4th

2025-09-01 09:16:14 +08:00
parent 45a42f8e64
commit 8185b609f7
4 changed files with 545 additions and 39 deletions
--- a/backend/utils/ldap_utils.py
+++ b/backend/utils/ldap_utils.py
@@ -154,7 +154,23 @@ def get_user_info(ad_account):
            return None
        
        config = current_app.config
-        search_filter = f"(&(objectClass=person)(sAMAccountName={ad_account}))"
+        
+        # 支援 sAMAccountName 和 userPrincipalName 格式
+        if '@' in ad_account:
+            # Email 格式，使用 userPrincipalName 或 mail 搜尋
+            search_filter = f"""(&
+                (objectClass=person)
+                (|
+                    (userPrincipalName={ad_account})
+                    (mail={ad_account})
+                )
+            )"""
+        else:
+            # 純帳號名稱，使用 sAMAccountName 搜尋
+            search_filter = f"(&(objectClass=person)(sAMAccountName={ad_account}))"
+        
+        # 移除多餘的空白
+        search_filter = ' '.join(search_filter.split())
        
        conn.search(
            config['LDAP_SEARCH_BASE'],
@@ -170,7 +186,8 @@ def get_user_info(ad_account):
        return {
            'ad_account': str(entry.sAMAccountName) if entry.sAMAccountName else ad_account,
            'display_name': str(entry.displayName) if entry.displayName else ad_account,
-            'email': str(entry.mail) if entry.mail else ''
+            'email': str(entry.mail) if entry.mail else '',
+            'user_principal_name': str(entry.userPrincipalName) if entry.userPrincipalName else ''
        }
        
    except Exception as e:
@@ -191,13 +208,28 @@ def validate_ad_accounts(ad_accounts):
        valid_accounts = {}
        
        for account in ad_accounts:
-            search_filter = f"(&(objectClass=person)(sAMAccountName={account}))"
+            # 支援 sAMAccountName 和 userPrincipalName 格式
+            if '@' in account:
+                # Email 格式，使用 userPrincipalName 或 mail 搜尋
+                search_filter = f"""(&
+                    (objectClass=person)
+                    (|
+                        (userPrincipalName={account})
+                        (mail={account})
+                    )
+                )"""
+            else:
+                # 純帳號名稱，使用 sAMAccountName 搜尋
+                search_filter = f"(&(objectClass=person)(sAMAccountName={account}))"
+            
+            # 移除多餘的空白
+            search_filter = ' '.join(search_filter.split())
            
            conn.search(
                config['LDAP_SEARCH_BASE'],
                search_filter,
                SUBTREE,
-                attributes=['sAMAccountName', 'displayName', 'mail']
+                attributes=['sAMAccountName', 'displayName', 'mail', 'userPrincipalName']
            )
            
            if conn.entries:
@@ -205,8 +237,12 @@ def validate_ad_accounts(ad_accounts):
                valid_accounts[account] = {
                    'ad_account': str(entry.sAMAccountName) if entry.sAMAccountName else account,
                    'display_name': str(entry.displayName) if entry.displayName else account,
-                    'email': str(entry.mail) if entry.mail else ''
+                    'email': str(entry.mail) if entry.mail else '',
+                    'user_principal_name': str(entry.userPrincipalName) if entry.userPrincipalName else ''
                }
+                logger.info(f"Validated AD account: {account} -> {entry.sAMAccountName}")
+            else:
+                logger.warning(f"AD account not found: {account}")
        
        return valid_accounts