fix

2023-11-22 10:12:46 +08:00 · 2023-11-22 10:12:46 +08:00 · 53a99c36b1
commit 53a99c36b1
parent 040016d88f
17 changed files with 55 additions and 68 deletions
--- a/server/ldap-admin/internal/logic/addldaporganizationmemberlogic.go
+++ b/server/ldap-admin/internal/logic/addldaporganizationmemberlogic.go
@ -3,7 +3,6 @@ package logic
 import (
 	"fusenapi/utils/basic"
 	"fusenapi/utils/email"
-	"fusenapi/utils/ldap_lib"
 	"net/http"
 	"strings"

@ -34,8 +33,8 @@ func NewAddLdapOrganizationMemberLogic(ctx context.Context, svcCtx *svc.ServiceC
 // }

 func (l *AddLdapOrganizationMemberLogic) AddLdapOrganizationMember(req *types.AddLdapOrganizationMemberReq, r *http.Request) (resp *basic.Response) {
-	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
-	if !ldapServer.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
+
+	if !l.svcCtx.Ldap.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
 		return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限，请联系管理员开通")
 	}
 	req.OrganizationDN = strings.Trim(req.OrganizationDN, " ")
@ -50,7 +49,7 @@ func (l *AddLdapOrganizationMemberLogic) AddLdapOrganizationMember(req *types.Ad
 	if !email.IsEmailValid(cnEmail) {
 		return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "错误的用户cn")
 	}
-	err := ldapServer.AddUserToOrganization(req.OrganizationDN, req.UserDN)
+	err := l.svcCtx.Ldap.AddUserToOrganization(req.OrganizationDN, req.UserDN)
 	if err != nil {
 		logx.Error(err)
 		return resp.SetStatusWithMessage(basic.CodeServiceErr, "添加成员失败，"+err.Error())
--- a/server/ldap-admin/internal/logic/createldaporganizationlogic.go
+++ b/server/ldap-admin/internal/logic/createldaporganizationlogic.go
@ -3,7 +3,6 @@ package logic
 import (
 	"fusenapi/utils/basic"
 	"fusenapi/utils/chinese_to_pinyin"
-	"fusenapi/utils/ldap_lib"
 	"net/http"
 	"strings"

@ -34,8 +33,8 @@ func NewCreateLdapOrganizationLogic(ctx context.Context, svcCtx *svc.ServiceCont
 // }

 func (l *CreateLdapOrganizationLogic) CreateLdapOrganization(req *types.CreateLdapOrganizationReq, r *http.Request) (resp *basic.Response) {
-	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
-	if !ldapServer.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
+
+	if !l.svcCtx.Ldap.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
 		return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限，请联系管理员开通")
 	}
 	req.OrganizationEnName = strings.Trim(req.OrganizationEnName, " ")
@ -56,7 +55,7 @@ func (l *CreateLdapOrganizationLogic) CreateLdapOrganization(req *types.CreateLd
 	}
 	//组装organization dn
 	organizationDN := "ou=" + req.OrganizationEnName + "," + req.ParentOrganizationDN
-	err := ldapServer.Create(organizationDN, map[string][]string{
+	err := l.svcCtx.Ldap.Create(organizationDN, map[string][]string{
 		"objectClass":      {"top", "groupOfUniqueNames"},
 		"cn":               {req.OrganizationEnName},
 		"ou":               {req.OrganizationEnName},
--- a/server/ldap-admin/internal/logic/createldapuserbasegrouplogic.go
+++ b/server/ldap-admin/internal/logic/createldapuserbasegrouplogic.go
@ -2,7 +2,6 @@ package logic

 import (
 	"fusenapi/utils/basic"
-	"fusenapi/utils/ldap_lib"
 	"net/http"

 	"context"
@ -32,11 +31,11 @@ func NewCreateLdapUserBaseGroupLogic(ctx context.Context, svcCtx *svc.ServiceCon
 // }

 func (l *CreateLdapUserBaseGroupLogic) CreateLdapUserBaseGroup(req *types.Request, r *http.Request) (resp *basic.Response) {
-	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
-	if !ldapServer.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
+
+	if !l.svcCtx.Ldap.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
 		return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限，请联系管理员开通")
 	}
-	err := ldapServer.Create(l.svcCtx.Config.Ldap.PeopleGroupDN, map[string][]string{
+	err := l.svcCtx.Ldap.Create(l.svcCtx.Config.Ldap.PeopleGroupDN, map[string][]string{
 		"objectClass":      {"top", "organizationalUnit"},
 		"ou":               {"FusenTeam"},
 		"businessCategory": {"FUSEN团队"},
--- a/server/ldap-admin/internal/logic/createldapuserlogic.go
+++ b/server/ldap-admin/internal/logic/createldapuserlogic.go
@ -7,7 +7,6 @@ import (
 	"fusenapi/utils/chinese_to_pinyin"
 	"fusenapi/utils/email"
 	"fusenapi/utils/encryption_decryption"
-	"fusenapi/utils/ldap_lib"
 	"gorm.io/gorm"
 	"net/http"
 	"strings"
@ -40,8 +39,8 @@ func NewCreateLdapUserLogic(ctx context.Context, svcCtx *svc.ServiceContext) *Cr
 // }

 func (l *CreateLdapUserLogic) CreateLdapUser(req *types.CreateLdapUserReq, r *http.Request) (resp *basic.Response) {
-	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
-	if !ldapServer.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
+
+	if !l.svcCtx.Ldap.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
 		return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限，请联系管理员开通")
 	}
 	req.UserName = strings.Trim(req.UserName, " ")
@ -78,7 +77,7 @@ func (l *CreateLdapUserLogic) CreateLdapUser(req *types.CreateLdapUserReq, r *ht
 		if err != nil {
 			return err
 		}
-		return ldapServer.Create(userDN, map[string][]string{
+		return l.svcCtx.Ldap.Create(userDN, map[string][]string{
 			"objectClass":      {"person", "organizationalPerson", "inetOrgPerson", "posixAccount", "top", "shadowAccount"}, //固有属性
 			"shadowLastChange": {"19676"},                                                                                   //固有属性
 			"shadowMin":        {"0"},                                                                                       //固有属性
--- a/server/ldap-admin/internal/logic/deleteldaporganizationlogic.go
+++ b/server/ldap-admin/internal/logic/deleteldaporganizationlogic.go
@ -2,7 +2,6 @@ package logic

 import (
 	"fusenapi/utils/basic"
-	"fusenapi/utils/ldap_lib"
 	"net/http"
 	"strings"

@ -33,15 +32,15 @@ func NewDeleteLdapOrganizationLogic(ctx context.Context, svcCtx *svc.ServiceCont
 // }

 func (l *DeleteLdapOrganizationLogic) DeleteLdapOrganization(req *types.DeleteLdapOrganizationReq, r *http.Request) (resp *basic.Response) {
-	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
-	if !ldapServer.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
+
+	if !l.svcCtx.Ldap.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
 		return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限，请联系管理员开通")
 	}
 	req.OrganizationDN = strings.Trim(req.OrganizationDN, " ")
 	if len(req.OrganizationDN) <= 3 || req.OrganizationDN[:3] != "ou=" {
 		return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "参数错误，无效的组织DN")
 	}
-	if err := ldapServer.Delete(req.OrganizationDN); err != nil {
+	if err := l.svcCtx.Ldap.Delete(req.OrganizationDN); err != nil {
 		logx.Error(err)
 		return resp.SetStatusWithMessage(basic.CodeServiceErr, "删除ldap组织失败,"+err.Error())
 	}
--- a/server/ldap-admin/internal/logic/deleteldapuserlogic.go
+++ b/server/ldap-admin/internal/logic/deleteldapuserlogic.go
@ -2,7 +2,6 @@ package logic

 import (
 	"fusenapi/utils/basic"
-	"fusenapi/utils/ldap_lib"
 	"net/http"
 	"strings"

@ -33,15 +32,15 @@ func NewDeleteLdapUserLogic(ctx context.Context, svcCtx *svc.ServiceContext) *De
 // }

 func (l *DeleteLdapUserLogic) DeleteLdapUser(req *types.DeleteLdapUserReq, r *http.Request) (resp *basic.Response) {
-	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
-	if !ldapServer.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
+
+	if !l.svcCtx.Ldap.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
 		return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限，请联系管理员开通")
 	}
 	req.UserDN = strings.Trim(req.UserDN, " ")
 	if len(req.UserDN) <= 3 || req.UserDN[:3] != "cn=" {
 		return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "参数错误，无效的用户DN")
 	}
-	err := ldapServer.Update(req.UserDN, map[string][]string{
+	err := l.svcCtx.Ldap.Update(req.UserDN, map[string][]string{
 		"postalCode": {"0"},
 	})
 	if err != nil {
--- a/server/ldap-admin/internal/logic/getldaporganizationmemberslogic.go
+++ b/server/ldap-admin/internal/logic/getldaporganizationmemberslogic.go
@ -3,7 +3,6 @@ package logic
 import (
 	"fmt"
 	"fusenapi/utils/basic"
-	"fusenapi/utils/ldap_lib"
 	"github.com/go-ldap/ldap/v3"
 	"net/http"
 	"strings"
@ -35,8 +34,8 @@ func NewGetLdapOrganizationMembersLogic(ctx context.Context, svcCtx *svc.Service
 // }

 func (l *GetLdapOrganizationMembersLogic) GetLdapOrganizationMembers(req *types.GetLdapOrganizationMembersReq, r *http.Request) (resp *basic.Response) {
-	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
-	if !ldapServer.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
+
+	if !l.svcCtx.Ldap.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
 		return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限，请联系管理员开通")
 	}
 	req.OrganizationDN = strings.Trim(req.OrganizationDN, " ")
@ -52,7 +51,7 @@ func (l *GetLdapOrganizationMembersLogic) GetLdapOrganizationMembers(req *types.
 	rootCn := rootDNSlice[0]
 	filter := "(&(objectClass=groupOfUniqueNames)(!(" + rootCn + ")))"
 	fields := []string{"uniqueMember"} //只是查询成员
-	result, err := ldapServer.Search(req.OrganizationDN, ldap.ScopeWholeSubtree, filter, fields, nil)
+	result, err := l.svcCtx.Ldap.Search(req.OrganizationDN, ldap.ScopeWholeSubtree, filter, fields, nil)
 	if err != nil {
 		logx.Error(err)
 		return resp.SetStatusWithMessage(basic.CodeServiceErr, "查询ldap组织成员错误,"+err.Error())
@ -86,7 +85,7 @@ func (l *GetLdapOrganizationMembersLogic) GetLdapOrganizationMembers(req *types.
 	//从新赋值filter
 	filter = "(&(objectClass=posixAccount)(objectClass=inetOrgPerson)(|" + filterBuilder.String() + "))"
 	//从用户基本组中找到员工
-	userList, err := ldapServer.GetLdapBaseTeamUsersByParams(filter)
+	userList, err := l.svcCtx.Ldap.GetLdapBaseTeamUsersByParams(filter)
 	if err != nil {
 		logx.Error(err)
 		return resp.SetStatusWithMessage(basic.CodeServiceErr, "查询ldap帐号信息失败,"+err.Error())
@ -95,7 +94,7 @@ func (l *GetLdapOrganizationMembersLogic) GetLdapOrganizationMembers(req *types.
 	for _, user := range userList {
 		if user.Status != 1 {
 			//从部门member中移出
-			if err = ldapServer.RemoveUserFromOrganization(req.OrganizationDN, user.UserDN); err != nil {
+			if err = l.svcCtx.Ldap.RemoveUserFromOrganization(req.OrganizationDN, user.UserDN); err != nil {
 				logx.Error("移除用户成员失败:", err)
 			}
 			continue
--- a/server/ldap-admin/internal/logic/getldaporganizationslogic.go
+++ b/server/ldap-admin/internal/logic/getldaporganizationslogic.go
@ -2,7 +2,6 @@ package logic

 import (
 	"fusenapi/utils/basic"
-	"fusenapi/utils/ldap_lib"
 	"github.com/go-ldap/ldap/v3"
 	"net/http"
 	"sort"
@ -43,8 +42,8 @@ type DNItem struct {
 }

 func (l *GetLdapOrganizationsLogic) GetLdapOrganizations(req *types.Request, r *http.Request) (resp *basic.Response) {
-	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
-	if !ldapServer.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
+
+	if !l.svcCtx.Ldap.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
 		return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限，请联系管理员开通")
 	}
 	//从ldap获取组织架构数据
@ -58,7 +57,7 @@ func (l *GetLdapOrganizationsLogic) GetLdapOrganizations(req *types.Request, r *
 	}
 	filter := "(|(&(objectClass=groupOfUniqueNames)(objectClass=top))(objectClass=organization))"
 	fields := []string{"businessCategory", "dn", "uniqueMember"}
-	searchResult, err := ldapServer.Search(l.svcCtx.Config.Ldap.BaseDN, ldap.ScopeWholeSubtree, filter, fields, nil)
+	searchResult, err := l.svcCtx.Ldap.Search(l.svcCtx.Config.Ldap.BaseDN, ldap.ScopeWholeSubtree, filter, fields, nil)
 	if err != nil {
 		return resp.SetStatusWithMessage(basic.CodeServiceErr, "查询失败:"+err.Error())
 	}
--- a/server/ldap-admin/internal/logic/getldapuserinfologic.go
+++ b/server/ldap-admin/internal/logic/getldapuserinfologic.go
@ -6,7 +6,6 @@ import (
 	"fusenapi/server/ldap-admin/internal/types"
 	"fusenapi/utils/basic"
 	"fusenapi/utils/email"
-	"fusenapi/utils/ldap_lib"
 	"net/http"
 	"strings"

@ -32,8 +31,8 @@ func NewGetLdapUserInfoLogic(ctx context.Context, svcCtx *svc.ServiceContext) *G
 // }

 func (l *GetLdapUserInfoLogic) GetLdapUserInfo(req *types.GetLdapUserInfoReq, r *http.Request) (resp *basic.Response) {
-	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
-	if !ldapServer.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
+
+	if !l.svcCtx.Ldap.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
 		return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限，请联系管理员开通")
 	}
 	if len(req.UserDN) <= 3 || req.UserDN[:3] != "cn=" {
@ -43,7 +42,7 @@ func (l *GetLdapUserInfoLogic) GetLdapUserInfo(req *types.GetLdapUserInfoReq, r
 	if !email.IsEmailValid(cnEmail) {
 		return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "错误的用户cn")
 	}
-	user, err := ldapServer.GetLdapUserInfo(req.UserDN)
+	user, err := l.svcCtx.Ldap.GetLdapUserInfo(req.UserDN)
 	if err != nil {
 		logx.Error(err)
 		return resp.SetStatusWithMessage(basic.CodeServiceErr, err.Error())
--- a/server/ldap-admin/internal/logic/getldapuserslogic.go
+++ b/server/ldap-admin/internal/logic/getldapuserslogic.go
@ -2,7 +2,6 @@ package logic

 import (
 	"fusenapi/utils/basic"
-	"fusenapi/utils/ldap_lib"
 	"net/http"
 	"strings"

@ -33,13 +32,13 @@ func NewGetLdapUsersLogic(ctx context.Context, svcCtx *svc.ServiceContext) *GetL
 // }

 func (l *GetLdapUsersLogic) GetLdapUsers(req *types.GetLdapUsersReq, r *http.Request) (resp *basic.Response) {
-	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
-	if !ldapServer.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
+
+	if !l.svcCtx.Ldap.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
 		return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限，请联系管理员开通")
 	}
 	req.PageCookie = strings.Trim(req.PageCookie, " ")
 	pageSize := uint32(20)
-	list, cookie, err := ldapServer.GetLdapBaseTeamUserList(pageSize, req.PageCookie)
+	list, cookie, err := l.svcCtx.Ldap.GetLdapBaseTeamUserList(pageSize, req.PageCookie)
 	if err != nil {
 		logx.Error(err)
 		return resp.SetStatusWithMessage(basic.CodeServiceErr, "查询用户列表报错,"+err.Error())
--- a/server/ldap-admin/internal/logic/ldapuserloginlogic.go
+++ b/server/ldap-admin/internal/logic/ldapuserloginlogic.go
@ -5,7 +5,6 @@ import (
 	"fusenapi/utils/basic"
 	"fusenapi/utils/email"
 	"fusenapi/utils/encryption_decryption"
-	"fusenapi/utils/ldap_lib"
 	"strings"

 	"context"
@ -42,8 +41,8 @@ func (l *LdapUserLoginLogic) LdapUserLogin(req *types.LdapUserLoginReq) (resp *b
 	}
 	userDN := fmt.Sprintf("cn=%s,%s", req.Email, l.svcCtx.Config.Ldap.PeopleGroupDN)
 	//查询dn
-	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
-	ldapUserInfo, err := ldapServer.GetLdapUserInfo(userDN)
+
+	ldapUserInfo, err := l.svcCtx.Ldap.GetLdapUserInfo(userDN)
 	if err != nil {
 		logx.Error(err)
 		return resp.SetStatusWithMessage(basic.CodeServiceErr, "获取用户信息失败,"+err.Error())
@ -65,7 +64,7 @@ func (l *LdapUserLoginLogic) LdapUserLogin(req *types.LdapUserLoginReq) (resp *b
 		return resp.SetStatusWithMessage(basic.CodeServiceErr, "密码错误!")
 	}
 	//生成token
-	token, err := ldapServer.GenJwtToken(ldapUserInfo.UserId, l.svcCtx.Config.Auth.AccessExpire, ldapUserInfo.UserDN, l.svcCtx.Config.Auth.AccessSecret)
+	token, err := l.svcCtx.Ldap.GenJwtToken(ldapUserInfo.UserId, l.svcCtx.Config.Auth.AccessExpire, ldapUserInfo.UserDN, l.svcCtx.Config.Auth.AccessSecret)
 	if err != nil {
 		logx.Error(err)
 		return resp.SetStatusWithMessage(basic.CodeServiceErr, "生成登录凭证失败")
--- a/server/ldap-admin/internal/logic/removeldaporganizationmemberlogic.go
+++ b/server/ldap-admin/internal/logic/removeldaporganizationmemberlogic.go
@ -3,7 +3,6 @@ package logic
 import (
 	"fusenapi/utils/basic"
 	"fusenapi/utils/email"
-	"fusenapi/utils/ldap_lib"
 	"net/http"
 	"strings"

@ -34,8 +33,8 @@ func NewRemoveLdapOrganizationMemberLogic(ctx context.Context, svcCtx *svc.Servi
 // }

 func (l *RemoveLdapOrganizationMemberLogic) RemoveLdapOrganizationMember(req *types.RemoveLdapOrganizationMemberReq, r *http.Request) (resp *basic.Response) {
-	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
-	if !ldapServer.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
+
+	if !l.svcCtx.Ldap.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
 		return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限，请联系管理员开通")
 	}
 	req.OrganizationDN = strings.Trim(req.OrganizationDN, " ")
@ -50,7 +49,7 @@ func (l *RemoveLdapOrganizationMemberLogic) RemoveLdapOrganizationMember(req *ty
 	if !email.IsEmailValid(cnEmail) {
 		return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "错误的用户cn")
 	}
-	err := ldapServer.RemoveUserFromOrganization(req.OrganizationDN, req.UserDN)
+	err := l.svcCtx.Ldap.RemoveUserFromOrganization(req.OrganizationDN, req.UserDN)
 	if err != nil {
 		logx.Error(err)
 		return resp.SetStatusWithMessage(basic.CodeServiceErr, "移除成员失败，"+err.Error())
--- a/server/ldap-admin/internal/logic/updateldaporganizationlogic.go
+++ b/server/ldap-admin/internal/logic/updateldaporganizationlogic.go
@ -2,7 +2,6 @@ package logic

 import (
 	"fusenapi/utils/basic"
-	"fusenapi/utils/ldap_lib"
 	"net/http"
 	"strings"

@ -33,8 +32,8 @@ func NewUpdateLdapOrganizationLogic(ctx context.Context, svcCtx *svc.ServiceCont
 // }

 func (l *UpdateLdapOrganizationLogic) UpdateLdapOrganization(req *types.UpdateLdapOrganizationReq, r *http.Request) (resp *basic.Response) {
-	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
-	if !ldapServer.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
+
+	if !l.svcCtx.Ldap.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
 		return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限，请联系管理员开通")
 	}
 	req.OrganizationDN = strings.Trim(req.OrganizationDN, " ")
@ -44,7 +43,7 @@ func (l *UpdateLdapOrganizationLogic) UpdateLdapOrganization(req *types.UpdateLd
 	if len(req.OrganizationDN) <= 3 || req.OrganizationDN[:3] != "ou=" {
 		return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "参数错误，无效的组织DN")
 	}
-	if err := ldapServer.Update(req.OrganizationDN, map[string][]string{
+	if err := l.svcCtx.Ldap.Update(req.OrganizationDN, map[string][]string{
 		"businessCategory": {req.BusinessCategory},
 	}); err != nil {
 		logx.Error(err)
--- a/server/ldap-admin/internal/logic/updateldapuserlogic.go
+++ b/server/ldap-admin/internal/logic/updateldapuserlogic.go
@ -6,7 +6,6 @@ import (
 	"fusenapi/utils/basic"
 	"fusenapi/utils/chinese_to_pinyin"
 	"fusenapi/utils/email"
-	"fusenapi/utils/ldap_lib"
 	"net/http"
 	"strings"
 	"time"
@ -38,8 +37,8 @@ func NewUpdateLdapUserLogic(ctx context.Context, svcCtx *svc.ServiceContext) *Up
 // }

 func (l *UpdateLdapUserLogic) UpdateLdapUser(req *types.UpdateLdapUserReq, r *http.Request) (resp *basic.Response) {
-	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
-	if !ldapServer.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
+
+	if !l.svcCtx.Ldap.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
 		return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限，请联系管理员开通")
 	}
 	req.UserDN = strings.Trim(req.UserDN, " ")
@ -70,7 +69,7 @@ func (l *UpdateLdapUserLogic) UpdateLdapUser(req *types.UpdateLdapUserReq, r *ht
 		"postalCode":       {fmt.Sprintf("%d", req.Status)},
 		"employeeType":     {fmt.Sprintf("%d", req.EmployeeType)},
 	}
-	err := ldapServer.Update(req.UserDN, attr)
+	err := l.svcCtx.Ldap.Update(req.UserDN, attr)
 	if err != nil {
 		logx.Error(err)
 		return resp.SetStatusWithMessage(basic.CodeServiceErr, "更新用户失败,"+err.Error())
--- a/server/ldap-admin/internal/logic/updateldapuserpwdlogic.go
+++ b/server/ldap-admin/internal/logic/updateldapuserpwdlogic.go
@ -4,7 +4,6 @@ import (
 	"fusenapi/utils/basic"
 	"fusenapi/utils/email"
 	"fusenapi/utils/encryption_decryption"
-	"fusenapi/utils/ldap_lib"
 	"net/http"
 	"strings"

@ -35,8 +34,8 @@ func NewUpdateLdapUserPwdLogic(ctx context.Context, svcCtx *svc.ServiceContext)
 // }

 func (l *UpdateLdapUserPwdLogic) UpdateLdapUserPwd(req *types.UpdateLdapUserPwdReq, r *http.Request) (resp *basic.Response) {
-	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
-	if !ldapServer.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
+
+	if !l.svcCtx.Ldap.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
 		return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限，请联系管理员开通")
 	}
 	req.UserDN = strings.Trim(req.UserDN, " ")
@ -53,7 +52,7 @@ func (l *UpdateLdapUserPwdLogic) UpdateLdapUserPwd(req *types.UpdateLdapUserPwdR
 		return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "错误的用户cn")
 	}
 	//查询个人信息
-	user, err := ldapServer.GetLdapUserInfo(req.UserDN)
+	user, err := l.svcCtx.Ldap.GetLdapUserInfo(req.UserDN)
 	if err != nil {
 		logx.Error(err)
 		return resp.SetStatusWithMessage(basic.CodeServiceErr, err.Error())
@ -76,7 +75,7 @@ func (l *UpdateLdapUserPwdLogic) UpdateLdapUserPwd(req *types.UpdateLdapUserPwdR
 		logx.Error(err)
 		return resp.SetStatusWithMessage(basic.CodeServiceErr, "加密密码失败")
 	}
-	err = ldapServer.Update(req.UserDN, map[string][]string{
+	err = l.svcCtx.Ldap.Update(req.UserDN, map[string][]string{
 		"userPassword": {"{crypt}" + newPwd},
 	})
 	if err != nil {
--- a/server/ldap-admin/internal/svc/servicecontext.go
+++ b/server/ldap-admin/internal/svc/servicecontext.go
@ -4,7 +4,7 @@ import (
 	"fusenapi/initalize"
 	"fusenapi/model/gmodel"
 	"fusenapi/server/ldap-admin/internal/config"
-	"github.com/go-ldap/ldap/v3"
+	"fusenapi/utils/ldap_lib"
 	"gorm.io/gorm"
 )

@ -13,17 +13,17 @@ type ServiceContext struct {
 	MysqlConn *gorm.DB
 	AllModels *gmodel.AllModelsGen
 	RabbitMq  *initalize.RabbitMqHandle
-	Ldap      *ldap.Conn
+	Ldap      *ldap_lib.Ldap
 }

 func NewServiceContext(c config.Config) *ServiceContext {
 	conn := initalize.InitMysql(c.SourceMysql)
-
+	ldapConn := initalize.InitLdap(c.Ldap.Host, c.Ldap.BindDN, c.Ldap.Password)
 	return &ServiceContext{
 		Config:    c,
 		MysqlConn: conn,
 		AllModels: gmodel.NewAllModels(initalize.InitMysql(c.SourceMysql)),
 		RabbitMq:  initalize.InitRabbitMq(c.SourceRabbitMq, nil),
-		Ldap:      initalize.InitLdap(c.Ldap.Host, c.Ldap.BindDN, c.Ldap.Password),
+		Ldap:      ldap_lib.NewLdap(ldapConn, c.Ldap.BaseDN, c.Ldap.RootDN, c.Ldap.PeopleGroupDN, c.Auth.AccessSecret),
 	}
 }
--- a/utils/ldap_lib/ldap_group.go
+++ b/utils/ldap_lib/ldap_group.go
@ -12,14 +12,16 @@ type Ldap struct {
 	rootDN        string
 	conn          *ldap.Conn
 	peopleGroupDN string
+	jwtSecret     string
 }

-func NewLdap(conn *ldap.Conn, baseDN, rootDN, peopleGroupDN string) *Ldap {
+func NewLdap(conn *ldap.Conn, baseDN, rootDN, peopleGroupDN, jwtSecret string) *Ldap {
 	return &Ldap{
 		baseDN:        baseDN,
 		rootDN:        rootDN,
 		conn:          conn,
 		peopleGroupDN: peopleGroupDN,
+		jwtSecret:     jwtSecret,
 	}
 }