README
¶
项目fork自
https://github.com/korylprince/go-ad-auth.git增强两个函数功能, 返回, 如账号锁定, 过期, 禁用导致等导致认证或修改密码失败的原因
- UpdatePassowrd
- Authenticate
usage:
go get github.com/LeoBest2/go-ad-auth/v3
Documentation
¶
Index ¶
- Constants
- func Authenticate(config *Config, username, password string) (bool, error)
- func AuthenticateExtended(config *Config, username, password string, attrs, groups []string) (status bool, entry *ldap.Entry, userGroups []string, err error)
- func UpdatePassword(config *Config, username, oldPasswd, newPasswd string) error
- type Config
- type Conn
- func (c *Conn) Bind(upn, password string) (bool, error)
- func (c *Conn) GetAttributes(attr, value string, attrs []string) (*ldap.Entry, error)
- func (c *Conn) GetDN(attr, value string) (string, error)
- func (c *Conn) GroupDN(group string) (string, error)
- func (c *Conn) ModifyDNPassword(dn, newPasswd string) error
- func (c *Conn) ObjectGroups(attr, value string, groups []string) ([]string, error)
- func (c *Conn) ObjectPrimaryGroup(attr, value string) (string, error)
- func (c *Conn) Search(filter string, attrs []string, sizeLimit int) ([]*ldap.Entry, error)
- func (c *Conn) SearchOne(filter string, attrs []string) (*ldap.Entry, error)
- type SecurityType
Examples ¶
Constants ¶
const LDAPMatchingRuleInChain = "1.2.840.113556.1.4.1941"
Variables ¶
This section is empty.
Functions ¶
func Authenticate ¶
Authenticate checks if the given credentials are valid, or returns an error if one occurred. username may be either the sAMAccountName or the userPrincipalName.
Example ¶
package main
import (
auth "github.com/LeoBest2/go-ad-auth/v3"
)
func main() {
config := &auth.Config{
Server: "ldap.example.com",
Port: 389,
BaseDN: "OU=Users,DC=example,DC=com",
Security: auth.SecurityStartTLS,
}
username := "user"
password := "pass"
status, err := auth.Authenticate(config, username, password)
if err != nil {
//handle err
return
}
if !status {
//handle failed authentication
return
}
}
Output:
func AuthenticateExtended ¶
func AuthenticateExtended(config *Config, username, password string, attrs, groups []string) (status bool, entry *ldap.Entry, userGroups []string, err error)
AuthenticateExtended checks if the given credentials are valid, or returns an error if one occurred. username may be either the sAMAccountName or the userPrincipalName. entry is the *ldap.Entry that holds the DN and any request attributes of the user. If groups is non-empty, userGroups will hold which of those groups the user is a member of. groups can be a list of groups referenced by DN or cn and the format provided will be the format returned.
Example ¶
package main
import (
"fmt"
auth "github.com/LeoBest2/go-ad-auth/v3"
)
func main() {
config := &auth.Config{
Server: "ldap.example.com",
Port: 389,
BaseDN: "OU=Users,DC=example,DC=com", //make sure BaseDN includes any groups you'll be referencing
Security: auth.SecurityStartTLS,
}
username := "user"
password := "pass"
status, entry, groups, err := auth.AuthenticateExtended(config, username, password, []string{"cn"}, []string{"Domain Admins"})
if err != nil {
//handle err
return
}
if !status {
//handle failed authentication
return
}
if len(groups) == 0 {
//handle user not being in any groups
return
}
//get attributes
cn := entry.GetAttributeValue("cn")
fmt.Println(cn)
}
Output:
func UpdatePassword ¶
UpdatePassword checks if the given credentials are valid and updates the password if they are, or returns an error if one occurred. UpdatePassword is used for users resetting their own password.
Example ¶
package main
import (
auth "github.com/LeoBest2/go-ad-auth/v3"
)
func main() {
config := &auth.Config{
Server: "ldap.example.com",
Port: 389,
BaseDN: "OU=Users,DC=example,DC=com",
Security: auth.SecurityStartTLS, // Active Directory requires a secure connection to reset passwords
}
username := "user"
password := "pass"
newPassword := "Super$ecret"
if err := auth.UpdatePassword(config, username, password, newPassword); err != nil {
//handle err
}
}
Output:
Types ¶
type Config ¶
type Config struct {
Server string
Port int
BaseDN string
Security SecurityType
RootCAs *x509.CertPool
}
Config contains settings for connecting to an Active Directory server.
func (*Config) Connect ¶
Connect returns an open connection to an Active Directory server or an error if one occurred.
type Conn ¶
Conn represents an Active Directory connection.
func (*Conn) Bind ¶
Bind authenticates the connection with the given userPrincipalName and password and returns the result or an error if one occurred.
func (*Conn) GetAttributes ¶
GetAttributes returns the *ldap.Entry with the given attributes for the object with the given attribute value or an error if one occurred. attr and value are sanitized.
func (*Conn) GetDN ¶
GetDN returns the DN for the object with the given attribute value or an error if one occurred. attr and value are sanitized.
func (*Conn) GroupDN ¶
GroupDN returns the DN of the group with the given cn or an error if one occurred.
func (*Conn) ModifyDNPassword ¶
ModifyDNPassword sets a new password for the given user or returns an error if one occurred. ModifyDNPassword is used for resetting user passwords using administrative privileges.
func (*Conn) ObjectGroups ¶
ObjectGroups returns which of the given groups (referenced by DN) the object with the given attribute value is in, if any, or an error if one occurred. Setting attr to "dn" and value to the DN of an object will avoid an extra LDAP search to get the object's DN.
func (*Conn) ObjectPrimaryGroup ¶
ObjectPrimaryGroup returns the DN of the primary group of the object with the given attribute value or an error if one occurred. Not all LDAP objects have a primary group.
type SecurityType ¶
type SecurityType int
SecurityType specifies the type of security to use when connecting to an Active Directory Server.
const ( SecurityNone SecurityType = iota SecurityTLS SecurityStartTLS SecurityInsecureTLS SecurityInsecureStartTLS )
Security will default to SecurityNone if not given.
Source Files