// 大名科技（天津）有限公司版权所有 // // 此源代码遵循位于源代码树根目录中的 LICENSE 文件的许可证 // // 不得利用本项目从事危害国家安全、扰乱社会秩序、侵犯他人合法权益等法律法规禁止的活动 // // 任何基于本项目二次开发而产生的一切法律纠纷和责任，均与作者无关 using Novell.Directory.Ldap; namespace Admin.NET.Core; ///

/// 系统域登录配置服务 💥 ///

[ApiDescriptionSettings(Order = 485)] public class SysLdapService : IDynamicApiController, ITransient { private readonly SqlSugarRepository _sysLdapRep; public SysLdapService(SqlSugarRepository sysLdapRep) { _sysLdapRep = sysLdapRep; } ///

/// 获取系统域登录配置分页列表 ///

/// /// [DisplayName("获取系统域登录配置分页列表")] public async Task> Page(SysLdapInput input) { return await _sysLdapRep.AsQueryable() .WhereIF(!string.IsNullOrWhiteSpace(input.SearchKey), u => u.Host.Contains(input.SearchKey.Trim())) .WhereIF(!string.IsNullOrWhiteSpace(input.Host), u => u.Host.Contains(input.Host.Trim())) .OrderBy(u => u.CreateTime, OrderByType.Desc) .ToPagedListAsync(input.Page, input.PageSize); } ///

/// 增加系统域登录配置 ///

/// /// [ApiDescriptionSettings(Name = "Add"), HttpPost] [DisplayName("增加系统域登录配置")] public async Task Add(AddSysLdapInput input) { var entity = input.Adapt(); entity.BindPass = CryptogramUtil.Encrypt(input.BindPass); await _sysLdapRep.InsertAsync(entity); return entity.Id; } ///

/// 更新系统域登录配置 ///

/// /// [ApiDescriptionSettings(Name = "Update"), HttpPost] [DisplayName("更新系统域登录配置")] public async Task Update(UpdateSysLdapInput input) { var entity = input.Adapt(); if (!string.IsNullOrEmpty(input.BindPass) && input.BindPass.Length < 32) { entity.BindPass = CryptogramUtil.Encrypt(input.BindPass); // 加密 } await _sysLdapRep.AsUpdateable(entity).IgnoreColumns(ignoreAllNullColumns: true).ExecuteCommandAsync(); } ///

/// 删除系统域登录配置 ///

/// /// [ApiDescriptionSettings(Name = "Delete"), HttpPost] [DisplayName("删除系统域登录配置")] public async Task Delete(DeleteSysLdapInput input) { var entity = await _sysLdapRep.GetFirstAsync(u => u.Id == input.Id) ?? throw Oops.Oh(ErrorCodeEnum.D1002); await _sysLdapRep.FakeDeleteAsync(entity); // 假删除 //await _rep.DeleteAsync(entity); // 真删除 } ///

/// 获取系统域登录配置详情 ///

/// /// [DisplayName("获取系统域登录配置详情")] public async Task GetDetail([FromQuery] DetailSysLdapInput input) { return await _sysLdapRep.GetFirstAsync(u => u.Id == input.Id); } ///

/// 获取系统域登录配置列表 ///

/// [DisplayName("获取系统域登录配置列表")] public async Task> GetList() { return await _sysLdapRep.AsQueryable().Select().ToListAsync(); } ///

/// 验证账号 ///

/// 域用户 /// 密码 /// 租户 /// [NonAction] public async Task AuthAccount(long tenantId, string account, string password) { var ldap = await _sysLdapRep.GetFirstAsync(u => u.TenantId == tenantId) ?? throw Oops.Oh(ErrorCodeEnum.D1002); var ldapConn = new LdapConnection(); try { ldapConn.Connect(ldap.Host, ldap.Port); ldapConn.Bind(ldap.Version, ldap.BindDn, ldap.BindPass); var userEntitys = ldapConn.Search(ldap.BaseDn, LdapConnection.ScopeSub, ldap.AuthFilter.Replace("$s", account), null, false); string dn = string.Empty; while (userEntitys.HasMore()) { var entity = userEntitys.Next(); var sAMAccountName = entity.GetAttribute(ldap.AuthFilter)?.StringValue; if (!string.IsNullOrEmpty(sAMAccountName)) { dn = entity.Dn; break; } } if (string.IsNullOrEmpty(dn)) throw Oops.Oh(ErrorCodeEnum.D1002); var attr = new LdapAttribute("userPassword", password); ldapConn.Bind(dn, password); } catch (LdapException e) { return e.ResultCode switch { LdapException.NoSuchObject or LdapException.NoSuchAttribute => throw Oops.Oh(ErrorCodeEnum.D0009), LdapException.InvalidCredentials => false, _ => throw Oops.Oh(e.Message), }; } finally { ldapConn.Disconnect(); } return true; } ///

/// 同步域用户 ///

/// /// [DisplayName("同步域用户")] public async Task SyncUser(SyncSysLdapInput input) { var ldap = await _sysLdapRep.GetFirstAsync(u => u.Id == input.Id) ?? throw Oops.Oh(ErrorCodeEnum.D1002); var ldapConn = new LdapConnection(); try { ldapConn.Connect(ldap.Host, ldap.Port); ldapConn.Bind(ldap.Version, ldap.BindDn, ldap.BindPass); var userEntitys = ldapConn.Search(ldap.BaseDn, LdapConnection.ScopeOne, "(objectClass=*)", null, false); var listUserLdap = new List(); while (userEntitys.HasMore()) { LdapEntry entity; try { entity = userEntitys.Next(); if (entity == null) continue; } catch (LdapException) { continue; } var attrs = entity.GetAttributeSet(); if (attrs.Count == 0 || attrs.ContainsKey("OU")) SearchDnLdapUser(ldapConn, ldap, listUserLdap, entity.Dn); else { var sysUserLdap = new SysUserLdap { Account = !attrs.ContainsKey(ldap.BindAttrAccount) ? null : attrs.GetAttribute(ldap.BindAttrAccount)?.StringValue, EmployeeId = !attrs.ContainsKey(ldap.BindAttrEmployeeId) ? null : attrs.GetAttribute(ldap.BindAttrEmployeeId)?.StringValue }; if (string.IsNullOrEmpty(sysUserLdap.EmployeeId)) continue; listUserLdap.Add(sysUserLdap); } } if (listUserLdap.Count == 0) return; await App.GetRequiredService().InsertUserLdaps(ldap.TenantId.Value, listUserLdap); } catch (LdapException e) { throw e.ResultCode switch { LdapException.NoSuchObject or LdapException.NoSuchAttribute => Oops.Oh(ErrorCodeEnum.D0009), _ => Oops.Oh(e.Message), }; } finally { ldapConn.Disconnect(); } } ///

/// 遍历查询域用户 ///

/// /// /// /// private static void SearchDnLdapUser(LdapConnection conn, SysLdap ldap, List listUserLdap, string baseDn) { var userEntitys = conn.Search(baseDn, LdapConnection.ScopeOne, "(objectClass=*)", null, false); while (userEntitys.HasMore()) { LdapEntry entity; try { entity = userEntitys.Next(); if (entity == null) continue; } catch (LdapException) { continue; } var attrs = entity.GetAttributeSet(); if (attrs.Count == 0 || attrs.ContainsKey("OU")) SearchDnLdapUser(conn, ldap, listUserLdap, entity.Dn); else { var sysUserLdap = new SysUserLdap { Account = !attrs.ContainsKey(ldap.BindAttrAccount) ? null : attrs.GetAttribute(ldap.BindAttrAccount)?.StringValue, EmployeeId = !attrs.ContainsKey(ldap.BindAttrEmployeeId) ? null : attrs.GetAttribute(ldap.BindAttrEmployeeId)?.StringValue }; if (string.IsNullOrEmpty(sysUserLdap.EmployeeId)) continue; listUserLdap.Add(sysUserLdap); } } } }