README
¶
go-ldap-client
Simple ldap client to authenticate, retrieve basic information and groups for a user.
Usage
See example. The only external dependency is gopkg.in/ldap.v2.
package main
import (
"log"
"github.com/jtblin/go-ldap-client"
)
func main() {
client := &ldap.LDAPClient{
Base: "dc=example,dc=com",
Host: "ldap.example.com",
Port: 389,
UseSSL: false,
BindDN: "uid=readonlysuer,ou=People,dc=example,dc=com",
BindPassword: "readonlypassword",
UserFilter: "(uid=%s)",
GroupFilter: "(memberUid=%s)",
Attributes: []string{"givenName", "sn", "mail", "uid"},
}
// It is the responsibility of the caller to close the connection
defer client.Close()
ok, user, err := client.Authenticate("username", "password")
if err != nil {
log.Fatalf("Error authenticating user %s: %+v", "username", err)
}
if !ok {
log.Fatalf("Authenticating failed for user %s", "username")
}
log.Printf("User: %+v", user)
groups, err := client.GetGroupsOfUser("username")
if err != nil {
log.Fatalf("Error getting groups for user %s: %+v", "username", err)
}
log.Printf("Groups: %+v", groups)
}
SSL (ldaps)
If you use SSL, you will need to pass the server name for certificate verification
or skip domain name verification e.g.client.ServerName = "ldap.example.com".
Why?
There are already tons of ldap libraries for golang but most of them
are just forks of another one, most of them are too low level or too limited (e.g. do not return errors
which make it hard to troubleshoot issues).
Documentation
¶
Overview ¶
Package ldap provides a simple ldap client to authenticate, retrieve basic information and groups for a user.
Index ¶
- type LDAPClient
- func (lc *LDAPClient) Authenticate(username, password string) (bool, map[string][]string, error)
- func (lc *LDAPClient) Bind(dn, password string) error
- func (lc *LDAPClient) ChangeADUserPassword(username, oldPassword, newPassword string) (err error)
- func (lc *LDAPClient) ChangeOpenLDAPUserPassword(username, oldPassword, newPassword string) (err error)
- func (lc *LDAPClient) Close()
- func (lc *LDAPClient) Connect() error
- func (lc *LDAPClient) GetAllGroupsByName(groupName string) ([]*LdapGroup, error)
- func (lc *LDAPClient) GetAllGroupsWithMembersByDN(groupDN []string) ([]*LdapGroup, error)
- func (lc *LDAPClient) GetGroupsOfUser(username string) ([]string, error)
- func (lc *LDAPClient) GetUserByCN(userCN, uidAttr string) (uid string, err error)
- func (lc *LDAPClient) RunQueries(username string, queries []string) (results map[string]bool, err error)
- func (lc *LDAPClient) UsersSearch(orFilter string, uidAttr string) (bool, map[string]map[string][]string, error)
- type LDAPClienter
- type LDAPError
- type LdapGroup
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type LDAPClient ¶
type LDAPClient struct {
Attributes []string
Base string
BindDN string
BindPassword string
GroupFilter string // e.g. "(memberUid=%s)"
Host string
ServerName string
UserFilter string // e.g. "(uid=%s)"
Conn *ldap.Conn
Port int
InsecureSkipVerify bool
UseSSL bool
SkipTLS bool
ClientCertificates []tls.Certificate // Adding client certificates
GroupsDN string
}
func (*LDAPClient) Authenticate ¶
Authenticate authenticates the user against the ldap backend.
func (*LDAPClient) Bind ¶
func (lc *LDAPClient) Bind(dn, password string) error
func (*LDAPClient) ChangeADUserPassword ¶
func (lc *LDAPClient) ChangeADUserPassword(username, oldPassword, newPassword string) (err error)
ChangeADUserPassword changes user's password in Active Directory
func (*LDAPClient) ChangeOpenLDAPUserPassword ¶
func (lc *LDAPClient) ChangeOpenLDAPUserPassword(username, oldPassword, newPassword string) (err error)
ChangeOpenLDAPUserPassword changes user's password.
func (*LDAPClient) Connect ¶
func (lc *LDAPClient) Connect() error
Connect connects to the ldap backend.
func (*LDAPClient) GetAllGroupsByName ¶
func (lc *LDAPClient) GetAllGroupsByName(groupName string) ([]*LdapGroup, error)
GetAllGroupsByName returns list of groups matching a name.
func (*LDAPClient) GetAllGroupsWithMembersByDN ¶
func (lc *LDAPClient) GetAllGroupsWithMembersByDN(groupDN []string) ([]*LdapGroup, error)
GetAllGroupsWithMembersByDN returns a list of groups with selected config matching a name. members are included in result
func (*LDAPClient) GetGroupsOfUser ¶
func (lc *LDAPClient) GetGroupsOfUser(username string) ([]string, error)
GetGroupsOfUser returns the group for a user.
func (*LDAPClient) GetUserByCN ¶
func (lc *LDAPClient) GetUserByCN(userCN, uidAttr string) (uid string, err error)
func (*LDAPClient) RunQueries ¶
func (lc *LDAPClient) RunQueries(username string, queries []string) (results map[string]bool, err error)
RunQueries runs the given ldap queries against the ldap backend and returns the matched queries.
func (*LDAPClient) UsersSearch ¶
func (lc *LDAPClient) UsersSearch(orFilter string, uidAttr string) (bool, map[string]map[string][]string, error)
UsersSearch Retrieves users from the provided list and returns them with attributes.
type LDAPClienter ¶
type LDAPClienter interface {
Connect() error
Bind(dn, password string) error
Close()
UsersSearch(orFilter string, uidAttr string) (bool, map[string]map[string][]string, error)
RunQueries(username string, queries []string) (results map[string]bool, err error)
GetAllGroupsByName(groupName string) ([]*LdapGroup, error)
GetAllGroupsWithMembersByDN(groupDN []string) ([]*LdapGroup, error)
ChangeADUserPassword(username, oldPassword, newPassword string) (err error)
ChangeOpenLDAPUserPassword(username, oldPassword, newPassword string) (err error)
GetUserByCN(userCN, uidAttr string) (uid string, err error)
Authenticate(username string, password string) (bool, map[string][]string, error)
}
Source Files
Directories