2023-11-15 06:28:14 +00:00
|
|
|
package ldap_lib
|
|
|
|
|
|
|
|
import (
|
|
|
|
"errors"
|
2023-11-16 03:50:43 +00:00
|
|
|
"strings"
|
2023-11-15 09:03:37 +00:00
|
|
|
|
2023-11-15 06:28:14 +00:00
|
|
|
"github.com/go-ldap/ldap/v3"
|
|
|
|
)
|
|
|
|
|
|
|
|
type Ldap struct {
|
2023-11-16 03:50:43 +00:00
|
|
|
baseDN string
|
|
|
|
rootDN string
|
|
|
|
peopleGroupOu string
|
|
|
|
conn *ldap.Conn
|
2023-11-15 06:28:14 +00:00
|
|
|
}
|
|
|
|
|
2023-11-16 03:50:43 +00:00
|
|
|
func NewLdap(conn *ldap.Conn, baseDN, rootDN, peopleGroupOu string) *Ldap {
|
|
|
|
return &Ldap{
|
|
|
|
baseDN: baseDN,
|
|
|
|
rootDN: rootDN,
|
|
|
|
peopleGroupOu: peopleGroupOu,
|
|
|
|
conn: conn,
|
|
|
|
}
|
2023-11-15 06:28:14 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// 更新资源(分组/用户)
|
|
|
|
func (l *Ldap) Update(DN string, attr map[string][]string) error {
|
|
|
|
modify := ldap.NewModifyRequest(DN, nil)
|
|
|
|
for key, v := range attr {
|
|
|
|
modify.Replace(key, v)
|
|
|
|
}
|
|
|
|
return l.conn.Modify(modify)
|
|
|
|
}
|
|
|
|
|
|
|
|
// 创建资源(分组/用户)
|
|
|
|
func (l *Ldap) Create(DN string, attr map[string][]string) error {
|
|
|
|
add := ldap.NewAddRequest(DN, nil)
|
|
|
|
for key, v := range attr {
|
|
|
|
add.Attribute(key, v)
|
|
|
|
}
|
|
|
|
return l.conn.Add(add)
|
|
|
|
}
|
|
|
|
|
|
|
|
// 删除资源(分组/用户)
|
|
|
|
func (l *Ldap) Delete(DN string) error {
|
|
|
|
del := ldap.NewDelRequest(DN, nil)
|
|
|
|
return l.conn.Del(del)
|
|
|
|
}
|
|
|
|
|
2023-11-15 08:43:32 +00:00
|
|
|
// 查询资源(分组/用户)
|
|
|
|
func (l *Ldap) Search(DN, filter string, attr []string, controls []ldap.Control) (resp *ldap.SearchResult, err error) {
|
|
|
|
if filter == "" {
|
2023-11-16 03:50:43 +00:00
|
|
|
rootCn := strings.Split(l.rootDN, ",")
|
|
|
|
if len(rootCn) == 0 {
|
|
|
|
return nil, errors.New("root用户DN未设置")
|
|
|
|
}
|
|
|
|
filter = "(&(objectClass=*)(!(" + rootCn[0] + ")))"
|
2023-11-15 08:43:32 +00:00
|
|
|
}
|
|
|
|
searchRequest := ldap.NewSearchRequest(
|
|
|
|
DN,
|
|
|
|
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
|
|
|
|
filter,
|
|
|
|
attr,
|
|
|
|
controls,
|
|
|
|
)
|
|
|
|
// 执行搜索请求
|
|
|
|
return l.conn.Search(searchRequest)
|
|
|
|
}
|
|
|
|
|
2023-11-15 10:42:49 +00:00
|
|
|
// AddUserToGroup 添加用户到分组
|
2023-11-15 06:28:14 +00:00
|
|
|
func (l *Ldap) AddUserToGroup(groupDN, userDN string) error {
|
|
|
|
//判断dn是否以ou开头
|
|
|
|
if groupDN[:3] == "ou=" {
|
|
|
|
return errors.New("不能添加用户到OU组织单元")
|
|
|
|
}
|
|
|
|
modify := ldap.NewModifyRequest(groupDN, nil)
|
|
|
|
modify.Add("uniqueMember", []string{userDN})
|
|
|
|
return l.conn.Modify(modify)
|
|
|
|
}
|
|
|
|
|
2023-11-15 10:42:49 +00:00
|
|
|
// DelUserFromGroup 将用户从分组删除
|
2023-11-15 06:28:14 +00:00
|
|
|
func (l *Ldap) RemoveUserFromGroup(groupDN, userDN string) error {
|
|
|
|
modify := ldap.NewModifyRequest(groupDN, nil)
|
|
|
|
modify.Delete("uniqueMember", []string{userDN})
|
|
|
|
return l.conn.Modify(modify)
|
|
|
|
}
|