78 lines
1.4 KiB
Go
78 lines
1.4 KiB
Go
|
package main
|
||
|
|
||
|
import (
|
||
|
"crypto/tls"
|
||
|
"errors"
|
||
|
"fmt"
|
||
|
|
||
|
"gopkg.in/ldap.v2"
|
||
|
)
|
||
|
|
||
|
type LDAPAuth struct {
|
||
|
Addr string
|
||
|
Port int
|
||
|
IsTLS bool
|
||
|
Base string
|
||
|
BindUsername string
|
||
|
BindPassword string
|
||
|
}
|
||
|
|
||
|
func (l LDAPAuth) checkAuth(username, password string) (res bool, err error) {
|
||
|
tlsCnf := tls.Config{InsecureSkipVerify: true}
|
||
|
|
||
|
var c *ldap.Conn
|
||
|
|
||
|
if l.IsTLS {
|
||
|
c, err = ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", l.Addr, l.Port), &tlsCnf)
|
||
|
if err != nil {
|
||
|
return false, err
|
||
|
}
|
||
|
} else {
|
||
|
c, err = ldap.Dial("tcp", fmt.Sprintf("%s:%d", l.Addr, l.Port))
|
||
|
if err != nil {
|
||
|
return false, err
|
||
|
}
|
||
|
|
||
|
// Reconnect with TLS
|
||
|
err = c.StartTLS(&tlsCnf)
|
||
|
if err != nil {
|
||
|
return false, err
|
||
|
}
|
||
|
}
|
||
|
defer c.Close()
|
||
|
|
||
|
if l.BindUsername != "" {
|
||
|
err = c.Bind(l.BindUsername, l.BindPassword)
|
||
|
if err != nil {
|
||
|
return false, err
|
||
|
}
|
||
|
}
|
||
|
|
||
|
// Search for the given username
|
||
|
searchRequest := ldap.NewSearchRequest(
|
||
|
l.Base,
|
||
|
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
|
||
|
fmt.Sprintf("(&(objectClass=person)(uid=%s))", username),
|
||
|
[]string{"dn"},
|
||
|
nil,
|
||
|
)
|
||
|
|
||
|
sr, err := c.Search(searchRequest)
|
||
|
if err != nil {
|
||
|
return false, err
|
||
|
}
|
||
|
|
||
|
if len(sr.Entries) != 1 {
|
||
|
return false, errors.New("User does not exist or too many entries returned")
|
||
|
}
|
||
|
|
||
|
userdn := sr.Entries[0].DN
|
||
|
|
||
|
err = c.Bind(userdn, password)
|
||
|
if err != nil {
|
||
|
return false, err
|
||
|
}
|
||
|
|
||
|
return true, nil
|
||
|
}
|