ad域认证服务（java版工具类）

需求：在用户管理中可将当前用户绑定ad域中对应用户，后用ad域用户名密码进行认证

开发流程：

新增pom文件：

<!--AD域相关jar包（LDAP ）-->
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-data-ldap</artifactId>
		</dependency>

下方为工具类：主要有两个方法

获取AD域用户列表

校验AD域用户名密码

@Slf4j
@Component
public class LdapUtil
{
    @Autowired
    private LdapTemplate ldapTemplate;

    /**
     * LDAP连接参数
     */
    @Value("${ldap.url}")
    private String ldapUrl;

    @Value("${ldap.base}")
    private String ldapBase;

    @Value("${ldap.userDn}")
    private String ldapUserDn;

    @Value("${ldap.userPwd}")
    private String ldapUserPwd;

    @Value("${ldap.baseAd}")
    private String baseAd;


    /**
     * 获取用户列表
     */
    public List<LdapUserVO> getPersonList() throws NamingException {
        log.info("拉取Ad域中用户列表");

        //构建返回结果
        List<LdapUserVO> result = new ArrayList<>();

        //配置初始参数
        Hashtable<String, String> env = new Hashtable<>();
        env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
        env.put(Context.PROVIDER_URL, ldapUrl);
        env.put(Context.SECURITY_AUTHENTICATION, "simple");
        env.put(Context.SECURITY_PRINCIPAL, ldapUserDn+"@"+baseAd);
        env.put(Context.SECURITY_CREDENTIALS, ldapUserPwd);

        DirContext context = null;
        try {
            context = new InitialDirContext(env);
        } catch (NamingException e) {
            throw new ServiceException(ERROR_CODE_40001,"Ldap连接异常");
        }
        log.info("LDAP 连接成功");

        // 设置搜索过滤器、范围和返回属性
        String searchFilter = "(&(objectClass=user)(cn=*))"; // 搜索过滤器 (所有用户)
        String[] searchAttributes = {"cn", "samaccountname", "mail"};// 账户名，中文名，邮箱
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE); // 搜索范围 (包括子树)
        searchControls.setReturningAttributes(searchAttributes);

        // 执行搜索
        NamingEnumeration<SearchResult> results = context.search(ldapBase, searchFilter, searchControls);


        try {
            while (results.hasMore()) {
                SearchResult searchResult = results.next();
                Attributes attributes = searchResult.getAttributes();
                //获取中文名
                Attribute cn = attributes.get("cn");
                Attribute mail = attributes.get("mail");
                //获取英文名
                Attribute en = attributes.get("samaccountname");

                LdapUserVO ldapUserVO = new LdapUserVO();
                if(ObjectUtils.isNotEmpty(cn)){
                    ldapUserVO.setLdapName(cn.get().toString());
                }
                if(ObjectUtils.isNotEmpty(en)){
                    ldapUserVO.setLdapAccount(en.get().toString());
                }
                if(ObjectUtils.isNotEmpty(mail)){
                    ldapUserVO.setLdapEmail(mail.get().toString());
                }
                result.add(ldapUserVO);

            }
        } catch (NamingException e) {

        } finally {
            // 在遍历完成后关闭结果集
           results.close();
        }






        return result;
    }

    /*
     * 身份认证
     */
    public boolean authenticate(String userName, String password) {
        log.info("Ad域用户认证");
        Hashtable<String, String> env = new Hashtable<>();
        env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
        env.put(Context.PROVIDER_URL, ldapUrl);
        env.put(Context.SECURITY_AUTHENTICATION, "simple");
        env.put(Context.SECURITY_PRINCIPAL, userName+"@"+baseAd);
        env.put(Context.SECURITY_CREDENTIALS, password);

        try {
            DirContext context = new InitialDirContext(env);
            return true;
        } catch (NamingException e) {
            return false;
        }

    }
}

nacos中配置示例：

# AD Config
ldap:
  url: ldap://****:389
  base: DC=eta,DC=com
  userDn: *****
  userPwd: ****
  baseAd: eta.com