// Admin.NET 项目的版æƒã€å•†æ ‡ã€ä¸“利和其他相关æƒåˆ©å‡å—相应法律法规的ä¿æŠ¤ã€‚使用本项目应éµå®ˆç›¸å…³æ³•å¾‹æ³•è§„和许å¯è¯çš„è¦æ±‚。
//
// 本项目主è¦éµå¾ª MIT 许å¯è¯å’Œ Apache 许å¯è¯ï¼ˆç‰ˆæœ¬ 2.0)进行分å‘和使用。许å¯è¯ä½äºŽæºä»£ç æ ‘æ ¹ç›®å½•ä¸çš„ LICENSE-MIT å’Œ LICENSE-APACHE 文件。
//
// ä¸å¾—利用本项目从事å±å®³å›½å®¶å®‰å…¨ã€æ‰°ä¹±ç¤¾ä¼šç§©åºã€ä¾µçŠ¯ä»–人åˆæ³•æƒç›Šç‰æ³•å¾‹æ³•è§„ç¦æ¢çš„活动ï¼ä»»ä½•åŸºäºŽæœ¬é¡¹ç›®äºŒæ¬¡å¼€å‘è€Œäº§ç”Ÿçš„ä¸€åˆ‡æ³•å¾‹çº çº·å’Œè´£ä»»ï¼Œæˆ‘ä»¬ä¸æ‰¿æ‹…任何责任ï¼
using Novell.Directory.Ldap;
namespace Admin.NET.Core;
/// <summary>
/// 系统域登录é…ç½®æœåŠ¡ 🧩
/// </summary>
[ApiDescriptionSettings(Order = 496)]
public class SysLdapService : IDynamicApiController, ITransient
{
private readonly SqlSugarRepository<SysLdap> _sysLdapRep;
public SysLdapService(SqlSugarRepository<SysLdap> sysLdapRep)
{
_sysLdapRep = sysLdapRep;
}
/// <summary>
/// 获å–系统域登录é…置分页列表 🔖
/// </summary>
/// <param name="input"></param>
/// <returns></returns>
[DisplayName("获å–系统域登录é…置分页列表")]
public async Task<SqlSugarPagedList<SysLdap>> Page(SysLdapInput input)
{
return await _sysLdapRep.AsQueryable()
.WhereIF(!string.IsNullOrWhiteSpace(input.SearchKey), u => u.Host.Contains(input.SearchKey.Trim()))
.WhereIF(!string.IsNullOrWhiteSpace(input.Host), u => u.Host.Contains(input.Host.Trim()))
.OrderBy(u => u.CreateTime, OrderByType.Desc)
.ToPagedListAsync(input.Page, input.PageSize);
}
/// <summary>
/// å¢žåŠ ç³»ç»ŸåŸŸç™»å½•é…ç½® 🔖
/// </summary>
/// <param name="input"></param>
/// <returns></returns>
[ApiDescriptionSettings(Name = "Add"), HttpPost]
[DisplayName("å¢žåŠ ç³»ç»ŸåŸŸç™»å½•é…ç½®")]
public async Task<long> Add(AddSysLdapInput input)
{
var entity = input.Adapt<SysLdap>();
entity.BindPass = CryptogramUtil.Encrypt(input.BindPass);
await _sysLdapRep.InsertAsync(entity);
return entity.Id;
}
/// <summary>
/// 更新系统域登录é…ç½® 🔖
/// </summary>
/// <param name="input"></param>
/// <returns></returns>
[ApiDescriptionSettings(Name = "Update"), HttpPost]
[DisplayName("更新系统域登录é…ç½®")]
public async Task Update(UpdateSysLdapInput input)
{
var entity = input.Adapt<SysLdap>();
if (!string.IsNullOrEmpty(input.BindPass) && input.BindPass.Length < 32)
{
entity.BindPass = CryptogramUtil.Encrypt(input.BindPass); // åŠ å¯†
}
await _sysLdapRep.AsUpdateable(entity).IgnoreColumns(ignoreAllNullColumns: true).ExecuteCommandAsync();
}
/// <summary>
/// åˆ é™¤ç³»ç»ŸåŸŸç™»å½•é…ç½® 🔖
/// </summary>
/// <param name="input"></param>
/// <returns></returns>
[ApiDescriptionSettings(Name = "Delete"), HttpPost]
[DisplayName("åˆ é™¤ç³»ç»ŸåŸŸç™»å½•é…ç½®")]
public async Task Delete(DeleteSysLdapInput input)
{
var entity = await _sysLdapRep.GetFirstAsync(u => u.Id == input.Id) ?? throw Oops.Oh(ErrorCodeEnum.D1002);
await _sysLdapRep.FakeDeleteAsync(entity); // å‡åˆ 除
//await _rep.DeleteAsync(entity); // çœŸåˆ é™¤
}
/// <summary>
/// 获å–系统域登录é…置详情 🔖
/// </summary>
/// <param name="input"></param>
/// <returns></returns>
[DisplayName("获å–系统域登录é…置详情")]
public async Task<SysLdap> GetDetail([FromQuery] DetailSysLdapInput input)
{
return await _sysLdapRep.GetFirstAsync(u => u.Id == input.Id);
}
/// <summary>
/// 获å–系统域登录é…置列表 🔖
/// </summary>
/// <returns></returns>
[DisplayName("获å–系统域登录é…置列表")]
public async Task<List<SysLdap>> GetList()
{
return await _sysLdapRep.AsQueryable().Select<SysLdap>().ToListAsync();
}
/// <summary>
/// 验è¯è´¦å·
/// </summary>
/// <param name="account">域用户</param>
/// <param name="password">密ç </param>
/// <param name="tenantId">租户</param>
/// <returns></returns>
[NonAction]
public async Task<bool> AuthAccount(long tenantId, string account, string password)
{
var sysLdap = await _sysLdapRep.GetFirstAsync(u => u.TenantId == tenantId) ?? throw Oops.Oh(ErrorCodeEnum.D1002);
var ldapConn = new LdapConnection();
try
{
ldapConn.Connect(sysLdap.Host, sysLdap.Port);
ldapConn.Bind(sysLdap.Version, sysLdap.BindDn, sysLdap.BindPass);
var ldapSearchResults = ldapConn.Search(sysLdap.BaseDn, LdapConnection.ScopeSub, sysLdap.AuthFilter.Replace("$s", account), null, false);
string dn = string.Empty;
while (ldapSearchResults.HasMore())
{
var ldapEntry = ldapSearchResults.Next();
var sAMAccountName = ldapEntry.GetAttribute(sysLdap.AuthFilter)?.StringValue;
if (!string.IsNullOrEmpty(sAMAccountName))
{
dn = ldapEntry.Dn;
break;
}
}
if (string.IsNullOrEmpty(dn)) throw Oops.Oh(ErrorCodeEnum.D1002);
// var attr = new LdapAttribute("userPassword", password);
ldapConn.Bind(dn, password);
}
catch (LdapException e)
{
return e.ResultCode switch
{
LdapException.NoSuchObject or LdapException.NoSuchAttribute => throw Oops.Oh(ErrorCodeEnum.D0009),
LdapException.InvalidCredentials => false,
_ => throw Oops.Oh(e.Message),
};
}
finally
{
ldapConn.Disconnect();
}
return true;
}
/// <summary>
/// åŒæ¥åŸŸç”¨æˆ· 🔖
/// </summary>
/// <param name="input"></param>
/// <returns></returns>
[DisplayName("åŒæ¥åŸŸç”¨æˆ·")]
public async Task SyncUser(SyncSysLdapInput input)
{
var sysLdap = await _sysLdapRep.GetFirstAsync(u => u.Id == input.Id) ?? throw Oops.Oh(ErrorCodeEnum.D1002);
var ldapConn = new LdapConnection();
try
{
ldapConn.Connect(sysLdap.Host, sysLdap.Port);
ldapConn.Bind(sysLdap.Version, sysLdap.BindDn, sysLdap.BindPass);
var ldapSearchResults = ldapConn.Search(sysLdap.BaseDn, LdapConnection.ScopeOne, "(objectClass=*)", null, false);
var userLdapList = new List<SysUserLdap>();
while (ldapSearchResults.HasMore())
{
LdapEntry ldapEntry;
try
{
ldapEntry = ldapSearchResults.Next();
if (ldapEntry == null) continue;
}
catch (LdapException)
{
continue;
}
var attrs = ldapEntry.GetAttributeSet();
var deptCode = GetDepartmentCode(attrs, sysLdap.BindAttrCode);
if (attrs.Count == 0 || attrs.ContainsKey("OU"))
{
SearchDnLdapUser(ldapConn, sysLdap, userLdapList, ldapEntry.Dn, deptCode);
}
else
{
var sysUserLdap = CreateSysUserLdap(attrs, sysLdap.BindAttrAccount, sysLdap.BindAttrEmployeeId, deptCode);
if (string.IsNullOrEmpty(sysUserLdap.EmployeeId)) continue;
userLdapList.Add(sysUserLdap);
}
}
if (userLdapList.Count == 0)
return;
await App.GetRequiredService<SysUserLdapService>().InsertUserLdaps(sysLdap.TenantId!.Value, userLdapList);
}
catch (LdapException e)
{
throw e.ResultCode switch
{
LdapException.NoSuchObject or LdapException.NoSuchAttribute => Oops.Oh(ErrorCodeEnum.D0009),
_ => Oops.Oh(e.Message),
};
}
finally
{
ldapConn.Disconnect();
}
}
/// <summary>
/// 获å–部门代ç
/// </summary>
/// <param name="attrs"></param>
/// <param name="bindAttrCode"></param>
/// <returns></returns>
private static string GetDepartmentCode(LdapAttributeSet attrs, string bindAttrCode)
{
return bindAttrCode == "objectGUID"
? new Guid(attrs.GetAttribute(bindAttrCode)?.ByteValue).ToString()
: attrs.GetAttribute(bindAttrCode)?.StringValue ?? "0";
}
/// <summary>
/// 创建åŒæ¥å¯¹è±¡
/// </summary>
/// <param name="attrs"></param>
/// <param name="bindAttrAccount"></param>
/// <param name="bindAttrEmployeeId"></param>
/// <param name="deptCode"></param>
/// <returns></returns>
private static SysUserLdap CreateSysUserLdap(LdapAttributeSet attrs, string bindAttrAccount, string bindAttrEmployeeId, string deptCode)
{
return new SysUserLdap
{
Account = !attrs.ContainsKey(bindAttrAccount) ? null : attrs.GetAttribute(bindAttrAccount)?.StringValue,
EmployeeId = !attrs.ContainsKey(bindAttrEmployeeId) ? null : attrs.GetAttribute(bindAttrEmployeeId)?.StringValue,
DeptCode = deptCode
};
}
/// <summary>
/// é历查询域用户
/// </summary>
/// <param name="ldapConn"></param>
/// <param name="sysLdap"></param>
/// <param name="userLdapList"></param>
/// <param name="baseDn"></param>
/// <param name="deptCode"></param>
private static void SearchDnLdapUser(LdapConnection ldapConn, SysLdap sysLdap, List<SysUserLdap> userLdapList, string baseDn, string deptCode)
{
var ldapSearchResults = ldapConn.Search(baseDn, LdapConnection.ScopeOne, "(objectClass=*)", null, false);
while (ldapSearchResults.HasMore())
{
LdapEntry ldapEntry;
try
{
ldapEntry = ldapSearchResults.Next();
if (ldapEntry == null) continue;
}
catch (LdapException)
{
continue;
}
var attrs = ldapEntry.GetAttributeSet();
deptCode = GetDepartmentCode(attrs, sysLdap.BindAttrCode);
if (attrs.Count == 0 || attrs.ContainsKey("OU"))
SearchDnLdapUser(ldapConn, sysLdap, userLdapList, ldapEntry.Dn, deptCode);
else
{
var sysUserLdap = CreateSysUserLdap(attrs, sysLdap.BindAttrAccount, sysLdap.BindAttrEmployeeId, deptCode);
if (string.IsNullOrEmpty(sysUserLdap.EmployeeId)) continue;
userLdapList.Add(sysUserLdap);
}
}
}
/// <summary>
/// åŒæ¥åŸŸç»„织 🔖
/// </summary>
/// <param name="input"></param>
/// <returns></returns>
[DisplayName("åŒæ¥åŸŸç»„织")]
public async Task SyncDept(SyncSysLdapInput input)
{
var sysLdap = await _sysLdapRep.GetFirstAsync(u => u.Id == input.Id) ?? throw Oops.Oh(ErrorCodeEnum.D1002);
var ldapConn = new LdapConnection();
try
{
ldapConn.Connect(sysLdap.Host, sysLdap.Port);
ldapConn.Bind(sysLdap.Version, sysLdap.BindDn, sysLdap.BindPass);
var ldapSearchResults = ldapConn.Search(sysLdap.BaseDn, LdapConnection.ScopeOne, "(objectClass=*)", null, false);
var orgList = new List<SysOrg>();
while (ldapSearchResults.HasMore())
{
LdapEntry ldapEntry;
try
{
ldapEntry = ldapSearchResults.Next();
if (ldapEntry == null) continue;
}
catch (LdapException)
{
continue;
}
var attrs = ldapEntry.GetAttributeSet();
if (attrs.Count == 0 || attrs.ContainsKey("OU"))
{
var sysOrg = CreateSysOrg(attrs, sysLdap, orgList, new SysOrg { Id = 0, Level = 0 });
orgList.Add(sysOrg);
SearchDnLdapDept(ldapConn, sysLdap, orgList, ldapEntry.Dn, sysOrg);
}
}
if (orgList.Count == 0)
return;
await App.GetRequiredService<SysOrgService>().BatchAddOrgs(orgList);
}
catch (LdapException e)
{
throw e.ResultCode switch
{
LdapException.NoSuchObject or LdapException.NoSuchAttribute => Oops.Oh(ErrorCodeEnum.D0009),
_ => Oops.Oh(e.Message),
};
}
finally
{
ldapConn.Disconnect();
}
}
/// <summary>
/// é历查询域用户
/// </summary>
/// <param name="ldapConn"></param>
/// <param name="sysLdap"></param>
/// <param name="listOrgs"></param>
/// <param name="baseDn"></param>
/// <param name="org"></param>
private static void SearchDnLdapDept(LdapConnection ldapConn, SysLdap sysLdap, List<SysOrg> listOrgs, string baseDn, SysOrg org)
{
var ldapSearchResults = ldapConn.Search(baseDn, LdapConnection.ScopeOne, "(objectClass=*)", null, false);
while (ldapSearchResults.HasMore())
{
LdapEntry ldapEntry;
try
{
ldapEntry = ldapSearchResults.Next();
if (ldapEntry == null) continue;
}
catch (LdapException)
{
continue;
}
var attrs = ldapEntry.GetAttributeSet();
if (attrs.Count == 0 || attrs.ContainsKey("OU"))
{
var sysOrg = CreateSysOrg(attrs, sysLdap, listOrgs, org);
listOrgs.Add(sysOrg);
SearchDnLdapDept(ldapConn, sysLdap, listOrgs, ldapEntry.Dn, sysOrg);
}
}
}
/// <summary>
/// 创建架构对象
/// </summary>
/// <param name="attrs"></param>
/// <param name="sysLdap"></param>
/// <param name="listOrgs"></param>
/// <param name="org"></param>
/// <returns></returns>
private static SysOrg CreateSysOrg(LdapAttributeSet attrs, SysLdap sysLdap, List<SysOrg> listOrgs, SysOrg org)
{
return new SysOrg
{
Pid = org.Id,
Id = YitIdHelper.NextId(),
Code = !attrs.ContainsKey(sysLdap.BindAttrCode) ? null : new Guid(attrs.GetAttribute(sysLdap.BindAttrCode)?.ByteValue).ToString(),
Level = org.Level + 1,
Name = !attrs.ContainsKey(sysLdap.BindAttrAccount) ? null : attrs.GetAttribute(sysLdap.BindAttrAccount)?.StringValue,
OrderNo = listOrgs.Count + 1,
};
}
}