织DN")
 	}
-	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN)
+	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
 	if err := ldapServer.Update(req.OrganizationDN, map[string][]string{
 		"businessCategory": {req.BusinessCategory},
 	}); err != nil {
--- a/server/ldap-admin/internal/logic/updateldapuserlogic.go
+++ b/server/ldap-admin/internal/logic/updateldapuserlogic.go
@ -52,7 +52,7 @@ func (l *UpdateLdapUserLogic) UpdateLdapUser(req *types.UpdateLdapUserReq, useri
 	}
 	//把用户名转pinyin
 	userNamePinyin := chinese_to_pinyin.ChineseToPinyin(req.UserName)
-	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN)
+	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
 	//更新的属性
 	attr := map[string][]string{
 		"homeDirectory":    {"/home/users/" + userNamePinyin},
--- a/server/ldap-admin/internal/logic/updateldapuserpwdlogic.go
+++ b/server/ldap-admin/internal/logic/updateldapuserpwdlogic.go
@ -48,7 +48,7 @@ func (l *UpdateLdapUserPwdLogic) UpdateLdapUserPwd(req *types.UpdateLdapUserPwdR
 	if !email.IsEmailValid(cnEmail) {
 		return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "错误的用户cn")
 	}
-	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN)
+	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
 	//查询个人信息
 	user, err := ldapServer.GetLdapUserInfo(req.UserDN)
 	if err != nil {
--- a/server/ldap-admin/internal/types/types.go
+++ b/server/ldap-admin/internal/types/types.go
@ -194,13 +194,34 @@ type GetLdapOrganizationMembersRsp struct {
 }

 type GetLdapOrganizationMembersItem struct {
-	UserId   int64  `json:"userId"`
-	UserDN   string `json:"user_dn"`
-	UserName string `json:"user_name"`          //用户名
-	Email    string `json:"email"`              //邮箱
-	Mobile   string `json:"mobile"`             //手机号
-	Avatar   string `json:"avatar"`             //头像地址
-	Status   int64  `json:"status,options=0|1"` //状态 1正常0离职
+	UserId       int64  `json:"userId"`
+	UserDN       string `json:"user_dn"`
+	UserName     string `json:"user_name"` //用户名
+	Email        string `json:"email"`     //邮箱
+	Mobile       string `json:"mobile"`    //手机号
+	Avatar       string `json:"avatar"`    //头像地址
+	EmployeeType int64  `json:"employee_type"`
+	Status       int64  `json:"status,options=0|1"` //状态 1正常0离职
+}
+
+type GetLdapUsersReq struct {
+	PageCookie string `form:"page_cookie,optional"` //下一页分页游标，传空/不传就是第一页
+}
+
+type GetLdapUsersRsp struct {
+	List         []GetLdapUsersItem `json:"list"`
+	PagingCookie string             `json:"paging_cookie"`
+}
+
+type GetLdapUsersItem struct {
+	UserId       int64  `json:"userId"`
+	UserDN       string `json:"user_dn"`
+	UserName     string `json:"user_name"` //用户名
+	Email        string `json:"email"`     //邮箱
+	Mobile       string `json:"mobile"`    //手机号
+	Avatar       string `json:"avatar"`    //头像地址
+	EmployeeType int64  `json:"employee_type"`
+	Status       int64  `json:"status,options=0|1"` //状态 1正常0离职
 }

 type Request struct {
--- a/server_api/ldap-admin.api
+++ b/server_api/ldap-admin.api
@ -89,6 +89,9 @@ service ldap-admin {
 	//创建用户基础组
 	@handler CreateLdapUserBaseGroupHandler
 	post /api/ldap-admin/create_ldap_user_base_group(request) returns (response);
+	//获取基础用户组中成员列表
+	@handler GetLdapUsersHandler
+	get /api/ldap-admin/get_ldap_users(GetLdapUsersReq) returns (response);
 }

 type (
@ -272,11 +275,30 @@ type GetLdapOrganizationMembersRsp {
 	List []GetLdapOrganizationMembersItem `json:"list"`
 }
 type GetLdapOrganizationMembersItem {
-	UserId   int64  `json:"userId"`
-	UserDN   string `json:"user_dn"`
-	UserName string `json:"user_name"`          //用户名
-	Email    string `json:"email"`              //邮箱
-	Mobile   string `json:"mobile"`             //手机号
-	Avatar   string `json:"avatar"`             //头像地址
-	Status   int64  `json:"status,options=0|1"` //状态 1正常0离职
+	UserId       int64  `json:"userId"`
+	UserDN       string `json:"user_dn"`
+	UserName     string `json:"user_name"` //用户名
+	Email        string `json:"email"`     //邮箱
+	Mobile       string `json:"mobile"`    //手机号
+	Avatar       string `json:"avatar"`    //头像地址
+	EmployeeType int64  `json:"employee_type"`
+	Status       int64  `json:"status,options=0|1"` //状态 1正常0离职
+}
+//获取基础用户组中成员列表
+type GetLdapUsersReq {
+	PageCookie string `form:"page_cookie,optional"` //下一页分页游标，传空/不传就是第一页
+}
+type GetLdapUsersRsp {
+	List         []GetLdapUsersItem `json:"list"`
+	PagingCookie string             `json:"paging_cookie"`
+}
+type GetLdapUsersItem {
+	UserId       int64  `json:"userId"`
+	UserDN       string `json:"user_dn"`
+	UserName     string `json:"user_name"` //用户名
+	Email        string `json:"email"`     //邮箱
+	Mobile       string `json:"mobile"`    //手机号
+	Avatar       string `json:"avatar"`    //头像地址
+	EmployeeType int64  `json:"employee_type"`
+	Status       int64  `json:"status,options=0|1"` //状态 1正常0离职
 }
--- a/utils/ldap_lib/ldap_group.go
+++ b/utils/ldap_lib/ldap_group.go
@ -8,16 +8,18 @@ import (
 )

 type Ldap struct {
-	baseDN string
-	rootDN string
-	conn   *ldap.Conn
+	baseDN        string
+	rootDN        string
+	conn          *ldap.Conn
+	peopleGroupDN string
 }

-func NewLdap(conn *ldap.Conn, baseDN, rootDN string) *Ldap {
+func NewLdap(conn *ldap.Conn, baseDN, rootDN, peopleGroupDN string) *Ldap {
 	return &Ldap{
-		baseDN: baseDN,
-		rootDN: rootDN,
-		conn:   conn,
+		baseDN:        baseDN,
+		rootDN:        rootDN,
+		conn:          conn,
+		peopleGroupDN: peopleGroupDN,
 	}
 }

@ -74,6 +76,34 @@ func (l *Ldap) Search(DN string, scope int, filter string, attr []string, contro
 	return l.conn.Search(searchRequest)
 }

+// 分页查询资源(分组/用户)
+func (l *Ldap) SearchWithPaging(DN string, scope int, filter string, attr []string, pageSize uint32, pagingCookie string) (resp *ldap.SearchResult, err error) {
+	if DN == l.rootDN {
+		return nil, errors.New("没有权限查询根用户")
+	}
+	if filter == "" {
+		rootCn := strings.Split(l.rootDN, ",")
+		if len(rootCn) == 0 {
+			return nil, errors.New("root用户DN未设置")
+		}
+		filter = "(&(objectClass=*)(!(" + rootCn[0] + ")))"
+	}
+	searchRequest := ldap.NewSearchRequest(
+		DN,
+		scope, ldap.NeverDerefAliases, 0, 0, false,
+		filter,
+		attr,
+		nil,
+	)
+	pagingCtl := ldap.NewControlPaging(pageSize)
+	pagingCtl.SetCookie([]byte(pagingCookie))
+	searchRequest.Controls = []ldap.Control{
+		pagingCtl,
+	}
+	// 执行搜索请求
+	return l.conn.Search(searchRequest)
+}
+
 // AddUserToGroup 添加用户到组织
 func (l *Ldap) AddUserToOrganization(organizationDN, userDN string) error {
 	modify := ldap.NewModifyRequest(organizationDN, nil)
--- a/utils/ldap_lib/ldap_user.go
+++ b/utils/ldap_lib/ldap_user.go
@ -1,6 +1,7 @@
 package ldap_lib

 import (
+	"encoding/hex"
 	"errors"
 	"github.com/go-ldap/ldap/v3"
 	"github.com/zeromicro/go-zero/core/logx"
@ -8,7 +9,7 @@ import (
 	"strings"
 )

-type GetLdapUserInfoRsp struct {
+type LdapUserInfo struct {
 	UserId       int64  `json:"userId"`
 	UserDN       string `json:"user_dn"`
 	UserName     string `json:"user_name"`          //用户名
@ -20,7 +21,8 @@ type GetLdapUserInfoRsp struct {
 	Status       int64  `json:"status,options=0|1"` //状态 1正常0离职
 }

-func (l *Ldap) GetLdapUserInfo(userDN string) (*GetLdapUserInfoRsp, error) {
+// 获取用户详情
+func (l *Ldap) GetLdapUserInfo(userDN string) (*LdapUserInfo, error) {
 	res, err := l.Search(userDN, ldap.ScopeWholeSubtree, "(&(objectClass=posixAccount)(objectClass=inetOrgPerson))", nil, nil)
 	if err != nil {
 		return nil, err
@ -28,7 +30,7 @@ func (l *Ldap) GetLdapUserInfo(userDN string) (*GetLdapUserInfoRsp, error) {
 	if len(res.Entries) != 1 {
 		return nil, errors.New("查询到不到用户信息")
 	}
-	user := &GetLdapUserInfoRsp{}
+	user := &LdapUserInfo{}
 	for _, entry := range res.Entries {
 		if entry.DN != userDN {
 			continue
@ -80,3 +82,71 @@ func (l *Ldap) GetLdapUserInfo(userDN string) (*GetLdapUserInfoRsp, error) {
 	}
 	return user, nil
 }
+
+// 获取基础组用户列表
+func (l *Ldap) GetLdapBaseTeamUserList(pageSize uint32, pageCookie string) ([]LdapUserInfo, string, error) {
+	pageCookieBytes, err := hex.DecodeString(pageCookie)
+	if err != nil {
+		return nil, "", err
+	}
+	result, err := l.SearchWithPaging(l.peopleGroupDN, ldap.ScopeWholeSubtree, "(objectClass=person)", nil, pageSize, string(pageCookieBytes))
+	if err != nil {
+		return nil, "", err
+	}
+	list := make([]LdapUserInfo, 0, pageSize)
+	for _, entry := range result.Entries {
+		user := LdapUserInfo{
+			UserDN: entry.DN,
+		}
+		for _, attr := range entry.Attributes {
+			switch attr.Name {
+			case "uidNumber": //用户id
+				if len(attr.Values) == 0 {
+					continue
+				}
+				user.UserId, err = strconv.ParseInt(attr.Values[0], 10, 64)
+				if err != nil {
+					logx.Error(err)
+					return nil, "", errors.New("用户id转数字失败")
+				}
+			case "sn": //用户真名
+				user.UserName = strings.Join(attr.Values, "")
+			case "mail": //邮箱
+				user.Email = strings.Join(attr.Values, "")
+			case "mobile": //手机号
+				user.Mobile = strings.Join(attr.Values, "")
+			case "postalAddress": //头像
+				user.Avatar = strings.Join(attr.Values, "")
+			case "userPassword": //密码
+				user.Password = strings.Join(attr.Values, ",")
+			case "employeeType": //员工类型
+				if len(attr.Values) == 0 {
+					continue
+				}
+				user.EmployeeType, err = strconv.ParseInt(attr.Values[0], 10, 64)
+				if err != nil {
+					return nil, "", errors.New("用户类型转数字失败")
+				}
+			case "postalCode": //状态
+				if len(attr.Values) == 0 {
+					continue
+				}
+				user.Status, err = strconv.ParseInt(attr.Values[0], 10, 64)
+				if err != nil {
+					return nil, "", errors.New("用户状态转数字失败")
+				}
+			}
+		}
+		list = append(list, user)
+	}
+	rspCookie := ""
+	// 检查是否还有更多条目需要获取
+	controls := result.Controls
+	if len(controls) > 0 {
+		cookieControl := controls[0]
+		if control, ok := cookieControl.(*ldap.ControlPaging); ok {
+			rspCookie = hex.EncodeToString(control.Cookie)
+		}
+	}
+	return list, rspCookie, nil
+}