README ¶
LDAP authentication
Goal
Authenticat user against LDAP directories
It will bind with the user's login/pasword and query attributs ("mail" for instance) in a pool of directory servers
The first OK wins.
If there's connection error, the server will be disabled and won't be checked again
Usage
In the [security] section, set
LDAP_AUTH = true
then for each LDAP source, set
[LdapSource-someuniquename] name=canonicalName host=hostname-or-ip port=3268 # or regular LDAP port
the following settings depend highly how you've configured your AD
basedn=dc=ACME,dc=COM MSADSAFORMAT=%s@ACME.COM filter=(&(objectClass=user)(sAMAccountName=%s))
Limitation
Only tested on an MS 2008R2 DC, using global catalog (TCP/3268)
This MSAD is a mess.
The way how one checks the directory (CN, DN etc...) may be highly depending local custom configuration
Todo
- Define a timeout per server
- Check servers marked as "Disabled" when they'll come back online
- Find a more flexible way to define filter/MSADSAFORMAT/Attributes etc... maybe text/template ?
- Check OpenLDAP server
- SSL support ?
Documentation ¶
Overview ¶
package ldap provide functions & structure to query a LDAP ldap directory For now, it's mainly tested again an MS Active Directory service, see README.md for more information
Index ¶
Constants ¶
This section is empty.
Variables ¶
var (
Authensource []Ldapsource
)
Global LDAP directory pool
Functions ¶
Types ¶
type Ldapsource ¶ added in v0.4.0
type Ldapsource struct { Name string // canonical name (ie. corporate.ad) Host string // LDAP host Port int // port number UseSSL bool // Use SSL BaseDN string // Base DN Attributes string // Attribute to search Filter string // Query filter to validate entry MsAdSAFormat string // in the case of MS AD Simple Authen, the format to use (see: http://msdn.microsoft.com/en-us/library/cc223499.aspx) Enabled bool // if this source is disabled }
Basic LDAP authentication service
func (Ldapsource) SearchEntry ¶ added in v0.4.0
func (ls Ldapsource) SearchEntry(name, passwd string) (string, bool)
searchEntry : search an LDAP source if an entry (name, passwd) is valide and in the specific filter