go-ad-auth.v2: gopkg.in/korylprince/go-ad-auth.v2 Index | Examples | Files

package auth

import "gopkg.in/korylprince/go-ad-auth.v2"

Index

Examples

Package Files

auth.go config.go conn.go group.go passwd.go search.go

func Authenticate Uses

func Authenticate(config *Config, username, password string) (bool, error)

Authenticate checks if the given credentials are valid, or returns an error if one occurred. username may be either the sAMAccountName or the userPrincipalName.

Code:

config := &auth.Config{
    Server:   "ldap.example.com",
    Port:     389,
    BaseDN:   "OU=Users,DC=example,DC=com",
    Security: auth.SecurityStartTLS,
}

username := "user"
password := "pass"

status, err := auth.Authenticate(config, username, password)

if err != nil {
    //handle err
    return
}

if !status {
    //handle failed authentication
    return
}

func AuthenticateExtended Uses

func AuthenticateExtended(config *Config, username, password string, attrs, groups []string) (status bool, entry *ldap.Entry, userGroups []string, err error)

AuthenticateExtended checks if the given credentials are valid, or returns an error if one occurred. username may be either the sAMAccountName or the userPrincipalName. entry is the *ldap.Entry that holds the DN and any request attributes of the user. If groups is non-empty, userGroups will hold which of those groups the user is a member of. groups can be a list of groups referenced by DN or cn and the format provided will be the format returned.

Code:

config := &auth.Config{
    Server:   "ldap.example.com",
    Port:     389,
    BaseDN:   "OU=Users,DC=example,DC=com",
    Security: auth.SecurityStartTLS,
}

username := "user"
password := "pass"

status, entry, groups, err := auth.AuthenticateExtended(config, username, password, []string{"cn"}, []string{"Domain Admins"})

if err != nil {
    //handle err
    return
}

if !status {
    //handle failed authentication
    return
}

if len(groups) == 0 {
    //handle user not being in any groups
    return
}

//get attributes
cn := entry.GetAttributeValue("cn")

fmt.Println(cn)

func UpdatePassword Uses

func UpdatePassword(config *Config, username, oldPasswd, newPasswd string) error

UpdatePassword checks if the given credentials are valid and updates the password if they are, or returns an error if one occurred. UpdatePassword is used for users resetting their own password.

Code:

config := &auth.Config{
    Server:   "ldap.example.com",
    Port:     389,
    BaseDN:   "OU=Users,DC=example,DC=com",
    Security: auth.SecurityStartTLS,
}

username := "user"
password := "pass"
newPassword := "Super$ecret"

if err := auth.UpdatePassword(config, username, password, newPassword); err != nil {
    //handle err
}

type Config Uses

type Config struct {
    Server   string
    Port     int
    BaseDN   string
    Security SecurityType
}

Config contains settings for connecting to an Active Directory server.

func (*Config) Connect Uses

func (c *Config) Connect() (*Conn, error)

Connect returns an open connection to an Active Directory server or an error if one occurred.

func (*Config) Domain Uses

func (c *Config) Domain() (string, error)

Domain returns the domain derived from BaseDN or an error if misconfigured.

func (*Config) UPN Uses

func (c *Config) UPN(username string) (string, error)

UPN returns the userPrincipalName for the given username or an error if misconfigured.

type Conn Uses

type Conn struct {
    Conn   *ldap.Conn
    Config *Config
}

Conn represents an Active Directory connection.

func (*Conn) Bind Uses

func (c *Conn) Bind(upn, password string) (bool, error)

Bind authenticates the connection with the given userPrincipalName and password and returns the result or an error if one occurred.

func (*Conn) GetAttributes Uses

func (c *Conn) GetAttributes(attr, value string, attrs []string) (*ldap.Entry, error)

GetAttributes returns the *ldap.Entry with the given attributes for the object with the given attribute value or an error if one occurred. attr and value are sanitized.

func (*Conn) GetDN Uses

func (c *Conn) GetDN(attr, value string) (string, error)

GetDN returns the DN for the object with the given attribute value or an error if one occurred. attr and value are sanitized.

func (*Conn) GroupDN Uses

func (c *Conn) GroupDN(group string) (string, error)

GroupDN returns the DN of the group with the given cn or an error if one occurred.

func (*Conn) ModifyDNPassword Uses

func (c *Conn) ModifyDNPassword(dn, newPasswd string) error

ModifyDNPassword sets a new password for the given user or returns an error if one occurred. ModifyDNPassword is used for resetting user passwords using administrative privileges.

func (*Conn) ObjectGroups Uses

func (c *Conn) ObjectGroups(attr, value string, groups []string) ([]string, error)

ObjectGroups returns which of the given groups (referenced by DN) the object with the given attribute value is in, if any, or an error if one occurred.

func (*Conn) Search Uses

func (c *Conn) Search(filter string, attrs []string, sizeLimit int) ([]*ldap.Entry, error)

Search returns the entries for the given search criteria or an error if one occurred.

func (*Conn) SearchOne Uses

func (c *Conn) SearchOne(filter string, attrs []string) (*ldap.Entry, error)

SearchOne returns the single entry for the given search criteria or an error if one occurred. An error is returned if exactly one entry is not returned.

type SecurityType Uses

type SecurityType int

SecurityType specifies the type of security to use when connecting to an Active Directory Server.

const (
    SecurityNone SecurityType = iota
    SecurityTLS
    SecurityStartTLS
)

Security will default to SecurityNone if not given.

Package auth imports 7 packages (graph) and is imported by 1 packages. Updated 2019-09-18. Refresh now. Tools for package owners.