# 版本
<!-- Springboot version -->
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.4.9</version>
</parent>
<!-- ldap denpendency -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-ldap</artifactId>
</dependency>
# 配置
spring:
ldap:
urls: ldap://10.10.10.10:389
password: ldap_password
username: cn=admin,dc=xxxxx,dc=com
# 核心功能代码
@Component
@RequiredArgsConstructor
@Slf4j
public class LdapHelper {
private final LdapTemplate ldapTemplate;
// 换成你操作的路径
private final static String USER_BASE = "ou=people,dc=xxxxx,dc=com";
private final static String GROUP_BASE = "ou=groups,dc=xxxxx,dc=com";
// 拼接组名
private String getGroupDn(String groupName) {
return "cn=" + groupName + "," + GROUP_BASE;
}
// 根据uid查询用户的全路径
public String getUserByUid(String userAccount) {
List<LdapEntryIdentification> userByUid = getUserByUid(userAccount);
checkState(userByUid.size() != 0, "ldap中没有该用户,请传入正确的用户名!");
LdapName absoluteName = userByUid.get(0).getAbsoluteName();
return absoluteName.toString();
}
private List<LdapEntryIdentification> getUserByUid(String userAccount) {
return ldapTemplate.search(USER_BASE, "(uid=" + userAccount + ")", new LdapEntryIdentificationContextMapper());
}
// 判断用户是不是在指定组内
public boolean checkUserInGroup(String userAccount, String groupName) {
String uniqueMember = ldapTemplate.lookup(getGroupDn(groupName), (AttributesMapper) attributes -> attributes.get("uniqueMember")).toString();
log.debug("uniqueMember = {}", uniqueMember);
String matchName = "uid=" + userAccount;
return Arrays.asList(StrUtil.split(uniqueMember.replace(" ", ""), ":").get(1).split(",")).contains(matchName);
}
// 向指定组内添加用户
public void addUserToGroup(String groupName, List<String> userAccounts) {
String groupDn = getGroupDn(groupName);
DirContextOperations ctx = ldapTemplate.lookupContext(groupDn);
for (String s : userAccounts) {
ctx.addAttributeValue("uniqueMember", getAllInUid(s));
}
ldapTemplate.modifyAttributes(ctx);
}
// 从指定组内移除用户
public void removeUserFromGroup(String gName, List<String> uNames) {
DirContextOperations ctxGroup = ldapTemplate.lookupContext(getGroupDn(gName));
for (String uName : uNames) {
DirContextOperations ctxUser = ldapTemplate.lookupContext(getAllInUid(uName));
ctxGroup.removeAttributeValue("uniqueMember", ctxUser.getDn());
}
ldapTemplate.modifyAttributes(ctxGroup);
}
// 创建组
public void createGroup(String gName, String description, String uName) {
BasicAttribute ocAttr = new BasicAttribute("objectclass");
ocAttr.add("top");
ocAttr.add("groupOfUniqueNames");
Attributes attributes = new BasicAttributes();
attributes.put(ocAttr);
attributes.put("uniqueMember", getAllInUid(uName));
attributes.put("cn", gName);
attributes.put("description", description);
ldapTemplate.bind(getGroupDn(gName), null, attributes);
log.debug("创建成功!");
}
// 删除组
public void deleteGroup(String groupName) {
ldapTemplate.unbind(getGroupDn(groupName));
}
}