ldap

package
v0.6.9 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 5, 2015 License: MIT Imports: 3 Imported by: 0

README

Gogs LDAP Authentication Module

About

This authentication module attempts to authorize and authenticate a user against an LDAP server. Like most LDAP authentication systems, this module does this in two steps. First, it queries the LDAP server using a Bind DN and searches for the user that is attempting to sign in. If the user is found, the module attempts to bind to the server using the user's supplied credentials. If this succeeds, the user has been authenticated, and his account information is retrieved and passed to the Gogs login infrastructure.

Usage

To use this module, add an LDAP authentication source via the Authentications section in the admin panel. The fields should be set as follows:

  • Authorization Name (required)

    • A name to assign to the new method of authorization.
  • Host (required)

    • The address where the LDAP server can be reached.
    • Example: mydomain.com
  • Port (required)

    • The port to use when connecting to the server.
    • Example: 636
  • Enable TLS Encryption (optional)

    • Whether to use TLS when connecting to the LDAP server.
  • Bind DN (optional)

    • The DN to bind to the LDAP server with when searching for the user. This may be left blank to perform an anonymous search.
    • Example: cn=Search,dc=mydomain,dc=com
  • Bind Password (optional)

    • The password for the Bind DN specified above, if any.
  • User Search Base (required)

    • The LDAP base at which user accounts will be searched for.
    • Example: ou=Users,dc=mydomain,dc=com
  • User Filter (required)

    • An LDAP filter declaring how to find the user record that is attempting to authenticate. The '%s' matching parameter will be substituted with the user's username.
    • Example: (&(objectClass=posixAccount)(uid=%s))
  • First name attribute (optional)

    • The attribute of the user's LDAP record containing the user's first name. This will be used to populate their account information.
    • Example: givenName
  • Surname name attribute (optional)

    • The attribute of the user's LDAP record containing the user's surname This will be used to populate their account information.
    • Example: sn
  • E-mail attribute (required)

    • The attribute of the user's LDAP record containing the user's email address. This will be used to populate their account information.
    • Example: mail

Documentation

Overview

Package ldap provide functions & structure to query a LDAP ldap directory For now, it's mainly tested again an MS Active Directory service, see README.md for more information

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Ldapsource added in v0.4.0

type Ldapsource struct {
	Name             string // canonical name (ie. corporate.ad)
	Host             string // LDAP host
	Port             int    // port number
	UseSSL           bool   // Use SSL
	BindDN           string // DN to bind with
	BindPassword     string // Bind DN password
	UserBase         string // Base search path for users
	AttributeName    string // First name attribute
	AttributeSurname string // Surname attribute
	AttributeMail    string // E-mail attribute
	Filter           string // Query filter to validate entry
	AdminFilter      string // Query filter to check if user is admin
	Enabled          bool   // if this source is disabled
}

Basic LDAP authentication service

func (Ldapsource) FindUserDN added in v0.6.9

func (ls Ldapsource) FindUserDN(name string) (string, bool)

func (Ldapsource) SearchEntry added in v0.4.0

func (ls Ldapsource) SearchEntry(name, passwd string) (string, string, string, bool, bool)

searchEntry : search an LDAP source if an entry (name, passwd) is valid and in the specific filter

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL