Springboot整合Ldap
1. 引包
<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-data-ldap</artifactId> </dependency>
2. 配置文件application.yml
spring: #AD域对接 ldap: urls: - "ldap://ads.aex1pec.com:389" base: "DC=aex1pec,DC=com" username: "CN=srvsvcmdbd,ou=ServiceAccount,dc=aex1pec,dc=com" password: "test123"
3. 配置类
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.ldap.core.ContextSource; import org.springframework.ldap.core.LdapOperations; import org.springframework.ldap.core.LdapTemplate; @Configuration public class LdapConfig { @Bean @ConditionalOnMissingBean(LdapOperations.class) public LdapTemplate ldapTemplate(ContextSource contextSource){ LdapTemplate ldapTemplate = new LdapTemplate(contextSource); ldapTemplate.setIgnorePartialResultException(true); return ldapTemplate; } }
4. 实体类
import lombok.Data; import org.springframework.ldap.odm.annotations.Attribute; import org.springframework.ldap.odm.annotations.Entry; import org.springframework.ldap.odm.annotations.Id; import javax.naming.Name; import javax.naming.ldap.LdapName; @Data @Entry(objectClasses = {"user"},base = "ou=Domain Users,DC=aex1pec,DC=com") public class EcUser { @Id private LdapName ldapName; /** * 域账号 */ @Attribute(name = "sAMAccountName") private String userAccount; /** * 姓名 */ @Attribute(name = "displayName") private String userName; /** * 邮箱 */ @Attribute(name = "mail") private String userEmail; /** * 部门 */ @Attribute(name = "department") private String department; /** * 岗位 */ @Attribute(name = "title") private String title; @Attribute(name = "memberOf") private String groupListStr; }
5. 接口
public interface EcUserDao { List<EcUser> getAllUser(); EcUser getUserByAccount(String userAccount); Boolean authUser(String userAccount,String password); }
6. 实现类
import cn.hutool.core.util.StrUtil;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.ldap.core.LdapTemplate; import org.springframework.ldap.query.LdapQueryBuilder; import org.springframework.stereotype.Component; import org.springframework.util.CollectionUtils; import javax.naming.ldap.Rdn; import java.util.Collections; import java.util.List; import java.util.stream.Collectors; @Component public class EcUserDaoImpl implements EcUserDao { private static final String ATTR_OBJ_CLASS = "objectClass"; private static final String USER = "user"; @Autowired private LdapTemplate ldapTemplate; /** * 获取所有用户信息 * @return */ @Override public List<EcUser> getAllUser() { List<EcUser> list = ldapTemplate.find(LdapQueryBuilder.query().base("OU=Domain Users").where(ATTR_OBJ_CLASS).is(USER), EcUser.class); if (CollectionUtils.isEmpty(list)) { return Collections.emptyList(); } // 只需ou在Domain Users和EC的用户 return list.stream().filter(e -> { List<Rdn> rdns = e.getLdapName().getRdns(); return rdns.stream().anyMatch(p -> p.getType().equals("OU") && (p.getValue().equals("EC") || p.getValue().equals("Contractors"))); }).collect(Collectors.toList()); } /** * 根据域账号查询用户信息 * @param userAccount * @return */ @Override public EcUser getUserByAccount(String userAccount) { return ldapTemplate.find(LdapQueryBuilder.query().where(ATTR_OBJ_CLASS).is(USER).and("sAMAccountName").is(userAccount), EcUser.class).stream().findFirst().orElse(null); } @Override public Boolean authUser(String userAccount, String password) { if (StrUtil.isBlankIfStr(password) || StrUtil.isBlankIfStr(userAccount)) { return Boolean.FALSE; } try { ldapTemplate.authenticate(LdapQueryBuilder.query().where(ATTR_OBJ_CLASS).is(USER).and("sAMAccountName").is(userAccount), password); } catch (Exception e) { throw new BizException(BaseCode.LOGIN_FAILED); } return Boolean.TRUE; } }