v0.0.26

分支 (1)

标签 (38)

管理

管理

master

v0.0.48

v0.0.47

v0.0.46

v0.0.45

v0.0.44

v0.0.43

v0.0.42

v0.0.41

v0.0.40

v0.0.39

v0.0.38

v0.0.37

v0.0.36

v0.0.35

v0.0.34

v0.0.33

v0.0.32

v0.0.31

v0.0.30

v0.0.29

console-core-go
/
pkg
/
ldap
/
ldap_authing.go

package ldap

import (
	"encoding/json"
	"fmt"
	"log"
	"strings"

	"gitee.com/carlmax_my/console-core-go/pkg/errors"
	"github.com/go-ldap/ldap/v3"
)

type AuthingLdapFields struct {
	Url                string `json:"url"`                //"ldaps://127.0.0.1:636",
	BindDN             string `json:"bindDN"`             //"cn=admin,dc=sdp-console,dc=com",
	BindCredentials    string `json:"bindCredentials"`    //"123456",
	BASE_DN            string `json:"BASE_DN"`            //"dc=sdp-console,dc=com",
	QueryCriteria      string `json:"queryCriteria"`      //"&(objectClass=organizationalPerson)(cn=%s)"
	GroupQueryCriteria string `json:"groupQueryCriteria"` //"&(objectClass=organizationalPerson)(cn=%s)"
}

func FetchLdapEntriesByIdp(jsonStrFields string, group bool) (result []*ldap.Entry, err error) {
	var fields AuthingLdapFields
	err = json.Unmarshal([]byte(jsonStrFields), &fields)
	if err != nil {
		return
	}

	return FetchLdapEntries(&fields, group)
}

func FetchLdapEntries(fields *AuthingLdapFields, group bool) (result []*ldap.Entry, err error) {
	opts := newOptionsFromFields(fields)
	service := NewLdapService(opts)

	// 获取连接
	err = service.InitAll()
	if err != nil {
		return
	}

	if group {
		return service.FetchEntries(fields.GroupQueryCriteria)
	} else {
		return service.FetchEntries(fields.QueryCriteria)
	}
}

func SearchAllUserGroups(jsonStrFields string) ([]*ldap.Entry, error) {
	var fields AuthingLdapFields
	err := json.Unmarshal([]byte(jsonStrFields), &fields)
	if err != nil {
		return nil, err
	}

	l, err := ldap.DialURL(fields.Url)
	if err != nil {
		return nil, err
	}
	defer l.Close()

	_, err = l.SimpleBind(&ldap.SimpleBindRequest{
		Username: fields.BindDN,
		Password: fields.BindCredentials,
	})
	if err != nil {
		return nil, err
	}

	searchRequest := ldap.NewSearchRequest(
		fields.BASE_DN, // The base dn to search
		ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
		fmt.Sprintf("("+fields.QueryCriteria+")", "userID"), // The filter to apply
		[]string{"dn", "cn"}, // A list attributes to retrieve
		nil,
	)

	sr, err := l.Search(searchRequest)
	if err != nil {
		return nil, err
	}

	log.Println("SearchAllUserGroups", len(sr.Entries))
	log.Println("SearchAllUserGroups", len(sr.Entries[0].Attributes))
	log.Println("SearchAllUserGroups", sr.Entries[0].Attributes[0].Name)

	return sr.Entries, nil
}

func TestLdapConnByIdp(jsonStrFields string) error {
	var fields AuthingLdapFields
	if err := json.Unmarshal([]byte(jsonStrFields), &fields); err != nil {
		return errors.New("invalid ldap config:" + err.Error())
	}

	return TestLdapConn(&fields)
}

func TestLdapConn(fields *AuthingLdapFields) error {
	opts := newOptionsFromFields(fields)
	service := NewLdapService(opts)
	return service.TryConn()
}

func newOptionsFromFields(fields *AuthingLdapFields) *LdapConnOptions {
	opts := NewLdapConnOptions()
	opts.ConnUrl = strings.ToLower(fields.Url)
	opts.AdminAccount = fields.BindDN
	opts.Password = fields.BindCredentials
	opts.BaseDn = fields.BASE_DN
	opts.SslEncryption = false

	return opts
}