Springboot整合Ldap

1. 引包

 <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-ldap</artifactId>
 </dependency>

2. 配置文件application.yml

spring:
  #AD域对接
  ldap:
    urls:
      - "ldap://ads.aex1pec.com:389"
    base: "DC=aex1pec,DC=com"
    username: "CN=srvsvcmdbd,ou=ServiceAccount,dc=aex1pec,dc=com"
    password: "test123"

3. 配置类

import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.ldap.core.ContextSource;
import org.springframework.ldap.core.LdapOperations;
import org.springframework.ldap.core.LdapTemplate;
@Configuration
public class LdapConfig {
    @Bean
    @ConditionalOnMissingBean(LdapOperations.class)
    public LdapTemplate ldapTemplate(ContextSource contextSource){
        LdapTemplate ldapTemplate = new LdapTemplate(contextSource);
        ldapTemplate.setIgnorePartialResultException(true);
        return ldapTemplate;
    }

}

4. 实体类

import lombok.Data;
import org.springframework.ldap.odm.annotations.Attribute;
import org.springframework.ldap.odm.annotations.Entry;
import org.springframework.ldap.odm.annotations.Id;
import javax.naming.Name;
import javax.naming.ldap.LdapName;

@Data
@Entry(objectClasses = {"user"},base = "ou=Domain Users,DC=aex1pec,DC=com")
public class EcUser {

    @Id
    private LdapName ldapName;
    /**
     * 域账号
     */
    @Attribute(name = "sAMAccountName")
    private String userAccount;

    /**
     * 姓名
     */
    @Attribute(name = "displayName")
    private String userName;

    /**
     * 邮箱
     */
    @Attribute(name = "mail")
    private String userEmail;

    /**
     * 部门
     */
    @Attribute(name = "department")
    private String department;

    /**
     * 岗位
     */
    @Attribute(name = "title")
    private String title;

    @Attribute(name = "memberOf")
    private String groupListStr;
}

5. 接口

public interface EcUserDao {
    List<EcUser> getAllUser();

    EcUser getUserByAccount(String userAccount);

    Boolean authUser(String userAccount,String password);
}

6. 实现类 

import cn.hutool.core.util.StrUtil;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.ldap.core.LdapTemplate; import org.springframework.ldap.query.LdapQueryBuilder; import org.springframework.stereotype.Component; import org.springframework.util.CollectionUtils; import javax.naming.ldap.Rdn; import java.util.Collections; import java.util.List; import java.util.stream.Collectors; @Component public class EcUserDaoImpl implements EcUserDao { private static final String ATTR_OBJ_CLASS = "objectClass"; private static final String USER = "user"; @Autowired private LdapTemplate ldapTemplate; /** * 获取所有用户信息 * @return */ @Override public List<EcUser> getAllUser() { List<EcUser> list = ldapTemplate.find(LdapQueryBuilder.query().base("OU=Domain Users").where(ATTR_OBJ_CLASS).is(USER), EcUser.class); if (CollectionUtils.isEmpty(list)) { return Collections.emptyList(); } // 只需ou在Domain Users和EC的用户 return list.stream().filter(e -> { List<Rdn> rdns = e.getLdapName().getRdns(); return rdns.stream().anyMatch(p -> p.getType().equals("OU") && (p.getValue().equals("EC") || p.getValue().equals("Contractors"))); }).collect(Collectors.toList()); } /** * 根据域账号查询用户信息 * @param userAccount * @return */ @Override public EcUser getUserByAccount(String userAccount) { return ldapTemplate.find(LdapQueryBuilder.query().where(ATTR_OBJ_CLASS).is(USER).and("sAMAccountName").is(userAccount), EcUser.class).stream().findFirst().orElse(null); } @Override public Boolean authUser(String userAccount, String password) { if (StrUtil.isBlankIfStr(password) || StrUtil.isBlankIfStr(userAccount)) { return Boolean.FALSE; } try { ldapTemplate.authenticate(LdapQueryBuilder.query().where(ATTR_OBJ_CLASS).is(USER).and("sAMAccountName").is(userAccount), password); } catch (Exception e) { throw new BizException(BaseCode.LOGIN_FAILED); } return Boolean.TRUE; } }

 

posted @ 2022-06-02 13:58  剑阁丶神灯  阅读(1821)  评论(0)    收藏  举报