Using go-ldap.v3 to authenticate with LDAP and return the username and groups associated witht that user. An error is returned if authentication fails.
Basic LDAP github.com/go-ldap/ldap
The recommended way to get started using github.com/go-stuff/ldap is by using 'go get' to install the dependency in your project.
go get "github.com/go-stuff/ldap"
import (
"github.com/go-stuff/ldap"
)
This is an example of how it would be implemented. Of course the constants could be environment variables or in a configuration file, etc... this is just an example.
The reason there are so many variables is to allow for connecting to multiple environments, it has been tested against OpenLDAP and Active Directory, there are some minor differences in objectClass and attributes.
package main
import (
"fmt"
"github.com/go-stuff/ldap"
)
// OpenLDAP
const (
LDAP_SERVER string = "192.168.1.100"
LDAP_PORT string = "636"
LDAP_BIND_DN string = "cn=admin,dc=go-stuff,dc=ca"
LDAP_BIND_PASS string = "password"
LDAP_USER_BASE_DN string = "ou=people,dc=go-stuff,dc=ca"
LDAP_USER_SEARCH_ATTR string = "uid"
LDAP_GROUP_BASE_DN string = "ou=group,dc=go-stuff,dc=ca"
LDAP_GROUP_OBJECT_CLASS string = "posixGroup"
LDAP_GROUP_SEARCH_ATTR string = "memberUid"
LDAP_GROUP_SEARCH_FULL string = "false"
)
// Active Dreictory
// const (
// LDAP_SERVER string = "LDAPSSL"
// LDAP_PORT string = "636"
// LDAP_BIND_DN string = "CN=admin,OU=Users,DC=go-stuff,DC=ca"
// LDAP_BIND_PASS string = "password"
// LDAP_USER_BASE_DN string = "OU=Users,DC=go-stuff,DC=ca"
// LDAP_USER_SEARCH_ATTR string = "CN"
// LDAP_GROUP_BASE_DN string = "OU=Groups,DC=go-stuff,DC=ca"
// LDAP_GROUP_OBJECT_CLASS string = "group"
// LDAP_GROUP_SEARCH_ATTR string = "member"
// LDAP_GROUP_SEARCH_FULL string = "true"
// )
func main() {
username, groups, err := ldap.Auth(
LDAP_SERVER,
LDAP_PORT,
LDAP_BIND_DN,
LDAP_BIND_PASS,
LDAP_USER_BASE_DN,
LDAP_USER_OBJECT_CLASS,
LDAP_USER_SEARCH_ATTR,
LDAP_GROUP_BASE_DN,
LDAP_GROUP_OBJECT_CLASS,
LDAP_GROUP_SEARCH_ATTR,
LDAP_AUTH_ATTR,
"web-user",
"password",
)
fmt.Printf("Username: %s\n", username)
if err != nil {
fmt.Println(err.Error())
}
for _, v := range groups {
fmt.Printf(" Group: %s\n", v)
}
Username: web-user
Group: domain users
Group: group-user
Group: group-random1
Group: group-random3