ldap

package
v0.6.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 26, 2015 License: MIT Imports: 3 Imported by: 0

README

LDAP authentication

Goal

Authenticat user against LDAP directories

It will bind with the user's login/pasword and query attributs ("mail" for instance) in a pool of directory servers

The first OK wins.

If there's connection error, the server will be disabled and won't be checked again

Usage

In the [security] section, set

LDAP_AUTH = true

then for each LDAP source, set

[LdapSource-someuniquename] name=canonicalName host=hostname-or-ip port=3268 # or regular LDAP port

the following settings depend highly how you've configured your AD

basedn=dc=ACME,dc=COM MSADSAFORMAT=%s@ACME.COM filter=(&(objectClass=user)(sAMAccountName=%s))

Limitation

Only tested on an MS 2008R2 DC, using global catalog (TCP/3268)

This MSAD is a mess.

The way how one checks the directory (CN, DN etc...) may be highly depending local custom configuration

Todo
  • Define a timeout per server
  • Check servers marked as "Disabled" when they'll come back online
  • Find a more flexible way to define filter/MSADSAFORMAT/Attributes etc... maybe text/template ?
  • Check OpenLDAP server
  • SSL support ?

Documentation

Overview

package ldap provide functions & structure to query a LDAP ldap directory For now, it's mainly tested again an MS Active Directory service, see README.md for more information

Index

Constants

This section is empty.

Variables

View Source
var (
	Authensource []Ldapsource
)

Global LDAP directory pool

Functions

func AddSource

func AddSource(name string, host string, port int, usessl bool, basedn string, attribcn string, attribname string, attribsn string, attribmail string, filter string, msadsaformat string)

Add a new source (LDAP directory) to the global pool

func LoginUser

func LoginUser(name, passwd string) (cn, fn, sn, mail string, r bool)

LoginUser : try to login an user to LDAP sources, return requested (attribute,true) if ok, ("",false) other wise First match wins Returns first attribute if exists

Types

type Ldapsource added in v0.4.0

type Ldapsource struct {
	Name              string // canonical name (ie. corporate.ad)
	Host              string // LDAP host
	Port              int    // port number
	UseSSL            bool   // Use SSL
	BaseDN            string // Base DN
	AttributeUsername string // Username attribute
	AttributeName     string // First name attribute
	AttributeSurname  string // Surname attribute
	AttributeMail     string // E-mail attribute
	Filter            string // Query filter to validate entry
	MsAdSAFormat      string // in the case of MS AD Simple Authen, the format to use (see: http://msdn.microsoft.com/en-us/library/cc223499.aspx)
	Enabled           bool   // if this source is disabled
}

Basic LDAP authentication service

func (Ldapsource) SearchEntry added in v0.4.0

func (ls Ldapsource) SearchEntry(name, passwd string) (string, string, string, string, bool)

searchEntry : search an LDAP source if an entry (name, passwd) is valide and in the specific filter

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL