ldap-1-backend/service/ildap/user_ildap.go

package ildap

import (
	"fmt"

	"github.com/eryajf/go-ldap-admin/config"
	"github.com/eryajf/go-ldap-admin/model"
	"github.com/eryajf/go-ldap-admin/public/common"
	"github.com/eryajf/go-ldap-admin/public/tools"

	ldap "github.com/go-ldap/ldap/v3"
)

type UserService struct{}

// 创建资源
func (x UserService) Add(user *model.User) error {
	add := ldap.NewAddRequest(user.UserDN, nil)
	add.Attribute("objectClass", []string{"inetOrgPerson"})
	add.Attribute("cn", []string{user.Username})
	add.Attribute("sn", []string{user.Nickname})
	add.Attribute("businessCategory", []string{user.Departments})
	add.Attribute("departmentNumber", []string{user.Position})
	add.Attribute("description", []string{user.Introduction})
	add.Attribute("displayName", []string{user.Nickname})
	add.Attribute("mail", []string{user.Mail})
	add.Attribute("employeeNumber", []string{user.JobNumber})
	add.Attribute("givenName", []string{user.GivenName})
	add.Attribute("postalAddress", []string{user.PostalAddress})
	add.Attribute("mobile", []string{user.Mobile})
	add.Attribute("uid", []string{user.Username})
	add.Attribute("userPassword", []string{tools.NewParPasswd(user.Password)})

	// 获取 LDAP 连接
	conn, err := common.GetLDAPConn()
	defer common.PutLADPConn(conn)
	if err != nil {
		return err
	}

	return conn.Add(add)
}

// Update 更新资源
func (x UserService) Update(oldusername string, user *model.User) error {
	modify := ldap.NewModifyRequest(user.UserDN, nil)
	modify.Replace("cn", []string{user.Nickname})
	modify.Replace("sn", []string{oldusername})
	modify.Replace("businessCategory", []string{user.Departments})
	modify.Replace("departmentNumber", []string{user.Position})
	modify.Replace("description", []string{user.Introduction})
	modify.Replace("displayName", []string{user.Nickname})
	modify.Replace("mail", []string{user.Mail})
	modify.Replace("employeeNumber", []string{user.JobNumber})
	modify.Replace("givenName", []string{user.GivenName})
	modify.Replace("postalAddress", []string{user.PostalAddress})
	modify.Replace("mobile", []string{user.Mobile})

	// 获取 LDAP 连接
	conn, err := common.GetLDAPConn()
	defer common.PutLADPConn(conn)
	if err != nil {
		return err
	}

	err = conn.Modify(modify)
	if err != nil {
		return err
	}
	if config.Conf.Ldap.UserNameModify && oldusername != user.Username {
		modifyDn := ldap.NewModifyDNRequest(fmt.Sprintf("uid=%s,%s", oldusername, config.Conf.Ldap.UserDN), fmt.Sprintf("uid=%s", user.Username), true, "")
		return conn.ModifyDN(modifyDn)
	}
	return nil
}

// Delete 删除资源
func (x UserService) Delete(udn string) error {
	del := ldap.NewDelRequest(udn, nil)
	// 获取 LDAP 连接
	conn, err := common.GetLDAPConn()
	defer common.PutLADPConn(conn)
	if err != nil {
		return err
	}
	return conn.Del(del)
}

// ChangePwd 修改用户密码，此处旧密码也可以为空，ldap可以直接通过用户DN加上新密码来进行修改
func (x UserService) ChangePwd(udn, oldpasswd, newpasswd string) error {
	modifyPass := ldap.NewPasswordModifyRequest(udn, oldpasswd, newpasswd)

	// 获取 LDAP 连接
	conn, err := common.GetLDAPConn()
	defer common.PutLADPConn(conn)
	if err != nil {
		return err
	}

	_, err = conn.PasswordModify(modifyPass)
	if err != nil {
		return fmt.Errorf("password modify failed for %s, err: %v", udn, err)
	}
	return nil
}

// NewPwd 新旧密码都是空，通过管理员可以修改成功并返回新的密码
func (x UserService) NewPwd(username string) (string, error) {
	udn := fmt.Sprintf("uid=%s,%s", username, config.Conf.Ldap.UserDN)
	if username == "admin" {
		udn = config.Conf.Ldap.AdminDN
	}
	modifyPass := ldap.NewPasswordModifyRequest(udn, "", "")

	// 获取 LDAP 连接
	conn, err := common.GetLDAPConn()
	defer common.PutLADPConn(conn)
	if err != nil {
		return "", err
	}

	newpass, err := conn.PasswordModify(modifyPass)
	if err != nil {
		return "", fmt.Errorf("password modify failed for %s, err: %v", username, err)
	}
	return newpass.GeneratedPassword, nil
}
-												初始提交

											
										
										
											2022-05-18 17:57:03 +08:00
+								package ildap
 								import (
 									"fmt"
-												对齐修复一些错漏内容

											
										
										
											2022-05-29 10:06:21 +08:00
+									"github.com/eryajf/go-ldap-admin/config"
 									"github.com/eryajf/go-ldap-admin/model"
 									"github.com/eryajf/go-ldap-admin/public/common"
-												fix: ldap password 因为地址传递而变化导致无法登陆 (#46)


											
										
										
											2022-06-29 16:23:26 +08:00
+									"github.com/eryajf/go-ldap-admin/public/tools"
-												初始提交

											
										
										
											2022-05-18 17:57:03 +08:00
 									ldap "github.com/go-ldap/ldap/v3"
 								)
 								type UserService struct{}
 								// 创建资源
 								func (x UserService) Add(user *model.User) error {
-												Adjust the project architecture and optimize the code logic. (#17)

* feat: user和group分别添加dn字段,便于辅助前端界面理解

* feat: request与response包内容分配到model目录下，减缩一级目录数量

* 调整钉钉同步架构,改善一些逻辑

* 添加golangci-lint静态扫描

* 调整README内容

Co-authored-by: eryajf <eryajf@users.noreply.github.com>
											
										
										
											2022-06-14 11:17:38 +08:00
+									add := ldap.NewAddRequest(user.UserDN, nil)
-												初始提交

											
										
										
											2022-05-18 17:57:03 +08:00
+									add.Attribute("objectClass", []string{"inetOrgPerson"})
-												新增钉钉手动和定时同步到ldap相关功能 (#7)


											
										
										
											2022-06-02 11:05:55 +08:00
+									add.Attribute("cn", []string{user.Username})
 									add.Attribute("sn", []string{user.Nickname})
-												初始提交

											
										
										
											2022-05-18 17:57:03 +08:00
+									add.Attribute("businessCategory", []string{user.Departments})
 									add.Attribute("departmentNumber", []string{user.Position})
 									add.Attribute("description", []string{user.Introduction})
 									add.Attribute("displayName", []string{user.Nickname})
 									add.Attribute("mail", []string{user.Mail})
 									add.Attribute("employeeNumber", []string{user.JobNumber})
 									add.Attribute("givenName", []string{user.GivenName})
 									add.Attribute("postalAddress", []string{user.PostalAddress})
 									add.Attribute("mobile", []string{user.Mobile})
 									add.Attribute("uid", []string{user.Username})
-												fix: ldap password 因为地址传递而变化导致无法登陆 (#46)


											
										
										
											2022-06-29 16:23:26 +08:00
+									add.Attribute("userPassword", []string{tools.NewParPasswd(user.Password)})
-												feat: LDAP 添加连接池支持 (#95)


											
										
										
											2022-07-24 21:24:08 +08:00
 									// 获取 LDAP 连接
 									conn, err := common.GetLDAPConn()
 									defer common.PutLADPConn(conn)
 									if err != nil {
 										return err
 									}
 									return conn.Add(add)
-												初始提交

											
										
										
											2022-05-18 17:57:03 +08:00
+								}
 								// Update 更新资源
 								func (x UserService) Update(oldusername string, user *model.User) error {
-												Adjust the project architecture and optimize the code logic. (#17)

* feat: user和group分别添加dn字段,便于辅助前端界面理解

* feat: request与response包内容分配到model目录下，减缩一级目录数量

* 调整钉钉同步架构,改善一些逻辑

* 添加golangci-lint静态扫描

* 调整README内容

Co-authored-by: eryajf <eryajf@users.noreply.github.com>
											
										
										
											2022-06-14 11:17:38 +08:00
+									modify := ldap.NewModifyRequest(user.UserDN, nil)
-												初始提交

											
										
										
											2022-05-18 17:57:03 +08:00
+									modify.Replace("cn", []string{user.Nickname})
 									modify.Replace("sn", []string{oldusername})
 									modify.Replace("businessCategory", []string{user.Departments})
 									modify.Replace("departmentNumber", []string{user.Position})
 									modify.Replace("description", []string{user.Introduction})
 									modify.Replace("displayName", []string{user.Nickname})
 									modify.Replace("mail", []string{user.Mail})
 									modify.Replace("employeeNumber", []string{user.JobNumber})
 									modify.Replace("givenName", []string{user.GivenName})
 									modify.Replace("postalAddress", []string{user.PostalAddress})
 									modify.Replace("mobile", []string{user.Mobile})
-												feat: LDAP 添加连接池支持 (#95)


											
										
										
											2022-07-24 21:24:08 +08:00
 									// 获取 LDAP 连接
 									conn, err := common.GetLDAPConn()
 									defer common.PutLADPConn(conn)
 									if err != nil {
 										return err
 									}
 									err = conn.Modify(modify)
-、分组添加OU和CN模式，CN模式调整为：ObjectClasses：groupOfUniqueNames，uniqueMember：uid={username},ou=people,dc={dc},dc={dc}
2、优化新增和修改人员界面显示，修复mail匹配异常bug
3、调整新增人员界面中部门从分组中进行选择，只允许选择CN类型的部门进行匹配
4、支持修改人员username
5、支持修改分组名称：groupname
6、支持创建属性分组，类似于企业组织架构的树状结构

											
										
										
											2022-05-28 22:22:36 +08:00
+									if err != nil {
 										return err
 									}
-												feat: 调整配置文件成统一的风格,不再带标识前缀 (#24)


											
										
										
											2022-06-14 12:08:16 +08:00
+									if config.Conf.Ldap.UserNameModify && oldusername != user.Username {
 										modifyDn := ldap.NewModifyDNRequest(fmt.Sprintf("uid=%s,%s", oldusername, config.Conf.Ldap.UserDN), fmt.Sprintf("uid=%s", user.Username), true, "")
-												feat: LDAP 添加连接池支持 (#95)


											
										
										
											2022-07-24 21:24:08 +08:00
+										return conn.ModifyDN(modifyDn)
-、分组添加OU和CN模式，CN模式调整为：ObjectClasses：groupOfUniqueNames，uniqueMember：uid={username},ou=people,dc={dc},dc={dc}
2、优化新增和修改人员界面显示，修复mail匹配异常bug
3、调整新增人员界面中部门从分组中进行选择，只允许选择CN类型的部门进行匹配
4、支持修改人员username
5、支持修改分组名称：groupname
6、支持创建属性分组，类似于企业组织架构的树状结构

											
										
										
											2022-05-28 22:22:36 +08:00
+									}
 									return nil
-												初始提交

											
										
										
											2022-05-18 17:57:03 +08:00
+								}
 								// Delete 删除资源
-												Adjust the project architecture and optimize the code logic. (#17)

* feat: user和group分别添加dn字段,便于辅助前端界面理解

* feat: request与response包内容分配到model目录下，减缩一级目录数量

* 调整钉钉同步架构,改善一些逻辑

* 添加golangci-lint静态扫描

* 调整README内容

Co-authored-by: eryajf <eryajf@users.noreply.github.com>
											
										
										
											2022-06-14 11:17:38 +08:00
+								func (x UserService) Delete(udn string) error {
 									del := ldap.NewDelRequest(udn, nil)
-												feat: LDAP 添加连接池支持 (#95)


											
										
										
											2022-07-24 21:24:08 +08:00
+									// 获取 LDAP 连接
 									conn, err := common.GetLDAPConn()
 									defer common.PutLADPConn(conn)
 									if err != nil {
 										return err
 									}
 									return conn.Del(del)
-												初始提交

											
										
										
											2022-05-18 17:57:03 +08:00
+								}
 								// ChangePwd 修改用户密码，此处旧密码也可以为空，ldap可以直接通过用户DN加上新密码来进行修改
-												Adjust the project architecture and optimize the code logic. (#17)

* feat: user和group分别添加dn字段,便于辅助前端界面理解

* feat: request与response包内容分配到model目录下，减缩一级目录数量

* 调整钉钉同步架构,改善一些逻辑

* 添加golangci-lint静态扫描

* 调整README内容

Co-authored-by: eryajf <eryajf@users.noreply.github.com>
											
										
										
											2022-06-14 11:17:38 +08:00
+								func (x UserService) ChangePwd(udn, oldpasswd, newpasswd string) error {
-												初始提交

											
										
										
											2022-05-18 17:57:03 +08:00
+									modifyPass := ldap.NewPasswordModifyRequest(udn, oldpasswd, newpasswd)
-												feat: LDAP 添加连接池支持 (#95)


											
										
										
											2022-07-24 21:24:08 +08:00
 									// 获取 LDAP 连接
 									conn, err := common.GetLDAPConn()
 									defer common.PutLADPConn(conn)
 									if err != nil {
 										return err
 									}
 									_, err = conn.PasswordModify(modifyPass)
-												初始提交

											
										
										
											2022-05-18 17:57:03 +08:00
+									if err != nil {
-												Adjust the project architecture and optimize the code logic. (#17)

* feat: user和group分别添加dn字段,便于辅助前端界面理解

* feat: request与response包内容分配到model目录下，减缩一级目录数量

* 调整钉钉同步架构,改善一些逻辑

* 添加golangci-lint静态扫描

* 调整README内容

Co-authored-by: eryajf <eryajf@users.noreply.github.com>
											
										
										
											2022-06-14 11:17:38 +08:00
+										return fmt.Errorf("password modify failed for %s, err: %v", udn, err)
-												初始提交

											
										
										
											2022-05-18 17:57:03 +08:00
+									}
 									return nil
 								}
 								// NewPwd 新旧密码都是空，通过管理员可以修改成功并返回新的密码
 								func (x UserService) NewPwd(username string) (string, error) {
-												feat: 调整配置文件成统一的风格,不再带标识前缀 (#24)


											
										
										
											2022-06-14 12:08:16 +08:00
+									udn := fmt.Sprintf("uid=%s,%s", username, config.Conf.Ldap.UserDN)
-												初始提交

											
										
										
											2022-05-18 17:57:03 +08:00
+									if username == "admin" {
-												feat: 调整配置文件成统一的风格,不再带标识前缀 (#24)


											
										
										
											2022-06-14 12:08:16 +08:00
+										udn = config.Conf.Ldap.AdminDN
-												初始提交

											
										
										
											2022-05-18 17:57:03 +08:00
+									}
 									modifyPass := ldap.NewPasswordModifyRequest(udn, "", "")
-												feat: LDAP 添加连接池支持 (#95)


											
										
										
											2022-07-24 21:24:08 +08:00
 									// 获取 LDAP 连接
 									conn, err := common.GetLDAPConn()
 									defer common.PutLADPConn(conn)
 									if err != nil {
 										return "", err
 									}
 									newpass, err := conn.PasswordModify(modifyPass)
-												初始提交

											
										
										
											2022-05-18 17:57:03 +08:00
+									if err != nil {
 										return "", fmt.Errorf("password modify failed for %s, err: %v", username, err)
 									}
 									return newpass.GeneratedPassword, nil
 								}