mozldap: go.mozilla.org/mozldap Index | Files

package mozldap

import "go.mozilla.org/mozldap"

Index

Package Files

mozldap.go

Constants

const URIFORMAT = "ldaps://ldap.example.net:636/dc=example,dc=net"
const URIRE = "ldap(s)?://([^:]+):?([0-9]{1,5})?/(.+)"

format: ldaps://example.net:636/dc=example,dc=net

type Client Uses

type Client struct {
    Host        string
    Port        int
    UseTLS      bool
    UseStartTLS bool
    BaseDN      string
    // contains filtered or unexported fields
}

func NewClient Uses

func NewClient(uri, username, password string, tlsconf *tls.Config, starttls bool) (Client, error)

NewClient initializes a ldap connection to a given URI. if tlsconf is nil, sane default are used (tls1.2, secure verify, ...).

* uri is a connection string to the ldap server, eg. `ldaps://example.net:636/dc=example,dc=net`

* username is a bind user, eg. `uid=bind-bob,ou=logins,dc=mozilla`

* password is a password for the bind user

* cacertpath is the path to a file containing trusted root certificates

* tlsconf is a Go TLS Configuration

* starttls requires that the LDAP connection is opened insecurely but immediately switched to TLS using the StartTLS protocol.

func NewTLSClient Uses

func NewTLSClient(uri, username, password, tlscertpath, tlskeypath, cacertpath string, tlsconf *tls.Config) (Client, error)

NewTLSClient initializes a ldap connection to a given URI using a client certificate. This mode does not use StartTLS, and enforces a TLS connection before the LDAP authentication happens.

* uri is a connection string to the ldap server, eg. `ldaps://example.net:636/dc=example,dc=net`

* username is a bind user, eg. `uid=bind-bob,ou=logins,dc=mozilla`

* password is a password for the bind user

* tlscertpath is the path to a X509 client certificate in PEM format, eg `/etc/mozldap/client.crt`

* tlskeypath is the path to the private key that maps to the client certificate, eg `/etc/mozldap/client.key`

* cacertpath is the path to the X509 certificate of the Certificate Authority.

* tlsconf is a Go TLS Configuration which can be used to disable cert verification and other horrors

func ParseUri Uses

func ParseUri(uri string) (Client, error)

ParseUri extracts connection parameters from a given URI and return a client that is ready to connect. This shouldn't be called directly, use NewClient() instead.

func (*Client) Close Uses

func (cli *Client) Close()

Close the LDAP connection

func (*Client) GetEnabledUsersInGroups Uses

func (cli *Client) GetEnabledUsersInGroups(groups []string) ([]string, error)

GetEnabledUsersInGroups takes a list of ldap groups and returns a list of unique members that belong to at least one of the group. Duplicates and disabled users are removed, so you only get members once even if they belong to several groups.

example: cli.GetEnabledUsersInGroups([]string{"sysadmins", "svcops", "mojitomakers"})

func (*Client) GetGroupsOfUser Uses

func (cli *Client) GetGroupsOfUser(dn string) ([]string, error)

GetGroupsOfUser returns a list of groups a given user belongs to. This function returns the DN of all groups, including posix and scm groups.

dn is the distinguished name of the user, such as "mail=jvehent@mozilla.com,o=com,dc=mozilla"

example: cli.GetGroupsOfUser("mail=jvehent@mozilla.com,o=com,dc=mozilla")

func (*Client) GetUserDNById Uses

func (cli *Client) GetUserDNById(uid string) (string, error)

GetUserDNById exists for API compatiability (use GetUserDNByUID)

func (*Client) GetUserDNByUID Uses

func (cli *Client) GetUserDNByUID(uid string) (string, error)

GetUserDNByUID returns the distinguished name of a given user using his ID

example: cli.GetUserDNByUID("jvehent")

func (*Client) GetUserEmail Uses

func (cli *Client) GetUserEmail(shortdn string) (string, error)

GetUserEmail returns the first email address found in the user's attributes

example: cli.GetUserEmail("mail=jvehent@mozilla.com")

func (*Client) GetUserEmailByUID Uses

func (cli *Client) GetUserEmailByUID(uid string) (string, error)

GetUserEmailByUID returns the first email address found in the user's attributes

example: cli.GetUserEmailByUID("jvehent")

func (*Client) GetUserEmailByUid Uses

func (cli *Client) GetUserEmailByUid(uid string) (string, error)

GetUserEmailByUid exists for compatiability (use GetUserEmailByUID)

func (*Client) GetUserFullNameByEmail Uses

func (cli *Client) GetUserFullNameByEmail(email string) (string, error)

GetUserFullNameByEmail returns the distinguished name of a given user using his ID

example: cli.GetUserFullNameByEmail("jvehent@mozilla.com")

func (*Client) GetUserGithubByUID Uses

func (cli *Client) GetUserGithubByUID(uid string) (string, error)

GetUserGithubByUID returns the Github username of a given user using their ID example: cli.GetUserGithubByUID("jvehent")

func (*Client) GetUserId Uses

func (cli *Client) GetUserId(shortdn string) (string, error)

GetUserId exists for API compatiability (use GetUserUID)

func (*Client) GetUserPGPFingerprint Uses

func (cli *Client) GetUserPGPFingerprint(shortdn string) (string, error)

GetUserPGPFingerprint returns a PGP fingerprint for the user, or an error if no fingerprint is found.

shortdn is the first part of a distinguished name, such as "mail=jvehent@mozilla.com" or "uid=ffxbld". Do not add ,dc=mozilla to the DN.

example: cli.GetUserPGPFingerprint("mail=jvehent@mozilla.com")

func (*Client) GetUserPGPKey Uses

func (cli *Client) GetUserPGPKey(shortdn string) ([]byte, error)

GetUserPGPKey returns a PGP public key for the user, or an error if no key is found. The fingerprint of the key is first search in LDAP, then used to find the public key on gpg.mozilla.org.

shortdn is the first part of a distinguished name, such as "mail=jvehent@mozilla.com" or "uid=ffxbld". Do not add ,dc=mozilla to the DN.

example: cli.GetUserPGPKey("mail=jvehent@mozilla.com")

func (*Client) GetUserSSHPublicKeys Uses

func (cli *Client) GetUserSSHPublicKeys(shortdn string) ([]string, error)

GetUserSSHPublicKeys returns a list of public keys defined in a user's sshPublicKey LDAP attribute. If no public key is found, the list is empty.

shortdn is the first part of a distinguished name, such as "mail=jvehent@mozilla.com" or "uid=ffxbld". Do not add ,dc=mozilla to the DN.

example: cli.GetUserSSHPublicKeys("mail=jvehent@mozilla.com")

func (*Client) GetUserUID Uses

func (cli *Client) GetUserUID(shortdn string) (string, error)

GetUserUID returns the uid of a given user

example: cli.GetUserUID("mail=jvehent@mozilla.com")

func (*Client) GetUserUIDNumber Uses

func (cli *Client) GetUserUIDNumber(shortdn string) (uint64, error)

GetUserUIDNumber returns the UID number of a user using a shortdn

example: cli.GetUserUIDNumber("mail=jvehent@mozilla.com")

func (*Client) GetUserUidNumber Uses

func (cli *Client) GetUserUidNumber(shortdn string) (uint64, error)

GetUserUidNumber exists for API compatiability (use GetUserUIDNumber)

func (*Client) GetUsersInGroups Uses

func (cli *Client) GetUsersInGroups(groups []string) ([]string, error)

GetUsersInGroups takes a list of ldap groups and returns a list of unique members that belong to at least one of the group. Duplicates are removed, so you only get members once even if they belong to several groups.

example: cli.GetUsersInGroups([]string{"sysadmins", "svcops", "mojitomakers"})

func (*Client) Search Uses

func (cli *Client) Search(base, filter string, attributes []string) ([]ldap.Entry, error)

Search runs a search query against the entire subtree of the LDAP base DN

Package mozldap imports 9 packages (graph) and is imported by 1 packages. Updated 2017-11-22. Refresh now. Tools for package owners.