ldap

backend/src/main/java/io/metersphere/ldap/dao/PersonRepo.java

@@ -1,11 +1,9 @@
 package io.metersphere.ldap.dao;
 
 
-import java.util.List;
+import io.metersphere.ldap.domain.Person;
 
 public interface PersonRepo {
 
-    List findByName(String name);
+    Person getDnForUser(String name);
-
-    String getDnForUser(String name);
 }

backend/src/main/java/io/metersphere/ldap/dao/PersonRepoImpl.java

@@ -15,12 +15,15 @@ import org.springframework.ldap.core.*;
 import org.springframework.ldap.core.support.AbstractContextMapper;
 import org.springframework.ldap.core.support.DefaultDirObjectFactory;
 import org.springframework.ldap.core.support.LdapContextSource;
-import org.springframework.ldap.query.LdapQuery;
+import org.springframework.ldap.query.SearchScope;
 import org.springframework.stereotype.Service;
+
 import javax.annotation.Resource;
 import javax.naming.directory.DirContext;
 import javax.naming.ldap.LdapContext;
+import java.util.Hashtable;
 import java.util.List;
+import java.util.Map;
 
 import static org.springframework.ldap.query.LdapQueryBuilder.query;
 
@@ -62,31 +65,32 @@ public class PersonRepoImpl implements PersonRepo {
     }
 
     @Override
-    public List<Person> findByName(String name) {
+    public Person getDnForUser(String username) {
         LdapTemplate ldapTemplate = getConnection();
-        LdapQuery query = query().where("cn").is(name);
+        String filter = getFilter();
-        return ldapTemplate.search(query, getContextMapper());
-    }
 
-    @Override
+        List<Person> result = ldapTemplate.search(
-    public String getDnForUser(String uid) {
+                query().filter(filter, username),
-        LdapTemplate ldapTemplate = getConnection();
+                getContextMapper());
-        List<String> result = ldapTemplate.search(
+
-                query().where("cn").is(uid),
+        System.out.println(result.toString());
-                new AbstractContextMapper() {
-                    @Override
-                    protected String doMapFromContext(DirContextOperations ctx) {
-                        return ctx.getNameInNamespace();
-                    }
-                });
 
         if (result.size() != 1) {
             throw new RuntimeException(Translator.get("user_not_found_or_not_unique"));
         }
-
         return result.get(0);
     }
 
+    private String getFilter() {
+        String filter = service.getValue(ParamConstants.LDAP.FILTER.getValue());
+
+        if (StringUtils.isBlank(filter)) {
+            filter = "(sAMAccountName={0})";
+        }
+
+        return filter;
+    }
+
     protected ContextMapper getContextMapper() {
         return new PersonContextMapper();
     }
@@ -95,6 +99,8 @@ public class PersonRepoImpl implements PersonRepo {
         @Override
         public Person doMapFromContext(DirContextOperations context) {
             Person person = new Person();
+            person.setDn(context.getNameInNamespace());
+            person.setUid(context.getStringAttribute("uid"));
             person.setCommonName(context.getStringAttribute("cn"));
             person.setSurName(context.getStringAttribute("sn"));
             person.setUsername(context.getStringAttribute("sAMAccountName"));
@@ -123,6 +129,11 @@ public class PersonRepoImpl implements PersonRepo {
         sourceLdapCtx.afterPropertiesSet();
         LdapTemplate ldapTemplate = new LdapTemplate(sourceLdapCtx);
         ldapTemplate.setIgnorePartialResultException(true);
+        Map<String, Object> baseEnv = new Hashtable<>();
+        baseEnv.put("com.sun.jndi.ldap.connect.timeout", "3000");
+        baseEnv.put("com.sun.jndi.ldap.read.timeout", "3000");
+        sourceLdapCtx.setBaseEnvironmentProperties(baseEnv);
+        ldapTemplate.setDefaultSearchScope(SearchScope.SUBTREE.getId());
 
         // ldapTemplate 是否可用
         authenticate(dn, credentials, ldapTemplate);

backend/src/main/java/io/metersphere/ldap/domain/Person.java

@@ -14,7 +14,7 @@ public class Person {
 
     @Id
     private Name id;
-    @DnAttribute(value="uid",index = 3)
+    @DnAttribute(value="uid",index = 0)
     private String uid;
     @Attribute(name = "cn")
     private String commonName;
@@ -24,5 +24,6 @@ public class Person {
     private String username;
     @Attribute(name = "mail")
     private String email;
+    private String dn;
 
 }

backend/src/main/java/io/metersphere/ldap/service/LdapService.java

@@ -23,25 +23,27 @@ public class LdapService {
         String dn = null;
         String username = request.getUsername();
         String credentials = request.getPassword();
-
+        Person person = null;
         List<Person> personList = null;
         try {
-            // select user by sAMAccountName
+//            // select user by sAMAccountName
-            personList = personRepo.findByName(username);
+//            personList = personRepo.findByName(username);
-
+//
-            if (personList.size() == 1) {
+//            if (personList.size() == 1) {
-                dn = personRepo.getDnForUser(username);
+//                dn = personRepo.getDnForUser(username);
-            } else if (personList.size() == 0) {
+//            } else if (personList.size() == 0) {
-                MSException.throwException(Translator.get("user_not_exist") + username);
+//                MSException.throwException(Translator.get("user_not_exist") + username);
-            } else {
+//            } else {
-                MSException.throwException(Translator.get("find_more_user"));
+//                MSException.throwException(Translator.get("find_more_user"));
-            }
+//            }
+            person = personRepo.getDnForUser(username);
+            dn = person.getDn();
         } catch (CommunicationException e) {
             MSException.throwException(Translator.get("ldap_connect_fail"));
         }
         personRepo.authenticate(dn, credentials);
 
-        return personList.get(0);
+        return person;
     }
 
     public void testConnect(LdapInfo ldap) {

frontend/src/business/components/settings/system/LdapSetting.vue

@@ -82,6 +82,7 @@
           dn: {required: true, message: this.$t('ldap.input_dn'), trigger: ['change', 'blur']},
           password: {required: true, message: this.$t('ldap.input_password'), trigger: ['change', 'blur']},
           ou: {required: true, message: this.$t('ldap.input_ou'), trigger: ['change', 'blur']},
+          filter: {required: true, message: this.$t('ldap.input_ou'), trigger: ['change', 'blur']}
         },
         loginFormRules: {
           username: {required: true, message: this.$t('ldap.input_username'), trigger: 'blur'},