Documentation ¶
Overview ¶
Package ldap provides a ldap implementation.
Index ¶
- Constants
- Variables
- func BuildExtendedNameValuePacket(request bool, name ExtendedOp, value *ber.Packet) *ber.Packet
- func BuildMessagePacket(id int64, p *ber.Packet) *ber.Packet
- func BuildResultPacket(app ldaputil.Application, result ldaputil.Result, matched, msg string) *ber.Packet
- func GetError(p *ber.Packet) error
- func IsErrorOf(err error, results ...ldaputil.Result) bool
- func ListenAndServe(ctx context.Context, addr string, h Handler, opts ...func(*net.ListenConfig)) error
- func ListenAndServeTLS(ctx context.Context, addr, certFile, keyFile string, h Handler, ...) error
- func Logf(ctx context.Context, s string, v ...interface{})
- func SessionID(ctx context.Context) string
- func SessionSetValue(ctx context.Context, name string, value interface{})
- func SessionValue(ctx context.Context, name string) interface{}
- func WithLogf(ctx context.Context, logf func(string, ...interface{})) context.Context
- type AbandonHandler
- type AbandonHandlerFunc
- type AbandonRequest
- type AbandonResponse
- type AddHandler
- type AddHandlerFunc
- type AddRequest
- type AddResponse
- type AuthHandler
- type BindHandler
- type BindHandlerFunc
- type BindRequest
- type BindResponse
- type Client
- func (cl *Client) Add(req *ClientAddRequest) error
- func (cl *Client) Bind(username, password string) error
- func (cl *Client) Close()
- func (cl *Client) Compare(dn, attribute, value string) (bool, error)
- func (cl *Client) Del(req *ClientDeleteRequest) error
- func (cl *Client) DigestMD5Bind(req *ClientDigestMD5BindRequest) (*DigestMD5BindResult, error)
- func (cl *Client) Do(req ClientRequest) (*MessageContext, error)
- func (cl *Client) ExternalBind() error
- func (cl *Client) FinishMessage(msgCtx *MessageContext)
- func (cl *Client) IsClosing() bool
- func (cl *Client) MD5Bind(host, username, password string) error
- func (cl *Client) Modify(req *ClientModifyRequest) error
- func (cl *Client) ModifyDN(req *ClientModifyDNRequest) error
- func (cl *Client) NTLMBind(domain, username, password string) error
- func (cl *Client) NTLMBindWithHash(domain, username, hash string) error
- func (cl *Client) NTLMChallengeBind(req *ClientNTLMBindRequest) (*NTLMBindResult, error)
- func (cl *Client) PasswordModify(req *ClientPasswordModifyRequest) (*PasswordModifyResult, error)
- func (cl *Client) ReadPacket(msgCtx *MessageContext) (*ber.Packet, error)
- func (cl *Client) Search(req *ClientSearchRequest) (*SearchResult, error)
- func (cl *Client) SearchWithPaging(req *ClientSearchRequest, pagingSize uint32) (*SearchResult, error)
- func (cl *Client) SendMessage(p *ber.Packet) (*MessageContext, error)
- func (cl *Client) SendMessageWithFlags(p *ber.Packet, flags SendMessageFlags) (*MessageContext, error)
- func (cl *Client) SetTimeout(timeout time.Duration)
- func (cl *Client) SimpleBind(req *ClientSimpleBindRequest) (*SimpleBindResult, error)
- func (cl *Client) Start()
- func (cl *Client) StartTLS(config *tls.Config) error
- func (cl *Client) TLSConnectionState() (state tls.ConnectionState, ok bool)
- func (cl *Client) UnauthenticatedBind(username string) error
- type ClientAddRequest
- type ClientCompareRequest
- type ClientDeleteRequest
- type ClientDigestMD5BindRequest
- type ClientModifyDNRequest
- type ClientModifyRequest
- func (req *ClientModifyRequest) Add(attrType string, attrVals []string)
- func (req *ClientModifyRequest) AppendTo(envelope *ber.Packet) error
- func (req *ClientModifyRequest) Delete(attrType string, attrVals []string)
- func (req *ClientModifyRequest) Increment(attrType string, attrVal string)
- func (req *ClientModifyRequest) Replace(attrType string, attrVals []string)
- type ClientNTLMBindRequest
- type ClientPasswordModifyRequest
- type ClientRequest
- type ClientRequestFunc
- type ClientSearchRequest
- type ClientSimpleBindRequest
- type CompareHandler
- type CompareHandlerFunc
- type CompareRequest
- type CompareResponse
- type DeleteHandler
- type DeleteHandlerFunc
- type DeleteRequest
- type DeleteResponse
- type DerefAliases
- type DialContext
- type DialOpt
- type DigestMD5BindResult
- type Encoder
- type Entry
- func (e *Entry) GetAttributeValue(attribute string) string
- func (e *Entry) GetAttributeValues(attribute string) []string
- func (e *Entry) GetEqualFoldAttributeValue(attribute string) string
- func (e *Entry) GetEqualFoldAttributeValues(attribute string) []string
- func (e *Entry) GetEqualFoldRawAttributeValue(attribute string) []byte
- func (e *Entry) GetEqualFoldRawAttributeValues(attribute string) [][]byte
- func (e *Entry) GetRawAttributeValue(attribute string) []byte
- func (e *Entry) GetRawAttributeValues(attribute string) [][]byte
- func (e *Entry) PrettyPrint(indent int)
- func (e *Entry) Print()
- type EntryAttribute
- type Error
- type ExtendedHandler
- type ExtendedHandlerFunc
- type ExtendedOp
- type ExtendedOpHandler
- type ExtendedPasswordModifyHandlerFunc
- type ExtendedRequest
- type ExtendedResponse
- type ExtendedWhoAmIHandlerFunc
- type Handler
- type HandlerFunc
- type MessageContext
- type ModifyDNHandler
- type ModifyDNHandlerFunc
- type ModifyDNRequest
- type ModifyDNResponse
- type ModifyHandler
- type ModifyHandlerFunc
- type ModifyRequest
- type ModifyResponse
- type NTLMBindResult
- type OpHandler
- type PacketResponse
- type PasswordModifyResult
- type QueryHandler
- type Request
- type ResponseWriter
- type Scope
- type SearchEntry
- type SearchEntryResult
- type SearchHandler
- type SearchHandlerFunc
- type SearchRef
- type SearchRefResult
- type SearchRequest
- type SearchResponse
- type SearchResult
- type SendMessageFlags
- type Server
- func (s *Server) ListenAndServe(ctx context.Context, opts ...func(*net.ListenConfig)) error
- func (s *Server) ListenAndServeTLS(ctx context.Context, certFile, keyFile string, opts ...func(*net.ListenConfig)) error
- func (s *Server) Serve(ctx context.Context, l net.Listener) error
- func (s *Server) ServeTLS(ctx context.Context, l net.Listener, certFile, keyFile string) error
- func (s *Server) Shutdown(ctx context.Context) error
- type ServerError
- type Session
- type SessionAuthFunc
- type SessionAuthHandler
- type SessionBindFunc
- type SessionExtendedFunc
- type SimpleBindResult
- type UnbindHandler
- type UnbindHandlerFunc
- type UnbindRequest
- type UnbindResponse
Examples ¶
- Client.Bind
- Client.Bind (VerifyLogin)
- Client.Compare
- Client.ExternalBind
- Client.Modify
- Client.ModifyDN (MoveOnly)
- Client.ModifyDN (RenameAndMove)
- Client.ModifyDN (RenameNoMove)
- Client.PasswordModify
- Client.PasswordModify (GeneratedPassword)
- Client.PasswordModify (SetNewPassword)
- Client.Search
- Client.Search (ControlManualPaging)
- Client.SimpleBind (ControlBeheraPasswordPolicy)
- Client.SimpleBind (ControlVChuPasswordPolicy)
- Client.StartTLS
Constants ¶
const ( // MessageQuit causes the processMessages loop to exit MessageQuit = 0 // MessageRequest sends a request to the server MessageRequest = 1 // MessageResponse receives a response from the server MessageResponse = 2 // MessageFinish indicates the client considers a particular message ID to be finished MessageFinish = 3 // MessageTimeout indicates the client-specified timeout for a particular message ID has been reached MessageTimeout = 4 )
Variables ¶
var DefaultTimeout = 60 * time.Second
DefaultTimeout is a package-level variable that sets the timeout value used for the Dial and DialTLS methods.
WARNING: since this is a package-level variable, setting this value from multiple places will probably result in undesired behaviour.
Functions ¶
func BuildExtendedNameValuePacket ¶
BuildExtendedNameValuePacket builds an extended name and value packet.
func BuildMessagePacket ¶
BuildMessagePacket builds a ldap message packet.
func BuildResultPacket ¶
func BuildResultPacket(app ldaputil.Application, result ldaputil.Result, matched, msg string) *ber.Packet
BuildResultPacket builds a ldap result packet.
func GetError ¶
GetError creates an Error out of a BER packet representing a Result The return is an error object. It can be casted to a Error structure. This function returns nil if resultCode in the Result sequence is success(0).
func IsErrorOf ¶
IsErrorOf returns true if the given error is an LDAP error with any one of the given result codes
func ListenAndServe ¶
func ListenAndServe(ctx context.Context, addr string, h Handler, opts ...func(*net.ListenConfig)) error
ListenAndServe creates a new server for the passed handler, listening and serving on the specified address until the context is closed.
func ListenAndServeTLS ¶
func ListenAndServeTLS(ctx context.Context, addr, certFile, keyFile string, h Handler, opts ...func(*net.ListenConfig)) error
ListenAndServe creates a new server for the passed handler, listening and serving TLS encrypted connections on the specified address until the context is closed.
func SessionSetValue ¶
SessionSetValue sets a named value in the context's session.
func SessionValue ¶
SessionValue returns the named value from the context's session.
Types ¶
type AbandonHandler ¶
type AbandonHandler interface {
Abandon(context.Context, *AbandonRequest) (*AbandonResponse, error)
}
type AbandonHandlerFunc ¶
type AbandonHandlerFunc func(context.Context, *AbandonRequest) (*AbandonResponse, error)
func (AbandonHandlerFunc) Abandon ¶
func (f AbandonHandlerFunc) Abandon(ctx context.Context, req *AbandonRequest) (*AbandonResponse, error)
type AbandonRequest ¶
type AbandonRequest struct {
ID int64
}
func ParseAbandonRequest ¶
func ParseAbandonRequest(req *Request) (*AbandonRequest, error)
type AbandonResponse ¶
type AbandonResponse struct{}
func (*AbandonResponse) Encode ¶
func (res *AbandonResponse) Encode(_ context.Context, w ResponseWriter) error
Encode satisfies the Encoder interface.
type AddHandler ¶
type AddHandler interface {
Add(context.Context, *AddRequest) (*AddResponse, error)
}
type AddHandlerFunc ¶
type AddHandlerFunc func(context.Context, *AddRequest) (*AddResponse, error)
func (AddHandlerFunc) Add ¶
func (f AddHandlerFunc) Add(ctx context.Context, req *AddRequest) (*AddResponse, error)
type AddRequest ¶
type AddRequest struct{}
func ParseAddRequest ¶
func ParseAddRequest(req *Request) (*AddRequest, error)
type AddResponse ¶
type AddResponse struct{}
func (*AddResponse) Encode ¶
func (res *AddResponse) Encode(_ context.Context, w ResponseWriter) error
Encode satisfies the Encoder interface.
type AuthHandler ¶
type AuthHandler interface { Bind(context.Context, *BindRequest) (*BindResponse, error) Auth(context.Context, ldaputil.Application) (ldaputil.Result, error) Extended(context.Context, ExtendedOp) (ldaputil.Result, error) }
AuthHandler is the interface for an auth handler.
func NewSessionAuthHandler ¶
func NewSessionAuthHandler(bind SessionBindFunc, auth SessionAuthFunc, extended SessionExtendedFunc) AuthHandler
NewSessionAuthHandler creates a new session auth handler.
type BindHandler ¶
type BindHandler interface {
Bind(context.Context, *BindRequest) (*BindResponse, error)
}
type BindHandlerFunc ¶
type BindHandlerFunc func(context.Context, *BindRequest) (*BindResponse, error)
func (BindHandlerFunc) Bind ¶
func (f BindHandlerFunc) Bind(ctx context.Context, req *BindRequest) (*BindResponse, error)
type BindRequest ¶
func ParseBindRequest ¶
func ParseBindRequest(req *Request) (*BindRequest, error)
type BindResponse ¶
func (*BindResponse) Encode ¶
func (res *BindResponse) Encode(ctx context.Context, w ResponseWriter) error
Encode satisfies the Encoder interface.
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client is an ldap client client.
func Dial ¶
Dial connects to the given address on the given network using net.Dial and then returns a new Client for the connection. @deprecated Use DialURL instead.
func DialTLS ¶
DialTLS connects to the given address on the given network using tls.Dial and then returns a new Client for the connection. @deprecated Use DialURL instead.
func DialURL ¶
DialURL connects to the given ldap URL. The following schemas are supported: ldap://, ldaps://, ldapi://. On success a new Client for the connection is returned.
func (*Client) Add ¶
func (cl *Client) Add(req *ClientAddRequest) error
Add performs the given AddRequest
func (*Client) Bind ¶
Bind performs a bind with the given username and password.
It does not allow unauthenticated bind (i.e. empty password). Use the UnauthenticatedBind method for that.
Example ¶
This example demonstrates how to bind a connection to an ldap user allowing access to restricted attributes that user has access to
package main import ( "log" "github.com/userhive/asn1/ldap" ) func main() { cl, err := ldap.DialURL("ldap://ldap.example.com:389") if err != nil { log.Fatal(err) } defer cl.Close() if err = cl.Bind("cn=read-only-admin,dc=example,dc=com", "password"); err != nil { log.Fatal(err) } }
Output:
Example (VerifyLogin) ¶
This example shows how a typical application can verify a login attempt
package main import ( "crypto/tls" "fmt" "log" "github.com/userhive/asn1/ldap" ) func main() { // The username and password we want to check username := "someuser" password := "userpassword" bindusername := "readonly" bindpassword := "password" cl, err := ldap.DialURL("ldap://ldap.example.com:389") if err != nil { log.Fatal(err) } defer cl.Close() // Reconnect with TLS if err = cl.StartTLS(&tls.Config{InsecureSkipVerify: true}); err != nil { log.Fatal(err) } // First bind with a read only user if err = cl.Bind(bindusername, bindpassword); err != nil { log.Fatal(err) } // Search for the given username req := ldap.NewClientSearchRequest( "dc=example,dc=com", ldap.ScopeWholeSubtree, ldap.DerefAliasesNever, 0, 0, false, fmt.Sprintf("(&(objectClass=organizationalPerson)(uid=%s))", username), []string{"dn"}, ) res, err := cl.Search(req) if err != nil { log.Fatal(err) } if len(res.Entries) != 1 { log.Fatal("User does not exist or too many entries returned") } userdn := res.Entries[0].DN // Bind as the user to verify their password if err = cl.Bind(userdn, password); err != nil { log.Fatal(err) } // Rebind as the read only user for any further queries if err = cl.Bind(bindusername, bindpassword); err != nil { log.Fatal(err) } }
Output:
func (*Client) Compare ¶
Compare checks to see if the attribute of the dn matches value. Returns true if it does otherwise false with any error that occurs if any.
Example ¶
This example demonstrates how to compare an attribute with a value
package main import ( "fmt" "log" "github.com/userhive/asn1/ldap" ) func main() { cl, err := ldap.DialURL("ldap://ldap.example.com:389") if err != nil { log.Fatal(err) } defer cl.Close() matched, err := cl.Compare("cn=user,dc=example,dc=com", "uid", "someuserid") if err != nil { log.Fatal(err) } fmt.Println(matched) }
Output:
func (*Client) Del ¶
func (cl *Client) Del(req *ClientDeleteRequest) error
Del executes the given delete request
func (*Client) DigestMD5Bind ¶
func (cl *Client) DigestMD5Bind(req *ClientDigestMD5BindRequest) (*DigestMD5BindResult, error)
DigestMD5Bind performs the digest-md5 bind operation defined in the given request
func (*Client) Do ¶
func (cl *Client) Do(req ClientRequest) (*MessageContext, error)
func (*Client) ExternalBind ¶
ExternalBind performs SASL/EXTERNAL authentication.
Use ldap.DialURL("ldapi://") to connect to the Unix socket before ExternalBind.
See https://tools.ietf.org/html/rfc4422#appendix-A
Example ¶
This example demonstrates how to use EXTERNAL SASL with TLS client certificates.
package main import ( "crypto/tls" "crypto/x509" "io/ioutil" "log" "github.com/userhive/asn1/ldap" ) func main() { ldapCert := "/path/to/cert.pem" ldapKey := "/path/to/key.pem" ldapCAchain := "/path/to/ca_chain.pem" // Load client cert and key cert, err := tls.LoadX509KeyPair(ldapCert, ldapKey) if err != nil { log.Fatal(err) } // Load CA chain caCert, err := ioutil.ReadFile(ldapCAchain) if err != nil { log.Fatal(err) } caCertPool := x509.NewCertPool() caCertPool.AppendCertsFromPEM(caCert) // Setup TLS with ldap client cert tlsConfig := &tls.Config{ Certificates: []tls.Certificate{cert}, RootCAs: caCertPool, InsecureSkipVerify: true, } // connect to ldap server cl, err := ldap.DialURL("ldap://ldap.example.com:389") if err != nil { log.Fatal(err) } defer cl.Close() // reconnect using tls if err = cl.StartTLS(tlsConfig); err != nil { log.Fatal(err) } // sasl external bind if err = cl.ExternalBind(); err != nil { log.Fatal(err) } // Conduct ldap queries }
Output:
func (*Client) FinishMessage ¶
func (cl *Client) FinishMessage(msgCtx *MessageContext)
func (*Client) MD5Bind ¶
MD5Bind performs a digest-md5 bind with the given host, username and password.
func (*Client) Modify ¶
func (cl *Client) Modify(req *ClientModifyRequest) error
Modify performs the ModifyRequest
Example ¶
package main import ( "log" "github.com/userhive/asn1/ldap" ) func main() { cl, err := ldap.DialURL("ldap://ldap.example.com:389") if err != nil { log.Fatal(err) } defer cl.Close() // Add a description, and replace the mail attributes req := ldap.NewModifyRequest("cn=user,dc=example,dc=com", nil) req.Add("description", []string{"An example user"}) req.Replace("mail", []string{"user@example.org"}) if err = cl.Modify(req); err != nil { log.Fatal(err) } }
Output:
func (*Client) ModifyDN ¶
func (cl *Client) ModifyDN(req *ClientModifyDNRequest) error
ModifyDN renames the given DN and optionally move to another base (when the "newSup" argument to NewModifyDNRequest() is not "").
Example (MoveOnly) ¶
This example shows how to move an entry to a new base without renaming the RDN
package main import ( "log" "github.com/userhive/asn1/ldap" ) func main() { cl, err := ldap.DialURL("ldap://ldap.example.org:389") if err != nil { log.Fatalf("Failed to connect: %s", err) } defer cl.Close() _, err = cl.SimpleBind(&ldap.ClientSimpleBindRequest{ Username: "uid=someone,ou=people,dc=example,dc=org", Password: "MySecretPass", }) if err != nil { log.Fatalf("Failed to bind: %s", err) } // move to ou=users,dc=example,dc=org -> uid=user,ou=users,dc=example,dc=org req := ldap.NewModifyDNRequest("uid=user,ou=people,dc=example,dc=org", "uid=user", true, "ou=users,dc=example,dc=org") if err = cl.ModifyDN(req); err != nil { log.Fatalf("Failed to call ModifyDN(): %s", err) } }
Output:
Example (RenameAndMove) ¶
This example shows how to rename an entry and moving it to a new base
package main import ( "log" "github.com/userhive/asn1/ldap" ) func main() { cl, err := ldap.DialURL("ldap://ldap.example.org:389") if err != nil { log.Fatalf("Failed to connect: %s", err) } defer cl.Close() _, err = cl.SimpleBind(&ldap.ClientSimpleBindRequest{ Username: "uid=someone,ou=people,dc=example,dc=org", Password: "MySecretPass", }) if err != nil { log.Fatalf("Failed to bind: %s", err) } // rename to uid=new,ou=people,dc=example,dc=org and move to ou=users,dc=example,dc=org -> // uid=new,ou=users,dc=example,dc=org req := ldap.NewModifyDNRequest("uid=user,ou=people,dc=example,dc=org", "uid=new", true, "ou=users,dc=example,dc=org") if err = cl.ModifyDN(req); err != nil { log.Fatalf("Failed to call ModifyDN(): %s", err) } }
Output:
Example (RenameNoMove) ¶
This example shows how to rename an entry without moving it
package main import ( "log" "github.com/userhive/asn1/ldap" ) func main() { cl, err := ldap.DialURL("ldap://ldap.example.org:389") if err != nil { log.Fatalf("Failed to connect: %s", err) } defer cl.Close() _, err = cl.SimpleBind(&ldap.ClientSimpleBindRequest{ Username: "uid=someone,ou=people,dc=example,dc=org", Password: "MySecretPass", }) if err != nil { log.Fatalf("Failed to bind: %s", err) } // just rename to uid=new,ou=people,dc=example,dc=org: req := ldap.NewModifyDNRequest("uid=user,ou=people,dc=example,dc=org", "uid=new", true, "") if err = cl.ModifyDN(req); err != nil { log.Fatalf("Failed to call ModifyDN(): %s", err) } }
Output:
func (*Client) NTLMBind ¶
NTLMBind performs an NTLMSSP Bind with the given domain, username and password
func (*Client) NTLMBindWithHash ¶
NTLMBindWithHash performs an NTLM Bind with an NTLM hash instead of plaintext password (pass-the-hash)
func (*Client) NTLMChallengeBind ¶
func (cl *Client) NTLMChallengeBind(req *ClientNTLMBindRequest) (*NTLMBindResult, error)
NTLMChallengeBind performs the NTLMSSP bind operation defined in the given request
func (*Client) PasswordModify ¶
func (cl *Client) PasswordModify(req *ClientPasswordModifyRequest) (*PasswordModifyResult, error)
PasswordModify performs the modification request
Example ¶
package main import ( "log" "github.com/userhive/asn1/ldap" ) func main() { cl, err := ldap.DialURL("ldap://ldap.example.com:389") if err != nil { log.Fatal(err) } defer cl.Close() if err = cl.Bind("cn=admin,dc=example,dc=com", "password"); err != nil { log.Fatal(err) } req := ldap.NewPasswordModifyRequest("cn=user,dc=example,dc=com", "", "NewPassword") if _, err = cl.PasswordModify(req); err != nil { log.Fatalf("Password could not be changed: %v", err) } }
Output:
Example (GeneratedPassword) ¶
package main import ( "log" "github.com/userhive/asn1/ldap" ) func main() { cl, err := ldap.DialURL("ldap://ldap.example.com:389") if err != nil { log.Fatal(err) } defer cl.Close() if err = cl.Bind("cn=user,dc=example,dc=com", "password"); err != nil { log.Fatal(err) } req := ldap.NewPasswordModifyRequest("", "OldPassword", "") res, err := cl.PasswordModify(req) if err != nil { log.Fatalf("Password could not be changed: %v", err) } log.Printf("Generated password: %s", res.GeneratedPassword) }
Output:
Example (SetNewPassword) ¶
package main import ( "log" "github.com/userhive/asn1/ldap" ) func main() { cl, err := ldap.DialURL("ldap://ldap.example.com:389") if err != nil { log.Fatal(err) } defer cl.Close() if err = cl.Bind("cn=user,dc=example,dc=com", "password"); err != nil { log.Fatal(err) } req := ldap.NewPasswordModifyRequest("", "OldPassword", "NewPassword") if _, err = cl.PasswordModify(req); err != nil { log.Fatalf("Password could not be changed: %v", err) } }
Output:
func (*Client) ReadPacket ¶
func (cl *Client) ReadPacket(msgCtx *MessageContext) (*ber.Packet, error)
func (*Client) Search ¶
func (cl *Client) Search(req *ClientSearchRequest) (*SearchResult, error)
Search performs the given search request
Example ¶
This example demonstrates how to use the search interface
package main import ( "log" "github.com/userhive/asn1/ldap" ) func main() { cl, err := ldap.DialURL("ldap://ldap.example.com:389") if err != nil { log.Fatal(err) } defer cl.Close() req := ldap.NewClientSearchRequest( "dc=example,dc=com", // The base dn to search ldap.ScopeWholeSubtree, ldap.DerefAliasesNever, 0, 0, false, "(&(objectClass=organizationalPerson))", // The filter to apply []string{"dn", "cn"}, // A list attributes to retrieve ) res, err := cl.Search(req) if err != nil { log.Fatal(err) } for _, entry := range res.Entries { log.Printf("%s: %v", entry.DN, entry.GetAttributeValue("cn")) } }
Output:
Example (ControlManualPaging) ¶
This example demonstrates how to use Paging to manually execute a paginated search request instead of using SearchWithPaging.
package main import ( "log" "github.com/userhive/asn1/ldap" "github.com/userhive/asn1/ldap/control" ) func main() { cl, err := ldap.DialURL("ldap://ldap.example.com:389") if err != nil { log.Fatal(err) } defer cl.Close() var pageSize uint32 = 32 base := "dc=example,dc=com" filter := "(objectClass=group)" paging := control.NewPaging(pageSize) attributes := []string{} for { req := ldap.NewClientSearchRequest( base, ldap.ScopeWholeSubtree, ldap.DerefAliasesAlways, 0, 0, false, filter, attributes, paging, ) res, err := cl.Search(req) if err != nil { log.Fatalf("Failed to execute search request: %s", err.Error()) } // [do something with the response entries] // In order to prepare the next request, we check if the response // contains another Paging object and a not-empty cookie and // copy that cookie into our pagingControl object: updatedControl := control.Find(res.Controls, control.ControlPaging.String()) if ctrl, ok := updatedControl.(*control.Paging); ctrl != nil && ok && len(ctrl.Cookie) != 0 { paging.SetCookie(ctrl.Cookie) continue } // If no new paging information is available or the cookie is empty, we // are done with the pagination. break } }
Output:
func (*Client) SearchWithPaging ¶
func (cl *Client) SearchWithPaging(req *ClientSearchRequest, pagingSize uint32) (*SearchResult, error)
SearchWithPaging accepts a search request and desired page size in order to execute LDAP queries to fulfill the search request. All paged LDAP query responses will be buffered and the final result will be returned atomically.
The following four cases are possible given the arguments:
- given SearchRequest missing a control of type control.ControlPaging: we will add one with the desired paging size
- given SearchRequest contains a control of type control.ControlPaging that isn't actually a Paging: fail without issuing any queries
- given SearchRequest contains a control of type control.ControlPaging with pagingSize equal to the size requested: no change to the search request
- given SearchRequest contains a control of type control.ControlPaging with pagingSize not equal to the size requested: fail without issuing any queries
A requested pagingSize of 0 is interpreted as no limit by LDAP servers.
func (*Client) SendMessage ¶
func (cl *Client) SendMessage(p *ber.Packet) (*MessageContext, error)
func (*Client) SendMessageWithFlags ¶
func (cl *Client) SendMessageWithFlags(p *ber.Packet, flags SendMessageFlags) (*MessageContext, error)
func (*Client) SetTimeout ¶
SetTimeout sets the time after a request is sent that a MessageTimeout triggers
func (*Client) SimpleBind ¶
func (cl *Client) SimpleBind(req *ClientSimpleBindRequest) (*SimpleBindResult, error)
SimpleBind performs the simple bind operation defined in the given request
Example (ControlBeheraPasswordPolicy) ¶
package main import ( "log" "github.com/userhive/asn1/ldap" "github.com/userhive/asn1/ldap/control" ) func main() { cl, err := ldap.DialURL("ldap://ldap.example.com:389") if err != nil { log.Fatal(err) } defer cl.Close() controls := []control.Control{ control.NewBeheraPasswordPolicy(), } req := ldap.NewSimpleBindRequest("cn=admin,dc=example,dc=com", "password", controls...) res, err := cl.SimpleBind(req) if err != nil { log.Fatal(err) } ppolicyControl := control.Find(res.Controls, control.ControlBeheraPasswordPolicy.String()) var ppolicy *control.BeheraPasswordPolicy if ppolicyControl != nil { ppolicy = ppolicyControl.(*control.BeheraPasswordPolicy) } else { log.Printf("ppolicyControl response not available.") } if ppolicy != nil { if ppolicy.Expire >= 0 { log.Printf("Password expires in %d seconds", ppolicy.Expire) } else if ppolicy.Grace >= 0 { log.Printf("Password expired, %d grace logins remain", ppolicy.Grace) } } }
Output:
Example (ControlVChuPasswordPolicy) ¶
package main import ( "log" "github.com/userhive/asn1/ldap" "github.com/userhive/asn1/ldap/control" ) func main() { cl, err := ldap.DialURL("ldap://ldap.example.com:389") if err != nil { log.Fatal(err) } defer cl.Close() req := ldap.NewSimpleBindRequest("cn=admin,dc=example,dc=com", "password", nil) res, err := cl.SimpleBind(req) passwordMustChangeControl := control.Find(res.Controls, control.ControlVChuPasswordMustChange.String()) var passwordMustChange *control.VChuPasswordMustChange if passwordMustChangeControl != nil { passwordMustChange = passwordMustChangeControl.(*control.VChuPasswordMustChange) } if passwordMustChange != nil && passwordMustChange.MustChange { log.Printf("Password Must be changed.") } passwordWarningControl := control.Find(res.Controls, control.ControlVChuPasswordWarning.String()) var passwordWarning *control.VChuPasswordWarning if passwordWarningControl != nil { passwordWarning = passwordWarningControl.(*control.VChuPasswordWarning) } else { log.Printf("ppolicyControl response not available.") } if err != nil { log.Fatal(err) } if passwordWarning != nil { if passwordWarning.Expire >= 0 { log.Printf("Password expires in %d seconds", passwordWarning.Expire) } } }
Output:
func (*Client) Start ¶
func (cl *Client) Start()
Start initializes goroutines to read responses and process messages
func (*Client) StartTLS ¶
StartTLS sends the command to start a TLS session and then creates a new TLS Client
Example ¶
This example demonstrates how to start a TLS connection
package main import ( "crypto/tls" "log" "github.com/userhive/asn1/ldap" ) func main() { cl, err := ldap.DialURL("ldap://ldap.example.com:389") if err != nil { log.Fatal(err) } defer cl.Close() // Reconnect with TLS if err = cl.StartTLS(&tls.Config{InsecureSkipVerify: true}); err != nil { log.Fatal(err) } // Operations via l are now encrypted }
Output:
func (*Client) TLSConnectionState ¶
func (cl *Client) TLSConnectionState() (state tls.ConnectionState, ok bool)
TLSConnectionState returns the client's TLS connection state. The return values are their zero values if StartTLS did not succeed.
func (*Client) UnauthenticatedBind ¶
UnauthenticatedBind performs an unauthenticated bind.
A username may be provided for trace (e.g. logging) purpose only, but it is normally not authenticated or otherwise validated by the LDAP server.
See https://tools.ietf.org/html/rfc4513#section-5.1.2 . See https://tools.ietf.org/html/rfc4513#section-6.3.1 .
type ClientAddRequest ¶
type ClientAddRequest struct { // DN identifies the entry being added DN string // Attributes list the attributes of the new entry Attributes []ldaputil.Attribute // Controls hold optional controls to send with the request Controls []control.Control }
AddRequest represents an LDAP AddRequest operation
func NewAddRequest ¶
func NewAddRequest(dn string, controls ...control.Control) *ClientAddRequest
NewAddRequest returns an AddRequest for the given DN, with no attributes
func (*ClientAddRequest) AppendTo ¶
func (req *ClientAddRequest) AppendTo(envelope *ber.Packet) error
func (*ClientAddRequest) Attribute ¶
func (req *ClientAddRequest) Attribute(attrType string, attrVals []string)
Attribute adds an attribute with the given type and values
type ClientCompareRequest ¶
CompareRequest represents an LDAP CompareRequest operation.
type ClientDeleteRequest ¶
type ClientDeleteRequest struct { // DN is the name of the directory entry to delete DN string // Controls hold optional controls to send with the request Controls []control.Control }
DeleteRequest implements an LDAP deletion request
func NewDeleteRequest ¶
func NewDeleteRequest(dn string, controls ...control.Control) *ClientDeleteRequest
NewDeleteRequest creates a delete request for the given DN and controls
type ClientDigestMD5BindRequest ¶
type ClientDigestMD5BindRequest struct { Host string // Username is the name of the Directory object that the client wishes to bind as Username string // Password is the credentials to bind with Password string // Controls are optional controls to send with the bind request Controls []control.Control }
DigestMD5BindRequest represents a digest-md5 bind operation
type ClientModifyDNRequest ¶
ModifyDNRequest holds the request to modify a DN
func NewModifyDNRequest ¶
func NewModifyDNRequest(dn string, rdn string, delOld bool, newSup string) *ClientModifyDNRequest
NewModifyDNRequest creates a new request which can be passed to ModifyDN().
To move an object in the tree, set the "newSup" to the new parent entry DN. Use an empty string for just changing the object's RDN.
For moving the object without renaming, the "rdn" must be the first RDN of the given DN.
A call like
mdnReq := NewModifyDNRequest("uid=someone,dc=example,dc=org", "uid=newname", true, "")
will setup the request to just rename uid=someone,dc=example,dc=org to uid=newname,dc=example,dc=org.
type ClientModifyRequest ¶
type ClientModifyRequest struct { // DN is the distinguishedName of the directory entry to modify DN string // Changes contain the attributes to modify Changes []ldaputil.Change // Controls hold optional controls to send with the request Controls []control.Control }
ModifyRequest as defined in https://tools.ietf.org/html/rfc4511
func NewModifyRequest ¶
func NewModifyRequest(dn string, controls ...control.Control) *ClientModifyRequest
NewModifyRequest creates a modify request for the given DN
func (*ClientModifyRequest) Add ¶
func (req *ClientModifyRequest) Add(attrType string, attrVals []string)
Add appends the given attribute to the list of changes to be made
func (*ClientModifyRequest) AppendTo ¶
func (req *ClientModifyRequest) AppendTo(envelope *ber.Packet) error
func (*ClientModifyRequest) Delete ¶
func (req *ClientModifyRequest) Delete(attrType string, attrVals []string)
Delete appends the given attribute to the list of changes to be made
func (*ClientModifyRequest) Increment ¶
func (req *ClientModifyRequest) Increment(attrType string, attrVal string)
Increment appends the given attribute to the list of changes to be made
func (*ClientModifyRequest) Replace ¶
func (req *ClientModifyRequest) Replace(attrType string, attrVals []string)
Replace appends the given attribute to the list of changes to be made
type ClientNTLMBindRequest ¶
type ClientNTLMBindRequest struct { // Domain is the AD Domain to authenticate too. If not specified, it will be grabbed from the NTLMSSP Challenge Domain string // Username is the name of the Directory object that the client wishes to bind as Username string // Password is the credentials to bind with Password string // Hash is the hex NTLM hash to bind with. Password or hash must be provided Hash string // Controls are optional controls to send with the bind request Controls []control.Control }
NTLMBind performs an NTLMSSP bind leveraging https://github.com/Azure/go-ntlmssp NTLMBindRequest represents an NTLMSSP bind operation
type ClientPasswordModifyRequest ¶
type ClientPasswordModifyRequest struct { // UserIdentity is an optional string representation of the user associated with the request. // This string may or may not be an LDAPDN [RFC2253]. // If no UserIdentity field is present, the request acts up upon the password of the user currently associated with the LDAP session UserIdentity string // OldPassword, if present, contains the user's current password OldPassword string // NewPassword, if present, contains the desired password for this user NewPassword string }
PasswordModifyRequest implements the Password Modify Extended Operation as defined in https://www.ietf.org/rfc/rfc3062.txt
func NewPasswordModifyRequest ¶
func NewPasswordModifyRequest(userIdentity string, oldPassword string, newPassword string) *ClientPasswordModifyRequest
NewPasswordModifyRequest creates a new PasswordModifyRequest
According to the RFC 3602 (https://tools.ietf.org/html/rfc3062): userIdentity is a string representing the user associated with the request. This string may or may not be an LDAPDN (RFC 2253). If userIdentity is empty then the operation will act on the user associated with the session.
oldPassword is the current user's password, it can be empty or it can be needed depending on the session user access rights (usually an administrator can change a user's password without knowing the current one) and the password policy (see pwdSafeModify password policy's attribute)
newPassword is the desired user's password. If empty the server can return an error or generate a new password that will be available in the PasswordModifyResult.GeneratedPassword
type ClientRequest ¶
type ClientRequestFunc ¶
type ClientSearchRequest ¶
type ClientSearchRequest struct { BaseDN string Scope Scope DerefAliases DerefAliases SizeLimit int TimeLimit time.Duration TypesOnly bool Filter string Attributes []string Controls []control.Control }
SearchRequest represents a search request to send to the server
func NewClientSearchRequest ¶
func NewClientSearchRequest(baseDN string, scope Scope, derefAliases DerefAliases, sizeLimit int, timeLimit time.Duration, typesOnly bool, filter string, attributes []string, controls ...control.Control) *ClientSearchRequest
NewClientSearchRequest creates a new search request
type ClientSimpleBindRequest ¶
type ClientSimpleBindRequest struct { // Username is the name of the Directory object that the client wishes to bind as Username string // Password is the credentials to bind with Password string // Controls are optional controls to send with the bind request Controls []control.Control }
SimpleBindRequest represents a username/password bind operation
func NewSimpleBindRequest ¶
func NewSimpleBindRequest(username string, password string, controls ...control.Control) *ClientSimpleBindRequest
NewSimpleBindRequest returns a bind request
type CompareHandler ¶
type CompareHandler interface {
Compare(context.Context, *CompareRequest) (*CompareResponse, error)
}
type CompareHandlerFunc ¶
type CompareHandlerFunc func(context.Context, *CompareRequest) (*CompareResponse, error)
func (CompareHandlerFunc) Compare ¶
func (f CompareHandlerFunc) Compare(ctx context.Context, req *CompareRequest) (*CompareResponse, error)
type CompareRequest ¶
type CompareRequest struct{}
func ParseCompareRequest ¶
func ParseCompareRequest(req *Request) (*CompareRequest, error)
type CompareResponse ¶
type CompareResponse struct{}
func (*CompareResponse) Encode ¶
func (res *CompareResponse) Encode(_ context.Context, w ResponseWriter) error
Encode satisfies the Encoder interface.
type DeleteHandler ¶
type DeleteHandler interface {
Delete(context.Context, *DeleteRequest) (*DeleteResponse, error)
}
type DeleteHandlerFunc ¶
type DeleteHandlerFunc func(context.Context, *DeleteRequest) (*DeleteResponse, error)
func (DeleteHandlerFunc) Delete ¶
func (f DeleteHandlerFunc) Delete(ctx context.Context, req *DeleteRequest) (*DeleteResponse, error)
type DeleteRequest ¶
type DeleteRequest struct{}
func ParseDeleteRequest ¶
func ParseDeleteRequest(req *Request) (*DeleteRequest, error)
type DeleteResponse ¶
type DeleteResponse struct{}
func (*DeleteResponse) Encode ¶
func (res *DeleteResponse) Encode(_ context.Context, w ResponseWriter) error
Encode satisfies the Encoder interface.
type DerefAliases ¶
type DerefAliases int
DerefAliases is the deref aliases enum.
const ( DerefAliasesNever DerefAliases = iota DerefAliasesInSearching DerefAliasesFindingBaseObject DerefAliasesAlways )
DerefAliases values.
func (DerefAliases) String ¶
func (i DerefAliases) String() string
type DialContext ¶
DialContext contains necessary parameters to dial the given ldap URL.
type DialOpt ¶
type DialOpt func(*DialContext)
DialOpt configures DialContext.
func DialWithDialer ¶
DialWithDialer updates net.Dialer in DialContext.
func DialWithTLSConfig ¶
DialWithTLSConfig updates tls.Config in DialContext.
type DigestMD5BindResult ¶
DigestMD5BindResult contains the response from the server
type Encoder ¶
type Encoder interface {
Encode(context.Context, ResponseWriter) error
}
Encoder is the interface for types that can be directly encoded to a response writer.
type Entry ¶
type Entry struct { // DN is the distinguished name of the entry DN string // Attributes are the returned attributes for the entry Attributes []*EntryAttribute }
Entry represents a single search result entry
func NewEntry ¶
NewEntry returns an Entry object with the specified distinguished name and attribute key-value pairs. The map of attributes is accessed in alphabetical order of the keys in order to ensure that, for the same input map of attributes, the output entry will contain the same order of attributes
func (*Entry) GetAttributeValue ¶
GetAttributeValue returns the first value for the named attribute, or ""
func (*Entry) GetAttributeValues ¶
GetAttributeValues returns the values for the named attribute, or an empty list
func (*Entry) GetEqualFoldAttributeValue ¶
GetEqualFoldAttributeValue returns the first value for the named attribute, or "". Attribute comparison is done with strings.EqualFold.
func (*Entry) GetEqualFoldAttributeValues ¶
GetEqualFoldAttributeValues returns the values for the named attribute, or an empty list. Attribute matching is done with strings.EqualFold.
func (*Entry) GetEqualFoldRawAttributeValue ¶
GetEqualFoldRawAttributeValue returns the first value for the named attribute, or an empty slice
func (*Entry) GetEqualFoldRawAttributeValues ¶
GetEqualFoldRawAttributeValues returns the byte values for the named attribute, or an empty list
func (*Entry) GetRawAttributeValue ¶
GetRawAttributeValue returns the first value for the named attribute, or an empty slice
func (*Entry) GetRawAttributeValues ¶
GetRawAttributeValues returns the byte values for the named attribute, or an empty list
func (*Entry) PrettyPrint ¶
PrettyPrint outputs a human-readable description indenting
type EntryAttribute ¶
type EntryAttribute struct { // Name is the name of the attribute Name string // Values contain the string values of the attribute Values []string // ByteValues contain the raw values of the attribute ByteValues [][]byte }
EntryAttribute holds a single attribute
func NewEntryAttribute ¶
func NewEntryAttribute(name string, values []string) *EntryAttribute
NewEntryAttribute returns a new EntryAttribute with the desired key-value pair
func (*EntryAttribute) PrettyPrint ¶
func (e *EntryAttribute) PrettyPrint(indent int)
PrettyPrint outputs a human-readable description with indenting
func (*EntryAttribute) Print ¶
func (e *EntryAttribute) Print()
Print outputs a human-readable description
type Error ¶
Error is a ldap error.
type ExtendedHandler ¶
type ExtendedHandler interface {
Extended(context.Context, *ExtendedRequest) (*ExtendedResponse, error)
}
type ExtendedHandlerFunc ¶
type ExtendedHandlerFunc func(context.Context, *ExtendedRequest) (*ExtendedResponse, error)
func NewExtendedPasswordModifyHandler ¶
func NewExtendedPasswordModifyHandler(f ExtendedPasswordModifyHandlerFunc) ExtendedHandlerFunc
NewExtendedPasswordModifyHandler creates a new password modify handler.
func NewExtendedWhoAmIHandler ¶
func NewExtendedWhoAmIHandler(f ExtendedWhoAmIHandlerFunc) ExtendedHandlerFunc
NewExtendedWhoAmIHandler creates a new who am i handler.
Note: see RFC4513 section 5.2.1.8 for format of "authzID" (prefix with dn: or u:).
func (ExtendedHandlerFunc) Extended ¶
func (f ExtendedHandlerFunc) Extended(ctx context.Context, req *ExtendedRequest) (*ExtendedResponse, error)
type ExtendedOp ¶
type ExtendedOp string
ExtendedOp is an extended operation identifier.
const ( ExtendedOpPasswordModify ExtendedOp = "1.3.6.1.4.1.4203.1.11.1" ExtendedOpCancel ExtendedOp = "1.3.6.1.4.1.4203.1.11.2" ExtendedOpWhoAmI ExtendedOp = "1.3.6.1.4.1.4203.1.11.3" )
ExtendedOp values.
func (ExtendedOp) String ¶
func (op ExtendedOp) String() string
String satisfies the fmt.Stringer interface.
type ExtendedOpHandler ¶
type ExtendedOpHandler map[ExtendedOp]ExtendedHandlerFunc
ExtendedOpHandler is an extended op handler.
func (ExtendedOpHandler) Extended ¶
func (h ExtendedOpHandler) Extended(ctx context.Context, req *ExtendedRequest) (*ExtendedResponse, error)
Extended satisfies the ExtendedHandler interface.
type ExtendedPasswordModifyHandlerFunc ¶
type ExtendedPasswordModifyHandlerFunc func(context.Context, string, string, string, string) (ldaputil.Result, error)
ExtendedPasswordModifyHandlerFunc is the password modify handler func type.
type ExtendedRequest ¶
type ExtendedRequest struct { Name ExtendedOp Value *ber.Packet }
func NewExtendedPasswordModifyRequest ¶
func NewExtendedPasswordModifyRequest(id, oldPass, newPass string) (*ExtendedRequest, error)
NewExtendedPasswordModifyRequest creates an extended password modify request.
func NewExtendedWhoAmIRequest ¶
func NewExtendedWhoAmIRequest() (*ExtendedRequest, error)
NewExtendedWhoAmIRequest creates an extended whoami request.
func ParseExtendedRequest ¶
func ParseExtendedRequest(req *Request) (*ExtendedRequest, error)
func (*ExtendedRequest) AppendTo ¶
func (req *ExtendedRequest) AppendTo(p *ber.Packet) error
AppendTo satisfies the Request interface.
func (*ExtendedRequest) BuildPacket ¶
func (req *ExtendedRequest) BuildPacket() *ber.Packet
type ExtendedResponse ¶
type ExtendedResponse struct { Result ldaputil.Result MatchedDN string Name ExtendedOp Value *ber.Packet }
func DoExtendedRequest ¶
func DoExtendedRequest(ctx context.Context, cl *Client, req *ExtendedRequest) (*ExtendedResponse, error)
DoExtendedRequest performs an extended request against the provided context and client.
Note: this is defined primarily for testing purposes, as the client does not provide any direct ability to send extended requests.
func (*ExtendedResponse) BuildPacket ¶
func (res *ExtendedResponse) BuildPacket() *ber.Packet
func (*ExtendedResponse) Encode ¶
func (res *ExtendedResponse) Encode(ctx context.Context, w ResponseWriter) error
Encode satisfies the Encoder interface.
type ExtendedWhoAmIHandlerFunc ¶
ExtendedWhoAmIHandlerFunc is the who am i handler func type.
type Handler ¶
type Handler interface {
ServeLDAP(context.Context, ResponseWriter, *Request)
}
Handler is the ldap handler interface.
type HandlerFunc ¶
type HandlerFunc func(context.Context, ResponseWriter, *Request)
HandlerFunc is the ldap handler func type.
func (HandlerFunc) ServeLDAP ¶
func (f HandlerFunc) ServeLDAP(ctx context.Context, res ResponseWriter, req *Request)
ServeLDAP satisfies the Handler interface.
type MessageContext ¶
type MessageContext struct {
// contains filtered or unexported fields
}
func (*MessageContext) SendResponse ¶
func (msgCtx *MessageContext) SendResponse(res *PacketResponse)
SendResponse should only be called within the processMessages() loop which is also responsible for closing the responses channel.
type ModifyDNHandler ¶
type ModifyDNHandler interface {
ModifyDN(context.Context, *ModifyDNRequest) (*ModifyDNResponse, error)
}
type ModifyDNHandlerFunc ¶
type ModifyDNHandlerFunc func(context.Context, *ModifyDNRequest) (*ModifyDNResponse, error)
func (ModifyDNHandlerFunc) ModifyDN ¶
func (f ModifyDNHandlerFunc) ModifyDN(ctx context.Context, req *ModifyDNRequest) (*ModifyDNResponse, error)
type ModifyDNRequest ¶
type ModifyDNRequest struct{}
func ParseModifyDNRequest ¶
func ParseModifyDNRequest(req *Request) (*ModifyDNRequest, error)
type ModifyDNResponse ¶
type ModifyDNResponse struct{}
func (*ModifyDNResponse) Encode ¶
func (res *ModifyDNResponse) Encode(_ context.Context, w ResponseWriter) error
Encode satisfies the Encoder interface.
type ModifyHandler ¶
type ModifyHandler interface {
Modify(context.Context, *ModifyRequest) (*ModifyResponse, error)
}
type ModifyHandlerFunc ¶
type ModifyHandlerFunc func(context.Context, *ModifyRequest) (*ModifyResponse, error)
func (ModifyHandlerFunc) Modify ¶
func (f ModifyHandlerFunc) Modify(ctx context.Context, req *ModifyRequest) (*ModifyResponse, error)
type ModifyRequest ¶
type ModifyRequest struct{}
func ParseModifyRequest ¶
func ParseModifyRequest(req *Request) (*ModifyRequest, error)
type ModifyResponse ¶
type ModifyResponse struct{}
func (*ModifyResponse) Encode ¶
func (res *ModifyResponse) Encode(_ context.Context, w ResponseWriter) error
Encode satisfies the Encoder interface.
type NTLMBindResult ¶
NTLMBindResult contains the response from the server
type OpHandler ¶
type OpHandler struct { Auth AuthHandler Bind BindHandler Unbind UnbindHandler Search SearchHandler Modify ModifyHandler Add AddHandler Delete DeleteHandler ModifyDN ModifyDNHandler Compare CompareHandler Abandon AbandonHandler Extended ExtendedHandler }
OpHandler is a ldap operation handler.
type PacketResponse ¶
type PacketResponse struct { // Packet is the packet read from the server Packet *ber.Packet // Error is an error encountered while reading Error error }
PacketResponse contains the packet or error encountered reading a response
func (*PacketResponse) ReadPacket ¶
func (pr *PacketResponse) ReadPacket() (*ber.Packet, error)
ReadPacket returns the packet or an error
type PasswordModifyResult ¶
type PasswordModifyResult struct { // GeneratedPassword holds a password generated by the server, if present GeneratedPassword string // Referral are the returned referral Referral string }
PasswordModifyResult holds the server response to a PasswordModifyRequest
type QueryHandler ¶
type QueryHandler interface {
Query()
}
type Request ¶
type Request struct { ConnID string LocalAddr net.Addr RemoteAddr net.Addr ID int64 Packet *ber.Packet }
Request is a ldap request.
type ResponseWriter ¶
type ResponseWriter interface { WriteRaw([]byte) error WritePacket(*ber.Packet) error WriteMessage(*ber.Packet) error WriteResult(ldaputil.Application, ldaputil.Result, string, string, ...*ber.Packet) error WriteError(ldaputil.Application, error) error }
ResponseWriter is the ldap response writer interface.
func NewResponseWriter ¶
func NewResponseWriter(w io.Writer, id int64) ResponseWriter
NewResponseWriter creates a new response writer for the writer and message id.
type SearchEntry ¶
type SearchEntry struct { }
func (*SearchEntry) Encode ¶
func (v *SearchEntry) Encode(w ResponseWriter) error
type SearchEntryResult ¶
type SearchHandler ¶
type SearchHandler interface {
Search(context.Context, *SearchRequest) (*SearchResponse, error)
}
func NewSearchQueryHandler ¶
func NewSearchQueryHandler(h QueryHandler) SearchHandler
type SearchHandlerFunc ¶
type SearchHandlerFunc func(context.Context, *SearchRequest) (*SearchResponse, error)
func (SearchHandlerFunc) Search ¶
func (f SearchHandlerFunc) Search(ctx context.Context, req *SearchRequest) (*SearchResponse, error)
type SearchRef ¶
type SearchRef struct { }
func (*SearchRef) Encode ¶
func (v *SearchRef) Encode(w ResponseWriter) error
type SearchRefResult ¶
type SearchRequest ¶
type SearchRequest struct { BaseObject string Scope Scope DerefAliases DerefAliases SizeLimit int64 TimeLimit time.Duration TypesOnly bool Filter *ber.Packet Attributes []string }
func ParseSearchRequest ¶
func ParseSearchRequest(req *Request) (*SearchRequest, error)
type SearchResponse ¶
type SearchResponse struct { Result ldaputil.Result MatchedDN string Entries SearchEntryResult Refs SearchRefResult }
func (*SearchResponse) Encode ¶
func (res *SearchResponse) Encode(ctx context.Context, w ResponseWriter) error
Encode satisfies the Encoder interface.
func (*SearchResponse) WriteDone ¶
func (res *SearchResponse) WriteDone(w ResponseWriter) error
type SearchResult ¶
type SearchResult struct { // Entries are the returned entries Entries []*Entry // Referrals are the returned referrals Referrals []string // Controls are the returned controls Controls []control.Control }
SearchResult holds the server's response to a search request
func (*SearchResult) PrettyPrint ¶
func (s *SearchResult) PrettyPrint(indent int)
PrettyPrint outputs a human-readable description with indenting
func (*SearchResult) Print ¶
func (s *SearchResult) Print()
Print outputs a human-readable description
type SendMessageFlags ¶
type SendMessageFlags uint
type Server ¶
type Server struct { Addr string Handler Handler ErrorLog *log.Logger TLSConfig *tls.Config // contains filtered or unexported fields }
Server is a ldap server.
func (*Server) ListenAndServe ¶
ListenAndServe listens and serves ldap connections on the Server's address until the context is closed.
func (*Server) ListenAndServeTLS ¶
func (s *Server) ListenAndServeTLS(ctx context.Context, certFile, keyFile string, opts ...func(*net.ListenConfig)) error
ListenAndServeTLS listens and serves TLS encrypted ldap connections on the Server's address until the context is closed.
func (*Server) Shutdown ¶
Shutdown gracefully stops the server. It first closes all listeners and then waits for any running handlers to complete.
Shutdown returns after nil all handlers have completed. ctx.Err() is returned if ctx is canceled.
Any Serve methods return ErrShutdown after Shutdown is called.
type ServerError ¶
type ServerError string
ServerError is a server error.
const ( ErrServerShutdown ServerError = "server shutdown" ErrNilHandler ServerError = "nil handler" ErrPacketHasInvalidNumberOfChildren ServerError = "packet has invalid number of children" ErrPacketHasInvalidMessageID ServerError = "packet has invalid message id" ErrPacketHasInvalidClass ServerError = "packet has invalid class" ErrRespChanClosed ServerError = "response channel closed" ErrCouldNotRetrieveMessage ServerError = "could not retrieve message" )
Error values.
func (ServerError) Error ¶
func (err ServerError) Error() string
Error satisfies the error interface.
type SessionAuthFunc ¶
SessionAuthFunc is the session auth func type.
type SessionAuthHandler ¶
type SessionAuthHandler struct {
// contains filtered or unexported fields
}
SessionAuthHandler is a session auth handler.
func (SessionAuthHandler) Auth ¶
func (h SessionAuthHandler) Auth(ctx context.Context, app ldaputil.Application) (ldaputil.Result, error)
Auth satisfies the AuthHandler interface.
func (SessionAuthHandler) Bind ¶
func (h SessionAuthHandler) Bind(ctx context.Context, req *BindRequest) (*BindResponse, error)
Bind satisfies the AuthHandler interface.
func (SessionAuthHandler) Extended ¶
func (h SessionAuthHandler) Extended(ctx context.Context, op ExtendedOp) (ldaputil.Result, error)
Extended satisfies the AuthHandler interface.
type SessionBindFunc ¶
SessionBindFunc is the session bind func type.
type SessionExtendedFunc ¶
SessionExtendedFunc is the sesssion extended auth func type.
type SimpleBindResult ¶
SimpleBindResult contains the response from the server
type UnbindHandler ¶
type UnbindHandler interface {
Unbind(context.Context, *UnbindRequest) (*UnbindResponse, error)
}
type UnbindHandlerFunc ¶
type UnbindHandlerFunc func(context.Context, *UnbindRequest) (*UnbindResponse, error)
func (UnbindHandlerFunc) Unbind ¶
func (f UnbindHandlerFunc) Unbind(ctx context.Context, req *UnbindRequest) (*UnbindResponse, error)
type UnbindRequest ¶
type UnbindRequest struct{}
func ParseUnbindRequest ¶
func ParseUnbindRequest(req *Request) (*UnbindRequest, error)
type UnbindResponse ¶
type UnbindResponse struct{}
func (*UnbindResponse) Encode ¶
func (res *UnbindResponse) Encode(context.Context, ResponseWriter) error
Encode satisfies the Encoder interface.