Merge branch 'v2' of https://git.qianqiusoft.com/qianqiusoft/light-apiengine into v2

engine/auth/ldap_auth.go

@@ -56,7 +56,7 @@ func (h ldapHandler) Bind(bindDN, bindSimplePw string, conn net.Conn) (ldap.LDAP
 		if bindSimplePw == "qianqiuiot.com" {
 			return ldap.LDAPResultSuccess, nil
 		}else {
-			return ldap.LDAPResultCompareFalse, nil
+			return ldap.LDAPResultInvalidCredentials, nil
 		}
 	}
 	userName := bindDN[3:]
@@ -69,7 +69,7 @@ func (h ldapHandler) Bind(bindDN, bindSimplePw string, conn net.Conn) (ldap.LDAP
 		//密码错误
 		if !strings.EqualFold(user.Password, md5Pwd) {
 			fmt.Println("密码错误")
-			return ldap.LDAPResultCompareFalse, nil
+			return ldap.LDAPResultInvalidCredentials, nil
 		}else {
 			fmt.Println("密码正确")
 			return ldap.LDAPResultSuccess, nil
@@ -81,48 +81,43 @@ func (h ldapHandler) Bind(bindDN, bindSimplePw string, conn net.Conn) (ldap.LDAP
 
 ///////////// Return some hardcoded search results - we'll respond to any baseDN for testing
 func (h ldapHandler) Search(boundDN string, searchReq ldap.SearchRequest, conn net.Conn) (ldap.ServerSearchResult, error) {
-	fmt.Printf("%s,search......%s\n", boundDN, searchReq)
+	fmt.Printf("search......basedn:%s, searchreq:%s\n", boundDN, searchReq)
 	userName := ""
 	if boundDN == "cn=qianqiuiot" {
-		if searchReq.Filter == "(objectClass=*)" {
-			uid := searchReq.BaseDN
-			dn := uid
-			if dn == "" {
-				dn = boundDN
-			}
-			entries := []*ldap.Entry{
-				&ldap.Entry{dn, []*ldap.EntryAttribute{
-					//&ldap.EntryAttribute{"uid", []string{}},
-				}},
-			}
-			return ldap.ServerSearchResult{entries, []string{}, []ldap.Control{}, ldap.LDAPResultSuccess}, nil
-		}else {
-			start := strings.Index(searchReq.Filter, "uid=")
+		fmt.Println("filter:", searchReq.Filter)
+		fmt.Println("BaseDN:", searchReq.BaseDN)
+		start := strings.Index(searchReq.Filter, "uid=")
+		if start > 0 {
 			end := strings.Index(searchReq.Filter[start:], ")")
 			fmt.Println("%d,%d", start, end)
 			userName = searchReq.Filter[start+4 : start+end]
 			fmt.Println(userName)
+		}else {
+			if len(searchReq.BaseDN)>3 {
+				userName = searchReq.BaseDN[3:]
+			}
 		}
-	}else {
+	}else if len(boundDN) > 3{
 		userName = boundDN[3:]
 	}
+	if userName != "" {
+		var user models.SysUser
+		ret, err := h.App.GetBusinessDb("qianqiuiot.com").SQL(models.SqlUserLogin, userName).Get(&user)
 
-	var user models.SysUser
-	ret, err := h.App.GetBusinessDb("qianqiuiot.com").SQL(models.SqlUserLogin, userName).Get(&user)
-
-	if ret && err == nil {
-		entries := []*ldap.Entry{
-			&ldap.Entry{"cn=" + user.LoginId, []*ldap.EntryAttribute{
-				&ldap.EntryAttribute{"cn", []string{user.Name}},
-				&ldap.EntryAttribute{"uidNumber", []string{user.Id}},
-				&ldap.EntryAttribute{"accountStatus", []string{"active"}},
-				&ldap.EntryAttribute{"uid", []string{user.LoginId}},
-				&ldap.EntryAttribute{"description", []string{user.Name}},
-				&ldap.EntryAttribute{"objectClass", []string{"posixAccount"}},
-			}},
+		if ret && err == nil {
+			entries := []*ldap.Entry{
+				&ldap.Entry{"cn=" + user.LoginId, []*ldap.EntryAttribute{
+					&ldap.EntryAttribute{"cn", []string{user.Name}},
+					&ldap.EntryAttribute{"uidNumber", []string{user.Id}},
+					&ldap.EntryAttribute{"accountStatus", []string{"active"}},
+					&ldap.EntryAttribute{"uid", []string{user.LoginId}},
+					&ldap.EntryAttribute{"description", []string{user.Name}},
+					&ldap.EntryAttribute{"email", []string{user.Email}},
+					&ldap.EntryAttribute{"objectClass", []string{"posixAccount"}},
+				}},
+			}
+			return ldap.ServerSearchResult{entries, []string{}, []ldap.Control{}, ldap.LDAPResultSuccess}, nil
 		}
-		return ldap.ServerSearchResult{entries, []string{}, []ldap.Control{}, ldap.LDAPResultSuccess}, err
-	}else {
-		return ldap.ServerSearchResult{nil, []string{}, []ldap.Control{}, ldap.LDAPResultCompareFalse}, err
 	}
+	return ldap.ServerSearchResult{nil, []string{}, []ldap.Control{}, ldap.LDAPResultSuccess}, nil
 }