ldap之move操作

贺波

2023-12-01

最近疫情严重, 从2019.01.22号从深圳回到老家后再没出过门.
今天是2020.02.09, 本来明天的机票, 老家的路封了, 就把机票退了.
在每天关注疫情的同时, 也会看各种揭示人心, 批评这个, 赞扬那个, 一会CTM, 一会了不起.
在科技发达的今天, 人类依然会因为各种困难而生活艰苦, 甚至付出生命.
可以说, 人类在自然面前是非常渺小的, 我们一定要敬畏自然, 和大自然和谐相处, 不然吃枣药丸.

好了, 步入正题.

前两天组里有一个需求, 主要是有一个在ldap中移动entry的操作.
使用的是github.com/go-ldap/ldap这个包的v3版本.

开始注意到, 它有一个func (l *Conn) ModifyDN(m *ModifyDNRequest) error这样的方法,
然而在func NewModifyDNRequest(dn string, rdn string, delOld bool, newSup string) *ModifyDNRequest的注释中, 它给的例子只是重命名:

// A call like
//   mdnReq := NewModifyDNRequest("uid=someone,dc=example,dc=org", "uid=newname", true, "")
// will setup the request to just rename uid=someone,dc=example,dc=org to
// uid=newname,dc=example,dc=org.

其实它的最后一个参数newSup使用得当就可以实现移动到不同的组.

如果再多看一步, 它有个测试文件, moddn_test.go:

package ldap

import (
	"log"
)

// ExampleConn_ModifyDN_renameNoMove shows how to rename an entry without moving it
func ExampleConn_ModifyDN_renameNoMove() {
	conn, err := Dial("tcp", "ldap.example.org:389")
	if err != nil {
		log.Fatalf("Failed to connect: %s\n", err)
	}
	defer conn.Close()

	_, err = conn.SimpleBind(&SimpleBindRequest{
		Username: "uid=someone,ou=people,dc=example,dc=org",
		Password: "MySecretPass",
	})
	if err != nil {
		log.Fatalf("Failed to bind: %s\n", err)
	}
	// just rename to uid=new,ou=people,dc=example,dc=org:
	req := NewModifyDNRequest("uid=user,ou=people,dc=example,dc=org", "uid=new", true, "")
	if err = conn.ModifyDN(req); err != nil {
		log.Fatalf("Failed to call ModifyDN(): %s\n", err)
	}
}

// ExampleConn_ModifyDN_renameAndMove shows how to rename an entry and moving it to a new base
func ExampleConn_ModifyDN_renameAndMove() {
	conn, err := Dial("tcp", "ldap.example.org:389")
	if err != nil {
		log.Fatalf("Failed to connect: %s\n", err)
	}
	defer conn.Close()

	_, err = conn.SimpleBind(&SimpleBindRequest{
		Username: "uid=someone,ou=people,dc=example,dc=org",
		Password: "MySecretPass",
	})
	if err != nil {
		log.Fatalf("Failed to bind: %s\n", err)
	}
	// rename to uid=new,ou=people,dc=example,dc=org and move to ou=users,dc=example,dc=org ->
	// uid=new,ou=users,dc=example,dc=org
	req := NewModifyDNRequest("uid=user,ou=people,dc=example,dc=org", "uid=new", true, "ou=users,dc=example,dc=org")

	if err = conn.ModifyDN(req); err != nil {
		log.Fatalf("Failed to call ModifyDN(): %s\n", err)
	}
}

// ExampleConn_ModifyDN_moveOnly shows how to move an entry to a new base without renaming the RDN
func ExampleConn_ModifyDN_moveOnly() {
	conn, err := Dial("tcp", "ldap.example.org:389")
	if err != nil {
		log.Fatalf("Failed to connect: %s\n", err)
	}
	defer conn.Close()

	_, err = conn.SimpleBind(&SimpleBindRequest{
		Username: "uid=someone,ou=people,dc=example,dc=org",
		Password: "MySecretPass",
	})
	if err != nil {
		log.Fatalf("Failed to bind: %s\n", err)
	}
	// move to ou=users,dc=example,dc=org -> uid=user,ou=users,dc=example,dc=org
	req := NewModifyDNRequest("uid=user,ou=people,dc=example,dc=org", "uid=user", true, "ou=users,dc=example,dc=org")
	if err = conn.ModifyDN(req); err != nil {
		log.Fatalf("Failed to call ModifyDN(): %s\n", err)
	}
}

它的例子说得很清楚, 其实只要按下面这样就可以实现在不同的组内移动了:
注意第一个参数和最后一个参数ou是不同的(即不同的组)

	req := NewModifyDNRequest("uid=user,ou=people,dc=example,dc=org", "uid=user", true, "ou=users,dc=example,dc=org")
// ...

(完)

ldap之move操作

相关阅读

相关文章

相关问答

相关文档