fusenapi/utils/ldap_lib/ldap_group.go

package ldap_lib

import (
	"errors"
	"strings"

	"github.com/go-ldap/ldap/v3"
)

type Ldap struct {
	baseDN        string
	rootDN        string
	conn          *ldap.Conn
	peopleGroupDN string
	jwtSecret     string
}

func NewLdap(conn *ldap.Conn, baseDN, rootDN, peopleGroupDN, jwtSecret string) *Ldap {
	return &Ldap{
		baseDN:        baseDN,
		rootDN:        rootDN,
		conn:          conn,
		peopleGroupDN: peopleGroupDN,
		jwtSecret:     jwtSecret,
	}
}

// 更新资源(分组/用户)
func (l *Ldap) Update(DN string, attr map[string][]string) error {
	if DN == l.rootDN {
		return errors.New("根用户不能更新")
	}
	modify := ldap.NewModifyRequest(DN, nil)
	for key, v := range attr {
		modify.Replace(key, v)
	}
	return l.conn.Modify(modify)
}

// 创建资源(分组/用户)
func (l *Ldap) Create(DN string, attr map[string][]string) error {
	add := ldap.NewAddRequest(DN, nil)
	for key, v := range attr {
		add.Attribute(key, v)
	}
	return l.conn.Add(add)
}

// 删除资源(分组/用户)
func (l *Ldap) Delete(DN string) error {
	if DN == l.rootDN {
		return errors.New("根用户不能删除")
	}
	del := ldap.NewDelRequest(DN, nil)
	return l.conn.Del(del)
}

// 查询资源(分组/用户)
func (l *Ldap) Search(DN string, scope int, filter string, attr []string, controls []ldap.Control) (resp *ldap.SearchResult, err error) {
	if DN == l.rootDN {
		return nil, errors.New("没有权限查询根用户")
	}
	if filter == "" {
		rootCn := strings.Split(l.rootDN, ",")
		if len(rootCn) == 0 {
			return nil, errors.New("root用户DN未设置")
		}
		filter = "(&(objectClass=*)(!(" + rootCn[0] + ")))"
	}
	searchRequest := ldap.NewSearchRequest(
		DN,
		scope, ldap.NeverDerefAliases, 0, 0, false,
		filter,
		attr,
		controls,
	)
	// 执行搜索请求
	return l.conn.Search(searchRequest)
}

// 分页查询资源(分组/用户)
func (l *Ldap) SearchWithPaging(DN string, scope int, filter string, attr []string, pageSize uint32, pagingCookie string) (resp *ldap.SearchResult, err error) {
	if DN == l.rootDN {
		return nil, errors.New("没有权限查询根用户")
	}
	if filter == "" {
		rootCn := strings.Split(l.rootDN, ",")
		if len(rootCn) == 0 {
			return nil, errors.New("root用户DN未设置")
		}
		filter = "(&(objectClass=*)(!(" + rootCn[0] + ")))"
	}
	searchRequest := ldap.NewSearchRequest(
		DN,
		scope, ldap.NeverDerefAliases, 0, 0, false,
		filter,
		attr,
		nil,
	)
	pagingCtl := ldap.NewControlPaging(pageSize)
	pagingCtl.SetCookie([]byte(pagingCookie))
	searchRequest.Controls = []ldap.Control{
		pagingCtl,
	}
	// 执行搜索请求
	return l.conn.Search(searchRequest)
}

//*********************************************************************************************

// AddUserToGroup 添加用户到组织
func (l *Ldap) AddUserToOrganization(organizationDN, userDN string) error {
	modify := ldap.NewModifyRequest(organizationDN, nil)
	modify.Add("uniqueMember", []string{userDN})
	return l.conn.Modify(modify)
}

// DelUserFromGroup 将用户从分组删除
func (l *Ldap) RemoveUserFromOrganization(groupDN, userDN string) error {
	if userDN == l.rootDN {
		return errors.New("根用户不能从分组删除")
	}
	modify := ldap.NewModifyRequest(groupDN, nil)
	modify.Delete("uniqueMember", []string{userDN})
	return l.conn.Modify(modify)
}
fix 2023-11-15 06:28:14 +00:00			`package ldap_lib`

			`import (`
			`"errors"`
fix 2023-11-16 03:50:43 +00:00			`"strings"`
调整 2023-11-15 09:03:37 +00:00
fix 2023-11-15 06:28:14 +00:00			`"github.com/go-ldap/ldap/v3"`
			`)`

			`type Ldap struct {`
fix 2023-11-20 09:16:17 +00:00			`baseDN string`
			`rootDN string`
			`conn *ldap.Conn`
			`peopleGroupDN string`
fix 2023-11-22 02:12:46 +00:00			`jwtSecret string`
fix 2023-11-15 06:28:14 +00:00			`}`

fix 2023-11-22 02:12:46 +00:00			`func NewLdap(conn ldap.Conn, baseDN, rootDN, peopleGroupDN, jwtSecret string) Ldap {`
fix 2023-11-16 03:50:43 +00:00			`return &Ldap{`
fix 2023-11-20 09:16:17 +00:00			`baseDN: baseDN,`
			`rootDN: rootDN,`
			`conn: conn,`
			`peopleGroupDN: peopleGroupDN,`
fix 2023-11-22 02:12:46 +00:00			`jwtSecret: jwtSecret,`
fix 2023-11-16 03:50:43 +00:00			`}`
fix 2023-11-15 06:28:14 +00:00			`}`

			`// 更新资源(分组/用户)`
			`func (l *Ldap) Update(DN string, attr map[string][]string) error {`
fix 2023-11-17 07:06:03 +00:00			`if DN == l.rootDN {`
			`return errors.New("根用户不能更新")`
			`}`
fix 2023-11-15 06:28:14 +00:00			`modify := ldap.NewModifyRequest(DN, nil)`
			`for key, v := range attr {`
			`modify.Replace(key, v)`
			`}`
			`return l.conn.Modify(modify)`
			`}`

			`// 创建资源(分组/用户)`
			`func (l *Ldap) Create(DN string, attr map[string][]string) error {`
			`add := ldap.NewAddRequest(DN, nil)`
			`for key, v := range attr {`
			`add.Attribute(key, v)`
			`}`
			`return l.conn.Add(add)`
			`}`

			`// 删除资源(分组/用户)`
			`func (l *Ldap) Delete(DN string) error {`
fix 2023-11-17 07:06:03 +00:00			`if DN == l.rootDN {`
			`return errors.New("根用户不能删除")`
			`}`
fix 2023-11-15 06:28:14 +00:00			`del := ldap.NewDelRequest(DN, nil)`
			`return l.conn.Del(del)`
			`}`

fix 2023-11-15 08:43:32 +00:00			`// 查询资源(分组/用户)`
fix 2023-11-16 10:29:45 +00:00			`func (l Ldap) Search(DN string, scope int, filter string, attr []string, controls []ldap.Control) (resp ldap.SearchResult, err error) {`
fix 2023-11-17 07:06:03 +00:00			`if DN == l.rootDN {`
fix 2023-11-17 10:17:33 +00:00			`return nil, errors.New("没有权限查询根用户")`
fix 2023-11-17 07:06:03 +00:00			`}`
fix 2023-11-15 08:43:32 +00:00			`if filter == "" {`
fix 2023-11-16 03:50:43 +00:00			`rootCn := strings.Split(l.rootDN, ",")`
			`if len(rootCn) == 0 {`
			`return nil, errors.New("root用户DN未设置")`
			`}`
			`filter = "(&(objectClass=*)(!(" + rootCn[0] + ")))"`
fix 2023-11-15 08:43:32 +00:00			`}`
			`searchRequest := ldap.NewSearchRequest(`
			`DN,`
fix 2023-11-16 10:29:45 +00:00			`scope, ldap.NeverDerefAliases, 0, 0, false,`
fix 2023-11-15 08:43:32 +00:00			`filter,`
			`attr,`
			`controls,`
			`)`
			`// 执行搜索请求`
			`return l.conn.Search(searchRequest)`
			`}`

fix 2023-11-20 09:16:17 +00:00			`// 分页查询资源(分组/用户)`
			`func (l Ldap) SearchWithPaging(DN string, scope int, filter string, attr []string, pageSize uint32, pagingCookie string) (resp ldap.SearchResult, err error) {`
			`if DN == l.rootDN {`
			`return nil, errors.New("没有权限查询根用户")`
			`}`
			`if filter == "" {`
			`rootCn := strings.Split(l.rootDN, ",")`
			`if len(rootCn) == 0 {`
			`return nil, errors.New("root用户DN未设置")`
			`}`
			`filter = "(&(objectClass=*)(!(" + rootCn[0] + ")))"`
			`}`
			`searchRequest := ldap.NewSearchRequest(`
			`DN,`
			`scope, ldap.NeverDerefAliases, 0, 0, false,`
			`filter,`
			`attr,`
			`nil,`
			`)`
			`pagingCtl := ldap.NewControlPaging(pageSize)`
			`pagingCtl.SetCookie([]byte(pagingCookie))`
			`searchRequest.Controls = []ldap.Control{`
			`pagingCtl,`
			`}`
			`// 执行搜索请求`
			`return l.conn.Search(searchRequest)`
			`}`

fix 2023-11-21 03:39:03 +00:00			`//*********************************************************************************************`

fix 2023-11-17 02:22:23 +00:00			`// AddUserToGroup 添加用户到组织`
fix 2023-11-17 03:10:38 +00:00			`func (l *Ldap) AddUserToOrganization(organizationDN, userDN string) error {`
			`modify := ldap.NewModifyRequest(organizationDN, nil)`
fix 2023-11-15 06:28:14 +00:00			`modify.Add("uniqueMember", []string{userDN})`
			`return l.conn.Modify(modify)`
			`}`

fix 2023-11-15 10:42:49 +00:00			`// DelUserFromGroup 将用户从分组删除`
fix 2023-11-17 02:22:23 +00:00			`func (l *Ldap) RemoveUserFromOrganization(groupDN, userDN string) error {`
fix 2023-11-17 07:06:03 +00:00			`if userDN == l.rootDN {`
			`return errors.New("根用户不能从分组删除")`
			`}`
fix 2023-11-15 06:28:14 +00:00			`modify := ldap.NewModifyRequest(groupDN, nil)`
			`modify.Delete("uniqueMember", []string{userDN})`
			`return l.conn.Modify(modify)`
			`}`