diff --git a/src/main/java/com/example/ldap/controller/GroupController.java b/src/main/java/com/example/ldap/controller/GroupController.java index 68393a8..9734fdf 100644 --- a/src/main/java/com/example/ldap/controller/GroupController.java +++ b/src/main/java/com/example/ldap/controller/GroupController.java @@ -34,6 +34,16 @@ public class GroupController { return ResponseEntity.ok(ApiResponse.success("获取组列表成功", groups)); } + /** + * 调试端点:查看LDAP中的原始数据 + */ + @GetMapping("/debug") + public ResponseEntity>> debugLdap() { + logger.info("API: 调试LDAP数据"); + Map debugInfo = groupService.debugLdapData(); + return ResponseEntity.ok(ApiResponse.success("调试信息获取成功", debugInfo)); + } + /** * 根据组名获取组 */ diff --git a/src/main/java/com/example/ldap/entity/Group.java b/src/main/java/com/example/ldap/entity/Group.java index 39d557f..f327213 100644 --- a/src/main/java/com/example/ldap/entity/Group.java +++ b/src/main/java/com/example/ldap/entity/Group.java @@ -1,5 +1,6 @@ package com.example.ldap.entity; +import com.fasterxml.jackson.annotation.JsonIgnore; import jakarta.validation.constraints.NotBlank; import jakarta.validation.constraints.Size; import org.springframework.ldap.odm.annotations.Attribute; @@ -11,10 +12,11 @@ import javax.naming.Name; import java.util.List; import java.util.Set; -@Entry(base = "ou=groups", objectClasses = {"groupOfNames", "top"}) +@Entry(base = "", objectClasses = {"groupOfUniqueNames"}) public class Group { @Id + @JsonIgnore // 排除dn字段的JSON序列化 private Name dn; @Attribute(name = "cn") @@ -25,7 +27,7 @@ public class Group { @Attribute(name = "description") private String description; - @Attribute(name = "member") + @Attribute(name = "uniqueMember") private Set members; @Attribute(name = "businessCategory") diff --git a/src/main/java/com/example/ldap/service/GroupService.java b/src/main/java/com/example/ldap/service/GroupService.java index d6d5f85..e499236 100644 --- a/src/main/java/com/example/ldap/service/GroupService.java +++ b/src/main/java/com/example/ldap/service/GroupService.java @@ -18,8 +18,10 @@ import org.springframework.ldap.support.LdapNameBuilder; import org.springframework.stereotype.Service; import javax.naming.Name; +import java.util.HashMap; import java.util.HashSet; import java.util.List; +import java.util.Map; import java.util.Set; @Service @@ -48,13 +50,69 @@ public class GroupService { public List getAllGroups() { logger.info("获取所有组"); try { - return ldapTemplate.findAll(Group.class); + // 使用更具体的查询,查找groupOfUniqueNames对象类 + LdapQuery query = LdapQueryBuilder.query() + .base(groupSearchBase) + .where("objectClass").is("groupOfUniqueNames"); + + List groups = ldapTemplate.find(query, Group.class); + logger.info("找到 {} 个组", groups.size()); + return groups; } catch (Exception e) { logger.error("获取所有组失败", e); throw new RuntimeException("获取组列表失败: " + e.getMessage()); } } + /** + * 调试LDAP数据 + */ + public Map debugLdapData() { + Map debugInfo = new HashMap<>(); + + try { + // 查找所有cn=group的条目,不限制对象类 + LdapQuery query = LdapQueryBuilder.query() + .base("") // 在根目录查找 + .where("cn").is("group"); + + List> entries = ldapTemplate.search(query, + (org.springframework.ldap.core.AttributesMapper>) attributes -> { + Map entry = new HashMap<>(); + try { + // 获取所有属性 + javax.naming.NamingEnumeration ids = attributes.getIDs(); + while (ids.hasMore()) { + String id = ids.next(); + javax.naming.directory.Attribute attr = attributes.get(id); + if (attr.size() == 1) { + entry.put(id, attr.get()); + } else { + java.util.List values = new java.util.ArrayList<>(); + for (int i = 0; i < attr.size(); i++) { + values.add(attr.get(i)); + } + entry.put(id, values); + } + } + } catch (Exception e) { + entry.put("error", e.getMessage()); + } + return entry; + }); + + debugInfo.put("foundEntries", entries); + debugInfo.put("entryCount", entries.size()); + debugInfo.put("searchBase", ""); + debugInfo.put("searchFilter", "cn=group"); + + } catch (Exception e) { + debugInfo.put("error", e.getMessage()); + } + + return debugInfo; + } + /** * 根据组名查找组 */ @@ -63,7 +121,7 @@ public class GroupService { try { LdapQuery query = LdapQueryBuilder.query() .base(groupSearchBase) - .where("objectClass").is("groupOfNames") + .where("objectClass").is("groupOfUniqueNames") .and("cn").is(groupName); List groups = ldapTemplate.find(query, Group.class); @@ -267,8 +325,8 @@ public class GroupService { LdapQuery query = LdapQueryBuilder.query() .base(groupSearchBase) - .where("objectClass").is("groupOfNames") - .and("member").is(userDn); + .where("objectClass").is("groupOfUniqueNames") + .and("uniqueMember").is(userDn); return ldapTemplate.find(query, Group.class); } catch (Exception e) { @@ -287,16 +345,16 @@ public class GroupService { if (keyword != null && !keyword.trim().isEmpty()) { AndFilter filter = new AndFilter(); - filter.and(new EqualsFilter("objectClass", "groupOfNames")); + filter.and(new EqualsFilter("objectClass", "groupOfUniqueNames")); filter.and(new LikeFilter("cn", "*" + keyword + "*")); - + query = LdapQueryBuilder.query() .base(groupSearchBase) .filter(filter); } else { query = LdapQueryBuilder.query() .base(groupSearchBase) - .where("objectClass").is("groupOfNames"); + .where("objectClass").is("groupOfUniqueNames"); } return ldapTemplate.find(query, Group.class); diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index 2b4f661..c402756 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -36,11 +36,11 @@ ldap: group-search-filter: (cn={0}) group-role-attribute: cn # 组成员属性 - group-member-attribute: member + group-member-attribute: uniqueMember # 用户对象类 user-object-class: inetOrgPerson # 组对象类 - group-object-class: groupOfNames + group-object-class: groupOfUniqueNames # 日志配置 logging: