参考:https://gocn.vip/article/669
配置:
addr:ip:389
bindUserName: cn=admin,dc=simon,dc=com
bindPassword:xxxxx
searchDn: dc=simon,dc=com
实现
参考:https://github.com/go-ldap/ldap
import (
"fmt"
"github.com/go-ldap/ldap"
)
type LDAPConfig struct {
Addr string
BindUserName string
BindPassword string
SearchDN string
}
type LDAPService struct {
Conn *ldap.Conn
Config LDAPConfig
}
func NewLDAPService(config LDAPConfig) (*LDAPService, error) {
conn, err := ldap.Dial("tcp", config.Addr)
if err != nil {
return nil, err
}
// NOTE(chenjun): 暂时先不skip verify
// err = conn.StartTLS(&tls.Config{InsecureSkipVerify: true})
// if err != nil {
// return nil, err
// }
err = conn.Bind(config.BindUserName, config.BindPassword)
if err != nil {
return nil, err
}
return &LDAPService{Conn: conn, Config: config}, nil
}
// Login 登录
func (l *LDAPService) Login(userName, password string) (bool, error) {
searchRequest := ldap.NewSearchRequest(
l.SearchDN,
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
fmt.Sprintf("(&(objectClass=inetOrgPerson)(mail=%s))", userName),
[]string{"dn"},
nil,
)
sr, err := l.Conn.Search(searchRequest)
if err != nil {
return false, err
}
if len(sr.Entries) != 1 {
return false, fmt.Errorf("User does not exist or too many entries returned")
}
userDN := sr.Entries[0].DN
err = l.Conn.Bind(userDN, password)
if err != nil {
return false, err
}
err = l.Conn.Bind(l.Config.BindUserName, l.Config.BindPassword)
if err != nil {
return false, nil
}
return true, nil
}```