ldap

package
v0.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 14, 2014 License: BSD-3-Clause Imports: 3 Imported by: 0

README

LDAP authentication

Goal

Authenticat user against LDAP directories

It will bind with the user's login/pasword and query attributs ("mail" for instance) in a pool of directory servers

The first OK wins.

If there's connection error, the server will be disabled and won't be checked again

Usage

In the [security] section, set

LDAP_AUTH = true

then for each LDAP source, set

[LdapSource-someuniquename] name=canonicalName host=hostname-or-ip port=3268 # or regular LDAP port

the following settings depend highly how you've configured your AD

basedn=dc=ACME,dc=COM MSADSAFORMAT=%s@ACME.COM filter=(&(objectClass=user)(sAMAccountName=%s))

Limitation

Only tested on an MS 2008R2 DC, using global catalog (TCP/3268)

This MSAD is a mess.

The way how one checks the directory (CN, DN etc...) may be highly depending local custom configuration

Todo
  • Define a timeout per server
  • Check servers marked as "Disabled" when they'll come back online
  • Find a more flexible way to define filter/MSADSAFORMAT/Attributes etc... maybe text/template ?
  • Check OpenLDAP server
  • SSL support ?

Documentation

Overview

package ldap provide functions & structure to query a LDAP ldap directory For now, it's mainly tested again an MS Active Directory service, see README.md for more information

Index

Constants

This section is empty.

Variables

View Source
var (
	Authensource []Ldapsource
)

Global LDAP directory pool

Functions

func AddSource

func AddSource(name string, host string, port int, usessl bool, basedn string, attributes string, filter string, msadsaformat string)

Add a new source (LDAP directory) to the global pool

func LoginUser

func LoginUser(name, passwd string) (a string, r bool)

LoginUser : try to login an user to LDAP sources, return requested (attribut,true) if ok, ("",false) other wise First match wins Returns first attribute if exists

Types

type Ldapsource added in v0.4.0

type Ldapsource struct {
	Name         string // canonical name (ie. corporate.ad)
	Host         string // LDAP host
	Port         int    // port number
	UseSSL       bool   // Use SSL
	BaseDN       string // Base DN
	Attributes   string // Attribut to search
	Filter       string // Query filter to validate entry
	MsAdSAFormat string // in the case of MS AD Simple Authen, the format to use (see: http://msdn.microsoft.com/en-us/library/cc223499.aspx)
	Enabled      bool   // if this source is disabled
}

Basic LDAP authentication service

func (Ldapsource) SearchEntry added in v0.4.0

func (ls Ldapsource) SearchEntry(name, passwd string) (string, bool)

searchEntry : search an LDAP source if an entry (name, passwd) is valide and in the specific filter

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL