禁用用户不同步

2025-06-07 09:44:03 +08:00 · 2023-12-26 15:34:56 +08:00 · 2023-12-26 15:34:56 +08:00 · 1e92f19923
commit 1e92f19923
parent 8d03678e71
3 changed files with 55 additions and 27 deletions
--- a/playedu-common/src/main/java/xyz/playedu/common/bus/LDAPBus.java
+++ b/playedu-common/src/main/java/xyz/playedu/common/bus/LDAPBus.java
@ -180,6 +180,9 @@ public class LDAPBus {
        String defaultAvatar = appConfigService.defaultAvatar();

        for (LdapTransformUser ldapTransformUser : userList) {
+            if (ldapTransformUser.isBan()) {
+                continue;
+            }
            singleUserSync(ldapTransformUser, defaultAvatar);
        }
    }
--- a/playedu-common/src/main/java/xyz/playedu/common/util/ldap/LdapTransformUser.java
+++ b/playedu-common/src/main/java/xyz/playedu/common/util/ldap/LdapTransformUser.java
@ -32,4 +32,6 @@ public class LdapTransformUser {
    private String email;

    private String uid;
+
+    private boolean ban;
 }
--- a/playedu-common/src/main/java/xyz/playedu/common/util/ldap/LdapUtil.java
+++ b/playedu-common/src/main/java/xyz/playedu/common/util/ldap/LdapUtil.java
@ -55,12 +55,21 @@ public class LdapUtil {
                "sAMAccountName",
                "displayName",
                "uSNCreated", // AD域的唯一属性
+                "userAccountControl",

                // 公用属性
                "mail",
            };
    private static final String[] OU_RETURN_ATTRS = new String[] {"ou", "usncreated"};

+    // 514 - 禁用账户
+    // 546 - 禁用账户 不需密码
+    // 66050 - 禁用账户 密码未过期
+    // 66080 - 禁用账户 密码未过期且不需密码
+    // 66082 - 禁用账户 密码未过期且不需密码
+    private static final String[] DISABLE_USER_ACCOUNT_CONTROL =
+            new String[] {"514", "546", "66050", "66080", "66082"};
+
    public static LdapContext initContext(String url, String adminUser, String adminPass)
            throws NamingException {
        Hashtable<String, String> context = new Hashtable<>();
@ -75,7 +84,8 @@ public class LdapUtil {
    }

    public static List<LdapTransformUser> users(
-            String url, String adminUser, String adminPass, String baseDN) throws NamingException, IOException {
+            String url, String adminUser, String adminPass, String baseDN)
+            throws NamingException, IOException {
        LdapContext ldapContext = initContext(url, adminUser, adminPass);

        int pageSize = 1000;
@ -91,23 +101,26 @@ public class LdapUtil {
        while (true) {
            try {
                if (cookie != null) {
-                    ldapContext.setRequestControls(new Control[]{
+                    ldapContext.setRequestControls(
+                            new Control[] {
                                new PagedResultsControl(pageSize, cookie, false),
                            });
                } else {
-                    ldapContext.setRequestControls(new Control[]{
-                            new PagedResultsControl(pageSize, false)
-                    });
+                    ldapContext.setRequestControls(
+                            new Control[] {new PagedResultsControl(pageSize, false)});
                }

-                NamingEnumeration<SearchResult> result = ldapContext.search(baseDN, USER_OBJECT_CLASS, controls);
+                NamingEnumeration<SearchResult> result =
+                        ldapContext.search(baseDN, USER_OBJECT_CLASS, controls);
                while (result.hasMoreElements()) {
                    SearchResult item = result.nextElement();
                    if (item != null) {
                        LdapTransformUser ldapTransformUser = parseTransformUser(item, baseDN);
+                        if (ldapTransformUser != null) {
                            users.add(ldapTransformUser);
                        }
                    }
+                }

                cookie = parseCookie(ldapContext.getResponseControls());
                if (cookie == null || cookie.length == 0) {
@ -283,6 +296,16 @@ public class LdapUtil {
        LdapTransformUser ldapUser = new LdapTransformUser();
        ldapUser.setDn(item.getName());

+        if (attributes.get("userAccountControl") != null) {
+            String userAccountControl = (String) attributes.get("userAccountControl").get();
+            for (String s : DISABLE_USER_ACCOUNT_CONTROL) {
+                if (s.equals(userAccountControl)) {
+                    ldapUser.setBan(true);
+                    break;
+                }
+            }
+        }
+
        // name解析
        String displayName = getAttribute(attributes, "displayName");
        if (StringUtil.isEmpty(displayName)) {