ldap.v3: gopkg.in/ldap.v3 Index | Examples | Files

package ldap

import "gopkg.in/ldap.v3"

Package ldap provides basic LDAP v3 functionality.

Package ldap - moddn.go contains ModifyDN functionality

https://tools.ietf.org/html/rfc4511 ModifyDNRequest ::= [APPLICATION 12] SEQUENCE {

entry           LDAPDN,
newrdn          RelativeLDAPDN,
deleteoldrdn    BOOLEAN,
newSuperior     [0] LDAPDN OPTIONAL }

Code:

l, err := Dial("tcp", fmt.Sprintf("%s:%d", "ldap.example.com", 389))
if err != nil {
    log.Fatal(err)
}
defer l.Close()

controls := []Control{}
controls = append(controls, NewControlBeheraPasswordPolicy())
bindRequest := NewSimpleBindRequest("cn=admin,dc=example,dc=com", "password", controls)

r, err := l.SimpleBind(bindRequest)
ppolicyControl := FindControl(r.Controls, ControlTypeBeheraPasswordPolicy)

var ppolicy *ControlBeheraPasswordPolicy
if ppolicyControl != nil {
    ppolicy = ppolicyControl.(*ControlBeheraPasswordPolicy)
} else {
    log.Printf("ppolicyControl response not available.\n")
}
if err != nil {
    errStr := "ERROR: Cannot bind: " + err.Error()
    if ppolicy != nil && ppolicy.Error >= 0 {
        errStr += ":" + ppolicy.ErrorString
    }
    log.Print(errStr)
} else {
    logStr := "Login Ok"
    if ppolicy != nil {
        if ppolicy.Expire >= 0 {
            logStr += fmt.Sprintf(". Password expires in %d seconds\n", ppolicy.Expire)
        } else if ppolicy.Grace >= 0 {
            logStr += fmt.Sprintf(". Password expired, %d grace logins remain\n", ppolicy.Grace)
        }
    }
    log.Print(logStr)
}

Example User Authentication shows how a typical application can verify a login attempt

Code:

// The username and password we want to check
username := "someuser"
password := "userpassword"

bindusername := "readonly"
bindpassword := "password"

l, err := Dial("tcp", fmt.Sprintf("%s:%d", "ldap.example.com", 389))
if err != nil {
    log.Fatal(err)
}
defer l.Close()

// Reconnect with TLS
err = l.StartTLS(&tls.Config{InsecureSkipVerify: true})
if err != nil {
    log.Fatal(err)
}

// First bind with a read only user
err = l.Bind(bindusername, bindpassword)
if err != nil {
    log.Fatal(err)
}

// Search for the given username
searchRequest := NewSearchRequest(
    "dc=example,dc=com",
    ScopeWholeSubtree, NeverDerefAliases, 0, 0, false,
    fmt.Sprintf("(&(objectClass=organizationalPerson)(uid=%s))", username),
    []string{"dn"},
    nil,
)

sr, err := l.Search(searchRequest)
if err != nil {
    log.Fatal(err)
}

if len(sr.Entries) != 1 {
    log.Fatal("User does not exist or too many entries returned")
}

userdn := sr.Entries[0].DN

// Bind as the user to verify their password
err = l.Bind(userdn, password)
if err != nil {
    log.Fatal(err)
}

// Rebind as the read only user for any further queries
err = l.Bind(bindusername, bindpassword)
if err != nil {
    log.Fatal(err)
}

Code:

l, err := Dial("tcp", fmt.Sprintf("%s:%d", "ldap.example.com", 389))
if err != nil {
    log.Fatal(err)
}
defer l.Close()
l.Debug = true

bindRequest := NewSimpleBindRequest("cn=admin,dc=example,dc=com", "password", nil)

r, err := l.SimpleBind(bindRequest)

passwordMustChangeControl := FindControl(r.Controls, ControlTypeVChuPasswordMustChange)
var passwordMustChange *ControlVChuPasswordMustChange
if passwordMustChangeControl != nil {
    passwordMustChange = passwordMustChangeControl.(*ControlVChuPasswordMustChange)
}

if passwordMustChange != nil && passwordMustChange.MustChange {
    log.Printf("Password Must be changed.\n")
}

passwordWarningControl := FindControl(r.Controls, ControlTypeVChuPasswordWarning)

var passwordWarning *ControlVChuPasswordWarning
if passwordWarningControl != nil {
    passwordWarning = passwordWarningControl.(*ControlVChuPasswordWarning)
} else {
    log.Printf("ppolicyControl response not available.\n")
}
if err != nil {
    log.Print("ERROR: Cannot bind: " + err.Error())
} else {
    logStr := "Login Ok"
    if passwordWarning != nil {
        if passwordWarning.Expire >= 0 {
            logStr += fmt.Sprintf(". Password expires in %d seconds\n", passwordWarning.Expire)
        }
    }
    log.Print(logStr)
}

Index

Examples

Package Files

add.go bind.go client.go compare.go conn.go control.go debug.go del.go dn.go doc.go error.go filter.go ldap.go moddn.go modify.go passwdmodify.go search.go

Constants

const (
    // MessageQuit causes the processMessages loop to exit
    MessageQuit = 0
    // MessageRequest sends a request to the server
    MessageRequest = 1
    // MessageResponse receives a response from the server
    MessageResponse = 2
    // MessageFinish indicates the client considers a particular message ID to be finished
    MessageFinish = 3
    // MessageTimeout indicates the client-specified timeout for a particular message ID has been reached
    MessageTimeout = 4
)
const (
    // DefaultLdapPort default ldap port for pure TCP connection
    DefaultLdapPort = "389"
    // DefaultLdapsPort default ldap port for SSL connection
    DefaultLdapsPort = "636"
)
const (
    // ControlTypePaging - https://www.ietf.org/rfc/rfc2696.txt
    ControlTypePaging = "1.2.840.113556.1.4.319"
    // ControlTypeBeheraPasswordPolicy - https://tools.ietf.org/html/draft-behera-ldap-password-policy-10
    ControlTypeBeheraPasswordPolicy = "1.3.6.1.4.1.42.2.27.8.5.1"
    // ControlTypeVChuPasswordMustChange - https://tools.ietf.org/html/draft-vchu-ldap-pwd-policy-00
    ControlTypeVChuPasswordMustChange = "2.16.840.1.113730.3.4.4"
    // ControlTypeVChuPasswordWarning - https://tools.ietf.org/html/draft-vchu-ldap-pwd-policy-00
    ControlTypeVChuPasswordWarning = "2.16.840.1.113730.3.4.5"
    // ControlTypeManageDsaIT - https://tools.ietf.org/html/rfc3296
    ControlTypeManageDsaIT = "2.16.840.1.113730.3.4.2"

    // ControlTypeMicrosoftNotification - https://msdn.microsoft.com/en-us/library/aa366983(v=vs.85).aspx
    ControlTypeMicrosoftNotification = "1.2.840.113556.1.4.528"
    // ControlTypeMicrosoftShowDeleted - https://msdn.microsoft.com/en-us/library/aa366989(v=vs.85).aspx
    ControlTypeMicrosoftShowDeleted = "1.2.840.113556.1.4.417"
)
const (
    LDAPResultSuccess                            = 0
    LDAPResultOperationsError                    = 1
    LDAPResultProtocolError                      = 2
    LDAPResultTimeLimitExceeded                  = 3
    LDAPResultSizeLimitExceeded                  = 4
    LDAPResultCompareFalse                       = 5
    LDAPResultCompareTrue                        = 6
    LDAPResultAuthMethodNotSupported             = 7
    LDAPResultStrongAuthRequired                 = 8
    LDAPResultReferral                           = 10
    LDAPResultAdminLimitExceeded                 = 11
    LDAPResultUnavailableCriticalExtension       = 12
    LDAPResultConfidentialityRequired            = 13
    LDAPResultSaslBindInProgress                 = 14
    LDAPResultNoSuchAttribute                    = 16
    LDAPResultUndefinedAttributeType             = 17
    LDAPResultInappropriateMatching              = 18
    LDAPResultConstraintViolation                = 19
    LDAPResultAttributeOrValueExists             = 20
    LDAPResultInvalidAttributeSyntax             = 21
    LDAPResultNoSuchObject                       = 32
    LDAPResultAliasProblem                       = 33
    LDAPResultInvalidDNSyntax                    = 34
    LDAPResultIsLeaf                             = 35
    LDAPResultAliasDereferencingProblem          = 36
    LDAPResultInappropriateAuthentication        = 48
    LDAPResultInvalidCredentials                 = 49
    LDAPResultInsufficientAccessRights           = 50
    LDAPResultBusy                               = 51
    LDAPResultUnavailable                        = 52
    LDAPResultUnwillingToPerform                 = 53
    LDAPResultLoopDetect                         = 54
    LDAPResultSortControlMissing                 = 60
    LDAPResultOffsetRangeError                   = 61
    LDAPResultNamingViolation                    = 64
    LDAPResultObjectClassViolation               = 65
    LDAPResultNotAllowedOnNonLeaf                = 66
    LDAPResultNotAllowedOnRDN                    = 67
    LDAPResultEntryAlreadyExists                 = 68
    LDAPResultObjectClassModsProhibited          = 69
    LDAPResultResultsTooLarge                    = 70
    LDAPResultAffectsMultipleDSAs                = 71
    LDAPResultVirtualListViewErrorOrControlError = 76
    LDAPResultOther                              = 80
    LDAPResultServerDown                         = 81
    LDAPResultLocalError                         = 82
    LDAPResultEncodingError                      = 83
    LDAPResultDecodingError                      = 84
    LDAPResultTimeout                            = 85
    LDAPResultAuthUnknown                        = 86
    LDAPResultFilterError                        = 87
    LDAPResultUserCanceled                       = 88
    LDAPResultParamError                         = 89
    LDAPResultNoMemory                           = 90
    LDAPResultConnectError                       = 91
    LDAPResultNotSupported                       = 92
    LDAPResultControlNotFound                    = 93
    LDAPResultNoResultsReturned                  = 94
    LDAPResultMoreResultsToReturn                = 95
    LDAPResultClientLoop                         = 96
    LDAPResultReferralLimitExceeded              = 97
    LDAPResultInvalidResponse                    = 100
    LDAPResultAmbiguousResponse                  = 101
    LDAPResultTLSNotSupported                    = 112
    LDAPResultIntermediateResponse               = 113
    LDAPResultUnknownType                        = 114
    LDAPResultCanceled                           = 118
    LDAPResultNoSuchOperation                    = 119
    LDAPResultTooLate                            = 120
    LDAPResultCannotCancel                       = 121
    LDAPResultAssertionFailed                    = 122
    LDAPResultAuthorizationDenied                = 123
    LDAPResultSyncRefreshRequired                = 4096

    ErrorNetwork            = 200
    ErrorFilterCompile      = 201
    ErrorFilterDecompile    = 202
    ErrorDebugging          = 203
    ErrorUnexpectedMessage  = 204
    ErrorUnexpectedResponse = 205
    ErrorEmptyPassword      = 206
)

LDAP Result Codes

const (
    FilterAnd             = 0
    FilterOr              = 1
    FilterNot             = 2
    FilterEqualityMatch   = 3
    FilterSubstrings      = 4
    FilterGreaterOrEqual  = 5
    FilterLessOrEqual     = 6
    FilterPresent         = 7
    FilterApproxMatch     = 8
    FilterExtensibleMatch = 9
)

Filter choices

const (
    FilterSubstringsInitial = 0
    FilterSubstringsAny     = 1
    FilterSubstringsFinal   = 2
)

SubstringFilter options

const (
    MatchingRuleAssertionMatchingRule = 1
    MatchingRuleAssertionType         = 2
    MatchingRuleAssertionMatchValue   = 3
    MatchingRuleAssertionDNAttributes = 4
)

MatchingRuleAssertion choices

const (
    ApplicationBindRequest           = 0
    ApplicationBindResponse          = 1
    ApplicationUnbindRequest         = 2
    ApplicationSearchRequest         = 3
    ApplicationSearchResultEntry     = 4
    ApplicationSearchResultDone      = 5
    ApplicationModifyRequest         = 6
    ApplicationModifyResponse        = 7
    ApplicationAddRequest            = 8
    ApplicationAddResponse           = 9
    ApplicationDelRequest            = 10
    ApplicationDelResponse           = 11
    ApplicationModifyDNRequest       = 12
    ApplicationModifyDNResponse      = 13
    ApplicationCompareRequest        = 14
    ApplicationCompareResponse       = 15
    ApplicationAbandonRequest        = 16
    ApplicationSearchResultReference = 19
    ApplicationExtendedRequest       = 23
    ApplicationExtendedResponse      = 24
)

LDAP Application Codes

const (
    BeheraPasswordExpired             = 0
    BeheraAccountLocked               = 1
    BeheraChangeAfterReset            = 2
    BeheraPasswordModNotAllowed       = 3
    BeheraMustSupplyOldPassword       = 4
    BeheraInsufficientPasswordQuality = 5
    BeheraPasswordTooShort            = 6
    BeheraPasswordTooYoung            = 7
    BeheraPasswordInHistory           = 8
)

Ldap Behera Password Policy Draft 10 (https://tools.ietf.org/html/draft-behera-ldap-password-policy-10)

const (
    AddAttribute     = 0
    DeleteAttribute  = 1
    ReplaceAttribute = 2
)

Change operation choices

const (
    ScopeBaseObject   = 0
    ScopeSingleLevel  = 1
    ScopeWholeSubtree = 2
)

scope choices

const (
    NeverDerefAliases   = 0
    DerefInSearching    = 1
    DerefFindingBaseObj = 2
    DerefAlways         = 3
)

derefAliases

Variables

var ApplicationMap = map[uint8]string{
    ApplicationBindRequest:           "Bind Request",
    ApplicationBindResponse:          "Bind Response",
    ApplicationUnbindRequest:         "Unbind Request",
    ApplicationSearchRequest:         "Search Request",
    ApplicationSearchResultEntry:     "Search Result Entry",
    ApplicationSearchResultDone:      "Search Result Done",
    ApplicationModifyRequest:         "Modify Request",
    ApplicationModifyResponse:        "Modify Response",
    ApplicationAddRequest:            "Add Request",
    ApplicationAddResponse:           "Add Response",
    ApplicationDelRequest:            "Del Request",
    ApplicationDelResponse:           "Del Response",
    ApplicationModifyDNRequest:       "Modify DN Request",
    ApplicationModifyDNResponse:      "Modify DN Response",
    ApplicationCompareRequest:        "Compare Request",
    ApplicationCompareResponse:       "Compare Response",
    ApplicationAbandonRequest:        "Abandon Request",
    ApplicationSearchResultReference: "Search Result Reference",
    ApplicationExtendedRequest:       "Extended Request",
    ApplicationExtendedResponse:      "Extended Response",
}

ApplicationMap contains human readable descriptions of LDAP Application Codes

var BeheraPasswordPolicyErrorMap = map[int8]string{
    BeheraPasswordExpired:             "Password expired",
    BeheraAccountLocked:               "Account locked",
    BeheraChangeAfterReset:            "Password must be changed",
    BeheraPasswordModNotAllowed:       "Policy prevents password modification",
    BeheraMustSupplyOldPassword:       "Policy requires old password in order to change password",
    BeheraInsufficientPasswordQuality: "Password fails quality checks",
    BeheraPasswordTooShort:            "Password is too short for policy",
    BeheraPasswordTooYoung:            "Password has been changed too recently",
    BeheraPasswordInHistory:           "New password is in list of old passwords",
}

BeheraPasswordPolicyErrorMap contains human readable descriptions of Behera Password Policy error codes

var ControlTypeMap = map[string]string{
    ControlTypePaging:                "Paging",
    ControlTypeBeheraPasswordPolicy:  "Password Policy - Behera Draft",
    ControlTypeManageDsaIT:           "Manage DSA IT",
    ControlTypeMicrosoftNotification: "Change Notification - Microsoft",
    ControlTypeMicrosoftShowDeleted:  "Show Deleted Objects - Microsoft",
}

ControlTypeMap maps controls to text descriptions

var DefaultTimeout = 60 * time.Second

DefaultTimeout is a package-level variable that sets the timeout value used for the Dial and DialTLS methods.

WARNING: since this is a package-level variable, setting this value from multiple places will probably result in undesired behaviour.

var DerefMap = map[int]string{
    NeverDerefAliases:   "NeverDerefAliases",
    DerefInSearching:    "DerefInSearching",
    DerefFindingBaseObj: "DerefFindingBaseObj",
    DerefAlways:         "DerefAlways",
}

DerefMap contains human readable descriptions of derefAliases choices

var FilterMap = map[uint64]string{
    FilterAnd:             "And",
    FilterOr:              "Or",
    FilterNot:             "Not",
    FilterEqualityMatch:   "Equality Match",
    FilterSubstrings:      "Substrings",
    FilterGreaterOrEqual:  "Greater Or Equal",
    FilterLessOrEqual:     "Less Or Equal",
    FilterPresent:         "Present",
    FilterApproxMatch:     "Approx Match",
    FilterExtensibleMatch: "Extensible Match",
}

FilterMap contains human readable descriptions of Filter choices

var FilterSubstringsMap = map[uint64]string{
    FilterSubstringsInitial: "Substrings Initial",
    FilterSubstringsAny:     "Substrings Any",
    FilterSubstringsFinal:   "Substrings Final",
}

FilterSubstringsMap contains human readable descriptions of SubstringFilter choices

var LDAPResultCodeMap = map[uint16]string{
    LDAPResultSuccess:                            "Success",
    LDAPResultOperationsError:                    "Operations Error",
    LDAPResultProtocolError:                      "Protocol Error",
    LDAPResultTimeLimitExceeded:                  "Time Limit Exceeded",
    LDAPResultSizeLimitExceeded:                  "Size Limit Exceeded",
    LDAPResultCompareFalse:                       "Compare False",
    LDAPResultCompareTrue:                        "Compare True",
    LDAPResultAuthMethodNotSupported:             "Auth Method Not Supported",
    LDAPResultStrongAuthRequired:                 "Strong Auth Required",
    LDAPResultReferral:                           "Referral",
    LDAPResultAdminLimitExceeded:                 "Admin Limit Exceeded",
    LDAPResultUnavailableCriticalExtension:       "Unavailable Critical Extension",
    LDAPResultConfidentialityRequired:            "Confidentiality Required",
    LDAPResultSaslBindInProgress:                 "Sasl Bind In Progress",
    LDAPResultNoSuchAttribute:                    "No Such Attribute",
    LDAPResultUndefinedAttributeType:             "Undefined Attribute Type",
    LDAPResultInappropriateMatching:              "Inappropriate Matching",
    LDAPResultConstraintViolation:                "Constraint Violation",
    LDAPResultAttributeOrValueExists:             "Attribute Or Value Exists",
    LDAPResultInvalidAttributeSyntax:             "Invalid Attribute Syntax",
    LDAPResultNoSuchObject:                       "No Such Object",
    LDAPResultAliasProblem:                       "Alias Problem",
    LDAPResultInvalidDNSyntax:                    "Invalid DN Syntax",
    LDAPResultIsLeaf:                             "Is Leaf",
    LDAPResultAliasDereferencingProblem:          "Alias Dereferencing Problem",
    LDAPResultInappropriateAuthentication:        "Inappropriate Authentication",
    LDAPResultInvalidCredentials:                 "Invalid Credentials",
    LDAPResultInsufficientAccessRights:           "Insufficient Access Rights",
    LDAPResultBusy:                               "Busy",
    LDAPResultUnavailable:                        "Unavailable",
    LDAPResultUnwillingToPerform:                 "Unwilling To Perform",
    LDAPResultLoopDetect:                         "Loop Detect",
    LDAPResultSortControlMissing:                 "Sort Control Missing",
    LDAPResultOffsetRangeError:                   "Result Offset Range Error",
    LDAPResultNamingViolation:                    "Naming Violation",
    LDAPResultObjectClassViolation:               "Object Class Violation",
    LDAPResultResultsTooLarge:                    "Results Too Large",
    LDAPResultNotAllowedOnNonLeaf:                "Not Allowed On Non Leaf",
    LDAPResultNotAllowedOnRDN:                    "Not Allowed On RDN",
    LDAPResultEntryAlreadyExists:                 "Entry Already Exists",
    LDAPResultObjectClassModsProhibited:          "Object Class Mods Prohibited",
    LDAPResultAffectsMultipleDSAs:                "Affects Multiple DSAs",
    LDAPResultVirtualListViewErrorOrControlError: "Failed because of a problem related to the virtual list view",
    LDAPResultOther:                              "Other",
    LDAPResultServerDown:                         "Cannot establish a connection",
    LDAPResultLocalError:                         "An error occurred",
    LDAPResultEncodingError:                      "LDAP encountered an error while encoding",
    LDAPResultDecodingError:                      "LDAP encountered an error while decoding",
    LDAPResultTimeout:                            "LDAP timeout while waiting for a response from the server",
    LDAPResultAuthUnknown:                        "The auth method requested in a bind request is unknown",
    LDAPResultFilterError:                        "An error occurred while encoding the given search filter",
    LDAPResultUserCanceled:                       "The user canceled the operation",
    LDAPResultParamError:                         "An invalid parameter was specified",
    LDAPResultNoMemory:                           "Out of memory error",
    LDAPResultConnectError:                       "A connection to the server could not be established",
    LDAPResultNotSupported:                       "An attempt has been made to use a feature not supported LDAP",
    LDAPResultControlNotFound:                    "The controls required to perform the requested operation were not found",
    LDAPResultNoResultsReturned:                  "No results were returned from the server",
    LDAPResultMoreResultsToReturn:                "There are more results in the chain of results",
    LDAPResultClientLoop:                         "A loop has been detected. For example when following referrals",
    LDAPResultReferralLimitExceeded:              "The referral hop limit has been exceeded",
    LDAPResultCanceled:                           "Operation was canceled",
    LDAPResultNoSuchOperation:                    "Server has no knowledge of the operation requested for cancellation",
    LDAPResultTooLate:                            "Too late to cancel the outstanding operation",
    LDAPResultCannotCancel:                       "The identified operation does not support cancellation or the cancel operation cannot be performed",
    LDAPResultAssertionFailed:                    "An assertion control given in the LDAP operation evaluated to false causing the operation to not be performed",
    LDAPResultSyncRefreshRequired:                "Refresh Required",
    LDAPResultInvalidResponse:                    "Invalid Response",
    LDAPResultAmbiguousResponse:                  "Ambiguous Response",
    LDAPResultTLSNotSupported:                    "Tls Not Supported",
    LDAPResultIntermediateResponse:               "Intermediate Response",
    LDAPResultUnknownType:                        "Unknown Type",
    LDAPResultAuthorizationDenied:                "Authorization Denied",

    ErrorNetwork:            "Network Error",
    ErrorFilterCompile:      "Filter Compile Error",
    ErrorFilterDecompile:    "Filter Decompile Error",
    ErrorDebugging:          "Debugging Error",
    ErrorUnexpectedMessage:  "Unexpected Message",
    ErrorUnexpectedResponse: "Unexpected Response",
    ErrorEmptyPassword:      "Empty password not allowed by the client",
}

LDAPResultCodeMap contains string descriptions for LDAP error codes

var MatchingRuleAssertionMap = map[uint64]string{
    MatchingRuleAssertionMatchingRule: "Matching Rule Assertion Matching Rule",
    MatchingRuleAssertionType:         "Matching Rule Assertion Type",
    MatchingRuleAssertionMatchValue:   "Matching Rule Assertion Match Value",
    MatchingRuleAssertionDNAttributes: "Matching Rule Assertion DN Attributes",
}

MatchingRuleAssertionMap contains human readable descriptions of MatchingRuleAssertion choices

var ScopeMap = map[int]string{
    ScopeBaseObject:   "Base Object",
    ScopeSingleLevel:  "Single Level",
    ScopeWholeSubtree: "Whole Subtree",
}

ScopeMap contains human readable descriptions of scope choices

func CompileFilter Uses

func CompileFilter(filter string) (*ber.Packet, error)

CompileFilter converts a string representation of a filter into a BER-encoded packet

func DebugBinaryFile Uses

func DebugBinaryFile(fileName string) error

DebugBinaryFile reads and prints packets from the given filename

func DecompileFilter Uses

func DecompileFilter(packet *ber.Packet) (ret string, err error)

DecompileFilter converts a packet representation of a filter into a string representation

func EscapeFilter Uses

func EscapeFilter(filter string) string

EscapeFilter escapes from the provided LDAP filter string the special characters in the set `()*\` and those out of the range 0 < c < 0x80, as defined in RFC4515.

func GetLDAPError Uses

func GetLDAPError(packet *ber.Packet) error

GetLDAPError creates an Error out of a BER packet representing a LDAPResult The return is an error object. It can be casted to a Error structure. This function returns nil if resultCode in the LDAPResult sequence is success(0).

func IsErrorWithCode Uses

func IsErrorWithCode(err error, desiredResultCode uint16) bool

IsErrorWithCode returns true if the given error is an LDAP error with the given result code

func NewError Uses

func NewError(resultCode uint16, err error) error

NewError creates an LDAP error with the given code and underlying error

type AddRequest Uses

type AddRequest struct {
    // DN identifies the entry being added
    DN  string
    // Attributes list the attributes of the new entry
    Attributes []Attribute
    // Controls hold optional controls to send with the request
    Controls []Control
}

AddRequest represents an LDAP AddRequest operation

func NewAddRequest Uses

func NewAddRequest(dn string, controls []Control) *AddRequest

NewAddRequest returns an AddRequest for the given DN, with no attributes

func (*AddRequest) Attribute Uses

func (a *AddRequest) Attribute(attrType string, attrVals []string)

Attribute adds an attribute with the given type and values

type Attribute Uses

type Attribute struct {
    // Type is the name of the LDAP attribute
    Type string
    // Vals are the LDAP attribute values
    Vals []string
}

Attribute represents an LDAP attribute

type AttributeTypeAndValue Uses

type AttributeTypeAndValue struct {
    // Type is the attribute type
    Type string
    // Value is the attribute value
    Value string
}

AttributeTypeAndValue represents an attributeTypeAndValue from https://tools.ietf.org/html/rfc4514

func (*AttributeTypeAndValue) Equal Uses

func (a *AttributeTypeAndValue) Equal(other *AttributeTypeAndValue) bool

Equal returns true if the AttributeTypeAndValue is equivalent to the specified AttributeTypeAndValue Case of the attribute type is not significant

type Change Uses

type Change struct {
    // Operation is the type of change to be made
    Operation uint
    // Modification is the attribute to be modified
    Modification PartialAttribute
}

Change for a ModifyRequest as defined in https://tools.ietf.org/html/rfc4511

type Client Uses

type Client interface {
    Start()
    StartTLS(config *tls.Config) error
    Close()
    SetTimeout(time.Duration)

    Bind(username, password string) error
    SimpleBind(simpleBindRequest *SimpleBindRequest) (*SimpleBindResult, error)

    Add(addRequest *AddRequest) error
    Del(delRequest *DelRequest) error
    Modify(modifyRequest *ModifyRequest) error
    ModifyDN(modifyDNRequest *ModifyDNRequest) error

    Compare(dn, attribute, value string) (bool, error)
    PasswordModify(passwordModifyRequest *PasswordModifyRequest) (*PasswordModifyResult, error)

    Search(searchRequest *SearchRequest) (*SearchResult, error)
    SearchWithPaging(searchRequest *SearchRequest, pagingSize uint32) (*SearchResult, error)
}

Client knows how to interact with an LDAP server

type Conn Uses

type Conn struct {
    Debug debugging
    // contains filtered or unexported fields
}

Conn represents an LDAP Connection

func Dial Uses

func Dial(network, addr string) (*Conn, error)

Dial connects to the given address on the given network using net.Dial and then returns a new Conn for the connection.

func DialTLS Uses

func DialTLS(network, addr string, config *tls.Config) (*Conn, error)

DialTLS connects to the given address on the given network using tls.Dial and then returns a new Conn for the connection.

func DialURL Uses

func DialURL(addr string) (*Conn, error)

DialURL connects to the given ldap URL vie TCP using tls.Dial or net.Dial if ldaps:// or ldap:// specified as protocol. On success a new Conn for the connection is returned.

func NewConn Uses

func NewConn(conn net.Conn, isTLS bool) *Conn

NewConn returns a new Conn using conn for network I/O.

func (*Conn) Add Uses

func (l *Conn) Add(addRequest *AddRequest) error

Add performs the given AddRequest

func (*Conn) Bind Uses

func (l *Conn) Bind(username, password string) error

Bind performs a bind with the given username and password.

It does not allow unauthenticated bind (i.e. empty password). Use the UnauthenticatedBind method for that.

ExampleConn_Bind demonstrates how to bind a connection to an ldap user allowing access to restricted attributes that user has access to

Code:

l, err := Dial("tcp", fmt.Sprintf("%s:%d", "ldap.example.com", 389))
if err != nil {
    log.Fatal(err)
}
defer l.Close()

err = l.Bind("cn=read-only-admin,dc=example,dc=com", "password")
if err != nil {
    log.Fatal(err)
}

func (*Conn) Close Uses

func (l *Conn) Close()

Close closes the connection.

func (*Conn) Compare Uses

func (l *Conn) Compare(dn, attribute, value string) (bool, error)

Compare checks to see if the attribute of the dn matches value. Returns true if it does otherwise false with any error that occurs if any.

ExampleConn_Compare demonstrates how to compare an attribute with a value

Code:

l, err := Dial("tcp", fmt.Sprintf("%s:%d", "ldap.example.com", 389))
if err != nil {
    log.Fatal(err)
}
defer l.Close()

matched, err := l.Compare("cn=user,dc=example,dc=com", "uid", "someuserid")
if err != nil {
    log.Fatal(err)
}

fmt.Println(matched)

func (*Conn) Del Uses

func (l *Conn) Del(delRequest *DelRequest) error

Del executes the given delete request

func (*Conn) IsClosing Uses

func (l *Conn) IsClosing() bool

IsClosing returns whether or not we're currently closing.

func (*Conn) Modify Uses

func (l *Conn) Modify(modifyRequest *ModifyRequest) error

Modify performs the ModifyRequest

Code:

l, err := Dial("tcp", fmt.Sprintf("%s:%d", "ldap.example.com", 389))
if err != nil {
    log.Fatal(err)
}
defer l.Close()

// Add a description, and replace the mail attributes
modify := NewModifyRequest("cn=user,dc=example,dc=com", nil)
modify.Add("description", []string{"An example user"})
modify.Replace("mail", []string{"user@example.org"})

err = l.Modify(modify)
if err != nil {
    log.Fatal(err)
}

func (*Conn) ModifyDN Uses

func (l *Conn) ModifyDN(m *ModifyDNRequest) error

ModifyDN renames the given DN and optionally move to another base (when the "newSup" argument to NewModifyDNRequest() is not "").

ExampleConn_ModifyDN_moveOnly shows how to move an entry to a new base without renaming the RDN

Code:

conn, err := Dial("tcp", "ldap.example.org:389")
if err != nil {
    log.Fatalf("Failed to connect: %s\n", err)
}
defer conn.Close()

_, err = conn.SimpleBind(&SimpleBindRequest{
    Username: "uid=someone,ou=people,dc=example,dc=org",
    Password: "MySecretPass",
})
if err != nil {
    log.Fatalf("Failed to bind: %s\n", err)
}
// move to ou=users,dc=example,dc=org -> uid=user,ou=users,dc=example,dc=org
req := NewModifyDNRequest("uid=user,ou=people,dc=example,dc=org", "uid=user", true, "ou=users,dc=example,dc=org")
if err = conn.ModifyDN(req); err != nil {
    log.Fatalf("Failed to call ModifyDN(): %s\n", err)
}

ExampleConn_ModifyDN_renameAndMove shows how to rename an entry and moving it to a new base

Code:

conn, err := Dial("tcp", "ldap.example.org:389")
if err != nil {
    log.Fatalf("Failed to connect: %s\n", err)
}
defer conn.Close()

_, err = conn.SimpleBind(&SimpleBindRequest{
    Username: "uid=someone,ou=people,dc=example,dc=org",
    Password: "MySecretPass",
})
if err != nil {
    log.Fatalf("Failed to bind: %s\n", err)
}
// rename to uid=new,ou=people,dc=example,dc=org and move to ou=users,dc=example,dc=org ->
// uid=new,ou=users,dc=example,dc=org
req := NewModifyDNRequest("uid=user,ou=people,dc=example,dc=org", "uid=new", true, "ou=users,dc=example,dc=org")

if err = conn.ModifyDN(req); err != nil {
    log.Fatalf("Failed to call ModifyDN(): %s\n", err)
}

ExampleConn_ModifyDN_renameNoMove shows how to rename an entry without moving it

Code:

conn, err := Dial("tcp", "ldap.example.org:389")
if err != nil {
    log.Fatalf("Failed to connect: %s\n", err)
}
defer conn.Close()

_, err = conn.SimpleBind(&SimpleBindRequest{
    Username: "uid=someone,ou=people,dc=example,dc=org",
    Password: "MySecretPass",
})
if err != nil {
    log.Fatalf("Failed to bind: %s\n", err)
}
// just rename to uid=new,ou=people,dc=example,dc=org:
req := NewModifyDNRequest("uid=user,ou=people,dc=example,dc=org", "uid=new", true, "")
if err = conn.ModifyDN(req); err != nil {
    log.Fatalf("Failed to call ModifyDN(): %s\n", err)
}

func (*Conn) PasswordModify Uses

func (l *Conn) PasswordModify(passwordModifyRequest *PasswordModifyRequest) (*PasswordModifyResult, error)

PasswordModify performs the modification request

Code:

l, err := Dial("tcp", fmt.Sprintf("%s:%d", "ldap.example.com", 389))
if err != nil {
    log.Fatal(err)
}
defer l.Close()

err = l.Bind("cn=admin,dc=example,dc=com", "password")
if err != nil {
    log.Fatal(err)
}

passwordModifyRequest := NewPasswordModifyRequest("cn=user,dc=example,dc=com", "", "NewPassword")
_, err = l.PasswordModify(passwordModifyRequest)

if err != nil {
    log.Fatalf("Password could not be changed: %s", err.Error())
}

Code:

l, err := Dial("tcp", fmt.Sprintf("%s:%d", "ldap.example.com", 389))
if err != nil {
    log.Fatal(err)
}
defer l.Close()

err = l.Bind("cn=user,dc=example,dc=com", "password")
if err != nil {
    log.Fatal(err)
}

passwordModifyRequest := NewPasswordModifyRequest("", "OldPassword", "")
passwordModifyResponse, err := l.PasswordModify(passwordModifyRequest)
if err != nil {
    log.Fatalf("Password could not be changed: %s", err.Error())
}

generatedPassword := passwordModifyResponse.GeneratedPassword
log.Printf("Generated password: %s\n", generatedPassword)

Code:

l, err := Dial("tcp", fmt.Sprintf("%s:%d", "ldap.example.com", 389))
if err != nil {
    log.Fatal(err)
}
defer l.Close()

err = l.Bind("cn=user,dc=example,dc=com", "password")
if err != nil {
    log.Fatal(err)
}

passwordModifyRequest := NewPasswordModifyRequest("", "OldPassword", "NewPassword")
_, err = l.PasswordModify(passwordModifyRequest)

if err != nil {
    log.Fatalf("Password could not be changed: %s", err.Error())
}

func (*Conn) Search Uses

func (l *Conn) Search(searchRequest *SearchRequest) (*SearchResult, error)

Search performs the given search request

func (*Conn) SearchWithPaging Uses

func (l *Conn) SearchWithPaging(searchRequest *SearchRequest, pagingSize uint32) (*SearchResult, error)

SearchWithPaging accepts a search request and desired page size in order to execute LDAP queries to fulfill the search request. All paged LDAP query responses will be buffered and the final result will be returned atomically. The following four cases are possible given the arguments:

- given SearchRequest missing a control of type ControlTypePaging: we will add one with the desired paging size
- given SearchRequest contains a control of type ControlTypePaging that isn't actually a ControlPaging: fail without issuing any queries
- given SearchRequest contains a control of type ControlTypePaging with pagingSize equal to the size requested: no change to the search request
- given SearchRequest contains a control of type ControlTypePaging with pagingSize not equal to the size requested: fail without issuing any queries

A requested pagingSize of 0 is interpreted as no limit by LDAP servers.

func (*Conn) SetTimeout Uses

func (l *Conn) SetTimeout(timeout time.Duration)

SetTimeout sets the time after a request is sent that a MessageTimeout triggers

func (*Conn) SimpleBind Uses

func (l *Conn) SimpleBind(simpleBindRequest *SimpleBindRequest) (*SimpleBindResult, error)

SimpleBind performs the simple bind operation defined in the given request

func (*Conn) Start Uses

func (l *Conn) Start()

Start initializes goroutines to read responses and process messages

func (*Conn) StartTLS Uses

func (l *Conn) StartTLS(config *tls.Config) error

StartTLS sends the command to start a TLS session and then creates a new TLS Client

ExampleStartTLS demonstrates how to start a TLS connection

Code:

l, err := Dial("tcp", fmt.Sprintf("%s:%d", "ldap.example.com", 389))
if err != nil {
    log.Fatal(err)
}
defer l.Close()

// Reconnect with TLS
err = l.StartTLS(&tls.Config{InsecureSkipVerify: true})
if err != nil {
    log.Fatal(err)
}

// Operations via l are now encrypted

func (*Conn) TLSConnectionState Uses

func (l *Conn) TLSConnectionState() (state tls.ConnectionState, ok bool)

TLSConnectionState returns the client's TLS connection state. The return values are their zero values if StartTLS did not succeed.

func (*Conn) UnauthenticatedBind Uses

func (l *Conn) UnauthenticatedBind(username string) error

UnauthenticatedBind performs an unauthenticated bind.

A username may be provided for trace (e.g. logging) purpose only, but it is normally not authenticated or otherwise validated by the LDAP server.

See https://tools.ietf.org/html/rfc4513#section-5.1.2 . See https://tools.ietf.org/html/rfc4513#section-6.3.1 .

type Control Uses

type Control interface {
    // GetControlType returns the OID
    GetControlType() string
    // Encode returns the ber packet representation
    Encode() *ber.Packet
    // String returns a human-readable description
    String() string
}

Control defines an interface controls provide to encode and describe themselves

func DecodeControl Uses

func DecodeControl(packet *ber.Packet) (Control, error)

DecodeControl returns a control read from the given packet, or nil if no recognized control can be made

func FindControl Uses

func FindControl(controls []Control, controlType string) Control

FindControl returns the first control of the given type in the list, or nil

type ControlBeheraPasswordPolicy Uses

type ControlBeheraPasswordPolicy struct {
    // Expire contains the number of seconds before a password will expire
    Expire int64
    // Grace indicates the remaining number of times a user will be allowed to authenticate with an expired password
    Grace int64
    // Error indicates the error code
    Error int8
    // ErrorString is a human readable error
    ErrorString string
}

ControlBeheraPasswordPolicy implements the control described in https://tools.ietf.org/html/draft-behera-ldap-password-policy-10

func NewControlBeheraPasswordPolicy Uses

func NewControlBeheraPasswordPolicy() *ControlBeheraPasswordPolicy

NewControlBeheraPasswordPolicy returns a ControlBeheraPasswordPolicy

func (*ControlBeheraPasswordPolicy) Encode Uses

func (c *ControlBeheraPasswordPolicy) Encode() *ber.Packet

Encode returns the ber packet representation

func (*ControlBeheraPasswordPolicy) GetControlType Uses

func (c *ControlBeheraPasswordPolicy) GetControlType() string

GetControlType returns the OID

func (*ControlBeheraPasswordPolicy) String Uses

func (c *ControlBeheraPasswordPolicy) String() string

String returns a human-readable description

type ControlManageDsaIT Uses

type ControlManageDsaIT struct {
    // Criticality indicates if this control is required
    Criticality bool
}

ControlManageDsaIT implements the control described in https://tools.ietf.org/html/rfc3296

func NewControlManageDsaIT Uses

func NewControlManageDsaIT(Criticality bool) *ControlManageDsaIT

NewControlManageDsaIT returns a ControlManageDsaIT control

func (*ControlManageDsaIT) Encode Uses

func (c *ControlManageDsaIT) Encode() *ber.Packet

Encode returns the ber packet representation

func (*ControlManageDsaIT) GetControlType Uses

func (c *ControlManageDsaIT) GetControlType() string

GetControlType returns the OID

func (*ControlManageDsaIT) String Uses

func (c *ControlManageDsaIT) String() string

String returns a human-readable description

type ControlMicrosoftNotification Uses

type ControlMicrosoftNotification struct{}

ControlMicrosoftNotification implements the control described in https://msdn.microsoft.com/en-us/library/aa366983(v=vs.85).aspx

func NewControlMicrosoftNotification Uses

func NewControlMicrosoftNotification() *ControlMicrosoftNotification

NewControlMicrosoftNotification returns a ControlMicrosoftNotification control

func (*ControlMicrosoftNotification) Encode Uses

func (c *ControlMicrosoftNotification) Encode() *ber.Packet

Encode returns the ber packet representation

func (*ControlMicrosoftNotification) GetControlType Uses

func (c *ControlMicrosoftNotification) GetControlType() string

GetControlType returns the OID

func (*ControlMicrosoftNotification) String Uses

func (c *ControlMicrosoftNotification) String() string

String returns a human-readable description

type ControlMicrosoftShowDeleted Uses

type ControlMicrosoftShowDeleted struct{}

ControlMicrosoftShowDeleted implements the control described in https://msdn.microsoft.com/en-us/library/aa366989(v=vs.85).aspx

func NewControlMicrosoftShowDeleted Uses

func NewControlMicrosoftShowDeleted() *ControlMicrosoftShowDeleted

NewControlMicrosoftShowDeleted returns a ControlMicrosoftShowDeleted control

func (*ControlMicrosoftShowDeleted) Encode Uses

func (c *ControlMicrosoftShowDeleted) Encode() *ber.Packet

Encode returns the ber packet representation

func (*ControlMicrosoftShowDeleted) GetControlType Uses

func (c *ControlMicrosoftShowDeleted) GetControlType() string

GetControlType returns the OID

func (*ControlMicrosoftShowDeleted) String Uses

func (c *ControlMicrosoftShowDeleted) String() string

String returns a human-readable description

type ControlPaging Uses

type ControlPaging struct {
    // PagingSize indicates the page size
    PagingSize uint32
    // Cookie is an opaque value returned by the server to track a paging cursor
    Cookie []byte
}

ControlPaging implements the paging control described in https://www.ietf.org/rfc/rfc2696.txt

This example demonstrates how to use ControlPaging to manually execute a paginated search request instead of using SearchWithPaging.

Code:

conn, err := Dial("tcp", fmt.Sprintf("%s:%d", "ldap.example.com", 389))
if err != nil {
    log.Fatal(err)
}
defer conn.Close()

var pageSize uint32 = 32
searchBase := "dc=example,dc=com"
filter := "(objectClass=group)"
pagingControl := NewControlPaging(pageSize)
attributes := []string{}
controls := []Control{pagingControl}

for {
    request := NewSearchRequest(searchBase, ScopeWholeSubtree, DerefAlways, 0, 0, false, filter, attributes, controls)
    response, err := conn.Search(request)
    if err != nil {
        log.Fatalf("Failed to execute search request: %s", err.Error())
    }

    // [do something with the response entries]

    // In order to prepare the next request, we check if the response
    // contains another ControlPaging object and a not-empty cookie and
    // copy that cookie into our pagingControl object:
    updatedControl := FindControl(response.Controls, ControlTypePaging)
    if ctrl, ok := updatedControl.(*ControlPaging); ctrl != nil && ok && len(ctrl.Cookie) != 0 {
        pagingControl.SetCookie(ctrl.Cookie)
        continue
    }
    // If no new paging information is available or the cookie is empty, we
    // are done with the pagination.
    break
}

func NewControlPaging Uses

func NewControlPaging(pagingSize uint32) *ControlPaging

NewControlPaging returns a paging control

func (*ControlPaging) Encode Uses

func (c *ControlPaging) Encode() *ber.Packet

Encode returns the ber packet representation

func (*ControlPaging) GetControlType Uses

func (c *ControlPaging) GetControlType() string

GetControlType returns the OID

func (*ControlPaging) SetCookie Uses

func (c *ControlPaging) SetCookie(cookie []byte)

SetCookie stores the given cookie in the paging control

func (*ControlPaging) String Uses

func (c *ControlPaging) String() string

String returns a human-readable description

type ControlString Uses

type ControlString struct {
    ControlType  string
    Criticality  bool
    ControlValue string
}

ControlString implements the Control interface for simple controls

func NewControlString Uses

func NewControlString(controlType string, criticality bool, controlValue string) *ControlString

NewControlString returns a generic control

func (*ControlString) Encode Uses

func (c *ControlString) Encode() *ber.Packet

Encode returns the ber packet representation

func (*ControlString) GetControlType Uses

func (c *ControlString) GetControlType() string

GetControlType returns the OID

func (*ControlString) String Uses

func (c *ControlString) String() string

String returns a human-readable description

type ControlVChuPasswordMustChange Uses

type ControlVChuPasswordMustChange struct {
    // MustChange indicates if the password is required to be changed
    MustChange bool
}

ControlVChuPasswordMustChange implements the control described in https://tools.ietf.org/html/draft-vchu-ldap-pwd-policy-00

func (*ControlVChuPasswordMustChange) Encode Uses

func (c *ControlVChuPasswordMustChange) Encode() *ber.Packet

Encode returns the ber packet representation

func (*ControlVChuPasswordMustChange) GetControlType Uses

func (c *ControlVChuPasswordMustChange) GetControlType() string

GetControlType returns the OID

func (*ControlVChuPasswordMustChange) String Uses

func (c *ControlVChuPasswordMustChange) String() string

String returns a human-readable description

type ControlVChuPasswordWarning Uses

type ControlVChuPasswordWarning struct {
    // Expire indicates the time in seconds until the password expires
    Expire int64
}

ControlVChuPasswordWarning implements the control described in https://tools.ietf.org/html/draft-vchu-ldap-pwd-policy-00

func (*ControlVChuPasswordWarning) Encode Uses

func (c *ControlVChuPasswordWarning) Encode() *ber.Packet

Encode returns the ber packet representation

func (*ControlVChuPasswordWarning) GetControlType Uses

func (c *ControlVChuPasswordWarning) GetControlType() string

GetControlType returns the OID

func (*ControlVChuPasswordWarning) String Uses

func (c *ControlVChuPasswordWarning) String() string

String returns a human-readable description

type DN Uses

type DN struct {
    RDNs []*RelativeDN
}

DN represents a distinguishedName from https://tools.ietf.org/html/rfc4514

func ParseDN Uses

func ParseDN(str string) (*DN, error)

ParseDN returns a distinguishedName or an error

func (*DN) AncestorOf Uses

func (d *DN) AncestorOf(other *DN) bool

AncestorOf returns true if the other DN consists of at least one RDN followed by all the RDNs of the current DN. "ou=widgets,o=acme.com" is an ancestor of "ou=sprockets,ou=widgets,o=acme.com" "ou=widgets,o=acme.com" is not an ancestor of "ou=sprockets,ou=widgets,o=foo.com" "ou=widgets,o=acme.com" is not an ancestor of "ou=widgets,o=acme.com"

func (*DN) Equal Uses

func (d *DN) Equal(other *DN) bool

Equal returns true if the DNs are equal as defined by rfc4517 4.2.15 (distinguishedNameMatch). Returns true if they have the same number of relative distinguished names and corresponding relative distinguished names (by position) are the same.

type DelRequest Uses

type DelRequest struct {
    // DN is the name of the directory entry to delete
    DN  string
    // Controls hold optional controls to send with the request
    Controls []Control
}

DelRequest implements an LDAP deletion request

func NewDelRequest Uses

func NewDelRequest(DN string,
    Controls []Control) *DelRequest

NewDelRequest creates a delete request for the given DN and controls

type Entry Uses

type Entry struct {
    // DN is the distinguished name of the entry
    DN  string
    // Attributes are the returned attributes for the entry
    Attributes []*EntryAttribute
}

Entry represents a single search result entry

func NewEntry Uses

func NewEntry(dn string, attributes map[string][]string) *Entry

NewEntry returns an Entry object with the specified distinguished name and attribute key-value pairs. The map of attributes is accessed in alphabetical order of the keys in order to ensure that, for the same input map of attributes, the output entry will contain the same order of attributes

func (*Entry) GetAttributeValue Uses

func (e *Entry) GetAttributeValue(attribute string) string

GetAttributeValue returns the first value for the named attribute, or ""

func (*Entry) GetAttributeValues Uses

func (e *Entry) GetAttributeValues(attribute string) []string

GetAttributeValues returns the values for the named attribute, or an empty list

func (*Entry) GetRawAttributeValue Uses

func (e *Entry) GetRawAttributeValue(attribute string) []byte

GetRawAttributeValue returns the first value for the named attribute, or an empty slice

func (*Entry) GetRawAttributeValues Uses

func (e *Entry) GetRawAttributeValues(attribute string) [][]byte

GetRawAttributeValues returns the byte values for the named attribute, or an empty list

func (*Entry) PrettyPrint Uses

func (e *Entry) PrettyPrint(indent int)

PrettyPrint outputs a human-readable description indenting

func (*Entry) Print Uses

func (e *Entry) Print()

Print outputs a human-readable description

type EntryAttribute Uses

type EntryAttribute struct {
    // Name is the name of the attribute
    Name string
    // Values contain the string values of the attribute
    Values []string
    // ByteValues contain the raw values of the attribute
    ByteValues [][]byte
}

EntryAttribute holds a single attribute

func NewEntryAttribute Uses

func NewEntryAttribute(name string, values []string) *EntryAttribute

NewEntryAttribute returns a new EntryAttribute with the desired key-value pair

func (*EntryAttribute) PrettyPrint Uses

func (e *EntryAttribute) PrettyPrint(indent int)

PrettyPrint outputs a human-readable description with indenting

func (*EntryAttribute) Print Uses

func (e *EntryAttribute) Print()

Print outputs a human-readable description

type Error Uses

type Error struct {
    // Err is the underlying error
    Err error
    // ResultCode is the LDAP error code
    ResultCode uint16
    // MatchedDN is the matchedDN returned if any
    MatchedDN string
}

Error holds LDAP error information

func (*Error) Error Uses

func (e *Error) Error() string

type ModifyDNRequest Uses

type ModifyDNRequest struct {
    DN           string
    NewRDN       string
    DeleteOldRDN bool
    NewSuperior  string
}

ModifyDNRequest holds the request to modify a DN

func NewModifyDNRequest Uses

func NewModifyDNRequest(dn string, rdn string, delOld bool, newSup string) *ModifyDNRequest

NewModifyDNRequest creates a new request which can be passed to ModifyDN().

To move an object in the tree, set the "newSup" to the new parent entry DN. Use an empty string for just changing the object's RDN.

For moving the object without renaming, the "rdn" must be the first RDN of the given DN.

A call like

mdnReq := NewModifyDNRequest("uid=someone,dc=example,dc=org", "uid=newname", true, "")

will setup the request to just rename uid=someone,dc=example,dc=org to uid=newname,dc=example,dc=org.

type ModifyRequest Uses

type ModifyRequest struct {
    // DN is the distinguishedName of the directory entry to modify
    DN  string
    // Changes contain the attributes to modify
    Changes []Change
    // Controls hold optional controls to send with the request
    Controls []Control
}

ModifyRequest as defined in https://tools.ietf.org/html/rfc4511

func NewModifyRequest Uses

func NewModifyRequest(
    dn string,
    controls []Control,
) *ModifyRequest

NewModifyRequest creates a modify request for the given DN

func (*ModifyRequest) Add Uses

func (m *ModifyRequest) Add(attrType string, attrVals []string)

Add appends the given attribute to the list of changes to be made

func (*ModifyRequest) Delete Uses

func (m *ModifyRequest) Delete(attrType string, attrVals []string)

Delete appends the given attribute to the list of changes to be made

func (*ModifyRequest) Replace Uses

func (m *ModifyRequest) Replace(attrType string, attrVals []string)

Replace appends the given attribute to the list of changes to be made

type PacketResponse Uses

type PacketResponse struct {
    // Packet is the packet read from the server
    Packet *ber.Packet
    // Error is an error encountered while reading
    Error error
}

PacketResponse contains the packet or error encountered reading a response

func (*PacketResponse) ReadPacket Uses

func (pr *PacketResponse) ReadPacket() (*ber.Packet, error)

ReadPacket returns the packet or an error

type PartialAttribute Uses

type PartialAttribute struct {
    // Type is the type of the partial attribute
    Type string
    // Vals are the values of the partial attribute
    Vals []string
}

PartialAttribute for a ModifyRequest as defined in https://tools.ietf.org/html/rfc4511

type PasswordModifyRequest Uses

type PasswordModifyRequest struct {
    // UserIdentity is an optional string representation of the user associated with the request.
    // This string may or may not be an LDAPDN [RFC2253].
    // If no UserIdentity field is present, the request acts up upon the password of the user currently associated with the LDAP session
    UserIdentity string
    // OldPassword, if present, contains the user's current password
    OldPassword string
    // NewPassword, if present, contains the desired password for this user
    NewPassword string
}

PasswordModifyRequest implements the Password Modify Extended Operation as defined in https://www.ietf.org/rfc/rfc3062.txt

func NewPasswordModifyRequest Uses

func NewPasswordModifyRequest(userIdentity string, oldPassword string, newPassword string) *PasswordModifyRequest

NewPasswordModifyRequest creates a new PasswordModifyRequest

According to the RFC 3602: userIdentity is a string representing the user associated with the request. This string may or may not be an LDAPDN (RFC 2253). If userIdentity is empty then the operation will act on the user associated with the session.

oldPassword is the current user's password, it can be empty or it can be needed depending on the session user access rights (usually an administrator can change a user's password without knowing the current one) and the password policy (see pwdSafeModify password policy's attribute)

newPassword is the desired user's password. If empty the server can return an error or generate a new password that will be available in the PasswordModifyResult.GeneratedPassword

type PasswordModifyResult Uses

type PasswordModifyResult struct {
    // GeneratedPassword holds a password generated by the server, if present
    GeneratedPassword string
    // Referral are the returned referral
    Referral string
}

PasswordModifyResult holds the server response to a PasswordModifyRequest

type RelativeDN Uses

type RelativeDN struct {
    Attributes []*AttributeTypeAndValue
}

RelativeDN represents a relativeDistinguishedName from https://tools.ietf.org/html/rfc4514

func (*RelativeDN) Equal Uses

func (r *RelativeDN) Equal(other *RelativeDN) bool

Equal returns true if the RelativeDNs are equal as defined by rfc4517 4.2.15 (distinguishedNameMatch). Relative distinguished names are the same if and only if they have the same number of AttributeTypeAndValues and each attribute of the first RDN is the same as the attribute of the second RDN with the same attribute type. The order of attributes is not significant. Case of attribute types is not significant.

type SearchRequest Uses

type SearchRequest struct {
    BaseDN       string
    Scope        int
    DerefAliases int
    SizeLimit    int
    TimeLimit    int
    TypesOnly    bool
    Filter       string
    Attributes   []string
    Controls     []Control
}

SearchRequest represents a search request to send to the server

func NewSearchRequest Uses

func NewSearchRequest(
    BaseDN string,
    Scope, DerefAliases, SizeLimit, TimeLimit int,
    TypesOnly bool,
    Filter string,
    Attributes []string,
    Controls []Control,
) *SearchRequest

NewSearchRequest creates a new search request

type SearchResult Uses

type SearchResult struct {
    // Entries are the returned entries
    Entries []*Entry
    // Referrals are the returned referrals
    Referrals []string
    // Controls are the returned controls
    Controls []Control
}

SearchResult holds the server's response to a search request

func (*SearchResult) PrettyPrint Uses

func (s *SearchResult) PrettyPrint(indent int)

PrettyPrint outputs a human-readable description with indenting

func (*SearchResult) Print Uses

func (s *SearchResult) Print()

Print outputs a human-readable description

type SimpleBindRequest Uses

type SimpleBindRequest struct {
    // Username is the name of the Directory object that the client wishes to bind as
    Username string
    // Password is the credentials to bind with
    Password string
    // Controls are optional controls to send with the bind request
    Controls []Control
    // AllowEmptyPassword sets whether the client allows binding with an empty password
    // (normally used for unauthenticated bind).
    AllowEmptyPassword bool
}

SimpleBindRequest represents a username/password bind operation

func NewSimpleBindRequest Uses

func NewSimpleBindRequest(username string, password string, controls []Control) *SimpleBindRequest

NewSimpleBindRequest returns a bind request

type SimpleBindResult Uses

type SimpleBindResult struct {
    Controls []Control
}

SimpleBindResult contains the response from the server

Package ldap imports 18 packages (graph) and is imported by 22 packages. Updated 2019-06-10. Refresh now. Tools for package owners.