Skip to content
/ ldap Public

Authenticate a username and password against LDAP using go-ldap.

License

Notifications You must be signed in to change notification settings

go-stuff/ldap

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

57 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

ldap

GoDoc Build Status Go Report Card codecov License: MIT

Gopher Share

Using go-ldap.v3 to authenticate with LDAP and return the username and groups associated witht that user. An error is returned if authentication fails.

Packages Imported

Basic LDAP github.com/go-ldap/ldap

Installation

The recommended way to get started using github.com/go-stuff/ldap is by using 'go get' to install the dependency in your project.

go get "github.com/go-stuff/ldap"

Usage

import (
    "github.com/go-stuff/ldap"
)

Example

This is an example of how it would be implemented. Of course the constants could be environment variables or in a configuration file, etc... this is just an example.
The reason there are so many variables is to allow for connecting to multiple environments, it has been tested against OpenLDAP and Active Directory, there are some minor differences in objectClass and attributes.

package main

import (
    "fmt"

    "github.com/go-stuff/ldap"
)

// OpenLDAP
const (
    LDAP_SERVER             string = "192.168.1.100"
    LDAP_PORT               string = "636"
    LDAP_BIND_DN            string = "cn=admin,dc=go-stuff,dc=ca"
    LDAP_BIND_PASS          string = "password"
    LDAP_USER_BASE_DN       string = "ou=people,dc=go-stuff,dc=ca"
    LDAP_USER_SEARCH_ATTR   string = "uid"
    LDAP_GROUP_BASE_DN      string = "ou=group,dc=go-stuff,dc=ca"
    LDAP_GROUP_OBJECT_CLASS string = "posixGroup"
    LDAP_GROUP_SEARCH_ATTR  string = "memberUid"
    LDAP_GROUP_SEARCH_FULL  string = "false"
)

// Active Dreictory
// const (
//     LDAP_SERVER             string = "LDAPSSL"
//     LDAP_PORT               string = "636"
//     LDAP_BIND_DN            string = "CN=admin,OU=Users,DC=go-stuff,DC=ca"
//     LDAP_BIND_PASS          string = "password"
//     LDAP_USER_BASE_DN       string = "OU=Users,DC=go-stuff,DC=ca"
//     LDAP_USER_SEARCH_ATTR   string = "CN"
//     LDAP_GROUP_BASE_DN      string = "OU=Groups,DC=go-stuff,DC=ca"
//     LDAP_GROUP_OBJECT_CLASS string = "group"
//     LDAP_GROUP_SEARCH_ATTR  string = "member"
//     LDAP_GROUP_SEARCH_FULL  string = "true"
// )

func main() {
    username, groups, err := ldap.Auth(
        LDAP_SERVER,
        LDAP_PORT,
        LDAP_BIND_DN,
        LDAP_BIND_PASS,
        LDAP_USER_BASE_DN,
        LDAP_USER_OBJECT_CLASS,
        LDAP_USER_SEARCH_ATTR,
        LDAP_GROUP_BASE_DN,
        LDAP_GROUP_OBJECT_CLASS,
        LDAP_GROUP_SEARCH_ATTR,
        LDAP_AUTH_ATTR,
        "web-user",
        "password",
    )
    fmt.Printf("Username: %s\n", username)
    if err != nil {
        fmt.Println(err.Error())
    }
    for _, v := range groups {
        fmt.Printf("    Group: %s\n", v)
    }

Example Output

Username: web-user
    Group: domain users
    Group: group-user
    Group: group-random1
    Group: group-random3

License

MIT License

About

Authenticate a username and password against LDAP using go-ldap.

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages