From 3f2c872463c7fa419726a384c7dab89f291e937d Mon Sep 17 00:00:00 2001 From: laodaming <11058467+laudamine@user.noreply.gitee.com> Date: Fri, 17 Nov 2023 11:10:38 +0800 Subject: [PATCH] fix --- .../logic/addldaporganizationmemberlogic.go | 10 +++++++-- .../logic/getldaporganizationslogic.go | 18 ++++------------ .../removeldaporganizationmemberlogic.go | 21 +++++++++++++++---- utils/ldap_lib/ldap_group.go | 8 +++---- 4 files changed, 33 insertions(+), 24 deletions(-) diff --git a/server/ldap-admin/internal/logic/addldaporganizationmemberlogic.go b/server/ldap-admin/internal/logic/addldaporganizationmemberlogic.go index 887d1217..b4de6179 100644 --- a/server/ldap-admin/internal/logic/addldaporganizationmemberlogic.go +++ b/server/ldap-admin/internal/logic/addldaporganizationmemberlogic.go @@ -3,6 +3,7 @@ package logic import ( "fusenapi/utils/auth" "fusenapi/utils/basic" + "fusenapi/utils/ldap_lib" "strings" "context" @@ -40,8 +41,13 @@ func (l *AddLdapOrganizationMemberLogic) AddLdapOrganizationMember(req *types.Ad if len(req.UserDN) <= 3 || req.UserDN[:3] != "cn=" { return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "无效的用户DN") } - //ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN) - return resp.SetStatus(basic.CodeOK) + ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN) + err := ldapServer.AddUserToOrganization(req.OrganizationDN, req.UserDN) + if err != nil { + logx.Error(err) + return resp.SetStatusWithMessage(basic.CodeServiceErr, "添加成员失败,", err.Error()) + } + return resp.SetStatusWithMessage(basic.CodeOK, "添加成功") } // 处理逻辑后 w,r 如:重定向, resp 必须重新处理 diff --git a/server/ldap-admin/internal/logic/getldaporganizationslogic.go b/server/ldap-admin/internal/logic/getldaporganizationslogic.go index 6162499a..7e3bc261 100644 --- a/server/ldap-admin/internal/logic/getldaporganizationslogic.go +++ b/server/ldap-admin/internal/logic/getldaporganizationslogic.go @@ -52,8 +52,9 @@ func (l *GetLdapOrganizationsLogic) GetLdapOrganizations(req *types.Request, use if len(peopleDNSlice) <= 1 { return resp.SetStatusWithMessage(basic.CodeServiceErr, "基础用户组的DN未配置") } - filter := "(&(objectClass=*)(!(" + peopleDNSlice[0] + "))(!(" + rootCn[0] + ")))" //所有object但是不包括people以及root用户 - searchResult, err := ldapServer.Search(l.svcCtx.Config.Ldap.BaseDN, ldap.ScopeWholeSubtree, filter, nil, nil) + filter := "(|(&(objectClass=groupOfUniqueNames)(objectClass=top))(objectClass=organization))" + fields := []string{"businessCategory", "dn"} + searchResult, err := ldapServer.Search(l.svcCtx.Config.Ldap.BaseDN, ldap.ScopeWholeSubtree, filter, fields, nil) if err != nil { return resp.SetStatusWithMessage(basic.CodeServiceErr, "查询失败:"+err.Error()) } @@ -64,18 +65,7 @@ func (l *GetLdapOrganizationsLogic) GetLdapOrganizations(req *types.Request, use sortNum++ attribute := make(map[string]interface{}) for _, attr := range v.Attributes { - switch attr.Name { - case "objectClass": //objectcalss属性特别处理 - mapObjectClass := make(map[string]struct{}) - for _, objectClassItem := range attr.Values { - mapObjectClass[objectClassItem] = struct{}{} - } - attribute[attr.Name] = mapObjectClass - case "member": //成员不用变 - attribute[attr.Name] = attr.Values - default: //普通属性 - attribute[attr.Name] = strings.Join(attr.Values, ",") - } + attribute[attr.Name] = strings.Join(attr.Values, ",") } mapDN[v.DN] = &DNItem{ DN: v.DN, diff --git a/server/ldap-admin/internal/logic/removeldaporganizationmemberlogic.go b/server/ldap-admin/internal/logic/removeldaporganizationmemberlogic.go index 443a3457..75b74314 100644 --- a/server/ldap-admin/internal/logic/removeldaporganizationmemberlogic.go +++ b/server/ldap-admin/internal/logic/removeldaporganizationmemberlogic.go @@ -3,6 +3,8 @@ package logic import ( "fusenapi/utils/auth" "fusenapi/utils/basic" + "fusenapi/utils/ldap_lib" + "strings" "context" @@ -31,10 +33,21 @@ func NewRemoveLdapOrganizationMemberLogic(ctx context.Context, svcCtx *svc.Servi // } func (l *RemoveLdapOrganizationMemberLogic) RemoveLdapOrganizationMember(req *types.RemoveLdapOrganizationMemberReq, userinfo *auth.UserInfo) (resp *basic.Response) { - // 返回值必须调用Set重新返回, resp可以空指针调用 resp.SetStatus(basic.CodeOK, data) - // userinfo 传入值时, 一定不为null - - return resp.SetStatus(basic.CodeOK) + req.OrganizationDN = strings.Trim(req.OrganizationDN, " ") + req.UserDN = strings.Trim(req.UserDN, " ") + if len(req.OrganizationDN) <= 3 || req.OrganizationDN[:3] != "ou=" { + return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "无效的目标组织DN") + } + if len(req.UserDN) <= 3 || req.UserDN[:3] != "cn=" { + return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "无效的用户DN") + } + ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN) + err := ldapServer.RemoveUserFromOrganization(req.OrganizationDN, req.UserDN) + if err != nil { + logx.Error(err) + return resp.SetStatusWithMessage(basic.CodeServiceErr, "移除成员失败,", err.Error()) + } + return resp.SetStatusWithMessage(basic.CodeOK, "移除成员成功") } // 处理逻辑后 w,r 如:重定向, resp 必须重新处理 diff --git a/utils/ldap_lib/ldap_group.go b/utils/ldap_lib/ldap_group.go index 922cc303..360f8bca 100644 --- a/utils/ldap_lib/ldap_group.go +++ b/utils/ldap_lib/ldap_group.go @@ -66,12 +66,12 @@ func (l *Ldap) Search(DN string, scope int, filter string, attr []string, contro } // AddUserToGroup 添加用户到组织 -func (l *Ldap) AddUserToOrganization(groupDN, userDN string) error { +func (l *Ldap) AddUserToOrganization(organizationDN, userDN string) error { //判断dn是否以ou开头 - if groupDN[:3] == "ou=" { + /*if organizationDN[:3] == "ou=" { return errors.New("不能添加用户到OU组织单元") - } - modify := ldap.NewModifyRequest(groupDN, nil) + }*/ + modify := ldap.NewModifyRequest(organizationDN, nil) modify.Add("uniqueMember", []string{userDN}) return l.conn.Modify(modify) }