From db3e8f60655f8cca91023f8ec659c9c089b556e8 Mon Sep 17 00:00:00 2001
From: fit2cloud-chenyw <yawen.chen@fit2cloud.com>
Date: Wed, 8 Sep 2021 15:37:39 +0800
Subject: [PATCH] =?UTF-8?q?feat:=20=E5=AF=B9=E6=8E=A5ldap=E5=9F=BA?=
 =?UTF-8?q?=E6=9C=AC=E5=8A=9F=E8=83=BD?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../java/io/dataease/auth/api/AuthApi.java    |  5 ++
 .../io/dataease/auth/api/dto/LoginDto.java    |  8 ++
 .../io/dataease/auth/server/AuthServer.java   | 50 +++++++++--
 .../auth/service/AuthUserService.java         |  2 +
 .../service/impl/AuthUserServiceImpl.java     |  9 ++
 .../auth/service/impl/ShiroServiceImpl.java   |  1 +
 .../java/io/dataease/base/domain/SysUser.java | 20 +----
 .../dataease/base/domain/SysUserExample.java  | 60 +++++++++++++
 .../io/dataease/base/mapper/SysUserMapper.xml | 26 ++++--
 .../base/mapper/ext/ExtSysUserMapper.java     |  2 +
 .../base/mapper/ext/ExtSysUserMapper.xml      |  4 +
 .../controller/sys/SysUserController.java     | 15 ++++
 .../sys/request/LdapAddRequest.java           | 19 ++++
 .../dataease/plugins/server/XLdapServer.java  | 13 +++
 .../io/dataease/plugins/util/PluginUtils.java | 10 +++
 .../dataease/service/sys/SysUserService.java  | 36 ++++++++
 .../src/main/resources/generatorConfig.xml    |  2 +-
 frontend/src/api/system/user.js               | 27 +++++-
 frontend/src/api/user.js                      |  7 ++
 frontend/src/lang/zh.js                       |  1 +
 frontend/src/store/modules/user.js            |  4 +-
 frontend/src/views/login/index.vue            | 21 ++++-
 frontend/src/views/system/user/imp-ldap.vue   | 88 +++++++++++++++++--
 frontend/src/views/system/user/index.vue      | 20 +++--
 24 files changed, 402 insertions(+), 48 deletions(-)
 create mode 100644 backend/src/main/java/io/dataease/controller/sys/request/LdapAddRequest.java

diff --git a/backend/src/main/java/io/dataease/auth/api/AuthApi.java b/backend/src/main/java/io/dataease/auth/api/AuthApi.java
index 5cdbd7151c..ce79742bde 100644
--- a/backend/src/main/java/io/dataease/auth/api/AuthApi.java
+++ b/backend/src/main/java/io/dataease/auth/api/AuthApi.java
@@ -4,6 +4,7 @@ import com.github.xiaoymin.knife4j.annotations.ApiSupport;
 import io.dataease.auth.api.dto.CurrentUserDto;
 import io.dataease.auth.api.dto.LoginDto;
 import io.swagger.annotations.Api;
+import io.swagger.annotations.ApiModelProperty;
 import io.swagger.annotations.ApiOperation;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -41,4 +42,8 @@ public interface AuthApi {
     @PostMapping("/validateName")
     Boolean validateName(Map<String, String> nameDto);
 
+    @ApiOperation("是否开启ldap")
+    @PostMapping("/isOpenLdap")
+    boolean isOpenLdap();
+
 }
diff --git a/backend/src/main/java/io/dataease/auth/api/dto/LoginDto.java b/backend/src/main/java/io/dataease/auth/api/dto/LoginDto.java
index c1f0adc052..62af1ce003 100644
--- a/backend/src/main/java/io/dataease/auth/api/dto/LoginDto.java
+++ b/backend/src/main/java/io/dataease/auth/api/dto/LoginDto.java
@@ -13,4 +13,12 @@ public class LoginDto implements Serializable {
 
     @ApiModelProperty(value = "密码", required = true)
     private String password;
+
+    /**
+     * 0: 默认登录
+     * 1：ldap登录
+     * 2：单点登录
+     */
+    @ApiModelProperty(value = "登录方式", required = true, allowableValues = "0, 1, 2")
+    private int loginType;
 }
diff --git a/backend/src/main/java/io/dataease/auth/server/AuthServer.java b/backend/src/main/java/io/dataease/auth/server/AuthServer.java
index 74bf04c371..9408ccff57 100644
--- a/backend/src/main/java/io/dataease/auth/server/AuthServer.java
+++ b/backend/src/main/java/io/dataease/auth/server/AuthServer.java
@@ -14,9 +14,13 @@ import io.dataease.commons.utils.BeanUtils;
 import io.dataease.commons.utils.CodingUtil;
 import io.dataease.commons.utils.LogUtil;
 import io.dataease.commons.utils.ServletUtils;
-
 import io.dataease.exception.DataEaseException;
 import io.dataease.i18n.Translator;
+import io.dataease.plugins.config.SpringContextUtil;
+import io.dataease.plugins.util.PluginUtils;
+import io.dataease.plugins.xpack.ldap.dto.request.LdapValidateRequest;
+import io.dataease.plugins.xpack.ldap.dto.response.ValidateResult;
+import io.dataease.plugins.xpack.ldap.service.LdapXpackService;
 import org.apache.commons.lang3.ObjectUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.shiro.SecurityUtils;
@@ -35,10 +39,29 @@ public class AuthServer implements AuthApi {
     private AuthUserService authUserService;
 
 
+
+
     @Override
     public Object login(@RequestBody LoginDto loginDto) throws Exception {
         String username = loginDto.getUsername();
         String password = loginDto.getPassword();
+
+
+        String pwd = RsaUtil.decryptByPrivateKey(RsaProperties.privateKey, password);
+        // 增加ldap登录方式
+        Integer loginType = loginDto.getLoginType();
+        boolean isSupportLdap = authUserService.supportLdap();
+        if (loginType == 1 && isSupportLdap) {
+            LdapXpackService ldapXpackService = SpringContextUtil.getBean(LdapXpackService.class);
+            LdapValidateRequest request = LdapValidateRequest.builder().userName(username).password(pwd).build();
+            ValidateResult validateResult = ldapXpackService.login(request);
+            if (!validateResult.isSuccess()) {
+                DataEaseException.throwException(validateResult.getMsg());
+            }
+            username = validateResult.getUserName();
+        }
+        // 增加ldap登录方式
+
         SysUserEntity user = authUserService.getUserByName(username);
 
         if (ObjectUtils.isEmpty(user)) {
@@ -48,14 +71,19 @@ public class AuthServer implements AuthApi {
             DataEaseException.throwException(Translator.get("i18n_id_or_pwd_error"));
         }
         String realPwd = user.getPassword();
-        //私钥解密
-        String pwd = RsaUtil.decryptByPrivateKey(RsaProperties.privateKey, password);
-        //md5加密
-        pwd = CodingUtil.md5(pwd);
 
-        if (!StringUtils.equals(pwd, realPwd)) {
-            DataEaseException.throwException(Translator.get("i18n_id_or_pwd_error"));
+        // 普通登录需要验证密码
+        if (loginType == 0 || !isSupportLdap) {
+            //私钥解密
+
+            //md5加密
+            pwd = CodingUtil.md5(pwd);
+
+            if (!StringUtils.equals(pwd, realPwd)) {
+                DataEaseException.throwException(Translator.get("i18n_id_or_pwd_error"));
+            }
         }
+
         Map<String, Object> result = new HashMap<>();
         TokenInfo tokenInfo = TokenInfo.builder().userId(user.getUserId()).username(username).build();
         String token = JWTUtils.sign(tokenInfo, realPwd);
@@ -108,6 +136,14 @@ public class AuthServer implements AuthApi {
         return true;
     }
 
+    @Override
+    public boolean isOpenLdap() {
+        Boolean licValid = PluginUtils.licValid();
+        if(!licValid) return false;
+        boolean open = authUserService.supportLdap();
+        return open;
+    }
+
     /*@Override
     public Boolean isLogin() {
         return null;
diff --git a/backend/src/main/java/io/dataease/auth/service/AuthUserService.java b/backend/src/main/java/io/dataease/auth/service/AuthUserService.java
index 8154412bbd..2c514686f3 100644
--- a/backend/src/main/java/io/dataease/auth/service/AuthUserService.java
+++ b/backend/src/main/java/io/dataease/auth/service/AuthUserService.java
@@ -21,6 +21,8 @@ public interface AuthUserService {
 
     void clearCache(Long userId);
 
+    boolean supportLdap();
+
 
 
 }
diff --git a/backend/src/main/java/io/dataease/auth/service/impl/AuthUserServiceImpl.java b/backend/src/main/java/io/dataease/auth/service/impl/AuthUserServiceImpl.java
index 5e7b31d617..aceebabb1e 100644
--- a/backend/src/main/java/io/dataease/auth/service/impl/AuthUserServiceImpl.java
+++ b/backend/src/main/java/io/dataease/auth/service/impl/AuthUserServiceImpl.java
@@ -8,6 +8,9 @@ import io.dataease.base.mapper.ext.AuthMapper;
 import io.dataease.auth.service.AuthUserService;
 import io.dataease.commons.constants.AuthConstants;
 import io.dataease.commons.utils.LogUtil;
+import io.dataease.plugins.config.SpringContextUtil;
+import io.dataease.plugins.xpack.ldap.service.LdapXpackService;
+import org.apache.commons.lang3.ObjectUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.cache.annotation.CacheEvict;
 import org.springframework.cache.annotation.Cacheable;
@@ -102,4 +105,10 @@ public class AuthUserServiceImpl implements AuthUserService {
         LogUtil.info("正在清除用户缓存【{}】",userId);
     }
 
+    @Override
+    public boolean supportLdap() {
+        LdapXpackService ldapXpackService = SpringContextUtil.getBean(LdapXpackService.class);
+        if(ObjectUtils.isEmpty(ldapXpackService)) return false;
+        return ldapXpackService.isOpen();
+    }
 }
diff --git a/backend/src/main/java/io/dataease/auth/service/impl/ShiroServiceImpl.java b/backend/src/main/java/io/dataease/auth/service/impl/ShiroServiceImpl.java
index 0e9361b330..36ff6845b6 100644
--- a/backend/src/main/java/io/dataease/auth/service/impl/ShiroServiceImpl.java
+++ b/backend/src/main/java/io/dataease/auth/service/impl/ShiroServiceImpl.java
@@ -58,6 +58,7 @@ public class ShiroServiceImpl implements ShiroService {
         filterChainDefinitionMap.put("/api/auth/login", ANON);
         filterChainDefinitionMap.put("/api/auth/logout", ANON);
         filterChainDefinitionMap.put("/api/auth/validateName", ANON);
+        filterChainDefinitionMap.put("/api/auth/isOpenLdap", ANON);
         filterChainDefinitionMap.put("/unauth", ANON);
         filterChainDefinitionMap.put("/display/**", ANON);
         filterChainDefinitionMap.put("/tokenExpired", ANON);
diff --git a/backend/src/main/java/io/dataease/base/domain/SysUser.java b/backend/src/main/java/io/dataease/base/domain/SysUser.java
index 6ebfbcf4d3..e07c73e757 100644
--- a/backend/src/main/java/io/dataease/base/domain/SysUser.java
+++ b/backend/src/main/java/io/dataease/base/domain/SysUser.java
@@ -1,59 +1,43 @@
 package io.dataease.base.domain;
 
 import java.io.Serializable;
-
-import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
 
 @Data
 public class SysUser implements Serializable {
-    @ApiModelProperty(value = "用户ID" , allowEmptyValue = false, position = 0)
     private Long userId;
 
-    @ApiModelProperty(value = "组织ID" , allowEmptyValue = false, position = 7)
     private Long deptId;
 
-    @ApiModelProperty(value = "账号" , required = true)
     private String username;
 
-    @ApiModelProperty(value = "姓名" , required = true, position = 2)
     private String nickName;
 
-    @ApiModelProperty(value = "性别" ,allowableValues = "男,女", allowEmptyValue = true, position = 5)
     private String gender;
 
-    @ApiModelProperty(value = "电话" , allowEmptyValue = true, position = 1)
     private String phone;
 
-    @ApiModelProperty(value = "邮箱" , required = true, position = 3)
     private String email;
 
-    @ApiModelProperty(value = "密码" , required = true, position = 4)
     private String password;
 
-    @ApiModelProperty(hidden = true)
     private Boolean isAdmin;
 
-    @ApiModelProperty(value = "状态" , allowableValues = "1,0", required = true, position = 6)
     private Long enabled;
 
-    @ApiModelProperty(hidden = true)
     private String createBy;
 
-    @ApiModelProperty(hidden = true)
     private String updateBy;
 
-    @ApiModelProperty(hidden = true)
     private Long pwdResetTime;
 
-    @ApiModelProperty(hidden = true)
     private Long createTime;
 
-    @ApiModelProperty(hidden = true)
     private Long updateTime;
 
-    @ApiModelProperty(hidden = true)
     private String language;
 
+    private Integer from;
+
     private static final long serialVersionUID = 1L;
 }
\ No newline at end of file
diff --git a/backend/src/main/java/io/dataease/base/domain/SysUserExample.java b/backend/src/main/java/io/dataease/base/domain/SysUserExample.java
index 27cef73bb8..800cfe3d76 100644
--- a/backend/src/main/java/io/dataease/base/domain/SysUserExample.java
+++ b/backend/src/main/java/io/dataease/base/domain/SysUserExample.java
@@ -1153,6 +1153,66 @@ public class SysUserExample {
             addCriterion("`language` not between", value1, value2, "language");
             return (Criteria) this;
         }
+
+        public Criteria andFromIsNull() {
+            addCriterion("`from` is null");
+            return (Criteria) this;
+        }
+
+        public Criteria andFromIsNotNull() {
+            addCriterion("`from` is not null");
+            return (Criteria) this;
+        }
+
+        public Criteria andFromEqualTo(Integer value) {
+            addCriterion("`from` =", value, "from");
+            return (Criteria) this;
+        }
+
+        public Criteria andFromNotEqualTo(Integer value) {
+            addCriterion("`from` <>", value, "from");
+            return (Criteria) this;
+        }
+
+        public Criteria andFromGreaterThan(Integer value) {
+            addCriterion("`from` >", value, "from");
+            return (Criteria) this;
+        }
+
+        public Criteria andFromGreaterThanOrEqualTo(Integer value) {
+            addCriterion("`from` >=", value, "from");
+            return (Criteria) this;
+        }
+
+        public Criteria andFromLessThan(Integer value) {
+            addCriterion("`from` <", value, "from");
+            return (Criteria) this;
+        }
+
+        public Criteria andFromLessThanOrEqualTo(Integer value) {
+            addCriterion("`from` <=", value, "from");
+            return (Criteria) this;
+        }
+
+        public Criteria andFromIn(List<Integer> values) {
+            addCriterion("`from` in", values, "from");
+            return (Criteria) this;
+        }
+
+        public Criteria andFromNotIn(List<Integer> values) {
+            addCriterion("`from` not in", values, "from");
+            return (Criteria) this;
+        }
+
+        public Criteria andFromBetween(Integer value1, Integer value2) {
+            addCriterion("`from` between", value1, value2, "from");
+            return (Criteria) this;
+        }
+
+        public Criteria andFromNotBetween(Integer value1, Integer value2) {
+            addCriterion("`from` not between", value1, value2, "from");
+            return (Criteria) this;
+        }
     }
 
     public static class Criteria extends GeneratedCriteria {
diff --git a/backend/src/main/java/io/dataease/base/mapper/SysUserMapper.xml b/backend/src/main/java/io/dataease/base/mapper/SysUserMapper.xml
index 41f42fc47a..d2f11fdd43 100644
--- a/backend/src/main/java/io/dataease/base/mapper/SysUserMapper.xml
+++ b/backend/src/main/java/io/dataease/base/mapper/SysUserMapper.xml
@@ -18,6 +18,7 @@
     <result column="create_time" jdbcType="BIGINT" property="createTime" />
     <result column="update_time" jdbcType="BIGINT" property="updateTime" />
     <result column="language" jdbcType="VARCHAR" property="language" />
+    <result column="from" jdbcType="INTEGER" property="from" />
   </resultMap>
   <sql id="Example_Where_Clause">
     <where>
@@ -79,7 +80,8 @@
   </sql>
   <sql id="Base_Column_List">
     user_id, dept_id, username, nick_name, gender, phone, email, `password`, is_admin, 
-    enabled, create_by, update_by, pwd_reset_time, create_time, update_time, `language`
+    enabled, create_by, update_by, pwd_reset_time, create_time, update_time, `language`, 
+    `from`
   </sql>
   <select id="selectByExample" parameterType="io.dataease.base.domain.SysUserExample" resultMap="BaseResultMap">
     select
@@ -117,13 +119,13 @@
       email, `password`, is_admin, 
       enabled, create_by, update_by, 
       pwd_reset_time, create_time, update_time, 
-      `language`)
+      `language`, `from`)
     values (#{userId,jdbcType=BIGINT}, #{deptId,jdbcType=BIGINT}, #{username,jdbcType=VARCHAR}, 
       #{nickName,jdbcType=VARCHAR}, #{gender,jdbcType=VARCHAR}, #{phone,jdbcType=VARCHAR}, 
       #{email,jdbcType=VARCHAR}, #{password,jdbcType=VARCHAR}, #{isAdmin,jdbcType=BIT}, 
       #{enabled,jdbcType=BIGINT}, #{createBy,jdbcType=VARCHAR}, #{updateBy,jdbcType=VARCHAR}, 
       #{pwdResetTime,jdbcType=BIGINT}, #{createTime,jdbcType=BIGINT}, #{updateTime,jdbcType=BIGINT}, 
-      #{language,jdbcType=VARCHAR})
+      #{language,jdbcType=VARCHAR}, #{from,jdbcType=INTEGER})
   </insert>
   <insert id="insertSelective" parameterType="io.dataease.base.domain.SysUser">
     insert into sys_user
@@ -176,6 +178,9 @@
       <if test="language != null">
         `language`,
       </if>
+      <if test="from != null">
+        `from`,
+      </if>
     </trim>
     <trim prefix="values (" suffix=")" suffixOverrides=",">
       <if test="userId != null">
@@ -226,6 +231,9 @@
       <if test="language != null">
         #{language,jdbcType=VARCHAR},
       </if>
+      <if test="from != null">
+        #{from,jdbcType=INTEGER},
+      </if>
     </trim>
   </insert>
   <select id="countByExample" parameterType="io.dataease.base.domain.SysUserExample" resultType="java.lang.Long">
@@ -285,6 +293,9 @@
       <if test="record.language != null">
         `language` = #{record.language,jdbcType=VARCHAR},
       </if>
+      <if test="record.from != null">
+        `from` = #{record.from,jdbcType=INTEGER},
+      </if>
     </set>
     <if test="_parameter != null">
       <include refid="Update_By_Example_Where_Clause" />
@@ -307,7 +318,8 @@
       pwd_reset_time = #{record.pwdResetTime,jdbcType=BIGINT},
       create_time = #{record.createTime,jdbcType=BIGINT},
       update_time = #{record.updateTime,jdbcType=BIGINT},
-      `language` = #{record.language,jdbcType=VARCHAR}
+      `language` = #{record.language,jdbcType=VARCHAR},
+      `from` = #{record.from,jdbcType=INTEGER}
     <if test="_parameter != null">
       <include refid="Update_By_Example_Where_Clause" />
     </if>
@@ -360,6 +372,9 @@
       <if test="language != null">
         `language` = #{language,jdbcType=VARCHAR},
       </if>
+      <if test="from != null">
+        `from` = #{from,jdbcType=INTEGER},
+      </if>
     </set>
     where user_id = #{userId,jdbcType=BIGINT}
   </update>
@@ -379,7 +394,8 @@
       pwd_reset_time = #{pwdResetTime,jdbcType=BIGINT},
       create_time = #{createTime,jdbcType=BIGINT},
       update_time = #{updateTime,jdbcType=BIGINT},
-      `language` = #{language,jdbcType=VARCHAR}
+      `language` = #{language,jdbcType=VARCHAR},
+      `from` = #{from,jdbcType=INTEGER}
     where user_id = #{userId,jdbcType=BIGINT}
   </update>
 </mapper>
\ No newline at end of file
diff --git a/backend/src/main/java/io/dataease/base/mapper/ext/ExtSysUserMapper.java b/backend/src/main/java/io/dataease/base/mapper/ext/ExtSysUserMapper.java
index b12402e76e..40e31cd7af 100644
--- a/backend/src/main/java/io/dataease/base/mapper/ext/ExtSysUserMapper.java
+++ b/backend/src/main/java/io/dataease/base/mapper/ext/ExtSysUserMapper.java
@@ -7,4 +7,6 @@ import java.util.List;
 
 public interface ExtSysUserMapper {
     List<SysUserGridResponse> query(GridExample example);
+
+    List<String> ldapUserNames(Integer from);
 }
diff --git a/backend/src/main/java/io/dataease/base/mapper/ext/ExtSysUserMapper.xml b/backend/src/main/java/io/dataease/base/mapper/ext/ExtSysUserMapper.xml
index b7af624db4..cc1bfa5e25 100644
--- a/backend/src/main/java/io/dataease/base/mapper/ext/ExtSysUserMapper.xml
+++ b/backend/src/main/java/io/dataease/base/mapper/ext/ExtSysUserMapper.xml
@@ -62,4 +62,8 @@
         left join sys_role r on r.role_id = sur.role_id
         where sur.user_id = #{user_id}
     </select>
+
+    <select id="ldapUserNames" resultType="java.lang.String" parameterType="java.lang.Integer">
+        select username from sys_user u where u.from = #{from}
+    </select>
 </mapper>
diff --git a/backend/src/main/java/io/dataease/controller/sys/SysUserController.java b/backend/src/main/java/io/dataease/controller/sys/SysUserController.java
index 0a1052f787..fc8978f56c 100644
--- a/backend/src/main/java/io/dataease/controller/sys/SysUserController.java
+++ b/backend/src/main/java/io/dataease/controller/sys/SysUserController.java
@@ -10,6 +10,7 @@ import io.dataease.commons.utils.AuthUtils;
 import io.dataease.commons.utils.PageUtils;
 import io.dataease.commons.utils.Pager;
 import io.dataease.controller.sys.base.BaseGridRequest;
+import io.dataease.controller.sys.request.LdapAddRequest;
 import io.dataease.controller.sys.request.SysUserCreateRequest;
 import io.dataease.controller.sys.request.SysUserPwdRequest;
 import io.dataease.controller.sys.request.SysUserStateRequest;
@@ -127,4 +128,18 @@ public class SysUserController {
         Pager<List<SysRole>> listPager = PageUtils.setPageInfo(page, sysRoleService.query(request));
         return listPager;
     }
+
+
+    @ApiOperation("同步用户")
+    @PostMapping("/sync")
+    public void importLdap(@RequestBody LdapAddRequest request) {
+        sysUserService.saveLdapUsers(request);
+    }
+
+    @ApiOperation("已同步用户")
+    @PostMapping("/existLdapUsers")
+    public List<String> getExistLdapUsers() {
+        return sysUserService.ldapUserNames();
+    }
+
 }
diff --git a/backend/src/main/java/io/dataease/controller/sys/request/LdapAddRequest.java b/backend/src/main/java/io/dataease/controller/sys/request/LdapAddRequest.java
new file mode 100644
index 0000000000..e115541fcf
--- /dev/null
+++ b/backend/src/main/java/io/dataease/controller/sys/request/LdapAddRequest.java
@@ -0,0 +1,19 @@
+package io.dataease.controller.sys.request;
+
+import io.dataease.plugins.common.entity.XpackLdapUserEntity;
+import lombok.Data;
+
+import java.io.Serializable;
+import java.util.List;
+
+@Data
+public class LdapAddRequest implements Serializable {
+
+    private Long deptId;
+
+    private List<Long> roleIds;
+
+    private Long enabled;
+
+    private List<XpackLdapUserEntity> users;
+}
diff --git a/backend/src/main/java/io/dataease/plugins/server/XLdapServer.java b/backend/src/main/java/io/dataease/plugins/server/XLdapServer.java
index a4dbde86a3..a8268d5ef5 100644
--- a/backend/src/main/java/io/dataease/plugins/server/XLdapServer.java
+++ b/backend/src/main/java/io/dataease/plugins/server/XLdapServer.java
@@ -1,6 +1,7 @@
 package io.dataease.plugins.server;
 
 
+import io.dataease.plugins.common.entity.XpackLdapUserEntity;
 import io.dataease.plugins.config.SpringContextUtil;
 import io.dataease.plugins.xpack.display.dto.response.SysSettingDto;
 import io.dataease.plugins.xpack.ldap.dto.response.LdapInfo;
@@ -25,4 +26,16 @@ public class XLdapServer {
         LdapXpackService ldapXpackService = SpringContextUtil.getBean(LdapXpackService.class);
         ldapXpackService.save(settings);
     }
+
+    @PostMapping("/testConn")
+    public void testConn() {
+        LdapXpackService ldapXpackService = SpringContextUtil.getBean(LdapXpackService.class);
+        ldapXpackService.testConn();
+    }
+
+    @PostMapping("/users")
+    public List<XpackLdapUserEntity> users() {
+        LdapXpackService ldapXpackService = SpringContextUtil.getBean(LdapXpackService.class);
+        return ldapXpackService.users();
+    }
 }
diff --git a/backend/src/main/java/io/dataease/plugins/util/PluginUtils.java b/backend/src/main/java/io/dataease/plugins/util/PluginUtils.java
index 52c422b870..57a8cabca5 100644
--- a/backend/src/main/java/io/dataease/plugins/util/PluginUtils.java
+++ b/backend/src/main/java/io/dataease/plugins/util/PluginUtils.java
@@ -46,6 +46,16 @@ public class PluginUtils {
         return f2CLicenseResponse;
     }
 
+    public static Boolean licValid() {
+        try{
+            F2CLicenseResponse f2CLicenseResponse = PluginUtils.currentLic();
+            if (f2CLicenseResponse.getStatus() != F2CLicenseResponse.Status.valid) return false;
+        }catch (Exception e) {
+            return false;
+        }
+        return true;
+    }
+
 
 
 
diff --git a/backend/src/main/java/io/dataease/service/sys/SysUserService.java b/backend/src/main/java/io/dataease/service/sys/SysUserService.java
index bfc1871ec8..ab2a694c88 100644
--- a/backend/src/main/java/io/dataease/service/sys/SysUserService.java
+++ b/backend/src/main/java/io/dataease/service/sys/SysUserService.java
@@ -14,12 +14,14 @@ import io.dataease.commons.utils.AuthUtils;
 import io.dataease.commons.utils.BeanUtils;
 import io.dataease.commons.utils.CodingUtil;
 import io.dataease.controller.sys.base.BaseGridRequest;
+import io.dataease.controller.sys.request.LdapAddRequest;
 import io.dataease.controller.sys.request.SysUserCreateRequest;
 import io.dataease.controller.sys.request.SysUserPwdRequest;
 import io.dataease.controller.sys.request.SysUserStateRequest;
 import io.dataease.controller.sys.response.SysUserGridResponse;
 import io.dataease.controller.sys.response.SysUserRole;
 import io.dataease.i18n.Translator;
+import io.dataease.plugins.common.entity.XpackLdapUserEntity;
 import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.lang3.ObjectUtils;
 import org.apache.commons.lang3.StringUtils;
@@ -85,6 +87,7 @@ public class SysUserService {
         user.setCreateTime(now);
         user.setUpdateTime(now);
         user.setIsAdmin(false);
+        user.setFrom(0);
         if (ObjectUtils.isEmpty(user.getPassword()) || StringUtils.equals(user.getPassword(), DEFAULT_PWD)) {
             user.setPassword(CodingUtil.md5(DEFAULT_PWD));
         } else {
@@ -99,6 +102,39 @@ public class SysUserService {
         return insert;
     }
 
+    @Transactional
+    public void saveLdapUsers(LdapAddRequest request) {
+        long now = System.currentTimeMillis();
+
+        List<XpackLdapUserEntity> users = request.getUsers();
+        List<SysUser> sysUsers = users.stream().map(user -> {
+            SysUser sysUser = BeanUtils.copyBean(new SysUser(), user);
+            sysUser.setUsername(user.getUserName());
+            sysUser.setDeptId(request.getDeptId());
+            sysUser.setPassword(CodingUtil.md5(DEFAULT_PWD));
+            sysUser.setCreateTime(now);
+            sysUser.setUpdateTime(now);
+            sysUser.setEnabled(request.getEnabled());
+            sysUser.setFrom(1);
+            return sysUser;
+        }).collect(Collectors.toList());
+
+        sysUsers.forEach(sysUser -> {
+            sysUserMapper.insert(sysUser);
+            SysUser dbUser = findOne(sysUser);
+            if (null != dbUser && null != dbUser.getUserId()) {
+                saveUserRoles( dbUser.getUserId(), request.getRoleIds());
+            }
+        });
+    }
+
+    public List<String> ldapUserNames() {
+
+        List<String> usernames = extSysUserMapper.ldapUserNames(1);
+        return usernames;
+
+    }
+
     /**
      * 修改用户密码清楚缓存
      *
diff --git a/backend/src/main/resources/generatorConfig.xml b/backend/src/main/resources/generatorConfig.xml
index 2368a2540f..1123c31328 100644
--- a/backend/src/main/resources/generatorConfig.xml
+++ b/backend/src/main/resources/generatorConfig.xml
@@ -64,7 +64,7 @@
 
         <!--要生成的数据库表 -->
 
-        <table tableName="panel_pdf_template"/>
+        <table tableName="sys_user"/>
 <!--        <table tableName="sys_dict_item"/>-->
 <!--        <table tableName="dataset_table_field"/>-->
 <!--        <table tableName="v_chart">-->
diff --git a/frontend/src/api/system/user.js b/frontend/src/api/system/user.js
index 47cfc04581..7b9e877ef2 100644
--- a/frontend/src/api/system/user.js
+++ b/frontend/src/api/system/user.js
@@ -98,4 +98,29 @@ export function roleGrid(pageIndex, pageSize, data) {
   })
 }
 
-export default { editPassword, delUser, editUser, addUser, userLists, editStatus, persionInfo, updatePerson, updatePersonPwd, allRoles, roleGrid }
+export function ldapUsers(data) {
+  return request({
+    url: '/api/ldap/users',
+    method: 'post',
+    loading: true
+  })
+}
+
+export function saveLdapUser(data) {
+  return request({
+    url: '/api/user/sync',
+    method: 'post',
+    loading: true,
+    data
+  })
+}
+
+export function existLdapUsers() {
+  return request({
+    url: '/api/user/existLdapUsers',
+    method: 'post',
+    loading: false
+  })
+}
+
+export default { editPassword, delUser, editUser, addUser, userLists, editStatus, persionInfo, updatePerson, updatePersonPwd, allRoles, roleGrid, ldapUsers, saveLdapUser, existLdapUsers }
diff --git a/frontend/src/api/user.js b/frontend/src/api/user.js
index ee99beb1eb..1768205ce8 100644
--- a/frontend/src/api/user.js
+++ b/frontend/src/api/user.js
@@ -50,3 +50,10 @@ export function languageApi(language) {
     method: 'post'
   })
 }
+
+export function ldapStatus() {
+  return request({
+    url: '/api/auth/isOpenLdap',
+    method: 'post'
+  })
+}
diff --git a/frontend/src/lang/zh.js b/frontend/src/lang/zh.js
index 1a6dd25c6e..f47f54d7f3 100644
--- a/frontend/src/lang/zh.js
+++ b/frontend/src/lang/zh.js
@@ -482,6 +482,7 @@ export default {
     input_password: '请输入密码',
     input_phone: '请输入电话号码',
     input_roles: '请选择角色',
+    select_users: '请选择用户',
     special_characters_are_not_supported: '不支持特殊字符',
     mobile_number_format_is_incorrect: '手机号码格式不正确',
     email_format_is_incorrect: '邮箱格式不正确',
diff --git a/frontend/src/store/modules/user.js b/frontend/src/store/modules/user.js
index edf18a7091..284f38bac5 100644
--- a/frontend/src/store/modules/user.js
+++ b/frontend/src/store/modules/user.js
@@ -71,9 +71,9 @@ const mutations = {
 const actions = {
   // user login
   login({ commit }, userInfo) {
-    const { username, password } = userInfo
+    const { username, password, loginType } = userInfo
     return new Promise((resolve, reject) => {
-      login({ username: username.trim(), password: password }).then(response => {
+      login({ username: username.trim(), password: password, loginType: loginType }).then(response => {
         const { data } = response
         commit('SET_TOKEN', data.token)
         commit('SET_LOGIN_MSG', null)
diff --git a/frontend/src/views/login/index.vue b/frontend/src/views/login/index.vue
index 47e7186721..eadb585c48 100644
--- a/frontend/src/views/login/index.vue
+++ b/frontend/src/views/login/index.vue
@@ -15,6 +15,13 @@
               {{ $t('login.welcome') + (uiInfo && uiInfo['ui.title'] && uiInfo['ui.title'].paramValue || ' DataEase') }}
             </div>
             <div class="login-form">
+              <el-form-item>
+                <el-radio-group v-model="loginForm.loginType">
+                  <el-radio v-if="openLdap" :label="0" size="mini">普通登录</el-radio>
+                  <el-radio v-if="openLdap" :label="1" size="mini">LDAP</el-radio>
+
+                </el-radio-group>
+              </el-form-item>
               <el-form-item prop="username">
                 <el-input v-model="loginForm.username" placeholder="ID" autofocus />
               </el-form-item>
@@ -55,7 +62,7 @@
 <script>
 
 import { encrypt } from '@/utils/rsaEncrypt'
-// import { validateUserName } from '@/api/user'
+import { ldapStatus } from '@/api/user'
 import { getSysUI } from '@/utils/auth'
 export default {
   name: 'Login',
@@ -86,6 +93,7 @@ export default {
     // }
     return {
       loginForm: {
+        loginType: 0,
         username: '',
         password: ''
       },
@@ -99,7 +107,8 @@ export default {
       uiInfo: null,
       loginImageUrl: null,
       loginLogoUrl: null,
-      axiosFinished: false
+      axiosFinished: false,
+      openLdap: true
     }
   },
   computed: {
@@ -115,6 +124,11 @@ export default {
       immediate: true
     }
   },
+  beforeCreate() {
+    ldapStatus().then(res => {
+      this.openLdap = res.success && res.data
+    })
+  },
   created() {
     this.$store.dispatch('user/getUI').then(() => {
       // const uiLists = this.$store.state.user.uiInfo
@@ -141,7 +155,8 @@ export default {
           this.loading = true
           const user = {
             username: this.loginForm.username,
-            password: this.loginForm.password
+            password: this.loginForm.password,
+            loginType: this.loginForm.loginType
           }
           user.password = encrypt(user.password)
           this.$store.dispatch('user/login', user).then(() => {
diff --git a/frontend/src/views/system/user/imp-ldap.vue b/frontend/src/views/system/user/imp-ldap.vue
index 1ca893e87b..ff8af77267 100644
--- a/frontend/src/views/system/user/imp-ldap.vue
+++ b/frontend/src/views/system/user/imp-ldap.vue
@@ -2,6 +2,30 @@
   <layout-content :header="$t('user.import_ldap') " back-name="system-user">
     <el-form ref="importUserForm" :model="form" :rules="rule" size="small" label-width="auto" label-position="right">
 
+      <el-form-item :label="$t('commons.user')" prop="userIds">
+        <el-select
+          ref="userSelect"
+          v-model="form.userIds"
+          filterable
+          style="width: 100%"
+          multiple
+          :placeholder="$t('commons.please_select')"
+          @change="changeUser"
+        >
+          <el-option
+            v-for="item in users"
+            :key="item.userName"
+            :disabled="item.disabled"
+            :label="item.nickName"
+            :value="item.userName"
+          >
+            <span>{{ item.nickName + (item.disabled ? '(已存在)':'') }}</span>
+            <!-- <span><el-checkbox v-model="item.checked">{{ item.nickName }}</el-checkbox></span> -->
+
+          </el-option>
+        </el-select>
+      </el-form-item>
+
       <el-form-item :label="$t('commons.organization')" prop="deptId">
         <treeselect
           ref="deptTreeSelect"
@@ -27,11 +51,20 @@
           <el-option
             v-for="item in roles"
             :key="item.name"
+
             :label="item.name"
             :value="item.id"
           />
         </el-select>
       </el-form-item>
+
+      <el-form-item :label="$t('commons.status')" prop="enabled">
+        <el-radio-group v-model="form.enabled" style="width: 140px">
+          <el-radio :label="1">{{ $t('commons.enable') }}</el-radio>
+          <el-radio :label="0">{{ $t('commons.disable') }}</el-radio>
+        </el-radio-group>
+      </el-form-item>
+
       <el-form-item>
         <el-button type="primary" @click="save">{{ $t('commons.confirm') }}</el-button>
         <el-button @click="cancel">{{ $t('commons.cancel') }}</el-button>
@@ -44,7 +77,7 @@
 <script>
 import LayoutContent from '@/components/business/LayoutContent'
 import { getDeptTree, treeByDeptId } from '@/api/system/dept'
-import { addUser, allRoles } from '@/api/system/user'
+import { allRoles, ldapUsers, saveLdapUser, existLdapUsers } from '@/api/system/user'
 export default {
 
   components: { LayoutContent },
@@ -56,22 +89,27 @@ export default {
         }]
       },
       rule: {
-
+        userIds: [{ required: true, message: this.$t('user.select_users'), trigger: 'change' }],
         roleIds: [{ required: true, message: this.$t('user.input_roles'), trigger: 'change' }],
         deptId: [],
         enable: []
 
       },
-      defaultForm: { enabled: 1, deptId: null, roleIds: [2] },
+      defaultForm: { deptId: null, enabled: 1, roleIds: [2] },
       depts: null,
       roles: [],
       roleDatas: [],
-      userRoles: []
+      userRoles: [],
+      users: [],
+      exitsUsers: []
     }
   },
 
   created() {
     this.initRoles()
+    this.remoteMethod()
+    this.getExistUsers()
+    this.create()
   },
   mounted() {
     this.bindKey()
@@ -160,8 +198,15 @@ export default {
     save() {
       this.$refs.importUserForm.validate(valid => {
         if (valid) {
-          const method = addUser
-          method(this.form).then(res => {
+          const checkedUsers = this.users.filter(user => user.checked)
+          const param = {
+            users: checkedUsers,
+            deptId: this.form.deptId,
+            roleIds: this.form.roleIds,
+            enabled: this.form.enabled
+          }
+          const method = saveLdapUser
+          method(param).then(res => {
             this.$success(this.$t('commons.save_success'))
             this.backToList()
           })
@@ -185,7 +230,38 @@ export default {
         return node
       })
       this.depts = results
+    },
+    remoteMethod() {
+      this.users = []
+      existLdapUsers().then(resout => {
+        this.exitsUsers = resout.data
+        ldapUsers().then(res => {
+          if (res && res.data) {
+            this.users = res.data.map(item => {
+              if (this.exitsUsers.some(existUser => existUser === item.userName)) {
+                item.disabled = true
+              }
+              return item
+            })
+          }
+        })
+      })
+    },
+    changeUser(values) {
+      this.users.forEach(user => {
+        user.checked = false
+        if (values.includes(user.userName)) {
+          user.checked = true
+        }
+      })
+    },
+
+    getExistUsers() {
+      /* existLdapUsers().then(res => {
+        this.exitsUsers = res.data
+      }) */
     }
+
   }
 }
 </script>
diff --git a/frontend/src/views/system/user/index.vue b/frontend/src/views/system/user/index.vue
index 29510e05ea..c5f4188913 100644
--- a/frontend/src/views/system/user/index.vue
+++ b/frontend/src/views/system/user/index.vue
@@ -14,12 +14,17 @@
         <el-button v-permission="['user:add']" icon="el-icon-circle-plus-outline" @click="create">{{ $t('user.create') }}</el-button>
 
         <!-- <el-button v-permission="['user:import']" icon="el-icon-download" @click="importLdap">{{ $t('user.import_ldap') }}</el-button> -->
-        <el-button icon="el-icon-download" @click="importLdap">{{ $t('user.import_ldap') }}</el-button>
+        <el-button v-if="openLdap" v-permission="['user:import']" icon="el-icon-download" @click="importLdap">{{ $t('user.import_ldap') }}</el-button>
       </template>
 
       <el-table-column prop="username" label="ID" />
       <el-table-column :show-overflow-tooltip="true" prop="nickName" sortable="custom" :label="$t('commons.nick_name')" />
-      <el-table-column prop="gender" :label="$t('commons.gender')" width="60" />
+      <!-- <el-table-column prop="gender" :label="$t('commons.gender')" width="60" /> -->
+      <el-table-column prop="from" :label="$t('user.source')" width="80">
+        <template slot-scope="scope">
+          <div>{{ scope.row.from === 0 ? 'LOCAL' : 'LDAP' }}</div>
+        </template>
+      </el-table-column>
 
       <el-table-column :show-overflow-tooltip="true" prop="email" :label="$t('commons.email')" />
       <el-table-column :show-overflow-tooltip="true" prop="dept" sortable="custom" :label="$t('commons.organization')">
@@ -169,7 +174,7 @@ import { PHONE_REGEX } from '@/utils/validate'
 import { LOAD_CHILDREN_OPTIONS, LOAD_ROOT_OPTIONS } from '@riophae/vue-treeselect'
 import Treeselect from '@riophae/vue-treeselect'
 import '@riophae/vue-treeselect/dist/vue-treeselect.css'
-
+import { ldapStatus } from '@/api/user'
 import { userLists, addUser, editUser, delUser, editPassword, editStatus, allRoles } from '@/api/system/user'
 import { getDeptTree, treeByDeptId } from '@/api/system/dept'
 
@@ -300,14 +305,19 @@ export default {
         editPwd: ['user:editPwd']
       },
       orderConditions: [],
-      last_condition: null
+      last_condition: null,
+      openLdap: false
     }
   },
   mounted() {
     this.allRoles()
     this.search()
   },
-
+  beforeCreate() {
+    ldapStatus().then(res => {
+      this.openLdap = res.success && res.data
+    })
+  },
   methods: {
     sortChange({ column, prop, order }) {
       this.orderConditions = []