ldapauth

package module
v0.0.0-...-41244cb Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 31, 2016 License: MIT Imports: 3 Imported by: 0

README

ldapauth

LDAP authentication made easier. Borrows some high level details from Gitlab.

Example
package main

type User struct {
    Username string
    FirstName string
    IsAdmin bool
}

func (u *User) Attributes() []string{
    return []string{"givenName"}
}

func (u *User) MapAttributes(entry *ldap.Entry) {
    u.FirstName = entry.GetAttributeValue("givenName")
}

func main() {
    viper.AutomaticEnv()
    viper.SetConfigName("ldap")
    viper.AddConfigPath(".")
    // See documentation for details.
    ldp := &ldapauth.LDAP{
	    Address:           viper.GetString("ldap.address"),
    	UID:               viper.GetString("ldap.uid"),
	    Method:            viper.GetString("ldap.method"),
	    BindDN:            viper.GetString("ldap.bind_dn"),
	    Password:          viper.GetString("ldap.password"),
	    IsActiveDirectory: viper.GetBool("ldap.is_active_directory"),
	    BaseSearch:        viper.GetString("ldap.base_search"),
	    UserFilter:        viper.GetString("ldap.user_filter"),
	    AdminFilter:       viper.GetString("ldap.admin_filter"),
    }

    var user User
    a, err := ldp.Auth("alice.smith", "password1", &user)
    if err != nil {
        panic(err) // Authentication failed.
    }
    user.Username = a.Username
    user.IsAdmin = a.IsAdmin

    fmt.Println(user.FirstName) // Will be attribute of givenName

    // Sometime later...
    if err := ldp.Validate(user.Username); err != nil {
        panic(err) // User is disabled or not in UserFilter.
    }
}

Documentation

Index

Constants

View Source 
const (
	BADPASSWORDERROR  = "authentication failed: bad password"
	USERNOTFOUNDEROR  = "authentication failed: username not found"
	DISABLEDUSERERROR = "authentication failed: user is disabled"
	BADFILTERERROR    = "server error: a filter returned multiple entrees"
)

Error messages.

Variables

This section is empty.

Functions

This section is empty.

Types

type AttributeMapper 

type AttributeMapper interface {
	Attributes() []string
	MapAttributes(*ldap.Entry)
}

AttributeMapper is an interface to retreive and map attributes during authentication. Attributes should return a string of attributes to grab during an LDAP search. MapAttributes should map attributes from an Entry into the implementor.

type AuthUser 

type AuthUser struct {
	IsAdmin  bool
	Username string
}

AuthUser is used to return information about an authenticated user.

type LDAP 

type LDAP struct {
	Label             string // Friendly string `Acme Inc.`
	Address           string // Host:Port `192.168.1.2:389`
	UID               string // 'sAMAAccountName'
	Method            string // 'plain', 'tls', 'ssl'
	Insecure          bool   // Use if using an self-signed certificate.
	BindDN            string // CN=some person,DC=example,DC=.com
	Password          string // Password to bind with, will be stored in plaintext.
	IsActiveDirectory bool   // Is an active directory environment.
	BaseSearch        string // Base search for users.
	UserFilter        string // Only allow users of this filter to login.
	AdminFilter       string // Users matching this filter will be made admins.
}

LDAP holds configuration information to connect to an LDAP service and search for and authenticate users.

func (*LDAP) Auth 

func (l *LDAP) Auth(username, password string, mapper AttributeMapper) (*AuthUser, error)

Auth authenticates a username against the configured LDAP service. error will not be nil if authentication has failed.

func (*LDAP) Validate 

func (l *LDAP) Validate(username string) error

Validate checks LDAP to ensure the user is still matching the user filter and is not disabled.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.