package ldap_lib import ( "errors" "strings" "github.com/go-ldap/ldap/v3" ) type Ldap struct { baseDN string rootDN string peopleGroupOu string conn *ldap.Conn } func NewLdap(conn *ldap.Conn, baseDN, rootDN, peopleGroupOu string) *Ldap { return &Ldap{ baseDN: baseDN, rootDN: rootDN, peopleGroupOu: peopleGroupOu, conn: conn, } } // 更新资源(分组/用户) func (l *Ldap) Update(DN string, attr map[string][]string) error { modify := ldap.NewModifyRequest(DN, nil) for key, v := range attr { modify.Replace(key, v) } return l.conn.Modify(modify) } // 创建资源(分组/用户) func (l *Ldap) Create(DN string, attr map[string][]string) error { add := ldap.NewAddRequest(DN, nil) for key, v := range attr { add.Attribute(key, v) } return l.conn.Add(add) } // 删除资源(分组/用户) func (l *Ldap) Delete(DN string) error { del := ldap.NewDelRequest(DN, nil) return l.conn.Del(del) } // 查询资源(分组/用户) func (l *Ldap) Search(DN, filter string, attr []string, controls []ldap.Control) (resp *ldap.SearchResult, err error) { if filter == "" { rootCn := strings.Split(l.rootDN, ",") if len(rootCn) == 0 { return nil, errors.New("root用户DN未设置") } filter = "(&(objectClass=*)(!(" + rootCn[0] + ")))" } searchRequest := ldap.NewSearchRequest( DN, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, filter, attr, controls, ) // 执行搜索请求 return l.conn.Search(searchRequest) } // AddUserToGroup 添加用户到分组 func (l *Ldap) AddUserToGroup(groupDN, userDN string) error { //判断dn是否以ou开头 if groupDN[:3] == "ou=" { return errors.New("不能添加用户到OU组织单元") } modify := ldap.NewModifyRequest(groupDN, nil) modify.Add("uniqueMember", []string{userDN}) return l.conn.Modify(modify) } // DelUserFromGroup 将用户从分组删除 func (l *Ldap) RemoveUserFromGroup(groupDN, userDN string) error { modify := ldap.NewModifyRequest(groupDN, nil) modify.Delete("uniqueMember", []string{userDN}) return l.conn.Modify(modify) }