ldap-1-backend/service/ildap/user_ildap.go

package ildap

import (
	"fmt"

	"github.com/eryajf/go-ldap-admin/config"
	"github.com/eryajf/go-ldap-admin/model"
	"github.com/eryajf/go-ldap-admin/public/common"

	ldap "github.com/go-ldap/ldap/v3"
)

type UserService struct{}

// 创建资源
func (x UserService) Add(user *model.User) error {
	if user.Departments == "" {
		user.Departments = "研发中心"
	}
	if user.GivenName == "" {
		user.GivenName = user.Nickname
	}
	if user.PostalAddress == "" {
		user.PostalAddress = "没有填写地址"
	}
	if user.Position == "" {
		user.Position = "技术"
	}
	if user.Introduction == "" {
		user.Introduction = user.Nickname
	}
	add := ldap.NewAddRequest(fmt.Sprintf("uid=%s,%s", user.Username, config.Conf.Ldap.LdapUserDN), nil)
	add.Attribute("objectClass", []string{"inetOrgPerson"})
	add.Attribute("cn", []string{user.Nickname})
	add.Attribute("sn", []string{user.Username})
	add.Attribute("businessCategory", []string{user.Departments})
	add.Attribute("departmentNumber", []string{user.Position})
	add.Attribute("description", []string{user.Introduction})
	add.Attribute("displayName", []string{user.Nickname})
	add.Attribute("mail", []string{user.Mail})
	add.Attribute("employeeNumber", []string{user.JobNumber})
	add.Attribute("givenName", []string{user.GivenName})
	add.Attribute("postalAddress", []string{user.PostalAddress})
	add.Attribute("mobile", []string{user.Mobile})
	add.Attribute("uid", []string{user.Username})
	add.Attribute("userPassword", []string{user.Password})
	return common.LDAP.Add(add)
}

// Update 更新资源
func (x UserService) Update(oldusername string, user *model.User) error {
	modify := ldap.NewModifyRequest(fmt.Sprintf("uid=%s,%s", oldusername, config.Conf.Ldap.LdapUserDN), nil)
	modify.Replace("cn", []string{user.Nickname})
	modify.Replace("sn", []string{oldusername})
	modify.Replace("businessCategory", []string{user.Departments})
	modify.Replace("departmentNumber", []string{user.Position})
	modify.Replace("description", []string{user.Introduction})
	modify.Replace("displayName", []string{user.Nickname})
	modify.Replace("mail", []string{user.Mail})
	modify.Replace("employeeNumber", []string{user.JobNumber})
	modify.Replace("givenName", []string{user.GivenName})
	modify.Replace("postalAddress", []string{user.PostalAddress})
	modify.Replace("mobile", []string{user.Mobile})
	err := common.LDAP.Modify(modify)
	if err != nil {
		return err
	}
	if config.Conf.Ldap.LdapUserNameModify && oldusername != user.Username {
		modifyDn := ldap.NewModifyDNRequest(fmt.Sprintf("uid=%s,%s", oldusername, config.Conf.Ldap.LdapUserDN), fmt.Sprintf("uid=%s", user.Username), true, "")
		return common.LDAP.ModifyDN(modifyDn)
	}
	return nil
}

// Delete 删除资源
func (x UserService) Delete(username string) error {
	del := ldap.NewDelRequest(fmt.Sprintf("uid=%s,%s", username, config.Conf.Ldap.LdapUserDN), nil)
	return common.LDAP.Del(del)
}

// ChangePwd 修改用户密码，此处旧密码也可以为空，ldap可以直接通过用户DN加上新密码来进行修改
func (u UserService) ChangePwd(username, oldpasswd, newpasswd string) error {
	udn := fmt.Sprintf("uid=%s,%s", username, config.Conf.Ldap.LdapUserDN)
	if username == "admin" {
		udn = config.Conf.Ldap.LdapAdminDN
	}
	modifyPass := ldap.NewPasswordModifyRequest(udn, oldpasswd, newpasswd)
	_, err := common.LDAP.PasswordModify(modifyPass)
	if err != nil {
		return fmt.Errorf("password modify failed for %s, err: %v", username, err)
	}
	return nil
}

// NewPwd 新旧密码都是空，通过管理员可以修改成功并返回新的密码
func (x UserService) NewPwd(username string) (string, error) {
	udn := fmt.Sprintf("uid=%s,%s", username, config.Conf.Ldap.LdapUserDN)
	if username == "admin" {
		udn = config.Conf.Ldap.LdapAdminDN
	}
	modifyPass := ldap.NewPasswordModifyRequest(udn, "", "")
	newpass, err := common.LDAP.PasswordModify(modifyPass)
	if err != nil {
		return "", fmt.Errorf("password modify failed for %s, err: %v", username, err)
	}
	return newpass.GeneratedPassword, nil
}