ldap

README

LDAP authentication

Goal

Authenticat user against LDAP directories

It will bind with the user's login/pasword and query attributs ("mail" for instance) in a pool of directory servers

The first OK wins.

If there's connection error, the server will be disabled and won't be checked again

Usage

In the [security] section, set

LDAP_AUTH = true

then for each LDAP source, set

[LdapSource-someuniquename] name=canonicalName host=hostname-or-ip port=3268 # or regular LDAP port

the following settings depend highly how you've configured your AD

basedn=dc=ACME,dc=COM MSADSAFORMAT=%s@ACME.COM filter=(&(objectClass=user)(sAMAccountName=%s))

Limitation

Only tested on an MS 2008R2 DC, using global catalog (TCP/3268)

This MSAD is a mess.

The way how one checks the directory (CN, DN etc...) may be highly depending local custom configuration

Todo

• Define a timeout per server
• Check servers marked as "Disabled" when they'll come back online
• Find a more flexible way to define filter/MSADSAFORMAT/Attributes etc... maybe text/template ?
• Check OpenLDAP server
• SSL support ?

Documentation

Overview

package ldap provide functions & structure to query a LDAP ldap directory For now, it's mainly tested again an MS Active Directory service, see README.md for more information

Index

• Variables
• func AddSource(name string, host string, port int, basedn string, attributes string, ...)
• func LoginUser(name, passwd string) (a string, r bool)

Variables

var (
	Authensource []ldapsource
)

Global LDAP directory pool

Functions

func AddSource

func AddSource(name string, host string, port int, basedn string, attributes string, filter string, msadsaformat string)

Add a new source (LDAP directory) to the global pool

func LoginUser

func LoginUser(name, passwd string) (a string, r bool)

LoginUser : try to login an user to LDAP sources, return requested (attribut,true) if ok, ("",false) other wise First match wins Returns first attribute if exists