// 大名科技(天津)有限公司 版权所有
//
// 此源代码遵循位于源代码树根目录中的 LICENSE 文件的许可证
//
// 不得利用本项目从事危害国家安全、扰乱社会秩序、侵犯他人合法权益等法律法规禁止的活动
//
// 任何基于本项目二次开发而产生的一切法律纠纷和责任,均与作者无关
using Novell.Directory.Ldap;
namespace Admin.NET.Core;
///
/// 系统域登录配置服务 🧩
///
[ApiDescriptionSettings(Order = 485)]
public class SysLdapService : IDynamicApiController, ITransient
{
private readonly SqlSugarRepository _sysLdapRep;
public SysLdapService(SqlSugarRepository sysLdapRep)
{
_sysLdapRep = sysLdapRep;
}
///
/// 获取系统域登录配置分页列表 🔖
///
///
///
[DisplayName("获取系统域登录配置分页列表")]
public async Task> Page(SysLdapInput input)
{
return await _sysLdapRep.AsQueryable()
.WhereIF(!string.IsNullOrWhiteSpace(input.SearchKey), u => u.Host.Contains(input.SearchKey.Trim()))
.WhereIF(!string.IsNullOrWhiteSpace(input.Host), u => u.Host.Contains(input.Host.Trim()))
.OrderBy(u => u.CreateTime, OrderByType.Desc)
.ToPagedListAsync(input.Page, input.PageSize);
}
///
/// 增加系统域登录配置 🔖
///
///
///
[ApiDescriptionSettings(Name = "Add"), HttpPost]
[DisplayName("增加系统域登录配置")]
public async Task Add(AddSysLdapInput input)
{
var entity = input.Adapt();
entity.BindPass = CryptogramUtil.Encrypt(input.BindPass);
await _sysLdapRep.InsertAsync(entity);
return entity.Id;
}
///
/// 更新系统域登录配置 🔖
///
///
///
[ApiDescriptionSettings(Name = "Update"), HttpPost]
[DisplayName("更新系统域登录配置")]
public async Task Update(UpdateSysLdapInput input)
{
var entity = input.Adapt();
if (!string.IsNullOrEmpty(input.BindPass) && input.BindPass.Length < 32)
{
entity.BindPass = CryptogramUtil.Encrypt(input.BindPass); // 加密
}
await _sysLdapRep.AsUpdateable(entity).IgnoreColumns(ignoreAllNullColumns: true).ExecuteCommandAsync();
}
///
/// 删除系统域登录配置 🔖
///
///
///
[ApiDescriptionSettings(Name = "Delete"), HttpPost]
[DisplayName("删除系统域登录配置")]
public async Task Delete(DeleteSysLdapInput input)
{
var entity = await _sysLdapRep.GetFirstAsync(u => u.Id == input.Id) ?? throw Oops.Oh(ErrorCodeEnum.D1002);
await _sysLdapRep.FakeDeleteAsync(entity); // 假删除
//await _rep.DeleteAsync(entity); // 真删除
}
///
/// 获取系统域登录配置详情 🔖
///
///
///
[DisplayName("获取系统域登录配置详情")]
public async Task GetDetail([FromQuery] DetailSysLdapInput input)
{
return await _sysLdapRep.GetFirstAsync(u => u.Id == input.Id);
}
///
/// 获取系统域登录配置列表 🔖
///
///
[DisplayName("获取系统域登录配置列表")]
public async Task> GetList()
{
return await _sysLdapRep.AsQueryable().Select().ToListAsync();
}
///
/// 验证账号
///
/// 域用户
/// 密码
/// 租户
///
[NonAction]
public async Task AuthAccount(long tenantId, string account, string password)
{
var sysLdap = await _sysLdapRep.GetFirstAsync(u => u.TenantId == tenantId) ?? throw Oops.Oh(ErrorCodeEnum.D1002);
var ldapConn = new LdapConnection();
try
{
ldapConn.Connect(sysLdap.Host, sysLdap.Port);
ldapConn.Bind(sysLdap.Version, sysLdap.BindDn, sysLdap.BindPass);
var ldapSearchResults = ldapConn.Search(sysLdap.BaseDn, LdapConnection.ScopeSub, sysLdap.AuthFilter.Replace("$s", account), null, false);
string dn = string.Empty;
while (ldapSearchResults.HasMore())
{
var ldapEntry = ldapSearchResults.Next();
var sAMAccountName = ldapEntry.GetAttribute(sysLdap.AuthFilter)?.StringValue;
if (!string.IsNullOrEmpty(sAMAccountName))
{
dn = ldapEntry.Dn;
break;
}
}
if (string.IsNullOrEmpty(dn)) throw Oops.Oh(ErrorCodeEnum.D1002);
// var attr = new LdapAttribute("userPassword", password);
ldapConn.Bind(dn, password);
}
catch (LdapException e)
{
return e.ResultCode switch
{
LdapException.NoSuchObject or LdapException.NoSuchAttribute => throw Oops.Oh(ErrorCodeEnum.D0009),
LdapException.InvalidCredentials => false,
_ => throw Oops.Oh(e.Message),
};
}
finally
{
ldapConn.Disconnect();
}
return true;
}
///
/// 同步域用户 🔖
///
///
///
[DisplayName("同步域用户")]
public async Task SyncUser(SyncSysLdapInput input)
{
var sysLdap = await _sysLdapRep.GetFirstAsync(u => u.Id == input.Id) ?? throw Oops.Oh(ErrorCodeEnum.D1002);
var ldapConn = new LdapConnection();
try
{
ldapConn.Connect(sysLdap.Host, sysLdap.Port);
ldapConn.Bind(sysLdap.Version, sysLdap.BindDn, sysLdap.BindPass);
var ldapSearchResults = ldapConn.Search(sysLdap.BaseDn, LdapConnection.ScopeOne, "(objectClass=*)", null, false);
var userLdapList = new List();
while (ldapSearchResults.HasMore())
{
LdapEntry ldapEntry;
try
{
ldapEntry = ldapSearchResults.Next();
if (ldapEntry == null) continue;
}
catch (LdapException)
{
continue;
}
var attrs = ldapEntry.GetAttributeSet();
if (attrs.Count == 0 || attrs.ContainsKey("OU"))
SearchDnLdapUser(ldapConn, sysLdap, userLdapList, ldapEntry.Dn);
else
{
var sysUserLdap = new SysUserLdap
{
Account = !attrs.ContainsKey(sysLdap.BindAttrAccount) ? null : attrs.GetAttribute(sysLdap.BindAttrAccount)?.StringValue,
EmployeeId = !attrs.ContainsKey(sysLdap.BindAttrEmployeeId) ? null : attrs.GetAttribute(sysLdap.BindAttrEmployeeId)?.StringValue
};
if (string.IsNullOrEmpty(sysUserLdap.EmployeeId)) continue;
userLdapList.Add(sysUserLdap);
}
}
if (userLdapList.Count == 0)
return;
await App.GetRequiredService().InsertUserLdaps(sysLdap.TenantId!.Value, userLdapList);
}
catch (LdapException e)
{
throw e.ResultCode switch
{
LdapException.NoSuchObject or LdapException.NoSuchAttribute => Oops.Oh(ErrorCodeEnum.D0009),
_ => Oops.Oh(e.Message),
};
}
finally
{
ldapConn.Disconnect();
}
}
///
/// 遍历查询域用户
///
///
///
///
///
private static void SearchDnLdapUser(LdapConnection conn, SysLdap ldap, List userLdapList, string baseDn)
{
var ldapSearchResults = conn.Search(baseDn, LdapConnection.ScopeOne, "(objectClass=*)", null, false);
while (ldapSearchResults.HasMore())
{
LdapEntry ldapEntry;
try
{
ldapEntry = ldapSearchResults.Next();
if (ldapEntry == null) continue;
}
catch (LdapException)
{
continue;
}
var attrs = ldapEntry.GetAttributeSet();
if (attrs.Count == 0 || attrs.ContainsKey("OU"))
SearchDnLdapUser(conn, ldap, userLdapList, ldapEntry.Dn);
else
{
var sysUserLdap = new SysUserLdap
{
Account = !attrs.ContainsKey(ldap.BindAttrAccount) ? null : attrs.GetAttribute(ldap.BindAttrAccount)?.StringValue,
EmployeeId = !attrs.ContainsKey(ldap.BindAttrEmployeeId) ? null : attrs.GetAttribute(ldap.BindAttrEmployeeId)?.StringValue
};
if (string.IsNullOrEmpty(sysUserLdap.EmployeeId)) continue;
userLdapList.Add(sysUserLdap);
}
}
}
}