通过Ldap实现人事系统组织人事和AD的同步
项目需求:
同步人事系统的组织架构-对应AD的OU树
同步人事系统的员工-对应AD的用户
创建OU 名字不能重复,需要父级路径(parentOrganizeUnit)以及新ou的名字(name),如果最父级则上级路径为域节点
DirectoryEntry CreateOrganizeUnit(string OrgId,string name, string parentOrganizeUnit,int Id,ADInfo ad)
更改OU名称 需要旧的OU路径(oldUnit)以及“OU=新OUName”(newUnit)
DirectoryEntry UpdateOrganizeUnit(string newUnit, string OUName, string oldUnit, int Id,ADInfo ad) 使用Renname
更改OU上级 需要新的上级路径(newparentOrganizeUnit)旧OU的路径(oldUnit)
DirectoryEntry MoveOrganizeUnit(string oldUnit, string newparentOrganizeUnit, int Id,ADInfo ad)
创建ou用户需要ou路径(orgPath) 以及用户信息(user)
AddADAccount(string orgPath, EmpInfo user, int Id,ADInfo ad)
注意ou树下的名字是cn字段(不能重复),cn需要重新赋值时用rename
sAMAccountName 用户(不能重复)
userPrincipalName 有域名的用户名 (不能重复)
邮箱为空不能赋值(mail)
移动用户 需要用户路径(user_path)以及OU路径(target_path)
MoveUser(string user_path, string target_path,string OuName, int Id,ADInfo ad)
设置密码
NewUser.Invoke("SetPassword", new object[] { accountPwd });
设置用户下次登录必须修改密码
NewUser.Properties["pwdLastSet"].Value = 0;
对应TXT 代码
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using Quartz;
using vxTalent.Schedule.DALBase;
using System.Data;
using System.DirectoryServices;
using vxTalent.Schedule.DALBase.AD;
using System.Configuration;
using System.Reflection;
using Microsoft.International.Converters.PinYinConverter;
namespace vxTalent.User.ModuleJob.AD
{
public class ADSynData : IJob
{
private static readonly log4net.ILog logger = log4net.LogManager.GetLogger(System.Reflection.MethodBase.GetCurrentMethod().DeclaringType);
private static bool IsSendSMSLocked = false;
private static readonly object lynLock = new object();
ADSynDataAccess asy = new ADSynDataAccess();
/// <summary>
/// 域名
///// </summary>
//private string _domain;
///// <summary>
///// 主机域IP
///// </summary>
//private string _domainIp;
///// <summary>
///// 管理员账号
///// </summary>
//private string adminUser;
///// <summary>
///// 管理员密码
///// </summary>
//private string adminPwd;
///// <summary>
///// 路径的最前端
///// </summary>
//private string _ldapIdentity;
/// <summary>
/// 路径的最后端
/// </summary>
string accountPwd = ObjConvert.ObjString(ConfigurationManager.AppSettings["AdInitPwd"]) == "" ? "abc12345!" : ObjConvert.ObjString(ConfigurationManager.AppSettings["AdInitPwd"]);
int i = ; //重复变量
private string sAMAccountName = "";
protected int AdRepeatNum = ObjConvert.ObjInt(ConfigurationManager.AppSettings["AdRepeatNum"]) == ? : ObjConvert.ObjInt(ConfigurationManager.AppSettings["AdRepeatNum"]);
string cnName = ""; public void Test() { string domain_ = row["ADName"].ToString();
string domainIp_ = row["ADUrl"].ToString();
string adminUser_ = row["ADName"].ToString() + "\\" + row["UserName"].ToString();
string adminPwd_ = row["Pwd"].ToString();
string ldapIdentity_ = "LDAP://" + domainIp_ + "/";
string houzhui_ = row["ADSur"].ToString() != "" ? row["ADSur"].ToString() : "com";
string suffixPath_ = "DC=" + domain_ + ",DC=" + houzhui_;
ADInfo ad = new ADInfo
{
adsur = houzhui_,
domain = domain_,
domainIp = domainIp_,
ldapIdentity = ldapIdentity_,
suffixPath = suffixPath_,
adminPwd = adminPwd_,
adminUser = adminUser_,
houzhui=houzhui_,
dbCon = dbString
}; RunData(dbString, ad);
} /// <summary>
/// 遍历每个 库的待同步数据
/// </summary>
/// <param name="conn"></param>
protected void RunData(string conn,ADInfo ad ) {
DataTable waitingData = asy.GetWaitingData(conn);
if (waitingData != null && waitingData.Rows.Count > ) {
string operation = "";
foreach (DataRow item in waitingData.Rows)
{
try
{
int synId = ObjConvert.ObjInt(item["Id"]);
operation = ObjConvert.ObjString(item["Operation"]);
//部门操作
if (ObjConvert.ObjString(item["SynType"]) == "")
{
string path = "", orgName = "", relateId = ObjConvert.ObjString(item["RelateID"]);
DataTable orgDatatable = asy.GetOrgById(conn, relateId); string parentOrgId = ""; string name = "";
if (orgDatatable != null && orgDatatable.Rows.Count > )
{
name = ObjConvert.ObjString(orgDatatable.Rows[]["organizationalname"]); parentOrgId = ObjConvert.ObjString(orgDatatable.Rows[]["ParentOrganizationalID"]);
}
else
{
DataTable hisTable = asy.GetHistoryOrg(conn, relateId);
if (hisTable != null && hisTable.Rows.Count > )
{
name = ObjConvert.ObjString(hisTable.Rows[]["organizationalname"]);
parentOrgId = ObjConvert.ObjString(hisTable.Rows[]["ParentOrganizationalID"]);
} } switch (operation)
{
case "Add":
//parentPath = asy.GetPathOrgId(conn, ObjConvert.ObjString(orgDatatable.Rows[0]["ParentOrganizationalID"]));
CreateOrganizeUnit(relateId, name, parentOrgId, synId, ad); break;
case "ParentChange":
//MovePath = asy.GetPathOrgId(conn, ObjConvert.ObjString(item["MergeDeleteId"]));
MoveOrganizeUnit(relateId, ObjConvert.ObjString(item["MergeDeleteId"]), synId, ad); break;
case "Update":
// string repl= oldOrgName.Split('/')[0];
orgName = "OU=" + name;
UpdateOrganizeUnit(orgName, name, relateId, synId, ad); break;
case "Merge":
string[] arrDeleteId = ObjConvert.ObjString(item["MergeDeleteId"]).Split(',');
MergeOu(arrDeleteId, ObjConvert.ObjString(item["RelateID"]), name, synId, ad);
break;
case "Disable": //禁用加+封存
orgName = "OU=" + name + "(封存)";
UpdateOrganizeUnit(orgName, name + "(封存)", relateId, synId, ad); break; } }
else
{ //人员操作
DataTable empTable = asy.GetEmpById(conn, ObjConvert.ObjInt(item["RelateID"]));
EmpInfo empDetail = new EmpInfo(); if (empTable != null && empTable.Rows.Count > )
{ string CNName = ObjConvert.ObjString(empTable.Rows[]["CNName"]);
string piyin = ObjConvert.ObjString(empTable.Rows[]["Pinyin"]);
if (string.IsNullOrEmpty(piyin))
{
piyin = ObjConvert.ObjStringToLower(PingYinHelper.ConvertToAllSpell(CNName));
}
string ADName = ObjConvert.ObjString(empTable.Rows[]["CN_ADName"]);
empDetail.emloyeeID = ObjConvert.ObjString(empTable.Rows[]["EmpCode"]);
empDetail.sAMAccountName = string.IsNullOrEmpty(ADName) ? ObjConvert.ObjStringToLower(piyin) : ObjConvert.ObjStringToLower(ADName);
empDetail.userPrincipalName = empDetail.sAMAccountName + "@" + ad.domain + "." + ad.adsur;
empDetail.employeeType = ObjConvert.ObjString(empTable.Rows[]["empTypeText"]);
empDetail.DepartmentName = ObjConvert.ObjString(empTable.Rows[]["OrganizationalName"]);
empDetail.Mail = ObjConvert.ObjString(empTable.Rows[]["Email"]);
empDetail.DisplayName = CNName;
if (CNName.Length > )
{
empDetail.Surname = CNName.Substring(, );//姓
empDetail.GivenName = CNName.Substring(, CNName.Length - );//名
}
else
{
empDetail.Surname = CNName;
}
empDetail.Department = ObjConvert.ObjString(empTable.Rows[]["OrganizationalID"]); empDetail.Oupath = GetOuDirectory(empDetail.Department, ad).Path;
//string newouName = asy.GetOrgName(conn, ObjConvert.ObjString(empTable.Rows[0]["OrganizationalID"]));
string newouName = "";
string newPath = "";
switch (operation)
{
case "Add":
i = ;
cnName = empDetail.DisplayName;
sAMAccountName = empDetail.sAMAccountName;
AddADAccount(empDetail.Oupath, empDetail, synId, ad); break;
case "Dimission":
DisableUser(empDetail.sAMAccountName, synId, ad); break;
case "Mobilize":
if (ObjConvert.ObjString(item["MergeDeleteId"]) != "")
{
newouName = asy.GetOrgName(conn, ObjConvert.ObjString(item["MergeDeleteId"]));
newPath = GetOuDirectory(ObjConvert.ObjString(item["MergeDeleteId"]), ad).Path;
}
else {
newouName = asy.GetOrgName(conn, empDetail.Department);
newPath = GetOuDirectory(empDetail.Department, ad).Path;
}
MoveUser(GetDirectoryEntryByAccount(empDetail.sAMAccountName, ad).Path, newPath, newouName, synId, ad);
break;
case "Update": UpdateUser(empDetail, synId, ad); break;
case "Rehab":
EnableUser(empDetail.sAMAccountName, synId, ad);
UpdateUser(empDetail, synId, ad);
newouName = asy.GetOrgName(conn, ObjConvert.ObjString(empTable.Rows[]["OrganizationalID"]));
MoveUser(GetDirectoryEntryByAccount(empDetail.sAMAccountName, ad).Path, empDetail.Oupath, newouName, synId, ad);
break; //重聘启用 用户 更新 并且可能移动部门
}
}
}
}
catch (Exception e) { logger.Error(e.Message); }
}
} } #region 创建OU
/// <summary>
/// 创建OUl
/// </summary>
/// <param name="adminName">管理员名称</param>
/// <param name="adminPassword">管理员密码</param>
/// <param name="name">创建的OU名称</param>
/// <param name="parentOrganizeUnit">父组织单位</param>
/// <returns>目录实体</returns>
public DirectoryEntry CreateOrganizeUnit(string OrgId,string name, string parentOrganizeUnit,int Id,ADInfo ad)
{ DirectoryEntry parentEntry = null;
try
{
string parentPath = "";
DirectoryEntry de = GetOuDirectory(parentOrganizeUnit,ad);
if (de == null)
{
parentPath = GetOrganizeNamePath("",ad);
}
else {
parentPath = de.Path;
} //示例顶级""
parentEntry = new DirectoryEntry(parentPath, ad.adminUser, ad.adminPwd,
AuthenticationTypes.Secure);
DirectoryEntry organizeEntry = parentEntry.Children.Add("OU=" + name, "organizationalUnit");
organizeEntry.Properties["postalCode"].Value = OrgId;
organizeEntry.CommitChanges();
//DomainUser._success = "组织单位添加成功!";
logger.Info("创建OU成功" + name);
asy.UpdateStatus(ad.dbCon,Id,"Success");
return organizeEntry;
}
catch (System.DirectoryServices.DirectoryServicesCOMException ex)
{
//DomainUser._failed = "添加组织单位失败!"+ex.Message.ToString();
logger.Error("创建OU失败"+name+":"+ex.Message);
asy.UpdateStatus(ad.dbCon, Id, "Error", ex.Message);
return new DirectoryEntry();
}
finally
{
if (parentEntry != null)
{
parentEntry.Dispose();
}
}
}
#endregion #region 更改OU名称
public DirectoryEntry UpdateOrganizeUnit(string newUnit, string OUName, string oldUnit, int Id,ADInfo ad)
{
DirectoryEntry parentEntry = null;
try
{
List<DirectoryEntry> list = GetListDirectory(GetOuDirectory(oldUnit,ad).Path,ad);
if (list != null && list.Count > ) {
foreach (DirectoryEntry item in list)
{
item.Properties["department"][] = OUName;
item.CommitChanges();
item.Dispose();
}
} //示例顶级""
parentEntry = new DirectoryEntry(GetOuDirectory(oldUnit,ad).Path, ad.adminUser, ad.adminPwd,
AuthenticationTypes.Secure); parentEntry.Rename(newUnit);
parentEntry.CommitChanges();
logger.Info("更新OU成功" + OUName);
asy.UpdateStatus(ad.dbCon, Id, "Success");
return parentEntry;
}
catch (System.DirectoryServices.DirectoryServicesCOMException ex)
{
logger.Error("更改OU失败" + OUName + ":" + ex.Message);
asy.UpdateStatus(ad.dbCon, Id, "Error", ex.Message);
return new DirectoryEntry();
}
finally
{
if (parentEntry != null)
{
parentEntry.Dispose();
}
}
}
#endregion #region 移动OU
public DirectoryEntry MoveOrganizeUnit(string oldUnit, string newparentOrganizeUnit, int Id,ADInfo ad)
{
DirectoryEntry Entry = null;
try
{
//示例顶级""
Entry = new DirectoryEntry(GetOuDirectory(oldUnit, ad).Path, ad.adminUser, ad.adminPwd,
AuthenticationTypes.Secure);
DirectoryEntry parentEntry = new DirectoryEntry(GetOuDirectory(newparentOrganizeUnit, ad).Path, ad.adminUser, ad.adminPwd,
AuthenticationTypes.Secure);
Entry.MoveTo(parentEntry);
Entry.CommitChanges();
logger.Info("更改OU父节点成功" + oldUnit);
asy.UpdateStatus(ad.dbCon, Id, "Success");
return Entry;
}
catch (System.DirectoryServices.DirectoryServicesCOMException ex)
{
logger.Error("更改OU父节点:" + oldUnit + ":" + ex.Message);
asy.UpdateStatus(ad.dbCon, Id, "Error", ex.Message);
return new DirectoryEntry();
}
finally
{
if (Entry != null)
{
Entry.Dispose();
}
}
}
#endregion #region 合并OU
public void MergeOu(string[] deleteArr, string newUnit, string OUName,int Id,ADInfo ad)
{ //DataTable mergeEmpTable = asy.GetMergeListBySynId(ad.dbCon, Id);
try
{
if (deleteArr.Length > )
{
DirectoryEntry t = new DirectoryEntry(GetOuDirectory(newUnit, ad).Path, ad.adminUser, ad.adminPwd);
for (int i = ; i < deleteArr.Length; i++)
{ List<DirectoryEntry> list = GetListDirectory(GetOuDirectory(deleteArr[i],ad).Path,ad);
if (list != null && list.Count > )
{
//if (mergeEmpTable != null && mergeEmpTable.Rows.Count > 0)
//{
foreach (DirectoryEntry item in list)
{ string saName = ObjConvert.ObjString(item.Properties["sAMAccountName"][]);
//DataRow[] dtrows= mergeEmpTable.Select("CN_ADName='" + saName + "'");
//if (dtrows != null && dtrows.Count() > 0) { //服务逻辑是先同步部门操作,合并的时候
//可能发生 已经从这个部门调转出去了,但是服务先合并到别的部门了,所有没法后续的人员调岗操作了
//同时更改部门用户名字
item.Properties["department"][] = OUName; item.CommitChanges();
//更改OU
item.MoveTo(t); item.Dispose();
//} }
//}
} }
logger.Info("合并OU成功" + OUName);
asy.UpdateStatus(ad.dbCon, Id, "Success");
}
}
catch (Exception t)
{
logger.Error("合并异常:" + OUName + t.Message);
asy.UpdateStatus(ad.dbCon, Id, "Error", t.Message);
} }
#endregion #region 组织结构下添加AD账户
/// <summary>
/// 添加AD账户
/// </summary>
/// <param name="organizeName">组织名称</param>
/// <param name="user">域账户</param>
/// <returns>添加是否成功</returns>
public void AddADAccount(string orgPath, EmpInfo user, int Id,ADInfo ad)
{ DirectoryEntry entry = null;
try
{
if (IsExistOuPath(orgPath,ad) && user != null)
{
if (!IsAccExists(user.sAMAccountName, ad))
{
string cn = GetCnName(user.DisplayName, ad);
entry = new DirectoryEntry(orgPath, ad.adminUser, ad.adminPwd, AuthenticationTypes.Secure);
//增加账户到域中
DirectoryEntry NewUser = entry.Children.Add("CN=" + cn, "user");
NewUser.Properties["sAMAccountName"].Add(user.sAMAccountName); //account
NewUser.Properties["userPrincipalName"].Value = user.userPrincipalName; //user logon name,xxx@bdxy.com NewUser.Properties["employeeID"].Value = user.emloyeeID;
NewUser.Properties["employeeType"].Value = user.employeeType;
NewUser.Properties["Department"].Value = user.DepartmentName;
NewUser.Properties["displayName"].Value = user.DisplayName;
// NewUser.Properties["name"].Value = user.DisplayName;
//NewUser.Properties["Surname"].Value = user.Surname;
NewUser.Properties["givenName"].Value = user.GivenName;
NewUser.Properties["Sn"].Value = user.Surname;
if (user.Mail != null && user.Mail != "")
{
NewUser.Properties["mail"].Value = user.Mail;
}
NewUser.CommitChanges();
//设置密码
//反射调用修改密码的方法(注意端口号的问题 端口号会引起方法调用异常)
NewUser.Invoke("SetPassword", new object[] { accountPwd });
//默认设置新增账户启用
NewUser.Properties["userAccountControl"].Value = 0x200;
NewUser.CommitChanges();
//DomainUser._success = "账户添加成功!";
logger.Info("账户添加成功" + user.sAMAccountName);
asy.UpdateADPinyin(ad.dbCon, Id, user.sAMAccountName);
asy.UpdateStatus(ad.dbCon, Id, "Success"); }
else {
if (i <= AdRepeatNum)
{
i++;
user.sAMAccountName = sAMAccountName + "" + i.ToString();
user.userPrincipalName = sAMAccountName + "" + i + "@" + ad.domain + "." + ad.houzhui;
AddADAccount(orgPath, user, Id, ad);
}
logger.Error("创建OU重复:" + sAMAccountName + i.ToString() + "次");
} }
else
{
logger.Error("创建OU失败:在域中不存在直属组织单位" + user.sAMAccountName);
asy.UpdateStatus(ad.dbCon, Id, "Error", "在域中不存在直属组织单位"); } }
catch (Exception ex)
{
logger.Error("创建OU失败:" + sAMAccountName + ex.Message);
asy.UpdateStatus(ad.dbCon, Id, "Error", ex.Message); }
finally
{
if (entry != null)
{
entry.Dispose();
}
}
}
#endregion public string GetCnName(string cn, ADInfo ad)
{ if (i < AdRepeatNum)
{
if (IsAccExistsCN(cn, ad))
{
cn = cnName + "" + i.ToString();
i++;
GetCnName(cn, ad); } }
return cn; } /// <summary>
/// 移动用户(调岗)
/// </summary>
/// <param name="user_path">用户Path</param>
/// <param name="target_path">目标path</param>
/// <returns></returns>
public string MoveUser(string user_path, string target_path,string OuName, int Id,ADInfo ad)
{
try
{
DirectoryEntry u = new DirectoryEntry(user_path, ad.adminUser, ad.adminPwd);
DirectoryEntry t = new DirectoryEntry(target_path, ad.adminUser, ad.adminPwd); //同时更改部门用户名字
u.Properties["department"][] = OuName;
u.CommitChanges();
//更改OU
u.MoveTo(t); u.Dispose(); logger.Info("用户调岗成功" + user_path);
asy.UpdateStatus(ad.dbCon, Id, "Success");
return u.Path;
}
catch(Exception ex){
logger.Error("用户调岗失败:" + user_path + "," + target_path + ex.Message);
asy.UpdateStatus(ad.dbCon, Id, "Error", ex.Message);
return "";
} }
/// <summary>
/// 初始化移动 用户
/// </summary>
/// <param name="user_path"></param>
/// <param name="target_path"></param>
/// <param name="OuName"></param>
/// <param name="ad"></param>
/// <param name="empCode"></param>
/// <returns></returns>
public string MoveUser(string user_path, string target_path, string OuName, ADInfo ad,string empCode)
{
try
{
DirectoryEntry u = new DirectoryEntry(user_path, ad.adminUser, ad.adminPwd);
DirectoryEntry t = new DirectoryEntry(target_path, ad.adminUser, ad.adminPwd); //同时更改部门用户名字
u.Properties["department"].Value = OuName;
u.CommitChanges();
//更改OU
u.MoveTo(t); u.Dispose(); logger.Info("用户移动成功" + empCode +":"+ user_path);
return u.Path;
}
catch (Exception ex)
{
logger.Error("用户移动失败:" + empCode +":"+ user_path + "," + target_path + ex.Message);
return "";
} }
/// <summary>
/// 禁用指定的帐户(离职)
/// </summary>
/// <param name="de"></param>
public static void DisableUser(DirectoryEntry de)
{ //impersonate.BeginImpersonate();
de.Properties["userAccountControl"][] =
0X0200 | 0X0002;
de.CommitChanges();
//impersonate.StopImpersonate();
de.Close(); } /// <summary>
/// 禁用指定公共名称的用户
/// </summary>
/// <param name="commonName">用户公共名称</param>
public void DisableUser(string sAMacc, int Id,ADInfo ad)
{
try
{
DisableUser(GetDirectoryEntryByAccount(sAMacc,ad));
logger.Info("用户禁用成功:" + sAMacc);
asy.UpdateStatus(ad.dbCon, Id, "Success");
}
catch(Exception ex)
{
logger.Error("用户禁用失败:" + sAMacc+ ex.Message);
asy.UpdateStatus(ad.dbCon, Id, "Error", ex.Message);
}
} /// <summary>
/// 启用指定的域账号
/// </summary>
/// <param name="sAMacc">用户的域账号名称</param>
public bool EnableUser(string sAMacc, int Id, ADInfo ad)
{
try
{
EnableUser(GetDirectoryEntryByAccount(sAMacc, ad));
logger.Info("用户启用成功:" + sAMacc);
asy.UpdateStatus(ad.dbCon, Id, "Success");
return true;
}
catch (Exception ex)
{
logger.Error("用户启用失败:" + sAMacc + ex.Message);
asy.UpdateStatus(ad.dbCon, Id, "Error", ex.Message);
return false;
}
} /// <summary>
/// 启用指定帐户
/// </summary>
/// <param name="de"></param>
public void EnableUser(DirectoryEntry de)
{ de.Properties["userAccountControl"][] =
0X0200;
de.CommitChanges();
de.Close();
} /// <summary>
/// 更新用户 (基本信息 显示名、员工类型、姓和名)
/// </summary>
/// <param name="user"></param>
public void UpdateUser(EmpInfo user, int Id,ADInfo ad)
{ try
{
if (IsAccExists(user.sAMAccountName, ad))
{
DirectoryEntry userEntry = GetDirectoryEntryByAccount(user.sAMAccountName, ad);
//userEntry.Properties["cn"][0] = newDisplayName; userEntry.Rename("CN=" + user.DisplayName);
userEntry.Properties["displayName"][] = user.DisplayName;
// userEntry.Properties["name"][0] = user.DisplayName;
userEntry.Properties["employeeType"][] = user.employeeType;
userEntry.Properties["Sn"][] = user.Surname;//姓
userEntry.Properties["GivenName"][] = user.GivenName;//名
if (!string.IsNullOrEmpty(user.Mail)) { userEntry.Properties["Mail"][] = user.Mail;}
//userEntry.Properties["Mail"][0] = user.Mail;//邮件
// userEntry.Rename("CN=" + newDisplayName);
userEntry.CommitChanges();
userEntry.Dispose();
logger.Info("用户更新成功:" + user.sAMAccountName);
asy.UpdateStatus(ad.dbCon, Id, "Success");
} }
catch (Exception ex)
{
logger.Error("用户更新失败:" + user.sAMAccountName + ex.Message);
asy.UpdateStatus(ad.dbCon, Id, "Error", ex.Message); }
}
public void UpdateUser(EmpInfo user, ADInfo ad)
{
try
{
if (IsAccExists(user.sAMAccountName, ad))
{
DirectoryEntry userEntry = GetDirectoryEntryByAccount(user.sAMAccountName, ad);
//userEntry.Properties["cn"][0] = newDisplayName;
userEntry.Properties["displayName"].Value = user.DisplayName;
userEntry.Properties["employeeID"].Value = user.emloyeeID;
// userEntry.Properties["name"].Value = user.DisplayName;
userEntry.Properties["employeeType"].Value = user.employeeType;
userEntry.Properties["Sn"].Value = user.Surname;//姓
userEntry.Properties["GivenName"].Value = user.GivenName;//名
if (!string.IsNullOrEmpty(user.Mail)) { userEntry.Properties["Mail"].Value = user.Mail; }
// userEntry.Properties["Mail"].Value = user.Mail;//邮件
// userEntry.Rename("CN=" + newDisplayName);
userEntry.CommitChanges();
userEntry.Dispose();
logger.Info("用户更新成功:" + user.sAMAccountName);
} }
catch (Exception ex)
{
logger.Error("用户更新失败:" + user.sAMAccountName + ex.Message); }
}
/// <summary>
/// 根据用户帐号称取得用户的 对象
/// </summary>
/// <param name="sAMAccountName">用户帐号名</param>
/// <returns>如果找到该用户,则返回用户的 对象;否则返回 null</returns>
public DirectoryEntry GetDirectoryEntryByAccount(string sAMAccountName,ADInfo ad)
{
DirectoryEntry de = GetDirectoryObject(ad);
DirectorySearcher deSearch = new DirectorySearcher(de); // DirectoryEntry de = new DirectoryEntry(path, adminUser, adminPwd, AuthenticationTypes.Secure);
deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(sAMAccountName=" + sAMAccountName + "))";
deSearch.SearchScope = SearchScope.Subtree;
try
{
SearchResult result = deSearch.FindOne();
de = new DirectoryEntry(result.Path, ad.adminUser, ad.adminPwd);
return de;
}
catch (Exception ex)
{
return null;
}
} /// <summary>
/// 根据用户帐号称取得用户的 对象
/// </summary>
/// <param name="sAMAccountName">用户帐号名</param>
/// <returns>如果找到该用户,则返回用户的 对象;否则返回 null</returns>
public string GetDirectoryPathEntryByAccount(string sAMAccountName, ADInfo ad)
{
DirectoryEntry de = GetDirectoryObject(ad);
DirectorySearcher deSearch = new DirectorySearcher(de);
string path="";
// DirectoryEntry de = new DirectoryEntry(path, adminUser, adminPwd, AuthenticationTypes.Secure);
deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(sAMAccountName=" + sAMAccountName + "))";
deSearch.SearchScope = SearchScope.Subtree;
try
{
SearchResult result = deSearch.FindOne();
if (result != null)
{
de = new DirectoryEntry(result.Path, ad.adminUser, ad.adminPwd);
path = de.Path;
}
return path;
}
catch (Exception ex)
{
return "";
}
} /// <summary>
/// 根据ou 路径 取得ou下所有用户
/// </summary>
/// <param name="sAMAccountName">用户帐号名</param>
/// <returns>如果找到该用户,则返回用户的 对象;否则返回 null</returns>
public List<DirectoryEntry> GetListDirectory(string path,ADInfo ad)
{
List<DirectoryEntry> lis = new List<DirectoryEntry>(); DirectoryEntry de = GetDirectoryObject(path, ad);
DirectorySearcher deSearch = new DirectorySearcher(de); deSearch.Filter = "(&(objectCategory=person)(cn=*))";
deSearch.SearchScope = SearchScope.Subtree;
try
{
SearchResultCollection resultList = deSearch.FindAll();
if (resultList != null && resultList.Count>)
foreach (SearchResult item in resultList)
{
de = new DirectoryEntry(item.Path, ad.adminUser, ad.adminPwd);
lis.Add(de);
} return lis;
}
catch (Exception ex)
{
return null;
}
} /// <summary>
///
/// </summary>
/// <param name="path"></param>
/// <returns></returns>
public DirectoryEntry GetOuDirectory(string attribute,ADInfo ad)
{
DirectoryEntry ret = new DirectoryEntry();
DirectoryEntry de = GetDirectoryObject(ad);
DirectorySearcher deSearch = new DirectorySearcher(de); deSearch.Filter = "(&(objectCategory=organizationalUnit)(postalCode=" + attribute + "))";
deSearch.SearchScope = SearchScope.Subtree;
try
{
SearchResult resultList = deSearch.FindOne();
ret = new DirectoryEntry(resultList.Path, ad.adminUser, ad.adminPwd);
return ret;
}
catch (Exception ex)
{
return null;
}
} #region 判断域中是否存在组织单位
/// <summary>
/// 判断域中是否存在组织单位
/// </summary>
/// <param name="organizeName">组织单位名</param>
/// <returns></returns>
private bool ExitOU(string organizeName,ADInfo ad)
{
DirectoryEntry rootUser = null;
DirectoryEntry ouFind = null;
if (string.IsNullOrEmpty(organizeName))
{
return true;
}
else
{
//分解路径
string[] allOu = organizeName.Split(new char[] { '/' });
//获取直属部门
string OUName = allOu[].ToString();
try
{
string path = GetOrganizeNamePath(organizeName, ad);
rootUser = new DirectoryEntry(path, ad.adminUser, ad.adminPwd, AuthenticationTypes.Secure);
ouFind = rootUser.Parent.Children.Find("OU=" + OUName);
if (ouFind != null)
{
return true;
}
return false;
}
catch (Exception ex)
{
//DomainUser._failed = ex.Message.ToString() + "在域中不存在组织单位“" + OUName + "”";
return false;
}
}
}
/// <summary>
/// 是否村在OU路径
/// </summary>
/// <param name="path"></param>
/// <returns></returns>
public bool IsExistOuPath(string path,ADInfo ad) {
DirectoryEntry rootUser = null;
DirectoryEntry ouFind = null;
rootUser = new DirectoryEntry(path, ad.adminUser, ad.adminPwd, AuthenticationTypes.Secure); if (rootUser != null)
{
return true;
}
return false;
}
#endregion #region 获取组织名称路径
/// <summary>
/// 获取组织名称路径
/// </summary>
/// <param name="organizeUnit">组织</param>
/// <returns></returns>
public string GetOrganizeNamePath(string organizeUnit,ADInfo ad, string userName = null)
{
StringBuilder sb = new StringBuilder();
sb.Append(ad.ldapIdentity);
return sb.Append(SplitOrganizeNameToDN(organizeUnit, ad,userName)).ToString();
}
#endregion #region 分隔组织名称为标准AD的DN名称
/// <summary>
/// 分隔组织名称为标准AD的DN名称,各个组织级别以"/"或"\"分开。如"总部/物业公司/小区",并且当前域为
/// bdxy.com,则返回的AD的DN表示名为"OU=小区,OU=物业公司,OU=总部,DC=bdxy,DC=com"。
/// </summary>
/// <param name="organizeName">组织名称</param>
/// <returns>返回一个级别</returns>
public string SplitOrganizeNameToDN(string organizeName, ADInfo ad, string userName = null)
{
StringBuilder sb = new StringBuilder(); if (userName != null)
{
sb.Append("CN=" + userName); }
if (organizeName != null && organizeName.Length > )
{
string[] allOu = organizeName.Split(new char[] { '/', '\\' });
for (int i = ; i <= allOu.Length - ; i++)
{
string ou = allOu[i];
if (sb.Length > )
{
sb.Append(",");
}
sb.Append("OU=").Append(ou);
}
}
//如果传入了组织名称,则添加,
if (sb.Length > )
{
sb.Append(",");
}
sb.Append(ad.suffixPath);
return sb.ToString(); }
#endregion #region GetDirectoryObject /// <summary>
/// 获得DirectoryEntry对象实例,以管理员登陆AD
/// </summary>
/// <returns></returns>
private DirectoryEntry GetDirectoryObject(ADInfo ad)
{
DirectoryEntry entry = new DirectoryEntry(ad.ldapIdentity+ad.suffixPath, ad.adminUser, ad.adminPwd, AuthenticationTypes.Secure);
return entry;
} /// <summary>
/// 根据指定用户名和密码获得相应DirectoryEntry实体
/// </summary>
/// <param name="userName"></param>
/// <param name="password"></param>
/// <returns></returns>
//private DirectoryEntry GetDirectoryObject(string userName, string password)
//{
// DirectoryEntry entry = new DirectoryEntry(_ldapIdentity,
// userName, password, AuthenticationTypes.None);
// return entry;
//} /// <summary>
/// i.e. /CN=Users,DC=creditsights, DC=cyberelves, DC=Com
/// </summary>
/// <param name="domainReference"></param>
/// <returns></returns>
private DirectoryEntry GetDirectoryObject(string domainReference,ADInfo ad)
{
DirectoryEntry entry = new DirectoryEntry(domainReference, ad.adminUser, ad.adminPwd,
AuthenticationTypes.Secure);
return entry;
} /// <summary>
/// 获得以UserName,Password创建的DirectoryEntry
/// </summary>
/// <param name="domainReference"></param>
/// <param name="userName"></param>
/// <param name="password"></param>
/// <returns></returns>
//private DirectoryEntry GetDirectoryObject(string domainReference,
// string userName, string password)
//{
// DirectoryEntry entry = new DirectoryEntry(_ldapIdentity + domainReference,
// userName, password, AuthenticationTypes.Secure);
// return entry;
//} #endregion /// <summary>
/// 判断帐户是否存在
/// </summary>
/// <param name="commonName">Account用户名</param>
/// <returns>是否存在</returns>
public bool IsAccExists(string sAMAccountName, ADInfo ad)
{
DirectoryEntry de = GetDirectoryObject(ad);
DirectorySearcher deSearch = new DirectorySearcher(de);
deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(sAMAccountName=" +
sAMAccountName + "))"; // LDAP 查询串
SearchResultCollection results = deSearch.FindAll();
if (results.Count == )
return false;
else
return true;
} public bool IsAccExistsCN(string sAMAccountName, ADInfo ad)
{
DirectoryEntry de = GetDirectoryObject(ad);
DirectorySearcher deSearch = new DirectorySearcher(de);
deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(CN=" +
sAMAccountName + "))"; // LDAP 查询串
SearchResultCollection results = deSearch.FindAll();
if (results.Count == )
return false;
else
return true;
}
} public class DomainUser
{
public string UserName { get; set; }
public string UserPrincipalName { get; set; }
public string UserId { get; set; }
public string PhysicalDeliveryOfficeName { get; set; }
public string Department { get; set; }
public string Telephone { get; set; }
public string Email { get; set; }
public string Description { get; set; }
public string UserPwd { get; set; }
} public class EmpInfo {
public string emloyeeID { get; set; }
public string sAMAccountName { get; set; }
public string userPrincipalName { get; set; }
public string employeeType { get; set; }
public string DepartmentName { get; set; }
public string Mail { get; set; }
public string DisplayName { get; set; }
public string Surname { get; set; }
public string GivenName { get; set; }
public string Department { get; set; }
public string Oupath { get; set; }
} public class ADInfo{ public string domain { get; set; }
public string domainIp { get; set; }
public string adminUser { get; set; }
public string adminPwd { get; set; }
public string ldapIdentity { get; set; }
public string suffixPath { get; set; }
public string adsur { get; set; }
public string houzhui { get; set; }
public string dbCon { get; set; }
} public class PingYinHelper
{
private static Encoding gb2312 = Encoding.GetEncoding("GB2312"); /// <summary>
/// 汉字转全拼
/// </summary>
/// <param name="strChinese"></param>
/// <returns></returns>
public static string ConvertToAllSpell(string strChinese)
{
try
{
if (strChinese.Length != )
{
StringBuilder fullSpell = new StringBuilder();
for (int i = ; i < strChinese.Length; i++)
{
var chr = strChinese[i];
fullSpell.Append(GetSpell(chr));
} return fullSpell.ToString().ToUpper();
}
}
catch (Exception e)
{
Console.WriteLine("全拼转化出错!" + e.Message);
} return string.Empty;
} /// <summary>
/// 汉字转首字母
/// </summary>
/// <param name="strChinese"></param>
/// <returns></returns>
public static string GetFirstSpell(string strChinese)
{
//NPinyin.Pinyin.GetInitials(strChinese) 有Bug 洺无法识别
//return NPinyin.Pinyin.GetInitials(strChinese); try
{
if (strChinese.Length != )
{
StringBuilder fullSpell = new StringBuilder();
for (int i = ; i < strChinese.Length; i++)
{
var chr = strChinese[i];
fullSpell.Append(GetSpell(chr)[]);
} return fullSpell.ToString().ToUpper();
}
}
catch (Exception e)
{
Console.WriteLine("首字母转化出错!" + e.Message);
} return string.Empty;
} private static string GetSpell(char chr)
{
var coverchr = NPinyin.Pinyin.GetPinyin(chr); bool isChineses = ChineseChar.IsValidChar(coverchr[]);
if (isChineses)
{
ChineseChar chineseChar = new ChineseChar(coverchr[]);
foreach (string value in chineseChar.Pinyins)
{
if (!string.IsNullOrEmpty(value))
{
return value.Remove(value.Length - , );
}
}
} return coverchr; }
}
}
通过Ldap实现人事系统组织人事和AD的同步的更多相关文章
- linux/windows系统oracle数据库简单冷备同步
linux/windows系统oracle数据库简单冷备同步 我们有一个财务系统比较看重财务数据的安全性,同时我们拥有两套系统,一个生产环境(linux),一个应急备份环境(windows).备份环境 ...
- ftp客户端自动同步 Windows系统简单操作ftp客户端自动同步
服务器管理工具它是一款功能强大的服务器集成管理器,包含win系统和linux系统的批量连接,vnc客户端,ftp客户端等等实用功能.我们可以使用这款软件的ftp客户端定时上传下载的功能来进实现ftp客 ...
- AJAX+jQuery+ASP实现实时验证身份证信息是否已存在---人事系统
很多时候在网站上注册时,我们会发现,注册表单通常需要检查用户名和电子邮件地址的可用性:从而确保用户之间不拥有相同的用户名和电子邮件地址:一些网站喜欢在用户提交填写的用户信息时,做信息可用性的检查,而一 ...
- 被公司的垃圾XG人事系统吓尿了
OA要尝试设置单点登录,拿现有的HR系统尝试,结果不知道HR系统的加密方式和验证地址,于是乎找HR厂商——厦门XG软件实施人员.结果那个技术人员支支吾吾不肯给我,搞得非常的烦. 真奇怪了,不开源的软件 ...
- OA系统开发人事模块关于请假跨月的处理
前言:其实对于跨月的数据单独处理是不难的,但是对于后台显示页面,肯定不是单纯拼接一个where条件的,因此在我的项目也是如此,并不能够用普遍的方法来处理,此时就想尽量用简单的方法来处理跨月数据的准确性 ...
- 基于PySpark的网络服务异常检测系统 (四) Mysql与SparkSQL对接同步数据 kmeans算法计算预测异常
基于Django Restframework和Spark的异常检测系统,数据库为MySQL.Redis, 消息队列为Celery,分析服务为Spark SQL和Spark Mllib,使用kmeans ...
- 使用Novell.Directory.Ldap.NETStandard在.NET Core中验证AD域账号
Novell.Directory.Ldap.NETStandard是一个在.NET Core中,既支持Windows平台,又支持Linux平台,进行Windows AD域操作的Nuget包. 首先我们 ...
- linux系统时间与网络时间不同步
在解决问题之前,我们首先来了解下面几个知识点: 1. date命令: #date 显示系统时间 2.hwclock命令 (即hardwareclock系统硬件时间) #hwclock 显示硬件时间 ...
- CentOS7系统时间和硬件时间不同步问题
CentOS7系统中有两个时间:系统时间 和 硬件时间 我们常用命令 date 会输出系统时间,用 date 命令修改的也是系统时间 硬件时间是写入到 BIOS 中的时间,用 hwclock -r 命 ...
随机推荐
- mac下sourcetree创建git分支和合并分支
git默认创建的分支为:master主分支 要实现的效果:新建和合并分支. 1.在master基础上创建分支v1.0.1并切换至v1.0.1然后推送分支到远程服务器 确定即可!! 然后查看远端已经发现 ...
- 浅析Volatile关键字
浅析Volatile关键字 在java中线程并发中,线程之间通信方式分为两种:共享内存和消息传递.共享内存指的是多个线程之间共享内存的属性状态:消息传递指的是线程之间发送信息来通信.在介绍volati ...
- Nginx+Tomcat实现动静分离和负载均衡
一.什么是动静分离? Nginx动静分离简单来说就是把动态和静态请求分开,不能理解成只是单纯的把动态页面和静态页面物理分离.严格意义上说应该是将动态请求和静态请求分开,可以理解成使用Nginx处理静态 ...
- fiddler常用功能
原理 Fiddler是一个http协议调试代理工具,它能够记录并检查所有你的电脑和互联网之间的http通讯,设置断点,查看所有的“进出”Fiddler的数据(cookie,html,js,css等). ...
- ubuntu gitclone下载的文件放哪里了
在home主文件夹里面.
- python基础之七:set 集合
集合(set)是一个无序的不重复元素序列.只可以存储不可变类型数据,即可哈希的数据类型,如:元组(tuple).字符(str).整型(int).布尔型(bool) 可以使用大括号 { } 或者 set ...
- LeetCode 1150. Check If a Number Is Majority Element in a Sorted Array
原题链接在这里:https://leetcode.com/problems/check-if-a-number-is-majority-element-in-a-sorted-array/ 题目: G ...
- 8个SpringBoot精品项目
8个SpringBoot精品项目 https://gitee.com/52itstyle/spring-boot-seckill 秒杀 https://gitee.com/52itstyle/spri ...
- 博客索引and题目列表
目录 笔记整理 计划 要学的东西 缺省源 要做的题 搜索 高斯消元 矩阵 排列组合 2019.7.9 2019.7.10 kmp ac自动机 2019.7.11 2019.7.15 笔记整理 1.同余 ...
- #lua中编写shader的方式
lua中编写shader的方式 1. 字符串拼接 类似于下面这种 vertDefaultSource = "\n".."\n" .. "attribu ...