-
-
Notifications
You must be signed in to change notification settings - Fork 265
/
user_ildap.go
197 lines (177 loc) · 6.25 KB
/
user_ildap.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
package ildap
import (
"fmt"
"github.com/eryajf/go-ldap-admin/config"
"github.com/eryajf/go-ldap-admin/model"
"github.com/eryajf/go-ldap-admin/public/common"
"github.com/eryajf/go-ldap-admin/public/tools"
ldap "github.com/go-ldap/ldap/v3"
)
type UserService struct{}
// 创建资源
func (x UserService) Add(user *model.User) error {
add := ldap.NewAddRequest(user.UserDN, nil)
add.Attribute("objectClass", []string{"inetOrgPerson"})
add.Attribute("cn", []string{user.Username})
add.Attribute("sn", []string{user.Nickname})
add.Attribute("businessCategory", []string{user.Departments})
add.Attribute("departmentNumber", []string{user.Position})
add.Attribute("description", []string{user.Introduction})
add.Attribute("displayName", []string{user.Nickname})
add.Attribute("mail", []string{user.Mail})
add.Attribute("employeeNumber", []string{user.JobNumber})
add.Attribute("givenName", []string{user.GivenName})
add.Attribute("postalAddress", []string{user.PostalAddress})
add.Attribute("mobile", []string{user.Mobile})
add.Attribute("uid", []string{user.Username})
var pass string
if config.Conf.Ldap.UserPasswordEncryptionType == "clear" {
pass = user.Password
} else {
pass = tools.EncodePass([]byte(tools.NewParPasswd(user.Password)))
}
add.Attribute("userPassword", []string{pass})
// 获取 LDAP 连接
conn, err := common.GetLDAPConn()
defer common.PutLADPConn(conn)
if err != nil {
return err
}
return conn.Add(add)
}
// Update 更新资源
func (x UserService) Update(oldusername string, user *model.User) error {
modify := ldap.NewModifyRequest(user.UserDN, nil)
modify.Replace("cn", []string{user.Username})
modify.Replace("sn", []string{oldusername})
modify.Replace("businessCategory", []string{user.Departments})
modify.Replace("departmentNumber", []string{user.Position})
modify.Replace("description", []string{user.Introduction})
modify.Replace("displayName", []string{user.Nickname})
modify.Replace("mail", []string{user.Mail})
modify.Replace("employeeNumber", []string{user.JobNumber})
modify.Replace("givenName", []string{user.GivenName})
modify.Replace("postalAddress", []string{user.PostalAddress})
modify.Replace("mobile", []string{user.Mobile})
// 获取 LDAP 连接
conn, err := common.GetLDAPConn()
defer common.PutLADPConn(conn)
if err != nil {
return err
}
err = conn.Modify(modify)
if err != nil {
return err
}
if config.Conf.Ldap.UserNameModify && oldusername != user.Username {
modifyDn := ldap.NewModifyDNRequest(fmt.Sprintf("uid=%s,%s", oldusername, config.Conf.Ldap.UserDN), fmt.Sprintf("uid=%s", user.Username), true, "")
return conn.ModifyDN(modifyDn)
}
return nil
}
func (x UserService) Exist(filter map[string]interface{}) (bool, error) {
filter_str := ""
for key, value := range filter {
filter_str += fmt.Sprintf("(%s=%s)", key, value)
}
search_filter := fmt.Sprintf("(&(|(objectClass=inetOrgPerson)(objectClass=simpleSecurityObject))%s)", filter_str)
// Construct query request
searchRequest := ldap.NewSearchRequest(
config.Conf.Ldap.BaseDN, // This is basedn, we will start searching from this node.
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, // Here several parameters are respectively scope, derefAliases, sizeLimit, timeLimit, typesOnly
search_filter, // This is Filter for LDAP query
[]string{"DN"}, // Here are the attributes returned by the query, provided as an array. If empty, all attributes are returned
nil,
)
// 获取 LDAP 连接
conn, err := common.GetLDAPConn()
defer common.PutLADPConn(conn)
if err != nil {
return false, err
}
var sr *ldap.SearchResult
// Search through ldap built-in search
sr, err = conn.Search(searchRequest)
if err != nil {
return false, err
}
if len(sr.Entries) > 0 {
return true, nil
}
return false, nil
}
// Delete 删除资源
func (x UserService) Delete(udn string) error {
del := ldap.NewDelRequest(udn, nil)
// 获取 LDAP 连接
conn, err := common.GetLDAPConn()
defer common.PutLADPConn(conn)
if err != nil {
return err
}
return conn.Del(del)
}
// ChangePwd 修改用户密码,此处旧密码也可以为空,ldap可以直接通过用户DN加上新密码来进行修改
func (x UserService) ChangePwd(udn, oldpasswd, newpasswd string) error {
modifyPass := ldap.NewPasswordModifyRequest(udn, oldpasswd, newpasswd)
// 获取 LDAP 连接
conn, err := common.GetLDAPConn()
defer common.PutLADPConn(conn)
if err != nil {
return err
}
_, err = conn.PasswordModify(modifyPass)
if err != nil {
return fmt.Errorf("password modify failed for %s, err: %v", udn, err)
}
return nil
}
// NewPwd 新旧密码都是空,通过管理员可以修改成功并返回新的密码
func (x UserService) NewPwd(username string) (string, error) {
udn := fmt.Sprintf("uid=%s,%s", username, config.Conf.Ldap.UserDN)
if username == "admin" {
udn = config.Conf.Ldap.AdminDN
}
modifyPass := ldap.NewPasswordModifyRequest(udn, "", "")
// 获取 LDAP 连接
conn, err := common.GetLDAPConn()
defer common.PutLADPConn(conn)
if err != nil {
return "", err
}
newpass, err := conn.PasswordModify(modifyPass)
if err != nil {
return "", fmt.Errorf("password modify failed for %s, err: %v", username, err)
}
return newpass.GeneratedPassword, nil
}
func (x UserService) ListUserDN() (users []*model.User, err error) {
// Construct query request
searchRequest := ldap.NewSearchRequest(
config.Conf.Ldap.BaseDN, // This is basedn, we will start searching from this node.
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, // Here several parameters are respectively scope, derefAliases, sizeLimit, timeLimit, typesOnly
"(|(objectClass=inetOrgPerson)(objectClass=simpleSecurityObject))", // This is Filter for LDAP query
[]string{"DN"}, // Here are the attributes returned by the query, provided as an array. If empty, all attributes are returned
nil,
)
// 获取 LDAP 连接
conn, err := common.GetLDAPConn()
defer common.PutLADPConn(conn)
if err != nil {
return users, err
}
var sr *ldap.SearchResult
// Search through ldap built-in search
sr, err = conn.Search(searchRequest)
if err != nil {
return nil, err
}
if len(sr.Entries) > 0 {
for _, v := range sr.Entries {
users = append(users, &model.User{
UserDN: v.DN,
})
}
}
return
}