需求:在用户管理中可将当前用户绑定ad域中对应用户,后用ad域用户名密码进行认证
开发流程:
新增pom文件:
<!--AD域相关jar包(LDAP )-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-ldap</artifactId>
</dependency>
下方为工具类:主要有两个方法
获取AD域用户列表
校验AD域用户名密码
@Slf4j
@Component
public class LdapUtil
{
@Autowired
private LdapTemplate ldapTemplate;
/**
* LDAP连接参数
*/
@Value("${ldap.url}")
private String ldapUrl;
@Value("${ldap.base}")
private String ldapBase;
@Value("${ldap.userDn}")
private String ldapUserDn;
@Value("${ldap.userPwd}")
private String ldapUserPwd;
@Value("${ldap.baseAd}")
private String baseAd;
/**
* 获取用户列表
*/
public List<LdapUserVO> getPersonList() throws NamingException {
log.info("拉取Ad域中用户列表");
//构建返回结果
List<LdapUserVO> result = new ArrayList<>();
//配置初始参数
Hashtable<String, String> env = new Hashtable<>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, ldapUrl);
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, ldapUserDn+"@"+baseAd);
env.put(Context.SECURITY_CREDENTIALS, ldapUserPwd);
DirContext context = null;
try {
context = new InitialDirContext(env);
} catch (NamingException e) {
throw new ServiceException(ERROR_CODE_40001,"Ldap连接异常");
}
log.info("LDAP 连接成功");
// 设置搜索过滤器、范围和返回属性
String searchFilter = "(&(objectClass=user)(cn=*))"; // 搜索过滤器 (所有用户)
String[] searchAttributes = {"cn", "samaccountname", "mail"};// 账户名,中文名,邮箱
SearchControls searchControls = new SearchControls();
searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE); // 搜索范围 (包括子树)
searchControls.setReturningAttributes(searchAttributes);
// 执行搜索
NamingEnumeration<SearchResult> results = context.search(ldapBase, searchFilter, searchControls);
try {
while (results.hasMore()) {
SearchResult searchResult = results.next();
Attributes attributes = searchResult.getAttributes();
//获取中文名
Attribute cn = attributes.get("cn");
Attribute mail = attributes.get("mail");
//获取英文名
Attribute en = attributes.get("samaccountname");
LdapUserVO ldapUserVO = new LdapUserVO();
if(ObjectUtils.isNotEmpty(cn)){
ldapUserVO.setLdapName(cn.get().toString());
}
if(ObjectUtils.isNotEmpty(en)){
ldapUserVO.setLdapAccount(en.get().toString());
}
if(ObjectUtils.isNotEmpty(mail)){
ldapUserVO.setLdapEmail(mail.get().toString());
}
result.add(ldapUserVO);
}
} catch (NamingException e) {
} finally {
// 在遍历完成后关闭结果集
results.close();
}
return result;
}
/*
* 身份认证
*/
public boolean authenticate(String userName, String password) {
log.info("Ad域用户认证");
Hashtable<String, String> env = new Hashtable<>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, ldapUrl);
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, userName+"@"+baseAd);
env.put(Context.SECURITY_CREDENTIALS, password);
try {
DirContext context = new InitialDirContext(env);
return true;
} catch (NamingException e) {
return false;
}
}
}
nacos中配置示例:
# AD Config
ldap:
url: ldap://****:389
base: DC=eta,DC=com
userDn: *****
userPwd: ****
baseAd: eta.com