From 9cb54041cd34e919144224dad5bf6a914c46ab6c Mon Sep 17 00:00:00 2001
From: laodaming <11058467+laudamine@user.noreply.gitee.com>
Date: Wed, 22 Nov 2023 11:18:29 +0800
Subject: [PATCH 1/5] fix
---
utils/ldap_lib/auth.go | 16 +++++++++++-----
1 file changed, 11 insertions(+), 5 deletions(-)
diff --git a/utils/ldap_lib/auth.go b/utils/ldap_lib/auth.go
index 770a3768..7b725867 100644
--- a/utils/ldap_lib/auth.go
+++ b/utils/ldap_lib/auth.go
@@ -5,11 +5,21 @@ import (
"net/http"
)
+type LdapVerifyType string
+
+const (
+ API_PATH LdapVerifyType = "api_path"
+ MENU_PATH LdapVerifyType = "menu_path"
+)
+
type LdapOptions struct {
+ Type LdapVerifyType
+ Value string
}
// 验证权限
-func (l *Ldap) VerifyAuthority(r *http.Request, options ...string) bool {
+func (l *Ldap) VerifyAuthority(r *http.Request, options ...LdapOptions) bool {
+ return true
token := r.Header.Get("Ldap-Authorization")
info, err := l.ParseJwtToken(token, l.jwtSecret)
if err != nil {
@@ -27,9 +37,5 @@ func (l *Ldap) VerifyAuthority(r *http.Request, options ...string) bool {
if len(options) == 0 {
return true
}
- // todo 获取分组信息
- /*for _, option := range options {
-
- }*/
return true
}
From 233987634ca8e958050ec4cb14efc24f5b0f0097 Mon Sep 17 00:00:00 2001
From: laodaming <11058467+laudamine@user.noreply.gitee.com>
Date: Wed, 22 Nov 2023 12:28:16 +0800
Subject: [PATCH 2/5] fix
---
.../logic/getldaporganizationmemberslogic.go | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/server/ldap-admin/internal/logic/getldaporganizationmemberslogic.go b/server/ldap-admin/internal/logic/getldaporganizationmemberslogic.go
index 8a88fa90..675333c4 100644
--- a/server/ldap-admin/internal/logic/getldaporganizationmemberslogic.go
+++ b/server/ldap-admin/internal/logic/getldaporganizationmemberslogic.go
@@ -59,6 +59,7 @@ func (l *GetLdapOrganizationMembersLogic) GetLdapOrganizationMembers(req *types.
//遍历成员提取cn用于从用户基础组中获取用户信息列表
filterBuilder := strings.Builder{}
memberCount := 0
+ memberDNList := make([]string, 0, 100)
for _, entry := range result.Entries {
if entry.DN != req.OrganizationDN {
continue
@@ -69,6 +70,7 @@ func (l *GetLdapOrganizationMembersLogic) GetLdapOrganizationMembers(req *types.
continue
}
memberCount = len(attr.Values)
+ memberDNList = attr.Values
for _, memberDn := range attr.Values {
//不需要根用户
if memberDn == l.svcCtx.Config.Ldap.RootDN {
@@ -91,6 +93,7 @@ func (l *GetLdapOrganizationMembersLogic) GetLdapOrganizationMembers(req *types.
return resp.SetStatusWithMessage(basic.CodeServiceErr, "查询ldap帐号信息失败,"+err.Error())
}
list := make([]types.GetLdapOrganizationMembersItem, 0, memberCount)
+ mapUser := make(map[string]struct{})
for _, user := range userList {
if user.Status != 1 {
//从部门member中移出
@@ -99,6 +102,7 @@ func (l *GetLdapOrganizationMembersLogic) GetLdapOrganizationMembers(req *types.
}
continue
}
+ mapUser[user.UserDN] = struct{}{}
list = append(list, types.GetLdapOrganizationMembersItem{
UserId: user.UserId,
UserDN: user.UserDN,
@@ -110,6 +114,16 @@ func (l *GetLdapOrganizationMembersLogic) GetLdapOrganizationMembers(req *types.
Status: user.Status,
})
}
+ //把通讯录中没有的也删除
+ for _, memberDN := range memberDNList {
+ if _, ok := mapUser[memberDN]; ok {
+ continue
+ }
+ //从组织中移除没有帐号的用户
+ if err = l.svcCtx.Ldap.RemoveUserFromOrganization(req.OrganizationDN, memberDN); err != nil {
+ logx.Error("移除用户成员失败!:", err)
+ }
+ }
return resp.SetStatusWithMessage(basic.CodeOK, "success", types.GetLdapOrganizationMembersRsp{
List: list,
})
From 67ac4b37a25a0affef5f27bba588cfa37f53bdc2 Mon Sep 17 00:00:00 2001
From: laodaming <11058467+laudamine@user.noreply.gitee.com>
Date: Wed, 22 Nov 2023 12:30:50 +0800
Subject: [PATCH 3/5] fix
---
.../logic/getldaporganizationmemberslogic.go | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)
diff --git a/server/ldap-admin/internal/logic/getldaporganizationmemberslogic.go b/server/ldap-admin/internal/logic/getldaporganizationmemberslogic.go
index 675333c4..70a53e28 100644
--- a/server/ldap-admin/internal/logic/getldaporganizationmemberslogic.go
+++ b/server/ldap-admin/internal/logic/getldaporganizationmemberslogic.go
@@ -114,14 +114,16 @@ func (l *GetLdapOrganizationMembersLogic) GetLdapOrganizationMembers(req *types.
Status: user.Status,
})
}
- //把通讯录中没有的也删除
- for _, memberDN := range memberDNList {
- if _, ok := mapUser[memberDN]; ok {
- continue
- }
- //从组织中移除没有帐号的用户
- if err = l.svcCtx.Ldap.RemoveUserFromOrganization(req.OrganizationDN, memberDN); err != nil {
- logx.Error("移除用户成员失败!:", err)
+ //成员组成员DN数跟查出来的不一致有可能是帐号被物理删除了,则也把帐号从组织中移除
+ if memberCount != len(userList) {
+ for _, memberDN := range memberDNList {
+ if _, ok := mapUser[memberDN]; ok {
+ continue
+ }
+ //从组织中移除没有帐号的用户
+ if err = l.svcCtx.Ldap.RemoveUserFromOrganization(req.OrganizationDN, memberDN); err != nil {
+ logx.Error("移除用户成员失败!:", err)
+ }
}
}
return resp.SetStatusWithMessage(basic.CodeOK, "success", types.GetLdapOrganizationMembersRsp{
From e5a73420b655e826385b54d315e2b7721b6fd76a Mon Sep 17 00:00:00 2001
From: laodaming <11058467+laudamine@user.noreply.gitee.com>
Date: Wed, 22 Nov 2023 13:07:05 +0800
Subject: [PATCH 4/5] fix
---
.../logic/getldaporganizationmemberslogic.go | 39 +++++++++++--------
1 file changed, 22 insertions(+), 17 deletions(-)
diff --git a/server/ldap-admin/internal/logic/getldaporganizationmemberslogic.go b/server/ldap-admin/internal/logic/getldaporganizationmemberslogic.go
index 70a53e28..3ae5c203 100644
--- a/server/ldap-admin/internal/logic/getldaporganizationmemberslogic.go
+++ b/server/ldap-admin/internal/logic/getldaporganizationmemberslogic.go
@@ -60,27 +60,32 @@ func (l *GetLdapOrganizationMembersLogic) GetLdapOrganizationMembers(req *types.
filterBuilder := strings.Builder{}
memberCount := 0
memberDNList := make([]string, 0, 100)
- for _, entry := range result.Entries {
- if entry.DN != req.OrganizationDN {
+ if len(result.Entries) == 0 {
+ return resp.SetStatusWithMessage(basic.CodeOK, "success", types.GetLdapOrganizationMembersRsp{
+ List: []types.GetLdapOrganizationMembersItem{},
+ })
+ }
+ teamGroup := result.Entries[0]
+ if teamGroup.DN != req.OrganizationDN {
+ return resp.SetStatusWithMessage(basic.CodeOK, "success", types.GetLdapOrganizationMembersRsp{
+ List: []types.GetLdapOrganizationMembersItem{},
+ })
+ }
+ //查到用户信息了
+ for _, attr := range teamGroup.Attributes {
+ if attr.Name != "uniqueMember" {
continue
}
- //查到用户信息了
- for _, attr := range entry.Attributes {
- if attr.Name != "uniqueMember" {
+ memberCount = len(attr.Values)
+ memberDNList = attr.Values
+ for _, memberDn := range attr.Values {
+ //不需要根用户
+ if memberDn == l.svcCtx.Config.Ldap.RootDN {
continue
}
- memberCount = len(attr.Values)
- memberDNList = attr.Values
- for _, memberDn := range attr.Values {
- //不需要根用户
- if memberDn == l.svcCtx.Config.Ldap.RootDN {
- continue
- }
- //解析dn成每个小的单元
- cellList := strings.Split(memberDn, ",") //取cn邮箱
- filterBuilder.WriteString(fmt.Sprintf("(%s)", cellList[0]))
- }
- break
+ //解析dn成每个小的单元
+ cellList := strings.Split(memberDn, ",") //取cn邮箱
+ filterBuilder.WriteString(fmt.Sprintf("(%s)", cellList[0]))
}
break
}
From 79faa6a3778d24039a57da3903822111a53553f6 Mon Sep 17 00:00:00 2001
From: laodaming <11058467+laudamine@user.noreply.gitee.com>
Date: Wed, 22 Nov 2023 13:13:12 +0800
Subject: [PATCH 5/5] fix
---
utils/ldap_lib/ldap_user.go | 88 +++++++++++++++++++------------------
1 file changed, 45 insertions(+), 43 deletions(-)
diff --git a/utils/ldap_lib/ldap_user.go b/utils/ldap_lib/ldap_user.go
index 4cb4902e..3e61fe90 100644
--- a/utils/ldap_lib/ldap_user.go
+++ b/utils/ldap_lib/ldap_user.go
@@ -29,51 +29,53 @@ func (l *Ldap) GetLdapUserInfo(userDN string) (*LdapUserInfo, error) {
if len(res.Entries) != 1 {
return nil, errors.New("查询到不到用户信息")
}
- user := &LdapUserInfo{}
- for _, entry := range res.Entries {
- if entry.DN != userDN {
- continue
- }
- user.UserDN = entry.DN
- for _, attr := range entry.Attributes {
- switch attr.Name {
- case "uidNumber": //用户id
- if len(attr.Values) == 0 {
- return nil, errors.New("用户id不存在")
- }
- user.UserId, err = strconv.ParseInt(attr.Values[0], 10, 64)
- if err != nil {
- return nil, err
- }
- case "sn": //用户真名
- user.UserName = strings.Join(attr.Values, "")
- case "mail": //邮箱
- user.Email = strings.Join(attr.Values, "")
- case "mobile": //手机号
- user.Mobile = strings.Join(attr.Values, "")
- case "postalAddress": //头像
- user.Avatar = strings.Join(attr.Values, "")
- case "userPassword": //密码
- user.Password = strings.Join(attr.Values, ",")
- case "employeeType": //员工类型
- if len(attr.Values) == 0 {
- return nil, errors.New("用户类型不存在")
- }
- user.EmployeeType, err = strconv.ParseInt(attr.Values[0], 10, 64)
- if err != nil {
- return nil, err
- }
- case "postalCode": //状态
- if len(attr.Values) == 0 {
- return nil, errors.New("用户状态不存在")
- }
- user.Status, err = strconv.ParseInt(attr.Values[0], 10, 64)
- if err != nil {
- return nil, err
- }
+ if len(res.Entries) == 0 {
+ return nil, errors.New("ldap user not exists(entry not exists)")
+ }
+ userEntry := res.Entries[0]
+ if userEntry.DN != userDN {
+ return nil, errors.New("ldap user not exists(DN not match)")
+ }
+ user := &LdapUserInfo{
+ UserDN: userEntry.DN,
+ }
+ for _, attr := range userEntry.Attributes {
+ switch attr.Name {
+ case "uidNumber": //用户id
+ if len(attr.Values) == 0 {
+ return nil, errors.New("用户id不存在")
+ }
+ user.UserId, err = strconv.ParseInt(attr.Values[0], 10, 64)
+ if err != nil {
+ return nil, err
+ }
+ case "sn": //用户真名
+ user.UserName = strings.Join(attr.Values, "")
+ case "mail": //邮箱
+ user.Email = strings.Join(attr.Values, "")
+ case "mobile": //手机号
+ user.Mobile = strings.Join(attr.Values, "")
+ case "postalAddress": //头像
+ user.Avatar = strings.Join(attr.Values, "")
+ case "userPassword": //密码
+ user.Password = strings.Join(attr.Values, ",")
+ case "employeeType": //员工类型
+ if len(attr.Values) == 0 {
+ return nil, errors.New("用户类型不存在")
+ }
+ user.EmployeeType, err = strconv.ParseInt(attr.Values[0], 10, 64)
+ if err != nil {
+ return nil, err
+ }
+ case "postalCode": //状态
+ if len(attr.Values) == 0 {
+ return nil, errors.New("用户状态不存在")
+ }
+ user.Status, err = strconv.ParseInt(attr.Values[0], 10, 64)
+ if err != nil {
+ return nil, err
}
}
- break
}
if user.UserId == 0 {
return nil, errors.New("查询到的不是用户信息!!!")