新增ldap账号同步

6fb75f9e · xieshaohua · d6c897ae · 6fb75f9e · 6fb75f9e · 6fb75f9e
Commit 6fb75f9e authored Jul 23, 2025 by xieshaohua
4 changed files
--- a/pom.xml
+++ b/pom.xml
@@ -165,6 +165,13 @@
        </dependencies>
    </dependencyManagement>
+    <repositories>
+        <repository>
+            <id>keymobile</id>
+            <url>http://139.198.127.28:18081/repository/maven-public/</url>
+        </repository>
+    </repositories>
    <build>
        <finalName>sso</finalName>

--- a/src/main/java/com/keymobile/login/api/ADApi.java
+++ b/src/main/java/com/keymobile/login/api/ADApi.java
@@ -60,6 +60,12 @@ public class ADApi {
        return adService.login(request, username, password);
    }
+    @ApiOperation(value = "同步ad域账号")
+    @PostMapping(value = "/synUser")
+    public void synUser() {
+        adService.syncUser();
+    }
    @ApiOperation(value = "测试ad账号连接", notes = "测试ad账号连接")
    @PostMapping(value = "/connect")
    public void connect(@RequestParam(value = "host") String host,

--- a/src/main/java/com/keymobile/login/service/ADService.java
+++ b/src/main/java/com/keymobile/login/service/ADService.java
@@ -23,11 +23,14 @@ public interface ADService {
    String ldapAuthentication(String username, String password);
-    String login(HttpServletRequest request, String username, String password) ;
+    String login(HttpServletRequest request, String username, String password);
    LdapWhiteList saveWhiteList(LdapWhiteList whiteList);
    void deleteWhiteList(String username);
    List<LdapWhiteList> listWhiteList();
+    void syncUser();
 }
--- a/src/main/java/com/keymobile/login/service/impl/ADServiceImpl.java
+++ b/src/main/java/com/keymobile/login/service/impl/ADServiceImpl.java
@@ -70,8 +70,8 @@ public class ADServiceImpl implements ADService {
    @Value("${ad.defaultRoleId:2}")
    private Long defaultRoleId;
-    @Value("${ad.limit:true")
+    @Value("${ad.limit:true}")
-    private Boolean adLimit;
+    private String adLimit;
    @Override
@@ -188,6 +188,92 @@ public class ADServiceImpl implements ADService {
    }
    @Override
+    public void syncUser() {
+        logger.info("ad域账号同步开始");
+        // 初始化LDAP连接
+        LdapInfo ldapInfo = getLdapInfo();
+        if (ldapInfo == null) {
+            logger.error("未配置ldap");
+            return;
+        }
+        LdapContext ctx = null;
+        Hashtable<String, String> HashEnv = new Hashtable<>();
+        String dn = ldapInfo.getDn();
+        //拼接ldap可识别的用户名 用户名@域名
+        String ldapUserName = ldapInfo.getUsername() + "@" + dn;
+        String url = "ldap://" + ldapInfo.getHost() + ":" + ldapInfo.getPort();
+        //AD的用户名
+        HashEnv.put(Context.SECURITY_PRINCIPAL, ldapUserName);
+        //AD的密码
+        HashEnv.put(Context.SECURITY_CREDENTIALS, AES.decrypt(ldapInfo.getPassword()));
+        // LDAP工厂类
+        HashEnv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
+        HashEnv.put("com.sun.jndi.ldap.connect.timeout", DEFAULT_TIME_OUT);
+        // 默认端口389
+        HashEnv.put(Context.PROVIDER_URL, url);
+        logger.debug("ad域账号校验,url:{},username:{},password:{},", url, ldapUserName, AES.decrypt(ldapInfo.getPassword()));
+        try {
+            // 初始化上下文
+            ctx = new InitialLdapContext(HashEnv, null);
+            logger.info("{}身份验证成功!", ldapInfo.getUsername());
+            String[] dnArg = StringUtils.split(ldapInfo.getDn(), ".");
+            List<String> dnString = Arrays.asList(dnArg).stream().map(e -> "DC=" + e).collect(Collectors.toList());
+            String dnStr = StringUtils.join(dnString, ",");
+            // 执行账户同步（伪代码）
+            SearchControls controls = new SearchControls();
+            controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
+            NamingEnumeration<SearchResult> answer = ctx.search(dnStr, "(&(objectCategory=person)(objectClass=user))", controls);
+            while (answer.hasMore()) {
+                Map<String, String> ldapUser = new HashMap<>();
+                Attributes attrs = answer.next().getAttributes();
+                Attribute attr = attrs.get(LADP_S_AMACCOUNT_NAME);
+                String name = attr == null || attr.get() == null ? null : attr.get().toString();
+                ldapUser.put(LADP_S_AMACCOUNT_NAME, name);
+                attr = attrs.get(LADP_CN);
+                String alias = attr == null || attr.get() == null ? null : attr.get().toString();
+                ldapUser.put(LADP_CN, alias);
+                attr = attrs.get(LADP_DISTINGUISHED_NAME);
+                String dept = attr == null || attr.get() == null ? null : attr.get().toString();
+                ldapUser.put(LADP_DISTINGUISHED_NAME, dept);
+                if (StringUtils.isNotBlank(name)) {
+                    Map<String, Object> user = getUserByName(name);
+                    if (null == user || CollectionUtils.isEmpty(user)) {
+                        logger.info("用户ladp信息：{}", ldapUser);
+                        Map<String, Object> toAdd = new HashMap<>();
+                        toAdd.put("name", name);
+                        toAdd.put("dname", ldapUser.get(LADP_CN) == null ? name : ldapUser.get(LADP_CN));
+                        //不能被匹配的加密字符
+                        toAdd.put("password", "37fa265330ad83eaa879efb12312db6380896cf639");
+                        //添加默认角色
+                        List<Map<String, Object>> dataRoleAbstracts = new ArrayList<>();
+                        Map<String, Object> roleMap = new HashMap<>();
+                        roleMap.put("id", defaultRoleId);
+                        dataRoleAbstracts.add(roleMap);
+                        toAdd.put("dataRoleAbstracts", dataRoleAbstracts);
+                        Map<String, Object> addUser = authService.addUser(toAdd);
+                        logger.info("新增用户：{}", addUser);
+                    }
+                }
+            }
+        } catch (Exception e) {
+            logger.error("身份验证异常!", e);
+        } finally {
+            if (null != ctx) {
+                try {
+                    ctx.close();
+                } catch (Exception e) {
+                    logger.error("上下文关闭错误!", e);
+                }
+            }
+        }
+        logger.info("ad域账号同步结束");
+    }
+    @Override
    public LdapWhiteList saveWhiteList(LdapWhiteList ldapWhiteList) {
        return ldapWhiteListRepository.save(ldapWhiteList);
    }
@@ -283,7 +369,7 @@ public class ADServiceImpl implements ADService {
    }
    private Boolean checkWhiteList(String userName) {
-        if (!adLimit) {
+        if (!StringUtils.equals("true", adLimit)) {
            return true;
        }
        return ldapWhiteListRepository.findById(userName).isPresent();