简单的东西,没什么用,删掉又可惜,放上来吧
公司内部一般都有域控(AD),如果内部使用的各个工装程序需要记录操作信息,可以使用LDAP用户验证
winldap
使用Windows的API:winldap,写一个命令行程序。用于检验用户和密码是否是合法的域内账户。
如果在内网中的域外电脑使用,需要手动安装域的CA证书,不然ssl连接无法通过。
- 校验成功,返回0;
- 校验失败,返回1;
- 过程中异常,返回负值;
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93 | #include <QCommandLineParser>
#include <QCoreApplication>
#include <QDebug>
#include "windows.h"
#include "winldap.h"
int main(int argc, char *argv[])
{
QCoreApplication a(argc, argv);
QCoreApplication::setApplicationName("myldapauth");
QCoreApplication::setOrganizationName("YB");
QCoreApplication::setApplicationVersion("1.0.0");
QCommandLineParser parser;
parser.setApplicationDescription("Ldap Auth for test only.");
parser.addHelpOption();
parser.addVersionOption();
// A boolean option with multiple names (-c, --check)
QCommandLineOption checkOption(QStringList() << "c"
<< "check",
"Check connect");
parser.addOption(checkOption);
parser.addPositionalArgument("UserName", "Name of the user");
parser.addPositionalArgument("PassWord", "Password of the user");
parser.process(a);
if (!parser.isSet(checkOption)) {
if (parser.positionalArguments().size() != 2) {
// stdout not stderr
printf("%s", qPrintable(parser.helpText()));
return 1;
}
}
QString host = "dc2.xx.debao.me";
auto port = LDAP_SSL_PORT;
auto version = LDAP_VERSION3;
auto method = LDAP_AUTH_SIMPLE; // simple + ssl
QString baseDN("OU=users,DC=xx,DC=debao,DC=me");
auto ld = ldap_sslinit((wchar_t *)host.utf16(), port, 1);
if (ld == NULL) {
qDebug("init failed");
return -1;
}
auto rc = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version);
if (rc != LDAP_SUCCESS) {
qDebug("set_option failed: rc: %d", rc);
ldap_unbind_s(ld);
return -2;
}
rc = ldap_connect(ld, NULL);
if (rc != LDAP_SUCCESS) {
qDebug("connect failed: rc: %d", rc);
ldap_unbind_s(ld);
return -3;
}
qDebug("connect success");
if (parser.isSet(checkOption)) {
ldap_unbind_s(ld);
return 0;
}
auto userName = parser.positionalArguments().at(0);
auto password = parser.positionalArguments().at(1);
QString dn = "CN=" + userName + "," + baseDN;
// ldap bind return true when both username and password are empty!!
if (userName.isEmpty() || password.isEmpty()) {
qDebug("error: user name or password is not given");
ldap_unbind_s(ld);
return -4;
}
rc = ldap_bind_s(ld, (wchar_t *)dn.utf16(), (wchar_t *)password.utf16(), method);
if (rc != LDAP_SUCCESS) {
qDebug("bind failed: rc: %d", rc);
ldap_unbind_s(ld);
return 1;
}
qDebug("bind success");
ldap_unbind_s(ld);
return 0;
}
|
cmake工程文件
| cmake_minimum_required(VERSION 3.14)
project(myldapauth LANGUAGES CXX)
find_package(Qt6 COMPONENTS Core REQUIRED)
add_executable(myldapauth main.cpp)
target_link_libraries(myldapauth Qt::Core)
add_compile_definitions(UNICODE)
target_link_libraries(myldapauth Wldap32)
|