package auth import ( "git.qianqiusoft.com/qianqiusoft/light-apiengine/ldap" "git.qianqiusoft.com/qianqiusoft/light-apiengine/entitys" "git.qianqiusoft.com/qianqiusoft/light-apiengine/logs" "git.qianqiusoft.com/qianqiusoft/light-apiengine/config" "git.qianqiusoft.com/qianqiusoft/light-apiengine/models" "git.qianqiusoft.com/qianqiusoft/light-apiengine/utils" "net" "fmt" "strings" ) type LdapAuth struct { App entitys.ApiEngineInterface IAuth } func NewLdapAuth(app entitys.ApiEngineInterface) *LdapAuth { return &LdapAuth{App:app} } func (this *LdapAuth)Login(c *entitys.CtrlContext) { } func (this *LdapAuth)Logout(c *entitys.CtrlContext){ } func (this* LdapAuth)Init(){ s := ldap.NewServer() // register Bind and Search function handlers handler := ldapHandler{this.App} s.BindFunc("", handler) s.SearchFunc("", handler) // start the server listen :=fmt.Sprintf(":%d", config.AppConfig.LdapPort) logs.Info("Starting example LDAP server on %s", listen) if err := s.ListenAndServe(listen); err != nil { logs.Error("LDAP Server Failed: %s", err.Error()) } } type ldapHandler struct { App entitys.ApiEngineInterface } ///////////// Allow anonymous binds only func (h ldapHandler) Bind(bindDN, bindSimplePw string, conn net.Conn) (ldap.LDAPResultCode, error) { fmt.Println("bind:",bindDN) fmt.Println("pwd:", bindSimplePw) if bindDN == "cn=qianqiuiot" { if bindSimplePw == "qianqiuiot.com" { return ldap.LDAPResultSuccess, nil }else { return ldap.LDAPResultCompareFalse, nil } } userName := bindDN[3:] password := bindSimplePw var user models.SysUser ret, err := h.App.GetBusinessDb("qianqiuiot.com").SQL(models.SqlUserLogin, userName).Get(&user) if ret && err == nil { md5Pwd := utils.HashPassword(password, "") //密码错误 if !strings.EqualFold(user.Password, md5Pwd) { fmt.Println("密码错误") return ldap.LDAPResultCompareFalse, nil }else { fmt.Println("密码正确") return ldap.LDAPResultSuccess, nil } } fmt.Println("出错", err) return ldap.LDAPResultCompareFalse, err } ///////////// Return some hardcoded search results - we'll respond to any baseDN for testing func (h ldapHandler) Search(boundDN string, searchReq ldap.SearchRequest, conn net.Conn) (ldap.ServerSearchResult, error) { fmt.Printf("%s,search......%s\n", boundDN, searchReq) userName := "" if boundDN == "cn=qianqiuiot" { if searchReq.Filter == "(objectClass=*)" { uid := searchReq.BaseDN dn := uid if dn == "" { dn = boundDN } entries := []*ldap.Entry{ &ldap.Entry{dn, []*ldap.EntryAttribute{ //&ldap.EntryAttribute{"uid", []string{}}, }}, } return ldap.ServerSearchResult{entries, []string{}, []ldap.Control{}, ldap.LDAPResultSuccess}, nil }else { start := strings.Index(searchReq.Filter, "uid=") end := strings.Index(searchReq.Filter[start:], ")") fmt.Println("%d,%d", start, end) userName = searchReq.Filter[start+4 : start+end] fmt.Println(userName) } }else { userName = boundDN[3:] } var user models.SysUser ret, err := h.App.GetBusinessDb("qianqiuiot.com").SQL(models.SqlUserLogin, userName).Get(&user) if ret && err == nil { entries := []*ldap.Entry{ &ldap.Entry{"cn=" + user.LoginId, []*ldap.EntryAttribute{ &ldap.EntryAttribute{"cn", []string{user.Name}}, &ldap.EntryAttribute{"uidNumber", []string{user.Id}}, &ldap.EntryAttribute{"accountStatus", []string{"active"}}, &ldap.EntryAttribute{"uid", []string{user.LoginId}}, &ldap.EntryAttribute{"description", []string{user.Name}}, &ldap.EntryAttribute{"objectClass", []string{"posixAccount"}}, }}, } return ldap.ServerSearchResult{entries, []string{}, []ldap.Control{}, ldap.LDAPResultSuccess}, err }else { return ldap.ServerSearchResult{nil, []string{}, []ldap.Control{}, ldap.LDAPResultCompareFalse}, err } }