How to connect Ldap in Golang

藏色散人
Release: 2021-05-31 10:10:18
forward
3793 people have browsed it

The following tutorial column from golang will introduce to you how to connect Golang to Ldap. I hope it will be helpful to friends in need!

Today I will write about how Golang connects to ldap

Golang has some ldap packages, I use

go get -u "gopkg.in/ldap.v2"
Copy after login

My ldap environment:

rootdn: uid=admin,dc=wjq,dc=com password: openldap

dn: dc=wjq,dc=com
dc: wjq
objectClass: top
objectClass: domain

dn: ou=Group,dc=wjq,dc=com
ou: Group
objectClass: top
objectClass: organizationalUnit

dn: ou=People,dc=wjq,dc=com
ou: People
objectClass: top
objectClass: organizationalUnit

dn: uid=admin,dc=wjq,dc=com
uid: admin
objectClass: top
objectClass: account
Copy after login

A group and a user:

#组信息
dn: cn=test,ou=Group,dc=wjq,dc=com
gidNumber: 1003
cn: test
objectClass: posixGroup

#用户信息
dn: uid=test,ou=People,dc=wjq,dc=com
uidNumber: 1009
gidNumber: 1003
gecos: test
homeDirectory: /home/test
uid: test
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
shadowInactive: -1
shadowExpire: -1
shadowFlag: -1
objectClass: posixAccount
objectClass: shadowAccount
objectClass: account
cn: test
userPassword:: e1NTSEF9d053TWhYRTR4STJUUmpJWm5MTkF4VFlBTFhJdStaZ0Q=
shadowLastChange: 17858
Copy after login

golang processing steps are as follows:

1. ldap .Dail           #This step is the underlying connection

2. ldap.Bind                 #Similar to username and password authentication

3. Operations such as query, delete, add user

Step one: Dail

## Dail has two parameters network, address, return (*Conn, error)

network: refers to the network Protocol tcp, udp

address: It is the address to be connected to the bottom layer and needs to have a port number

con, err := ldap.Dial("tcp", "127.0.0.1:389")
Copy after login

Step 2: Authentication

Bind(rootdn, password) (error)

berror := conn.Bind("uid=admin,dc=wjq,dc=com", "openldap")
Copy after login

Step 3: Operation;

The operation is very unique, I think Maybe it is the characteristics of golang language, such as

query, ldap provides a query structure--ldap.NewSearchRequest, as long as we fill in the data and then call ldap.Search

Add, ldap Provide an added structure -- ldap.NewAddRequest, fill in the data, and then call ldap.Add

to delete, ldap provides a deletion structure -- ldap.NewDelRequest, and then call ldap.Del

User password modification, ldap provides a structure for modifying user passwords -- ldap.NewPasswordModifyRequest, and then calls ldap.PasswordModify

This is very unique, let’s take a look:

Query user group NewSearchRequest:

func NewSearchRequest(
    BaseDN string,
    Scope, DerefAliases, SizeLimit, TimeLimit int,
    TypesOnly bool,
    Filter string,
    Attributes []string,
    Controls []Control,
) *SearchRequest
Copy after login

BaseDN: According to my ldap environment, it should be ou=Group,dc=wjq,dc=com

scope: What I understand is the scope of the query. ldap is a directory tree. I General settings ldap.ScopeWholeSubtree

DerefAiases: Whether aliases (cn, ou) are discarded in search, settings: ldap.NeverDerefAliases

SizeLimit: Size settings, generally set to 0

TimeLimit: Time setting, usually set to 0

TypesOnly: Set to false (it seems to return a little more value)

Controls: It is a control that I have not used much, usually set to nil

I don’t understand these thoroughly, you can refer to: https://tools.ietf.org/html/rfc4511

The main two parameters in the query are Filter and Attributes

Filter Is the attribute value returned by the filter condition

Attributes

Create the SearchRequest structure:

srsql := ldap.NewSearchRequest("ou=Group,dc=wjq,dc=com",
                       ldap.ScopeWholeSubtree, 
                       ldap.NeverDerefAliases,
                       0,
                       0, 
                      false,
                     "(&(objectClass=posixGroup))", 
                     []string{"dn", "cn", "uid"}, 
 nil)
Copy after login

Filter: (&objectClass=posixGroup )) Find all groups and return the dn, cn, uid of each group

Filter test user group: (&(objectClass=posixGroup)(cn=test))

Filter user cn= test, or uid=test (of course baseDn is the user's): "(|(&(objectClass=posixAccount)(cn=test))(&(objectClass=posixAccount)(uid=test)))"

Execute Search and obtain the results (in cur.Entries):

cur, er := l.Search(srsql)
	if er != nil {
		log.Fatalln(er)
	}

if (len(cur.Entries) > 0){

	for _, item := range cur.Entries {

		cn := item.GetAttributeValue("cn")

		if cn == "" {
			cn = item.GetAttributeValue("uid")
		}

		fmt.Println(cn)

	}
}
Copy after login

The above are the steps of Search.

Let’s take a look at adding a user: NewAddRequest

Add

User: wujq

Password: 123456

Home directory: /home /wujq

The group it belongs to: test (id=1003)

1. First confirm the user dn I need to add: uid=wujq,ou=People,dc=wjq,dc=com

2. gidNumber is 1003

3. Because the uidNumber value is required, assume that I set it to 1010 (not used by the system)

The execution code is as follows:

sql := ldap.NewAddRequest("uid=wujq,ou=People,dc=wjq,dc=com")
sql.Attribute("uidNumber", []string{"1010"})
sql.Attribute("gidNumber", []string{"1003"})
sql.Attribute("userPassword", []string{"123456"})
sql.Attribute("homeDirectory", []string{"/home/wujq"})
sql.Attribute("cn", []string{"wujq"})
sql.Attribute("uid", []string{"wujq"})
sql.Attribute("objectClass", []string{"shadowAccount", "posixAccount", "account"})
er := ldapcon.Add(sql)
Copy after login

The above is the detailed content of How to connect Ldap in Golang. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:csdn.net
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template