README
¶
LDAP 认证
环境准备
执行下面的脚本安装LDAP和Web管理
#!/bin/bash -e
docker run -p 389:389 -p 636:636 --name ldap-service --hostname ldap-service --detach osixia/openldap:1.5.0
docker run -p 6443:443 --name phpldapadmin-service --hostname phpldapadmin-service --link ldap-service:ldap-host --env PHPLDAPADMIN_LDAP_HOSTS=ldap-host --detach osixia/phpldapadmin:0.9.0
echo "Go to: https://localhost:6443/"
echo "Login DN: cn=admin,dc=example,dc=org"
echo "Password: admin"
执行下面命令测试LDAP搜索功能
docker exec ldap-service ldapsearch -x -H ldap://localhost -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w admin
更详细安装请参考: docker-openldap
创建用户
- 首先创建一个Grou: cn=dev,dc=example,dc=org
| Attribute | New Value |
|---|---|
| Group | test |
| GID Number | 500 |
| objectClass | posixGroup |
- 在dev组创建一个用户: cn=old fish,cn=dev,dc=example,dc=org
| Attribute | New Value |
|---|---|
| Given Name | old |
| Last name | fish |
| Common Name | old fish |
| User ID | oldfish |
| oldfish@devcloud.io | |
| Password | Password |
| objectClass | inetOrgPerson |
Documentation
¶
Index ¶
- type Config
- type Connection
- type ConnectionImpl
- type LdapProvider
- func (p *LdapProvider) CheckConnect() error
- func (p *LdapProvider) CheckUserPassword(inputUsername string, password string) (*UserProfile, error)
- func (p *LdapProvider) GetDetails(inputUsername string) (*UserProfile, error)
- func (p *LdapProvider) UpdatePassword(inputUsername string, newPassword string) error
- type LdapTokenIssuer
- type UserProfile
- type UserProvider
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
// 开启LDAP认证
Enabled bool `json:"enabled" toml:"enabled" yaml:"enabled" env:"ENABLED"`
// LDAP Server URL
Url string `json:"url" toml:"url" yaml:"url" env:"URL"`
// 管理账号的用户名称
BindDn string `json:"bind_dn" toml:"bind_dn" yaml:"bind_dn" env:"BIND_DN"`
// 管理账号的用户密码
BindPassword string `json:"bind_password" toml:"bind_password" yaml:"bind_password" env:"BIND_PASSWORD"`
// TLS是是否校验证书有效性
SkipVerify bool `json:"skip_verify" toml:"skip_verify" yaml:"skip_verify" env:"SKIP_VERIFY"`
// LDAP 服务器的登录用户名,必须是从根结点到用户节点的全路径
BaseDn string `json:"base_dn" toml:"base_dn" yaml:"base_dn" env:"BASE_DN"`
// 用户过滤条件
UserFilter string `json:"user_filter" toml:"user_filter" yaml:"user_filter" env:"USER_FILTER"`
// 用户组过滤条件
GroupFilter string `json:"group_filter" toml:"group_filter" yaml:"group_filter" env:"GROUP_FILTER"`
// 组属性的名称
GroupNameAttribute string `json:"group_name_attribute" toml:"group_name_attribute" yaml:"group_name_attribute" env:"GROUP_NAME_ATTRIBUTE"`
// 用户属性的名称
UserNameAttribute string `json:"user_name_attribute" toml:"user_name_attribute" yaml:"user_name_attribute" env:"USER_NAME_ATTRIBUTE"`
// 用户邮箱属性的名称
MailAttribute string `json:"mail_attribute" toml:"mail_attribute" yaml:"mail_attribute" env:"MAIL_ATTRIBUTE"`
// 用户显示名称属性名称
DisplayNameAttribute string `json:"display_name_attribute" toml:"display_name_attribute" yaml:"display_name_attribute" env:"DISPLAY_NAME_ATTRIBUTE"`
// 新增用户或者注销用户时,是否同步, 默认不做同步, 只读区用户信息
SyncUser bool `json:"sync_user" toml:"sync_user" yaml:"sync_user" env:"SYNC_USER"`
}
type Connection ¶
type Connection interface {
Bind(username, password string) error
Close()
Search(searchRequest *ldap.SearchRequest) (*ldap.SearchResult, error)
Modify(modifyRequest *ldap.ModifyRequest) error
}
Connection interface representing a connection to the ldap.
type ConnectionImpl ¶
type ConnectionImpl struct {
// contains filtered or unexported fields
}
ConnectionImpl the production implementation of an ldap connection.
func NewLDAPConnectionImpl ¶
func NewLDAPConnectionImpl(conn *ldap.Conn) *ConnectionImpl
NewLDAPConnectionImpl create a new ldap connection.
func (*ConnectionImpl) Bind ¶
func (lc *ConnectionImpl) Bind(username, password string) error
Bind binds ldap connection to a username/password.
func (*ConnectionImpl) Modify ¶
func (lc *ConnectionImpl) Modify(modifyRequest *ldap.ModifyRequest) error
Modify modifies an ldap object.
func (*ConnectionImpl) Search ¶
func (lc *ConnectionImpl) Search(searchRequest *ldap.SearchRequest) (*ldap.SearchResult, error)
Search searches a ldap server.
type LdapProvider ¶
type LdapProvider struct {
// contains filtered or unexported fields
}
func NewLdapProvider ¶
func NewLdapProvider(conf Config) *LdapProvider
func (*LdapProvider) CheckUserPassword ¶
func (p *LdapProvider) CheckUserPassword(inputUsername string, password string) (*UserProfile, error)
CheckUserPassword checks if provided password matches for the given user.
func (*LdapProvider) GetDetails ¶
func (p *LdapProvider) GetDetails(inputUsername string) (*UserProfile, error)
GetDetails retrieve the groups a user belongs to.
func (*LdapProvider) UpdatePassword ¶
func (p *LdapProvider) UpdatePassword(inputUsername string, newPassword string) error
UpdatePassword update the password of the given user.
type LdapTokenIssuer ¶
type LdapTokenIssuer struct {
ioc.ObjectImpl
// Password颁发的Token 过去时间由系统配置, 不允许用户自己设置
ExpiredTTLSecond int `json:"expired_ttl_second" toml:"expired_ttl_second" yaml:"expired_ttl_second" env:"EXPIRED_TTL_SECOND"`
// Ldap
Config
// contains filtered or unexported fields
}
func (*LdapTokenIssuer) Init ¶
func (p *LdapTokenIssuer) Init() error
func (*LdapTokenIssuer) IssueToken ¶
func (i *LdapTokenIssuer) IssueToken(ctx context.Context, parameter token.IssueParameter) (*token.Token, error)
func (*LdapTokenIssuer) Name ¶
func (p *LdapTokenIssuer) Name() string
Source Files
Click to show internal directories.
Click to hide internal directories.