Documentation

Overview

    Package ldap provides basic LDAP v3 functionality.

    Example (Beherappolicy)
    Output:
    
    
    Example (UserAuthentication)

      This example shows how a typical application can verify a login attempt

      Output:
      
      
      Example (Vchuppolicy)
      Output:
      
      

      Index

      Examples

      Constants

      View Source
      const (
      	// MessageQuit causes the processMessages loop to exit
      	MessageQuit = 0
      	// MessageRequest sends a request to the server
      	MessageRequest = 1
      	// MessageResponse receives a response from the server
      	MessageResponse = 2
      	// MessageFinish indicates the client considers a particular message ID to be finished
      	MessageFinish = 3
      	// MessageTimeout indicates the client-specified timeout for a particular message ID has been reached
      	MessageTimeout = 4
      )
      View Source
      const (
      	// DefaultLdapPort default ldap port for pure TCP connection
      	DefaultLdapPort = "389"
      	// DefaultLdapsPort default ldap port for SSL connection
      	DefaultLdapsPort = "636"
      )
      View Source
      const (
      	// ControlTypePaging - https://www.ietf.org/rfc/rfc2696.txt
      	ControlTypePaging = "1.2.840.113556.1.4.319"
      	// ControlTypeBeheraPasswordPolicy - https://tools.ietf.org/html/draft-behera-ldap-password-policy-10
      	ControlTypeBeheraPasswordPolicy = "1.3.6.1.4.1.42.2.27.8.5.1"
      	// ControlTypeVChuPasswordMustChange - https://tools.ietf.org/html/draft-vchu-ldap-pwd-policy-00
      	ControlTypeVChuPasswordMustChange = "2.16.840.1.113730.3.4.4"
      	// ControlTypeVChuPasswordWarning - https://tools.ietf.org/html/draft-vchu-ldap-pwd-policy-00
      	ControlTypeVChuPasswordWarning = "2.16.840.1.113730.3.4.5"
      	// ControlTypeManageDsaIT - https://tools.ietf.org/html/rfc3296
      	ControlTypeManageDsaIT = "2.16.840.1.113730.3.4.2"
      
      	// ControlTypeMicrosoftNotification - https://msdn.microsoft.com/en-us/library/aa366983(v=vs.85).aspx
      	ControlTypeMicrosoftNotification = "1.2.840.113556.1.4.528"
      	// ControlTypeMicrosoftShowDeleted - https://msdn.microsoft.com/en-us/library/aa366989(v=vs.85).aspx
      	ControlTypeMicrosoftShowDeleted = "1.2.840.113556.1.4.417"
      )
      View Source
      const (
      	LDAPResultSuccess                            = 0
      	LDAPResultOperationsError                    = 1
      	LDAPResultProtocolError                      = 2
      	LDAPResultTimeLimitExceeded                  = 3
      	LDAPResultSizeLimitExceeded                  = 4
      	LDAPResultCompareFalse                       = 5
      	LDAPResultCompareTrue                        = 6
      	LDAPResultAuthMethodNotSupported             = 7
      	LDAPResultStrongAuthRequired                 = 8
      	LDAPResultReferral                           = 10
      	LDAPResultAdminLimitExceeded                 = 11
      	LDAPResultUnavailableCriticalExtension       = 12
      	LDAPResultConfidentialityRequired            = 13
      	LDAPResultSaslBindInProgress                 = 14
      	LDAPResultNoSuchAttribute                    = 16
      	LDAPResultUndefinedAttributeType             = 17
      	LDAPResultInappropriateMatching              = 18
      	LDAPResultConstraintViolation                = 19
      	LDAPResultAttributeOrValueExists             = 20
      	LDAPResultInvalidAttributeSyntax             = 21
      	LDAPResultNoSuchObject                       = 32
      	LDAPResultAliasProblem                       = 33
      	LDAPResultInvalidDNSyntax                    = 34
      	LDAPResultIsLeaf                             = 35
      	LDAPResultAliasDereferencingProblem          = 36
      	LDAPResultInappropriateAuthentication        = 48
      	LDAPResultInvalidCredentials                 = 49
      	LDAPResultInsufficientAccessRights           = 50
      	LDAPResultBusy                               = 51
      	LDAPResultUnavailable                        = 52
      	LDAPResultUnwillingToPerform                 = 53
      	LDAPResultLoopDetect                         = 54
      	LDAPResultSortControlMissing                 = 60
      	LDAPResultOffsetRangeError                   = 61
      	LDAPResultNamingViolation                    = 64
      	LDAPResultObjectClassViolation               = 65
      	LDAPResultNotAllowedOnNonLeaf                = 66
      	LDAPResultNotAllowedOnRDN                    = 67
      	LDAPResultEntryAlreadyExists                 = 68
      	LDAPResultObjectClassModsProhibited          = 69
      	LDAPResultResultsTooLarge                    = 70
      	LDAPResultAffectsMultipleDSAs                = 71
      	LDAPResultVirtualListViewErrorOrControlError = 76
      	LDAPResultOther                              = 80
      	LDAPResultServerDown                         = 81
      	LDAPResultLocalError                         = 82
      	LDAPResultEncodingError                      = 83
      	LDAPResultDecodingError                      = 84
      	LDAPResultTimeout                            = 85
      	LDAPResultAuthUnknown                        = 86
      	LDAPResultFilterError                        = 87
      	LDAPResultUserCanceled                       = 88
      	LDAPResultParamError                         = 89
      	LDAPResultNoMemory                           = 90
      	LDAPResultConnectError                       = 91
      	LDAPResultNotSupported                       = 92
      	LDAPResultControlNotFound                    = 93
      	LDAPResultNoResultsReturned                  = 94
      	LDAPResultMoreResultsToReturn                = 95
      	LDAPResultClientLoop                         = 96
      	LDAPResultReferralLimitExceeded              = 97
      	LDAPResultInvalidResponse                    = 100
      	LDAPResultAmbiguousResponse                  = 101
      	LDAPResultTLSNotSupported                    = 112
      	LDAPResultIntermediateResponse               = 113
      	LDAPResultUnknownType                        = 114
      	LDAPResultCanceled                           = 118
      	LDAPResultNoSuchOperation                    = 119
      	LDAPResultTooLate                            = 120
      	LDAPResultCannotCancel                       = 121
      	LDAPResultAssertionFailed                    = 122
      	LDAPResultAuthorizationDenied                = 123
      	LDAPResultSyncRefreshRequired                = 4096
      
      	ErrorNetwork            = 200
      	ErrorFilterCompile      = 201
      	ErrorFilterDecompile    = 202
      	ErrorDebugging          = 203
      	ErrorUnexpectedMessage  = 204
      	ErrorUnexpectedResponse = 205
      	ErrorEmptyPassword      = 206
      )

        LDAP Result Codes

        View Source
        const (
        	FilterAnd             = 0
        	FilterOr              = 1
        	FilterNot             = 2
        	FilterEqualityMatch   = 3
        	FilterSubstrings      = 4
        	FilterGreaterOrEqual  = 5
        	FilterLessOrEqual     = 6
        	FilterPresent         = 7
        	FilterApproxMatch     = 8
        	FilterExtensibleMatch = 9
        )

          Filter choices

          View Source
          const (
          	FilterSubstringsInitial = 0
          	FilterSubstringsAny     = 1
          	FilterSubstringsFinal   = 2
          )

            SubstringFilter options

            View Source
            const (
            	MatchingRuleAssertionMatchingRule = 1
            	MatchingRuleAssertionType         = 2
            	MatchingRuleAssertionMatchValue   = 3
            	MatchingRuleAssertionDNAttributes = 4
            )

              MatchingRuleAssertion choices

              View Source
              const (
              	ApplicationBindRequest           = 0
              	ApplicationBindResponse          = 1
              	ApplicationUnbindRequest         = 2
              	ApplicationSearchRequest         = 3
              	ApplicationSearchResultEntry     = 4
              	ApplicationSearchResultDone      = 5
              	ApplicationModifyRequest         = 6
              	ApplicationModifyResponse        = 7
              	ApplicationAddRequest            = 8
              	ApplicationAddResponse           = 9
              	ApplicationDelRequest            = 10
              	ApplicationDelResponse           = 11
              	ApplicationModifyDNRequest       = 12
              	ApplicationModifyDNResponse      = 13
              	ApplicationCompareRequest        = 14
              	ApplicationCompareResponse       = 15
              	ApplicationAbandonRequest        = 16
              	ApplicationSearchResultReference = 19
              	ApplicationExtendedRequest       = 23
              	ApplicationExtendedResponse      = 24
              )

                LDAP Application Codes

                View Source
                const (
                	BeheraPasswordExpired             = 0
                	BeheraAccountLocked               = 1
                	BeheraChangeAfterReset            = 2
                	BeheraPasswordModNotAllowed       = 3
                	BeheraMustSupplyOldPassword       = 4
                	BeheraInsufficientPasswordQuality = 5
                	BeheraPasswordTooShort            = 6
                	BeheraPasswordTooYoung            = 7
                	BeheraPasswordInHistory           = 8
                )

                  Ldap Behera Password Policy Draft 10 (https://tools.ietf.org/html/draft-behera-ldap-password-policy-10)

                  View Source
                  const (
                  	AddAttribute       = 0
                  	DeleteAttribute    = 1
                  	ReplaceAttribute   = 2
                  	IncrementAttribute = 3 // (https://tools.ietf.org/html/rfc4525)
                  )

                    Change operation choices

                    View Source
                    const (
                    	ScopeBaseObject   = 0
                    	ScopeSingleLevel  = 1
                    	ScopeWholeSubtree = 2
                    )

                      scope choices

                      View Source
                      const (
                      	NeverDerefAliases   = 0
                      	DerefInSearching    = 1
                      	DerefFindingBaseObj = 2
                      	DerefAlways         = 3
                      )

                        derefAliases

                        Variables

                        View Source
                        var ApplicationMap = map[uint8]string{
                        	ApplicationBindRequest:           "Bind Request",
                        	ApplicationBindResponse:          "Bind Response",
                        	ApplicationUnbindRequest:         "Unbind Request",
                        	ApplicationSearchRequest:         "Search Request",
                        	ApplicationSearchResultEntry:     "Search Result Entry",
                        	ApplicationSearchResultDone:      "Search Result Done",
                        	ApplicationModifyRequest:         "Modify Request",
                        	ApplicationModifyResponse:        "Modify Response",
                        	ApplicationAddRequest:            "Add Request",
                        	ApplicationAddResponse:           "Add Response",
                        	ApplicationDelRequest:            "Del Request",
                        	ApplicationDelResponse:           "Del Response",
                        	ApplicationModifyDNRequest:       "Modify DN Request",
                        	ApplicationModifyDNResponse:      "Modify DN Response",
                        	ApplicationCompareRequest:        "Compare Request",
                        	ApplicationCompareResponse:       "Compare Response",
                        	ApplicationAbandonRequest:        "Abandon Request",
                        	ApplicationSearchResultReference: "Search Result Reference",
                        	ApplicationExtendedRequest:       "Extended Request",
                        	ApplicationExtendedResponse:      "Extended Response",
                        }

                          ApplicationMap contains human readable descriptions of LDAP Application Codes

                          View Source
                          var BeheraPasswordPolicyErrorMap = map[int8]string{
                          	BeheraPasswordExpired:             "Password expired",
                          	BeheraAccountLocked:               "Account locked",
                          	BeheraChangeAfterReset:            "Password must be changed",
                          	BeheraPasswordModNotAllowed:       "Policy prevents password modification",
                          	BeheraMustSupplyOldPassword:       "Policy requires old password in order to change password",
                          	BeheraInsufficientPasswordQuality: "Password fails quality checks",
                          	BeheraPasswordTooShort:            "Password is too short for policy",
                          	BeheraPasswordTooYoung:            "Password has been changed too recently",
                          	BeheraPasswordInHistory:           "New password is in list of old passwords",
                          }

                            BeheraPasswordPolicyErrorMap contains human readable descriptions of Behera Password Policy error codes

                            View Source
                            var ControlTypeMap = map[string]string{
                            	ControlTypePaging:                "Paging",
                            	ControlTypeBeheraPasswordPolicy:  "Password Policy - Behera Draft",
                            	ControlTypeManageDsaIT:           "Manage DSA IT",
                            	ControlTypeMicrosoftNotification: "Change Notification - Microsoft",
                            	ControlTypeMicrosoftShowDeleted:  "Show Deleted Objects - Microsoft",
                            }

                              ControlTypeMap maps controls to text descriptions

                              View Source
                              var DefaultTimeout = 60 * time.Second

                                DefaultTimeout is a package-level variable that sets the timeout value used for the Dial and DialTLS methods.

                                WARNING: since this is a package-level variable, setting this value from multiple places will probably result in undesired behaviour.

                                View Source
                                var DerefMap = map[int]string{
                                	NeverDerefAliases:   "NeverDerefAliases",
                                	DerefInSearching:    "DerefInSearching",
                                	DerefFindingBaseObj: "DerefFindingBaseObj",
                                	DerefAlways:         "DerefAlways",
                                }

                                  DerefMap contains human readable descriptions of derefAliases choices

                                  View Source
                                  var FilterMap = map[uint64]string{
                                  	FilterAnd:             "And",
                                  	FilterOr:              "Or",
                                  	FilterNot:             "Not",
                                  	FilterEqualityMatch:   "Equality Match",
                                  	FilterSubstrings:      "Substrings",
                                  	FilterGreaterOrEqual:  "Greater Or Equal",
                                  	FilterLessOrEqual:     "Less Or Equal",
                                  	FilterPresent:         "Present",
                                  	FilterApproxMatch:     "Approx Match",
                                  	FilterExtensibleMatch: "Extensible Match",
                                  }

                                    FilterMap contains human readable descriptions of Filter choices

                                    View Source
                                    var FilterSubstringsMap = map[uint64]string{
                                    	FilterSubstringsInitial: "Substrings Initial",
                                    	FilterSubstringsAny:     "Substrings Any",
                                    	FilterSubstringsFinal:   "Substrings Final",
                                    }

                                      FilterSubstringsMap contains human readable descriptions of SubstringFilter choices

                                      View Source
                                      var LDAPResultCodeMap = map[uint16]string{
                                      	LDAPResultSuccess:                            "Success",
                                      	LDAPResultOperationsError:                    "Operations Error",
                                      	LDAPResultProtocolError:                      "Protocol Error",
                                      	LDAPResultTimeLimitExceeded:                  "Time Limit Exceeded",
                                      	LDAPResultSizeLimitExceeded:                  "Size Limit Exceeded",
                                      	LDAPResultCompareFalse:                       "Compare False",
                                      	LDAPResultCompareTrue:                        "Compare True",
                                      	LDAPResultAuthMethodNotSupported:             "Auth Method Not Supported",
                                      	LDAPResultStrongAuthRequired:                 "Strong Auth Required",
                                      	LDAPResultReferral:                           "Referral",
                                      	LDAPResultAdminLimitExceeded:                 "Admin Limit Exceeded",
                                      	LDAPResultUnavailableCriticalExtension:       "Unavailable Critical Extension",
                                      	LDAPResultConfidentialityRequired:            "Confidentiality Required",
                                      	LDAPResultSaslBindInProgress:                 "Sasl Bind In Progress",
                                      	LDAPResultNoSuchAttribute:                    "No Such Attribute",
                                      	LDAPResultUndefinedAttributeType:             "Undefined Attribute Type",
                                      	LDAPResultInappropriateMatching:              "Inappropriate Matching",
                                      	LDAPResultConstraintViolation:                "Constraint Violation",
                                      	LDAPResultAttributeOrValueExists:             "Attribute Or Value Exists",
                                      	LDAPResultInvalidAttributeSyntax:             "Invalid Attribute Syntax",
                                      	LDAPResultNoSuchObject:                       "No Such Object",
                                      	LDAPResultAliasProblem:                       "Alias Problem",
                                      	LDAPResultInvalidDNSyntax:                    "Invalid DN Syntax",
                                      	LDAPResultIsLeaf:                             "Is Leaf",
                                      	LDAPResultAliasDereferencingProblem:          "Alias Dereferencing Problem",
                                      	LDAPResultInappropriateAuthentication:        "Inappropriate Authentication",
                                      	LDAPResultInvalidCredentials:                 "Invalid Credentials",
                                      	LDAPResultInsufficientAccessRights:           "Insufficient Access Rights",
                                      	LDAPResultBusy:                               "Busy",
                                      	LDAPResultUnavailable:                        "Unavailable",
                                      	LDAPResultUnwillingToPerform:                 "Unwilling To Perform",
                                      	LDAPResultLoopDetect:                         "Loop Detect",
                                      	LDAPResultSortControlMissing:                 "Sort Control Missing",
                                      	LDAPResultOffsetRangeError:                   "Result Offset Range Error",
                                      	LDAPResultNamingViolation:                    "Naming Violation",
                                      	LDAPResultObjectClassViolation:               "Object Class Violation",
                                      	LDAPResultResultsTooLarge:                    "Results Too Large",
                                      	LDAPResultNotAllowedOnNonLeaf:                "Not Allowed On Non Leaf",
                                      	LDAPResultNotAllowedOnRDN:                    "Not Allowed On RDN",
                                      	LDAPResultEntryAlreadyExists:                 "Entry Already Exists",
                                      	LDAPResultObjectClassModsProhibited:          "Object Class Mods Prohibited",
                                      	LDAPResultAffectsMultipleDSAs:                "Affects Multiple DSAs",
                                      	LDAPResultVirtualListViewErrorOrControlError: "Failed because of a problem related to the virtual list view",
                                      	LDAPResultOther:                              "Other",
                                      	LDAPResultServerDown:                         "Cannot establish a connection",
                                      	LDAPResultLocalError:                         "An error occurred",
                                      	LDAPResultEncodingError:                      "LDAP encountered an error while encoding",
                                      	LDAPResultDecodingError:                      "LDAP encountered an error while decoding",
                                      	LDAPResultTimeout:                            "LDAP timeout while waiting for a response from the server",
                                      	LDAPResultAuthUnknown:                        "The auth method requested in a bind request is unknown",
                                      	LDAPResultFilterError:                        "An error occurred while encoding the given search filter",
                                      	LDAPResultUserCanceled:                       "The user canceled the operation",
                                      	LDAPResultParamError:                         "An invalid parameter was specified",
                                      	LDAPResultNoMemory:                           "Out of memory error",
                                      	LDAPResultConnectError:                       "A connection to the server could not be established",
                                      	LDAPResultNotSupported:                       "An attempt has been made to use a feature not supported LDAP",
                                      	LDAPResultControlNotFound:                    "The controls required to perform the requested operation were not found",
                                      	LDAPResultNoResultsReturned:                  "No results were returned from the server",
                                      	LDAPResultMoreResultsToReturn:                "There are more results in the chain of results",
                                      	LDAPResultClientLoop:                         "A loop has been detected. For example when following referrals",
                                      	LDAPResultReferralLimitExceeded:              "The referral hop limit has been exceeded",
                                      	LDAPResultCanceled:                           "Operation was canceled",
                                      	LDAPResultNoSuchOperation:                    "Server has no knowledge of the operation requested for cancellation",
                                      	LDAPResultTooLate:                            "Too late to cancel the outstanding operation",
                                      	LDAPResultCannotCancel:                       "The identified operation does not support cancellation or the cancel operation cannot be performed",
                                      	LDAPResultAssertionFailed:                    "An assertion control given in the LDAP operation evaluated to false causing the operation to not be performed",
                                      	LDAPResultSyncRefreshRequired:                "Refresh Required",
                                      	LDAPResultInvalidResponse:                    "Invalid Response",
                                      	LDAPResultAmbiguousResponse:                  "Ambiguous Response",
                                      	LDAPResultTLSNotSupported:                    "Tls Not Supported",
                                      	LDAPResultIntermediateResponse:               "Intermediate Response",
                                      	LDAPResultUnknownType:                        "Unknown Type",
                                      	LDAPResultAuthorizationDenied:                "Authorization Denied",
                                      
                                      	ErrorNetwork:            "Network Error",
                                      	ErrorFilterCompile:      "Filter Compile Error",
                                      	ErrorFilterDecompile:    "Filter Decompile Error",
                                      	ErrorDebugging:          "Debugging Error",
                                      	ErrorUnexpectedMessage:  "Unexpected Message",
                                      	ErrorUnexpectedResponse: "Unexpected Response",
                                      	ErrorEmptyPassword:      "Empty password not allowed by the client",
                                      }

                                        LDAPResultCodeMap contains string descriptions for LDAP error codes

                                        View Source
                                        var MatchingRuleAssertionMap = map[uint64]string{
                                        	MatchingRuleAssertionMatchingRule: "Matching Rule Assertion Matching Rule",
                                        	MatchingRuleAssertionType:         "Matching Rule Assertion Type",
                                        	MatchingRuleAssertionMatchValue:   "Matching Rule Assertion Match Value",
                                        	MatchingRuleAssertionDNAttributes: "Matching Rule Assertion DN Attributes",
                                        }

                                          MatchingRuleAssertionMap contains human readable descriptions of MatchingRuleAssertion choices

                                          View Source
                                          var ScopeMap = map[int]string{
                                          	ScopeBaseObject:   "Base Object",
                                          	ScopeSingleLevel:  "Single Level",
                                          	ScopeWholeSubtree: "Whole Subtree",
                                          }

                                            ScopeMap contains human readable descriptions of scope choices

                                            Functions

                                            func CompileFilter

                                            func CompileFilter(filter string) (*ber.Packet, error)

                                              CompileFilter converts a string representation of a filter into a BER-encoded packet

                                              func DebugBinaryFile

                                              func DebugBinaryFile(fileName string) error

                                                DebugBinaryFile reads and prints packets from the given filename

                                                func DecompileFilter

                                                func DecompileFilter(packet *ber.Packet) (_ string, err error)

                                                  DecompileFilter converts a packet representation of a filter into a string representation

                                                  func EscapeFilter

                                                  func EscapeFilter(filter string) string

                                                    EscapeFilter escapes from the provided LDAP filter string the special characters in the set `()*\` and those out of the range 0 < c < 0x80, as defined in RFC4515.

                                                    func GetLDAPError

                                                    func GetLDAPError(packet *ber.Packet) error

                                                      GetLDAPError creates an Error out of a BER packet representing a LDAPResult The return is an error object. It can be casted to a Error structure. This function returns nil if resultCode in the LDAPResult sequence is success(0).

                                                      func IsErrorAnyOf

                                                      func IsErrorAnyOf(err error, codes ...uint16) bool

                                                        IsErrorAnyOf returns true if the given error is an LDAP error with any one of the given result codes

                                                        func IsErrorWithCode

                                                        func IsErrorWithCode(err error, desiredResultCode uint16) bool

                                                          IsErrorWithCode returns true if the given error is an LDAP error with the given result code

                                                          func NewError

                                                          func NewError(resultCode uint16, err error) error

                                                            NewError creates an LDAP error with the given code and underlying error

                                                            Types

                                                            type AddRequest

                                                            type AddRequest struct {
                                                            	// DN identifies the entry being added
                                                            	DN string
                                                            	// Attributes list the attributes of the new entry
                                                            	Attributes []Attribute
                                                            	// Controls hold optional controls to send with the request
                                                            	Controls []Control
                                                            }

                                                              AddRequest represents an LDAP AddRequest operation

                                                              func NewAddRequest

                                                              func NewAddRequest(dn string, controls []Control) *AddRequest

                                                                NewAddRequest returns an AddRequest for the given DN, with no attributes

                                                                func (*AddRequest) Attribute

                                                                func (req *AddRequest) Attribute(attrType string, attrVals []string)

                                                                  Attribute adds an attribute with the given type and values

                                                                  type Attribute

                                                                  type Attribute struct {
                                                                  	// Type is the name of the LDAP attribute
                                                                  	Type string
                                                                  	// Vals are the LDAP attribute values
                                                                  	Vals []string
                                                                  }

                                                                    Attribute represents an LDAP attribute

                                                                    type AttributeTypeAndValue

                                                                    type AttributeTypeAndValue struct {
                                                                    	// Type is the attribute type
                                                                    	Type string
                                                                    	// Value is the attribute value
                                                                    	Value string
                                                                    }

                                                                      AttributeTypeAndValue represents an attributeTypeAndValue from https://tools.ietf.org/html/rfc4514

                                                                      func (*AttributeTypeAndValue) Equal

                                                                        Equal returns true if the AttributeTypeAndValue is equivalent to the specified AttributeTypeAndValue Case of the attribute type is not significant

                                                                        type Change

                                                                        type Change struct {
                                                                        	// Operation is the type of change to be made
                                                                        	Operation uint
                                                                        	// Modification is the attribute to be modified
                                                                        	Modification PartialAttribute
                                                                        }

                                                                          Change for a ModifyRequest as defined in https://tools.ietf.org/html/rfc4511

                                                                          type Client

                                                                          type Client interface {
                                                                          	Start()
                                                                          	StartTLS(*tls.Config) error
                                                                          	Close()
                                                                          	SetTimeout(time.Duration)
                                                                          
                                                                          	Bind(username, password string) error
                                                                          	UnauthenticatedBind(username string) error
                                                                          	SimpleBind(*SimpleBindRequest) (*SimpleBindResult, error)
                                                                          	ExternalBind() error
                                                                          
                                                                          	Add(*AddRequest) error
                                                                          	Del(*DelRequest) error
                                                                          	Modify(*ModifyRequest) error
                                                                          	ModifyDN(*ModifyDNRequest) error
                                                                          
                                                                          	Compare(dn, attribute, value string) (bool, error)
                                                                          	PasswordModify(*PasswordModifyRequest) (*PasswordModifyResult, error)
                                                                          
                                                                          	Search(*SearchRequest) (*SearchResult, error)
                                                                          	SearchWithPaging(searchRequest *SearchRequest, pagingSize uint32) (*SearchResult, error)
                                                                          }

                                                                            Client knows how to interact with an LDAP server

                                                                            type CompareRequest

                                                                            type CompareRequest struct {
                                                                            	DN        string
                                                                            	Attribute string
                                                                            	Value     string
                                                                            }

                                                                              CompareRequest represents an LDAP CompareRequest operation.

                                                                              type Conn

                                                                              type Conn struct {
                                                                              	Debug debugging
                                                                              	// contains filtered or unexported fields
                                                                              }

                                                                                Conn represents an LDAP Connection

                                                                                func Dial

                                                                                func Dial(network, addr string) (*Conn, error)

                                                                                  Dial connects to the given address on the given network using net.Dial and then returns a new Conn for the connection. @deprecated Use DialURL instead.

                                                                                  func DialTLS

                                                                                  func DialTLS(network, addr string, config *tls.Config) (*Conn, error)

                                                                                    DialTLS connects to the given address on the given network using tls.Dial and then returns a new Conn for the connection. @deprecated Use DialURL instead.

                                                                                    func DialURL

                                                                                    func DialURL(addr string, opts ...DialOpt) (*Conn, error)

                                                                                      DialURL connects to the given ldap URL. The following schemas are supported: ldap://, ldaps://, ldapi://. On success a new Conn for the connection is returned.

                                                                                      func NewConn

                                                                                      func NewConn(conn net.Conn, isTLS bool) *Conn

                                                                                        NewConn returns a new Conn using conn for network I/O.

                                                                                        func (*Conn) Add

                                                                                        func (l *Conn) Add(addRequest *AddRequest) error

                                                                                          Add performs the given AddRequest

                                                                                          func (*Conn) Bind

                                                                                          func (l *Conn) Bind(username, password string) error

                                                                                            Bind performs a bind with the given username and password.

                                                                                            It does not allow unauthenticated bind (i.e. empty password). Use the UnauthenticatedBind method for that.

                                                                                            Example

                                                                                              This example demonstrates how to bind a connection to an ldap user allowing access to restricted attributes that user has access to

                                                                                              Output:
                                                                                              
                                                                                              

                                                                                              func (*Conn) Close

                                                                                              func (l *Conn) Close()

                                                                                                Close closes the connection.

                                                                                                func (*Conn) Compare

                                                                                                func (l *Conn) Compare(dn, attribute, value string) (bool, error)

                                                                                                  Compare checks to see if the attribute of the dn matches value. Returns true if it does otherwise false with any error that occurs if any.

                                                                                                  Example

                                                                                                    This example demonstrates how to compare an attribute with a value

                                                                                                    Output:
                                                                                                    
                                                                                                    

                                                                                                    func (*Conn) Del

                                                                                                    func (l *Conn) Del(delRequest *DelRequest) error

                                                                                                      Del executes the given delete request

                                                                                                      func (*Conn) DigestMD5Bind

                                                                                                      func (l *Conn) DigestMD5Bind(digestMD5BindRequest *DigestMD5BindRequest) (*DigestMD5BindResult, error)

                                                                                                        DigestMD5Bind performs the digest-md5 bind operation defined in the given request

                                                                                                        func (*Conn) ExternalBind

                                                                                                        func (l *Conn) ExternalBind() error

                                                                                                          ExternalBind performs SASL/EXTERNAL authentication.

                                                                                                          Use ldap.DialURL("ldapi://") to connect to the Unix socket before ExternalBind.

                                                                                                          See https://tools.ietf.org/html/rfc4422#appendix-A

                                                                                                          Example

                                                                                                            This example demonstrates how to use EXTERNAL SASL with TLS client certificates.

                                                                                                            Output:
                                                                                                            
                                                                                                            

                                                                                                            func (*Conn) IsClosing

                                                                                                            func (l *Conn) IsClosing() bool

                                                                                                              IsClosing returns whether or not we're currently closing.

                                                                                                              func (*Conn) MD5Bind

                                                                                                              func (l *Conn) MD5Bind(host, username, password string) error

                                                                                                                MD5Bind performs a digest-md5 bind with the given host, username and password.

                                                                                                                func (*Conn) Modify

                                                                                                                func (l *Conn) Modify(modifyRequest *ModifyRequest) error

                                                                                                                  Modify performs the ModifyRequest

                                                                                                                  Example
                                                                                                                  Output:
                                                                                                                  
                                                                                                                  

                                                                                                                  func (*Conn) ModifyDN

                                                                                                                  func (l *Conn) ModifyDN(m *ModifyDNRequest) error

                                                                                                                    ModifyDN renames the given DN and optionally move to another base (when the "newSup" argument to NewModifyDNRequest() is not "").

                                                                                                                    Example (MoveOnly)

                                                                                                                      This example shows how to move an entry to a new base without renaming the RDN

                                                                                                                      Output:
                                                                                                                      
                                                                                                                      
                                                                                                                      Example (RenameAndMove)

                                                                                                                        This example shows how to rename an entry and moving it to a new base

                                                                                                                        Output:
                                                                                                                        
                                                                                                                        
                                                                                                                        Example (RenameNoMove)

                                                                                                                          This example shows how to rename an entry without moving it

                                                                                                                          Output:
                                                                                                                          
                                                                                                                          

                                                                                                                          func (*Conn) NTLMBind

                                                                                                                          func (l *Conn) NTLMBind(domain, username, password string) error

                                                                                                                            NTLMBind performs an NTLMSSP Bind with the given domain, username and password

                                                                                                                            func (*Conn) NTLMBindWithHash

                                                                                                                            func (l *Conn) NTLMBindWithHash(domain, username, hash string) error

                                                                                                                              NTLMBindWithHash performs an NTLM Bind with an NTLM hash instead of plaintext password (pass-the-hash)

                                                                                                                              func (*Conn) NTLMChallengeBind

                                                                                                                              func (l *Conn) NTLMChallengeBind(ntlmBindRequest *NTLMBindRequest) (*NTLMBindResult, error)

                                                                                                                                NTLMChallengeBind performs the NTLMSSP bind operation defined in the given request

                                                                                                                                func (*Conn) PasswordModify

                                                                                                                                func (l *Conn) PasswordModify(passwordModifyRequest *PasswordModifyRequest) (*PasswordModifyResult, error)

                                                                                                                                  PasswordModify performs the modification request

                                                                                                                                  Example (Admin)
                                                                                                                                  Output:
                                                                                                                                  
                                                                                                                                  
                                                                                                                                  Example (GeneratedPassword)
                                                                                                                                  Output:
                                                                                                                                  
                                                                                                                                  
                                                                                                                                  Example (SetNewPassword)
                                                                                                                                  Output:
                                                                                                                                  
                                                                                                                                  

                                                                                                                                  func (*Conn) Search

                                                                                                                                  func (l *Conn) Search(searchRequest *SearchRequest) (*SearchResult, error)

                                                                                                                                    Search performs the given search request

                                                                                                                                    Example

                                                                                                                                      This example demonstrates how to use the search interface

                                                                                                                                      Output:
                                                                                                                                      
                                                                                                                                      

                                                                                                                                      func (*Conn) SearchWithPaging

                                                                                                                                      func (l *Conn) SearchWithPaging(searchRequest *SearchRequest, pagingSize uint32) (*SearchResult, error)

                                                                                                                                        SearchWithPaging accepts a search request and desired page size in order to execute LDAP queries to fulfill the search request. All paged LDAP query responses will be buffered and the final result will be returned atomically. The following four cases are possible given the arguments:

                                                                                                                                        - given SearchRequest missing a control of type ControlTypePaging: we will add one with the desired paging size
                                                                                                                                        - given SearchRequest contains a control of type ControlTypePaging that isn't actually a ControlPaging: fail without issuing any queries
                                                                                                                                        - given SearchRequest contains a control of type ControlTypePaging with pagingSize equal to the size requested: no change to the search request
                                                                                                                                        - given SearchRequest contains a control of type ControlTypePaging with pagingSize not equal to the size requested: fail without issuing any queries
                                                                                                                                        

                                                                                                                                        A requested pagingSize of 0 is interpreted as no limit by LDAP servers.

                                                                                                                                        func (*Conn) SetTimeout

                                                                                                                                        func (l *Conn) SetTimeout(timeout time.Duration)

                                                                                                                                          SetTimeout sets the time after a request is sent that a MessageTimeout triggers

                                                                                                                                          func (*Conn) SimpleBind

                                                                                                                                          func (l *Conn) SimpleBind(simpleBindRequest *SimpleBindRequest) (*SimpleBindResult, error)

                                                                                                                                            SimpleBind performs the simple bind operation defined in the given request

                                                                                                                                            func (*Conn) Start

                                                                                                                                            func (l *Conn) Start()

                                                                                                                                              Start initializes goroutines to read responses and process messages

                                                                                                                                              func (*Conn) StartTLS

                                                                                                                                              func (l *Conn) StartTLS(config *tls.Config) error

                                                                                                                                                StartTLS sends the command to start a TLS session and then creates a new TLS Client

                                                                                                                                                Example

                                                                                                                                                  This example demonstrates how to start a TLS connection

                                                                                                                                                  Output:
                                                                                                                                                  
                                                                                                                                                  

                                                                                                                                                  func (*Conn) TLSConnectionState

                                                                                                                                                  func (l *Conn) TLSConnectionState() (state tls.ConnectionState, ok bool)

                                                                                                                                                    TLSConnectionState returns the client's TLS connection state. The return values are their zero values if StartTLS did not succeed.

                                                                                                                                                    func (*Conn) UnauthenticatedBind

                                                                                                                                                    func (l *Conn) UnauthenticatedBind(username string) error

                                                                                                                                                      UnauthenticatedBind performs an unauthenticated bind.

                                                                                                                                                      A username may be provided for trace (e.g. logging) purpose only, but it is normally not authenticated or otherwise validated by the LDAP server.

                                                                                                                                                      See https://tools.ietf.org/html/rfc4513#section-5.1.2 . See https://tools.ietf.org/html/rfc4513#section-6.3.1 .

                                                                                                                                                      type Control

                                                                                                                                                      type Control interface {
                                                                                                                                                      	// GetControlType returns the OID
                                                                                                                                                      	GetControlType() string
                                                                                                                                                      	// Encode returns the ber packet representation
                                                                                                                                                      	Encode() *ber.Packet
                                                                                                                                                      	// String returns a human-readable description
                                                                                                                                                      	String() string
                                                                                                                                                      }

                                                                                                                                                        Control defines an interface controls provide to encode and describe themselves

                                                                                                                                                        func DecodeControl

                                                                                                                                                        func DecodeControl(packet *ber.Packet) (Control, error)

                                                                                                                                                          DecodeControl returns a control read from the given packet, or nil if no recognized control can be made

                                                                                                                                                          func FindControl

                                                                                                                                                          func FindControl(controls []Control, controlType string) Control

                                                                                                                                                            FindControl returns the first control of the given type in the list, or nil

                                                                                                                                                            type ControlBeheraPasswordPolicy

                                                                                                                                                            type ControlBeheraPasswordPolicy struct {
                                                                                                                                                            	// Expire contains the number of seconds before a password will expire
                                                                                                                                                            	Expire int64
                                                                                                                                                            	// Grace indicates the remaining number of times a user will be allowed to authenticate with an expired password
                                                                                                                                                            	Grace int64
                                                                                                                                                            	// Error indicates the error code
                                                                                                                                                            	Error int8
                                                                                                                                                            	// ErrorString is a human readable error
                                                                                                                                                            	ErrorString string
                                                                                                                                                            }

                                                                                                                                                              ControlBeheraPasswordPolicy implements the control described in https://tools.ietf.org/html/draft-behera-ldap-password-policy-10

                                                                                                                                                              func NewControlBeheraPasswordPolicy

                                                                                                                                                              func NewControlBeheraPasswordPolicy() *ControlBeheraPasswordPolicy

                                                                                                                                                                NewControlBeheraPasswordPolicy returns a ControlBeheraPasswordPolicy

                                                                                                                                                                func (*ControlBeheraPasswordPolicy) Encode

                                                                                                                                                                func (c *ControlBeheraPasswordPolicy) Encode() *ber.Packet

                                                                                                                                                                  Encode returns the ber packet representation

                                                                                                                                                                  func (*ControlBeheraPasswordPolicy) GetControlType

                                                                                                                                                                  func (c *ControlBeheraPasswordPolicy) GetControlType() string

                                                                                                                                                                    GetControlType returns the OID

                                                                                                                                                                    func (*ControlBeheraPasswordPolicy) String

                                                                                                                                                                    func (c *ControlBeheraPasswordPolicy) String() string

                                                                                                                                                                      String returns a human-readable description

                                                                                                                                                                      type ControlManageDsaIT

                                                                                                                                                                      type ControlManageDsaIT struct {
                                                                                                                                                                      	// Criticality indicates if this control is required
                                                                                                                                                                      	Criticality bool
                                                                                                                                                                      }

                                                                                                                                                                        ControlManageDsaIT implements the control described in https://tools.ietf.org/html/rfc3296

                                                                                                                                                                        func NewControlManageDsaIT

                                                                                                                                                                        func NewControlManageDsaIT(Criticality bool) *ControlManageDsaIT

                                                                                                                                                                          NewControlManageDsaIT returns a ControlManageDsaIT control

                                                                                                                                                                          func (*ControlManageDsaIT) Encode

                                                                                                                                                                          func (c *ControlManageDsaIT) Encode() *ber.Packet

                                                                                                                                                                            Encode returns the ber packet representation

                                                                                                                                                                            func (*ControlManageDsaIT) GetControlType

                                                                                                                                                                            func (c *ControlManageDsaIT) GetControlType() string

                                                                                                                                                                              GetControlType returns the OID

                                                                                                                                                                              func (*ControlManageDsaIT) String

                                                                                                                                                                              func (c *ControlManageDsaIT) String() string

                                                                                                                                                                                String returns a human-readable description

                                                                                                                                                                                type ControlMicrosoftNotification

                                                                                                                                                                                type ControlMicrosoftNotification struct{}

                                                                                                                                                                                  ControlMicrosoftNotification implements the control described in https://msdn.microsoft.com/en-us/library/aa366983(v=vs.85).aspx

                                                                                                                                                                                  func NewControlMicrosoftNotification

                                                                                                                                                                                  func NewControlMicrosoftNotification() *ControlMicrosoftNotification

                                                                                                                                                                                    NewControlMicrosoftNotification returns a ControlMicrosoftNotification control

                                                                                                                                                                                    func (*ControlMicrosoftNotification) Encode

                                                                                                                                                                                      Encode returns the ber packet representation

                                                                                                                                                                                      func (*ControlMicrosoftNotification) GetControlType

                                                                                                                                                                                      func (c *ControlMicrosoftNotification) GetControlType() string

                                                                                                                                                                                        GetControlType returns the OID

                                                                                                                                                                                        func (*ControlMicrosoftNotification) String

                                                                                                                                                                                          String returns a human-readable description

                                                                                                                                                                                          type ControlMicrosoftShowDeleted

                                                                                                                                                                                          type ControlMicrosoftShowDeleted struct{}

                                                                                                                                                                                            ControlMicrosoftShowDeleted implements the control described in https://msdn.microsoft.com/en-us/library/aa366989(v=vs.85).aspx

                                                                                                                                                                                            func NewControlMicrosoftShowDeleted

                                                                                                                                                                                            func NewControlMicrosoftShowDeleted() *ControlMicrosoftShowDeleted

                                                                                                                                                                                              NewControlMicrosoftShowDeleted returns a ControlMicrosoftShowDeleted control

                                                                                                                                                                                              func (*ControlMicrosoftShowDeleted) Encode

                                                                                                                                                                                              func (c *ControlMicrosoftShowDeleted) Encode() *ber.Packet

                                                                                                                                                                                                Encode returns the ber packet representation

                                                                                                                                                                                                func (*ControlMicrosoftShowDeleted) GetControlType

                                                                                                                                                                                                func (c *ControlMicrosoftShowDeleted) GetControlType() string

                                                                                                                                                                                                  GetControlType returns the OID

                                                                                                                                                                                                  func (*ControlMicrosoftShowDeleted) String

                                                                                                                                                                                                  func (c *ControlMicrosoftShowDeleted) String() string

                                                                                                                                                                                                    String returns a human-readable description

                                                                                                                                                                                                    type ControlPaging

                                                                                                                                                                                                    type ControlPaging struct {
                                                                                                                                                                                                    	// PagingSize indicates the page size
                                                                                                                                                                                                    	PagingSize uint32
                                                                                                                                                                                                    	// Cookie is an opaque value returned by the server to track a paging cursor
                                                                                                                                                                                                    	Cookie []byte
                                                                                                                                                                                                    }

                                                                                                                                                                                                      ControlPaging implements the paging control described in https://www.ietf.org/rfc/rfc2696.txt

                                                                                                                                                                                                      Example (ManualPaging)

                                                                                                                                                                                                        This example demonstrates how to use ControlPaging to manually execute a paginated search request instead of using SearchWithPaging.

                                                                                                                                                                                                        Output:
                                                                                                                                                                                                        
                                                                                                                                                                                                        

                                                                                                                                                                                                        func NewControlPaging

                                                                                                                                                                                                        func NewControlPaging(pagingSize uint32) *ControlPaging

                                                                                                                                                                                                          NewControlPaging returns a paging control

                                                                                                                                                                                                          func (*ControlPaging) Encode

                                                                                                                                                                                                          func (c *ControlPaging) Encode() *ber.Packet

                                                                                                                                                                                                            Encode returns the ber packet representation

                                                                                                                                                                                                            func (*ControlPaging) GetControlType

                                                                                                                                                                                                            func (c *ControlPaging) GetControlType() string

                                                                                                                                                                                                              GetControlType returns the OID

                                                                                                                                                                                                              func (*ControlPaging) SetCookie

                                                                                                                                                                                                              func (c *ControlPaging) SetCookie(cookie []byte)

                                                                                                                                                                                                                SetCookie stores the given cookie in the paging control

                                                                                                                                                                                                                func (*ControlPaging) String

                                                                                                                                                                                                                func (c *ControlPaging) String() string

                                                                                                                                                                                                                  String returns a human-readable description

                                                                                                                                                                                                                  type ControlString

                                                                                                                                                                                                                  type ControlString struct {
                                                                                                                                                                                                                  	ControlType  string
                                                                                                                                                                                                                  	Criticality  bool
                                                                                                                                                                                                                  	ControlValue string
                                                                                                                                                                                                                  }

                                                                                                                                                                                                                    ControlString implements the Control interface for simple controls

                                                                                                                                                                                                                    func NewControlString

                                                                                                                                                                                                                    func NewControlString(controlType string, criticality bool, controlValue string) *ControlString

                                                                                                                                                                                                                      NewControlString returns a generic control

                                                                                                                                                                                                                      func (*ControlString) Encode

                                                                                                                                                                                                                      func (c *ControlString) Encode() *ber.Packet

                                                                                                                                                                                                                        Encode returns the ber packet representation

                                                                                                                                                                                                                        func (*ControlString) GetControlType

                                                                                                                                                                                                                        func (c *ControlString) GetControlType() string

                                                                                                                                                                                                                          GetControlType returns the OID

                                                                                                                                                                                                                          func (*ControlString) String

                                                                                                                                                                                                                          func (c *ControlString) String() string

                                                                                                                                                                                                                            String returns a human-readable description

                                                                                                                                                                                                                            type ControlVChuPasswordMustChange

                                                                                                                                                                                                                            type ControlVChuPasswordMustChange struct {
                                                                                                                                                                                                                            	// MustChange indicates if the password is required to be changed
                                                                                                                                                                                                                            	MustChange bool
                                                                                                                                                                                                                            }

                                                                                                                                                                                                                              ControlVChuPasswordMustChange implements the control described in https://tools.ietf.org/html/draft-vchu-ldap-pwd-policy-00

                                                                                                                                                                                                                              func (*ControlVChuPasswordMustChange) Encode

                                                                                                                                                                                                                                Encode returns the ber packet representation

                                                                                                                                                                                                                                func (*ControlVChuPasswordMustChange) GetControlType

                                                                                                                                                                                                                                func (c *ControlVChuPasswordMustChange) GetControlType() string

                                                                                                                                                                                                                                  GetControlType returns the OID

                                                                                                                                                                                                                                  func (*ControlVChuPasswordMustChange) String

                                                                                                                                                                                                                                    String returns a human-readable description

                                                                                                                                                                                                                                    type ControlVChuPasswordWarning

                                                                                                                                                                                                                                    type ControlVChuPasswordWarning struct {
                                                                                                                                                                                                                                    	// Expire indicates the time in seconds until the password expires
                                                                                                                                                                                                                                    	Expire int64
                                                                                                                                                                                                                                    }

                                                                                                                                                                                                                                      ControlVChuPasswordWarning implements the control described in https://tools.ietf.org/html/draft-vchu-ldap-pwd-policy-00

                                                                                                                                                                                                                                      func (*ControlVChuPasswordWarning) Encode

                                                                                                                                                                                                                                      func (c *ControlVChuPasswordWarning) Encode() *ber.Packet

                                                                                                                                                                                                                                        Encode returns the ber packet representation

                                                                                                                                                                                                                                        func (*ControlVChuPasswordWarning) GetControlType

                                                                                                                                                                                                                                        func (c *ControlVChuPasswordWarning) GetControlType() string

                                                                                                                                                                                                                                          GetControlType returns the OID

                                                                                                                                                                                                                                          func (*ControlVChuPasswordWarning) String

                                                                                                                                                                                                                                          func (c *ControlVChuPasswordWarning) String() string

                                                                                                                                                                                                                                            String returns a human-readable description

                                                                                                                                                                                                                                            type DN

                                                                                                                                                                                                                                            type DN struct {
                                                                                                                                                                                                                                            	RDNs []*RelativeDN
                                                                                                                                                                                                                                            }

                                                                                                                                                                                                                                              DN represents a distinguishedName from https://tools.ietf.org/html/rfc4514

                                                                                                                                                                                                                                              func ParseDN

                                                                                                                                                                                                                                              func ParseDN(str string) (*DN, error)

                                                                                                                                                                                                                                                ParseDN returns a distinguishedName or an error. The function respects https://tools.ietf.org/html/rfc4514

                                                                                                                                                                                                                                                func (*DN) AncestorOf

                                                                                                                                                                                                                                                func (d *DN) AncestorOf(other *DN) bool

                                                                                                                                                                                                                                                  AncestorOf returns true if the other DN consists of at least one RDN followed by all the RDNs of the current DN. "ou=widgets,o=acme.com" is an ancestor of "ou=sprockets,ou=widgets,o=acme.com" "ou=widgets,o=acme.com" is not an ancestor of "ou=sprockets,ou=widgets,o=foo.com" "ou=widgets,o=acme.com" is not an ancestor of "ou=widgets,o=acme.com"

                                                                                                                                                                                                                                                  func (*DN) Equal

                                                                                                                                                                                                                                                  func (d *DN) Equal(other *DN) bool

                                                                                                                                                                                                                                                    Equal returns true if the DNs are equal as defined by rfc4517 4.2.15 (distinguishedNameMatch). Returns true if they have the same number of relative distinguished names and corresponding relative distinguished names (by position) are the same.

                                                                                                                                                                                                                                                    type DelRequest

                                                                                                                                                                                                                                                    type DelRequest struct {
                                                                                                                                                                                                                                                    	// DN is the name of the directory entry to delete
                                                                                                                                                                                                                                                    	DN string
                                                                                                                                                                                                                                                    	// Controls hold optional controls to send with the request
                                                                                                                                                                                                                                                    	Controls []Control
                                                                                                                                                                                                                                                    }

                                                                                                                                                                                                                                                      DelRequest implements an LDAP deletion request

                                                                                                                                                                                                                                                      func NewDelRequest

                                                                                                                                                                                                                                                      func NewDelRequest(DN string, Controls []Control) *DelRequest

                                                                                                                                                                                                                                                        NewDelRequest creates a delete request for the given DN and controls

                                                                                                                                                                                                                                                        type DialContext

                                                                                                                                                                                                                                                        type DialContext struct {
                                                                                                                                                                                                                                                        	// contains filtered or unexported fields
                                                                                                                                                                                                                                                        }

                                                                                                                                                                                                                                                          DialContext contains necessary parameters to dial the given ldap URL.

                                                                                                                                                                                                                                                          type DialOpt

                                                                                                                                                                                                                                                          type DialOpt func(*DialContext)

                                                                                                                                                                                                                                                            DialOpt configures DialContext.

                                                                                                                                                                                                                                                            func DialWithDialer

                                                                                                                                                                                                                                                            func DialWithDialer(d *net.Dialer) DialOpt

                                                                                                                                                                                                                                                              DialWithDialer updates net.Dialer in DialContext.

                                                                                                                                                                                                                                                              func DialWithTLSConfig

                                                                                                                                                                                                                                                              func DialWithTLSConfig(tc *tls.Config) DialOpt

                                                                                                                                                                                                                                                                DialWithTLSConfig updates tls.Config in DialContext.

                                                                                                                                                                                                                                                                type DigestMD5BindRequest

                                                                                                                                                                                                                                                                type DigestMD5BindRequest struct {
                                                                                                                                                                                                                                                                	Host string
                                                                                                                                                                                                                                                                	// Username is the name of the Directory object that the client wishes to bind as
                                                                                                                                                                                                                                                                	Username string
                                                                                                                                                                                                                                                                	// Password is the credentials to bind with
                                                                                                                                                                                                                                                                	Password string
                                                                                                                                                                                                                                                                	// Controls are optional controls to send with the bind request
                                                                                                                                                                                                                                                                	Controls []Control
                                                                                                                                                                                                                                                                }

                                                                                                                                                                                                                                                                  DigestMD5BindRequest represents a digest-md5 bind operation

                                                                                                                                                                                                                                                                  type DigestMD5BindResult

                                                                                                                                                                                                                                                                  type DigestMD5BindResult struct {
                                                                                                                                                                                                                                                                  	Controls []Control
                                                                                                                                                                                                                                                                  }

                                                                                                                                                                                                                                                                    DigestMD5BindResult contains the response from the server

                                                                                                                                                                                                                                                                    type Entry

                                                                                                                                                                                                                                                                    type Entry struct {
                                                                                                                                                                                                                                                                    	// DN is the distinguished name of the entry
                                                                                                                                                                                                                                                                    	DN string
                                                                                                                                                                                                                                                                    	// Attributes are the returned attributes for the entry
                                                                                                                                                                                                                                                                    	Attributes []*EntryAttribute
                                                                                                                                                                                                                                                                    }

                                                                                                                                                                                                                                                                      Entry represents a single search result entry

                                                                                                                                                                                                                                                                      func NewEntry

                                                                                                                                                                                                                                                                      func NewEntry(dn string, attributes map[string][]string) *Entry

                                                                                                                                                                                                                                                                        NewEntry returns an Entry object with the specified distinguished name and attribute key-value pairs. The map of attributes is accessed in alphabetical order of the keys in order to ensure that, for the same input map of attributes, the output entry will contain the same order of attributes

                                                                                                                                                                                                                                                                        func (*Entry) GetAttributeValue

                                                                                                                                                                                                                                                                        func (e *Entry) GetAttributeValue(attribute string) string

                                                                                                                                                                                                                                                                          GetAttributeValue returns the first value for the named attribute, or ""

                                                                                                                                                                                                                                                                          func (*Entry) GetAttributeValues

                                                                                                                                                                                                                                                                          func (e *Entry) GetAttributeValues(attribute string) []string

                                                                                                                                                                                                                                                                            GetAttributeValues returns the values for the named attribute, or an empty list

                                                                                                                                                                                                                                                                            func (*Entry) GetEqualFoldAttributeValue

                                                                                                                                                                                                                                                                            func (e *Entry) GetEqualFoldAttributeValue(attribute string) string

                                                                                                                                                                                                                                                                              GetEqualFoldAttributeValue returns the first value for the named attribute, or "". Attribute comparison is done with strings.EqualFold.

                                                                                                                                                                                                                                                                              func (*Entry) GetEqualFoldAttributeValues

                                                                                                                                                                                                                                                                              func (e *Entry) GetEqualFoldAttributeValues(attribute string) []string

                                                                                                                                                                                                                                                                                GetEqualFoldAttributeValues returns the values for the named attribute, or an empty list. Attribute matching is done with strings.EqualFold.

                                                                                                                                                                                                                                                                                func (*Entry) GetEqualFoldRawAttributeValue

                                                                                                                                                                                                                                                                                func (e *Entry) GetEqualFoldRawAttributeValue(attribute string) []byte

                                                                                                                                                                                                                                                                                  GetEqualFoldRawAttributeValue returns the first value for the named attribute, or an empty slice

                                                                                                                                                                                                                                                                                  func (*Entry) GetEqualFoldRawAttributeValues

                                                                                                                                                                                                                                                                                  func (e *Entry) GetEqualFoldRawAttributeValues(attribute string) [][]byte

                                                                                                                                                                                                                                                                                    GetEqualFoldRawAttributeValues returns the byte values for the named attribute, or an empty list

                                                                                                                                                                                                                                                                                    func (*Entry) GetRawAttributeValue

                                                                                                                                                                                                                                                                                    func (e *Entry) GetRawAttributeValue(attribute string) []byte

                                                                                                                                                                                                                                                                                      GetRawAttributeValue returns the first value for the named attribute, or an empty slice

                                                                                                                                                                                                                                                                                      func (*Entry) GetRawAttributeValues

                                                                                                                                                                                                                                                                                      func (e *Entry) GetRawAttributeValues(attribute string) [][]byte

                                                                                                                                                                                                                                                                                        GetRawAttributeValues returns the byte values for the named attribute, or an empty list

                                                                                                                                                                                                                                                                                        func (*Entry) PrettyPrint

                                                                                                                                                                                                                                                                                        func (e *Entry) PrettyPrint(indent int)

                                                                                                                                                                                                                                                                                          PrettyPrint outputs a human-readable description indenting

                                                                                                                                                                                                                                                                                          func (*Entry) Print

                                                                                                                                                                                                                                                                                          func (e *Entry) Print()

                                                                                                                                                                                                                                                                                            Print outputs a human-readable description

                                                                                                                                                                                                                                                                                            type EntryAttribute

                                                                                                                                                                                                                                                                                            type EntryAttribute struct {
                                                                                                                                                                                                                                                                                            	// Name is the name of the attribute
                                                                                                                                                                                                                                                                                            	Name string
                                                                                                                                                                                                                                                                                            	// Values contain the string values of the attribute
                                                                                                                                                                                                                                                                                            	Values []string
                                                                                                                                                                                                                                                                                            	// ByteValues contain the raw values of the attribute
                                                                                                                                                                                                                                                                                            	ByteValues [][]byte
                                                                                                                                                                                                                                                                                            }

                                                                                                                                                                                                                                                                                              EntryAttribute holds a single attribute

                                                                                                                                                                                                                                                                                              func NewEntryAttribute

                                                                                                                                                                                                                                                                                              func NewEntryAttribute(name string, values []string) *EntryAttribute

                                                                                                                                                                                                                                                                                                NewEntryAttribute returns a new EntryAttribute with the desired key-value pair

                                                                                                                                                                                                                                                                                                func (*EntryAttribute) PrettyPrint

                                                                                                                                                                                                                                                                                                func (e *EntryAttribute) PrettyPrint(indent int)

                                                                                                                                                                                                                                                                                                  PrettyPrint outputs a human-readable description with indenting

                                                                                                                                                                                                                                                                                                  func (*EntryAttribute) Print

                                                                                                                                                                                                                                                                                                  func (e *EntryAttribute) Print()

                                                                                                                                                                                                                                                                                                    Print outputs a human-readable description

                                                                                                                                                                                                                                                                                                    type Error

                                                                                                                                                                                                                                                                                                    type Error struct {
                                                                                                                                                                                                                                                                                                    	// Err is the underlying error
                                                                                                                                                                                                                                                                                                    	Err error
                                                                                                                                                                                                                                                                                                    	// ResultCode is the LDAP error code
                                                                                                                                                                                                                                                                                                    	ResultCode uint16
                                                                                                                                                                                                                                                                                                    	// MatchedDN is the matchedDN returned if any
                                                                                                                                                                                                                                                                                                    	MatchedDN string
                                                                                                                                                                                                                                                                                                    	// Packet is the returned packet if any
                                                                                                                                                                                                                                                                                                    	Packet *ber.Packet
                                                                                                                                                                                                                                                                                                    }

                                                                                                                                                                                                                                                                                                      Error holds LDAP error information

                                                                                                                                                                                                                                                                                                      func (*Error) Error

                                                                                                                                                                                                                                                                                                      func (e *Error) Error() string

                                                                                                                                                                                                                                                                                                      type ModifyDNRequest

                                                                                                                                                                                                                                                                                                      type ModifyDNRequest struct {
                                                                                                                                                                                                                                                                                                      	DN           string
                                                                                                                                                                                                                                                                                                      	NewRDN       string
                                                                                                                                                                                                                                                                                                      	DeleteOldRDN bool
                                                                                                                                                                                                                                                                                                      	NewSuperior  string
                                                                                                                                                                                                                                                                                                      }

                                                                                                                                                                                                                                                                                                        ModifyDNRequest holds the request to modify a DN

                                                                                                                                                                                                                                                                                                        func NewModifyDNRequest

                                                                                                                                                                                                                                                                                                        func NewModifyDNRequest(dn string, rdn string, delOld bool, newSup string) *ModifyDNRequest

                                                                                                                                                                                                                                                                                                          NewModifyDNRequest creates a new request which can be passed to ModifyDN().

                                                                                                                                                                                                                                                                                                          To move an object in the tree, set the "newSup" to the new parent entry DN. Use an empty string for just changing the object's RDN.

                                                                                                                                                                                                                                                                                                          For moving the object without renaming, the "rdn" must be the first RDN of the given DN.

                                                                                                                                                                                                                                                                                                          A call like

                                                                                                                                                                                                                                                                                                          mdnReq := NewModifyDNRequest("uid=someone,dc=example,dc=org", "uid=newname", true, "")
                                                                                                                                                                                                                                                                                                          

                                                                                                                                                                                                                                                                                                          will setup the request to just rename uid=someone,dc=example,dc=org to uid=newname,dc=example,dc=org.

                                                                                                                                                                                                                                                                                                          type ModifyRequest

                                                                                                                                                                                                                                                                                                          type ModifyRequest struct {
                                                                                                                                                                                                                                                                                                          	// DN is the distinguishedName of the directory entry to modify
                                                                                                                                                                                                                                                                                                          	DN string
                                                                                                                                                                                                                                                                                                          	// Changes contain the attributes to modify
                                                                                                                                                                                                                                                                                                          	Changes []Change
                                                                                                                                                                                                                                                                                                          	// Controls hold optional controls to send with the request
                                                                                                                                                                                                                                                                                                          	Controls []Control
                                                                                                                                                                                                                                                                                                          }

                                                                                                                                                                                                                                                                                                            ModifyRequest as defined in https://tools.ietf.org/html/rfc4511

                                                                                                                                                                                                                                                                                                            func NewModifyRequest

                                                                                                                                                                                                                                                                                                            func NewModifyRequest(dn string, controls []Control) *ModifyRequest

                                                                                                                                                                                                                                                                                                              NewModifyRequest creates a modify request for the given DN

                                                                                                                                                                                                                                                                                                              func (*ModifyRequest) Add

                                                                                                                                                                                                                                                                                                              func (req *ModifyRequest) Add(attrType string, attrVals []string)

                                                                                                                                                                                                                                                                                                                Add appends the given attribute to the list of changes to be made

                                                                                                                                                                                                                                                                                                                func (*ModifyRequest) Delete

                                                                                                                                                                                                                                                                                                                func (req *ModifyRequest) Delete(attrType string, attrVals []string)

                                                                                                                                                                                                                                                                                                                  Delete appends the given attribute to the list of changes to be made

                                                                                                                                                                                                                                                                                                                  func (*ModifyRequest) Increment

                                                                                                                                                                                                                                                                                                                  func (req *ModifyRequest) Increment(attrType string, attrVal string)

                                                                                                                                                                                                                                                                                                                    Increment appends the given attribute to the list of changes to be made

                                                                                                                                                                                                                                                                                                                    func (*ModifyRequest) Replace

                                                                                                                                                                                                                                                                                                                    func (req *ModifyRequest) Replace(attrType string, attrVals []string)

                                                                                                                                                                                                                                                                                                                      Replace appends the given attribute to the list of changes to be made

                                                                                                                                                                                                                                                                                                                      type NTLMBindRequest

                                                                                                                                                                                                                                                                                                                      type NTLMBindRequest struct {
                                                                                                                                                                                                                                                                                                                      	// Domain is the AD Domain to authenticate too. If not specified, it will be grabbed from the NTLMSSP Challenge
                                                                                                                                                                                                                                                                                                                      	Domain string
                                                                                                                                                                                                                                                                                                                      	// Username is the name of the Directory object that the client wishes to bind as
                                                                                                                                                                                                                                                                                                                      	Username string
                                                                                                                                                                                                                                                                                                                      	// Password is the credentials to bind with
                                                                                                                                                                                                                                                                                                                      	Password string
                                                                                                                                                                                                                                                                                                                      	// Hash is the hex NTLM hash to bind with. Password or hash must be provided
                                                                                                                                                                                                                                                                                                                      	Hash string
                                                                                                                                                                                                                                                                                                                      	// Controls are optional controls to send with the bind request
                                                                                                                                                                                                                                                                                                                      	Controls []Control
                                                                                                                                                                                                                                                                                                                      }

                                                                                                                                                                                                                                                                                                                        NTLMBindRequest represents an NTLMSSP bind operation

                                                                                                                                                                                                                                                                                                                        type NTLMBindResult

                                                                                                                                                                                                                                                                                                                        type NTLMBindResult struct {
                                                                                                                                                                                                                                                                                                                        	Controls []Control
                                                                                                                                                                                                                                                                                                                        }

                                                                                                                                                                                                                                                                                                                          NTLMBindResult contains the response from the server

                                                                                                                                                                                                                                                                                                                          type PacketResponse

                                                                                                                                                                                                                                                                                                                          type PacketResponse struct {
                                                                                                                                                                                                                                                                                                                          	// Packet is the packet read from the server
                                                                                                                                                                                                                                                                                                                          	Packet *ber.Packet
                                                                                                                                                                                                                                                                                                                          	// Error is an error encountered while reading
                                                                                                                                                                                                                                                                                                                          	Error error
                                                                                                                                                                                                                                                                                                                          }

                                                                                                                                                                                                                                                                                                                            PacketResponse contains the packet or error encountered reading a response

                                                                                                                                                                                                                                                                                                                            func (*PacketResponse) ReadPacket

                                                                                                                                                                                                                                                                                                                            func (pr *PacketResponse) ReadPacket() (*ber.Packet, error)

                                                                                                                                                                                                                                                                                                                              ReadPacket returns the packet or an error

                                                                                                                                                                                                                                                                                                                              type PartialAttribute

                                                                                                                                                                                                                                                                                                                              type PartialAttribute struct {
                                                                                                                                                                                                                                                                                                                              	// Type is the type of the partial attribute
                                                                                                                                                                                                                                                                                                                              	Type string
                                                                                                                                                                                                                                                                                                                              	// Vals are the values of the partial attribute
                                                                                                                                                                                                                                                                                                                              	Vals []string
                                                                                                                                                                                                                                                                                                                              }

                                                                                                                                                                                                                                                                                                                                PartialAttribute for a ModifyRequest as defined in https://tools.ietf.org/html/rfc4511

                                                                                                                                                                                                                                                                                                                                type PasswordModifyRequest

                                                                                                                                                                                                                                                                                                                                type PasswordModifyRequest struct {
                                                                                                                                                                                                                                                                                                                                	// UserIdentity is an optional string representation of the user associated with the request.
                                                                                                                                                                                                                                                                                                                                	// This string may or may not be an LDAPDN [RFC2253].
                                                                                                                                                                                                                                                                                                                                	// If no UserIdentity field is present, the request acts up upon the password of the user currently associated with the LDAP session
                                                                                                                                                                                                                                                                                                                                	UserIdentity string
                                                                                                                                                                                                                                                                                                                                	// OldPassword, if present, contains the user's current password
                                                                                                                                                                                                                                                                                                                                	OldPassword string
                                                                                                                                                                                                                                                                                                                                	// NewPassword, if present, contains the desired password for this user
                                                                                                                                                                                                                                                                                                                                	NewPassword string
                                                                                                                                                                                                                                                                                                                                }

                                                                                                                                                                                                                                                                                                                                  PasswordModifyRequest implements the Password Modify Extended Operation as defined in https://www.ietf.org/rfc/rfc3062.txt

                                                                                                                                                                                                                                                                                                                                  func NewPasswordModifyRequest

                                                                                                                                                                                                                                                                                                                                  func NewPasswordModifyRequest(userIdentity string, oldPassword string, newPassword string) *PasswordModifyRequest

                                                                                                                                                                                                                                                                                                                                    NewPasswordModifyRequest creates a new PasswordModifyRequest

                                                                                                                                                                                                                                                                                                                                    According to the RFC 3602 (https://tools.ietf.org/html/rfc3062): userIdentity is a string representing the user associated with the request. This string may or may not be an LDAPDN (RFC 2253). If userIdentity is empty then the operation will act on the user associated with the session.

                                                                                                                                                                                                                                                                                                                                    oldPassword is the current user's password, it can be empty or it can be needed depending on the session user access rights (usually an administrator can change a user's password without knowing the current one) and the password policy (see pwdSafeModify password policy's attribute)

                                                                                                                                                                                                                                                                                                                                    newPassword is the desired user's password. If empty the server can return an error or generate a new password that will be available in the PasswordModifyResult.GeneratedPassword

                                                                                                                                                                                                                                                                                                                                    type PasswordModifyResult

                                                                                                                                                                                                                                                                                                                                    type PasswordModifyResult struct {
                                                                                                                                                                                                                                                                                                                                    	// GeneratedPassword holds a password generated by the server, if present
                                                                                                                                                                                                                                                                                                                                    	GeneratedPassword string
                                                                                                                                                                                                                                                                                                                                    	// Referral are the returned referral
                                                                                                                                                                                                                                                                                                                                    	Referral string
                                                                                                                                                                                                                                                                                                                                    }

                                                                                                                                                                                                                                                                                                                                      PasswordModifyResult holds the server response to a PasswordModifyRequest

                                                                                                                                                                                                                                                                                                                                      type RelativeDN

                                                                                                                                                                                                                                                                                                                                      type RelativeDN struct {
                                                                                                                                                                                                                                                                                                                                      	Attributes []*AttributeTypeAndValue
                                                                                                                                                                                                                                                                                                                                      }

                                                                                                                                                                                                                                                                                                                                        RelativeDN represents a relativeDistinguishedName from https://tools.ietf.org/html/rfc4514

                                                                                                                                                                                                                                                                                                                                        func (*RelativeDN) Equal

                                                                                                                                                                                                                                                                                                                                        func (r *RelativeDN) Equal(other *RelativeDN) bool

                                                                                                                                                                                                                                                                                                                                          Equal returns true if the RelativeDNs are equal as defined by rfc4517 4.2.15 (distinguishedNameMatch). Relative distinguished names are the same if and only if they have the same number of AttributeTypeAndValues and each attribute of the first RDN is the same as the attribute of the second RDN with the same attribute type. The order of attributes is not significant. Case of attribute types is not significant.

                                                                                                                                                                                                                                                                                                                                          type SearchRequest

                                                                                                                                                                                                                                                                                                                                          type SearchRequest struct {
                                                                                                                                                                                                                                                                                                                                          	BaseDN       string
                                                                                                                                                                                                                                                                                                                                          	Scope        int
                                                                                                                                                                                                                                                                                                                                          	DerefAliases int
                                                                                                                                                                                                                                                                                                                                          	SizeLimit    int
                                                                                                                                                                                                                                                                                                                                          	TimeLimit    int
                                                                                                                                                                                                                                                                                                                                          	TypesOnly    bool
                                                                                                                                                                                                                                                                                                                                          	Filter       string
                                                                                                                                                                                                                                                                                                                                          	Attributes   []string
                                                                                                                                                                                                                                                                                                                                          	Controls     []Control
                                                                                                                                                                                                                                                                                                                                          }

                                                                                                                                                                                                                                                                                                                                            SearchRequest represents a search request to send to the server

                                                                                                                                                                                                                                                                                                                                            func NewSearchRequest

                                                                                                                                                                                                                                                                                                                                            func NewSearchRequest(
                                                                                                                                                                                                                                                                                                                                            	BaseDN string,
                                                                                                                                                                                                                                                                                                                                            	Scope, DerefAliases, SizeLimit, TimeLimit int,
                                                                                                                                                                                                                                                                                                                                            	TypesOnly bool,
                                                                                                                                                                                                                                                                                                                                            	Filter string,
                                                                                                                                                                                                                                                                                                                                            	Attributes []string,
                                                                                                                                                                                                                                                                                                                                            	Controls []Control,
                                                                                                                                                                                                                                                                                                                                            ) *SearchRequest

                                                                                                                                                                                                                                                                                                                                              NewSearchRequest creates a new search request

                                                                                                                                                                                                                                                                                                                                              type SearchResult

                                                                                                                                                                                                                                                                                                                                              type SearchResult struct {
                                                                                                                                                                                                                                                                                                                                              	// Entries are the returned entries
                                                                                                                                                                                                                                                                                                                                              	Entries []*Entry
                                                                                                                                                                                                                                                                                                                                              	// Referrals are the returned referrals
                                                                                                                                                                                                                                                                                                                                              	Referrals []string
                                                                                                                                                                                                                                                                                                                                              	// Controls are the returned controls
                                                                                                                                                                                                                                                                                                                                              	Controls []Control
                                                                                                                                                                                                                                                                                                                                              }

                                                                                                                                                                                                                                                                                                                                                SearchResult holds the server's response to a search request

                                                                                                                                                                                                                                                                                                                                                func (*SearchResult) PrettyPrint

                                                                                                                                                                                                                                                                                                                                                func (s *SearchResult) PrettyPrint(indent int)

                                                                                                                                                                                                                                                                                                                                                  PrettyPrint outputs a human-readable description with indenting

                                                                                                                                                                                                                                                                                                                                                  func (*SearchResult) Print

                                                                                                                                                                                                                                                                                                                                                  func (s *SearchResult) Print()

                                                                                                                                                                                                                                                                                                                                                    Print outputs a human-readable description

                                                                                                                                                                                                                                                                                                                                                    type SimpleBindRequest

                                                                                                                                                                                                                                                                                                                                                    type SimpleBindRequest struct {
                                                                                                                                                                                                                                                                                                                                                    	// Username is the name of the Directory object that the client wishes to bind as
                                                                                                                                                                                                                                                                                                                                                    	Username string
                                                                                                                                                                                                                                                                                                                                                    	// Password is the credentials to bind with
                                                                                                                                                                                                                                                                                                                                                    	Password string
                                                                                                                                                                                                                                                                                                                                                    	// Controls are optional controls to send with the bind request
                                                                                                                                                                                                                                                                                                                                                    	Controls []Control
                                                                                                                                                                                                                                                                                                                                                    	// AllowEmptyPassword sets whether the client allows binding with an empty password
                                                                                                                                                                                                                                                                                                                                                    	// (normally used for unauthenticated bind).
                                                                                                                                                                                                                                                                                                                                                    	AllowEmptyPassword bool
                                                                                                                                                                                                                                                                                                                                                    }

                                                                                                                                                                                                                                                                                                                                                      SimpleBindRequest represents a username/password bind operation

                                                                                                                                                                                                                                                                                                                                                      func NewSimpleBindRequest

                                                                                                                                                                                                                                                                                                                                                      func NewSimpleBindRequest(username string, password string, controls []Control) *SimpleBindRequest

                                                                                                                                                                                                                                                                                                                                                        NewSimpleBindRequest returns a bind request

                                                                                                                                                                                                                                                                                                                                                        type SimpleBindResult

                                                                                                                                                                                                                                                                                                                                                        type SimpleBindResult struct {
                                                                                                                                                                                                                                                                                                                                                        	Controls []Control
                                                                                                                                                                                                                                                                                                                                                        }

                                                                                                                                                                                                                                                                                                                                                          SimpleBindResult contains the response from the server