Ejemplo n.º 1
0
func NewLDAPClient(ldapUri, bindDn, bindPass string, searchBase ...string) (ad *LDAPClient, err error) {
	protoHostPort := strings.Split(ldapUri, "://")
	if len(protoHostPort) != 2 {
		err = fmt.Errorf("Invalid LDAP URI: %s", ldapUri)
		return
	}

	ad = &LDAPClient{URI: ldapUri}

	if protoHostPort[0] == "ldaps" {
		ad.Conn, err = ldap.DialTLS("tcp", protoHostPort[1], &tls.Config{InsecureSkipVerify: true})
	} else {
		//no ssl port 389
		ad.Conn, err = ldap.Dial("tcp", protoHostPort[1])
	}
	if err != nil {
		return
	}

	if len(searchBase) > 0 {
		ad.DefaultSearchBase = searchBase[0]
	}
	err = ad.Bind(bindDn, bindPass)
	return
}
Ejemplo n.º 2
0
func (a *ldapAuther) Dial() error {
	var err error
	var certPool *x509.CertPool
	if a.server.RootCACert != "" {
		certPool := x509.NewCertPool()
		for _, caCertFile := range strings.Split(a.server.RootCACert, " ") {
			if pem, err := ioutil.ReadFile(caCertFile); err != nil {
				return err
			} else {
				if !certPool.AppendCertsFromPEM(pem) {
					return errors.New("Failed to append CA certificate " + caCertFile)
				}
			}
		}
	}
	for _, host := range strings.Split(a.server.Host, " ") {
		address := fmt.Sprintf("%s:%d", host, a.server.Port)
		if a.server.UseSSL {
			tlsCfg := &tls.Config{
				InsecureSkipVerify: a.server.SkipVerifySSL,
				ServerName:         host,
				RootCAs:            certPool,
			}
			a.conn, err = ldap.DialTLS("tcp", address, tlsCfg)
		} else {
			a.conn, err = ldap.Dial("tcp", address)
		}

		if err == nil {
			return nil
		}
	}
	return err
}
Ejemplo n.º 3
0
func (a *ldapAuther) Dial() error {
	address := fmt.Sprintf("%s:%d", a.server.Host, a.server.Port)
	var err error
	if a.server.UseSSL {
		a.conn, err = ldap.DialTLS("tcp", address, nil)
	} else {
		a.conn, err = ldap.Dial("tcp", address)
	}

	return err
}
Ejemplo n.º 4
0
func (lc *LDAPClient) ConnectAndBind() (err error) {
	if strings.HasPrefix(lc.URI, "ldaps") {
		lc.LdapConn, err = ldap.DialTLS("tcp", lc.hostPort, &tls.Config{InsecureSkipVerify: true})
	} else {
		//no ssl port 389
		lc.LdapConn, err = ldap.Dial("tcp", lc.hostPort)
	}
	if err != nil {
		return
	}
	err = lc.LdapConn.Bind(lc.UserBindDN, lc.UserBindPass)
	return
}
Ejemplo n.º 5
0
func (c *ConfigEntry) DialLDAP() (*ldap.Conn, error) {

	u, err := url.Parse(c.Url)
	if err != nil {
		return nil, err
	}
	host, port, err := net.SplitHostPort(u.Host)
	if err != nil {
		host = u.Host
	}

	var conn *ldap.Conn
	var tlsConfig *tls.Config
	switch u.Scheme {
	case "ldap":
		if port == "" {
			port = "389"
		}
		conn, err = ldap.Dial("tcp", host+":"+port)
		if err != nil {
			break
		}
		if conn == nil {
			err = fmt.Errorf("empty connection after dialing")
			break
		}
		if c.StartTLS {
			tlsConfig, err = c.GetTLSConfig(host)
			if err != nil {
				break
			}
			err = conn.StartTLS(tlsConfig)
		}
	case "ldaps":
		if port == "" {
			port = "636"
		}
		tlsConfig, err = c.GetTLSConfig(host)
		if err != nil {
			break
		}
		conn, err = ldap.DialTLS("tcp", host+":"+port, tlsConfig)
	default:
		return nil, fmt.Errorf("invalid LDAP scheme")
	}
	if err != nil {
		return nil, fmt.Errorf("cannot connect to LDAP: %v", err)
	}

	return conn, nil
}
Ejemplo n.º 6
0
func (a *ldapAuther) Dial() error {
	address := fmt.Sprintf("%s:%d", a.server.Host, a.server.Port)
	var err error
	if a.server.UseSSL {
		tlsCfg := &tls.Config{
			InsecureSkipVerify: a.server.SkipVerifySSL,
			ServerName:         a.server.Host,
		}
		a.conn, err = ldap.DialTLS("tcp", address, tlsCfg)
	} else {
		a.conn, err = ldap.Dial("tcp", address)
	}

	return err
}
Ejemplo n.º 7
0
func initLdap() (*ldap.Conn, error) {
	l, err := ldap.DialTLS(
		"tcp",
		fmt.Sprintf("%s:%d", ldapServer, ldapPort),
		&tls.Config{InsecureSkipVerify: true},
	)
	if err != nil {
		return nil, err
	}
	err = l.Bind(user, passwd)
	if err != nil {
		return nil, err
	}
	return l, nil
}
Ejemplo n.º 8
0
func (sua *LdapAuthConfig) connect() (*ldap.Conn, error) {
	if sua.Tls {
		tlsConfig := &tls.Config{
			ServerName: sua.Host,
		}
		if sua.Insecure {
			tlsConfig = &tls.Config{
				InsecureSkipVerify: true,
			}
		}
		l, err := ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", sua.Host, sua.Port), tlsConfig)
		return l, err
	} else {
		l, err := ldap.Dial("tcp", fmt.Sprintf("%s:%d", sua.Host, sua.Port))
		return l, err
	}
}
Ejemplo n.º 9
0
//Connect returns an open connection to an Active Directory server specified by the given config
func (c *Config) Connect() (*ldap.Conn, error) {
	if c.TLSConfig == nil {
		c.TLSConfig = &tls.Config{
			ServerName: c.Server,
		}
	}

	switch c.Security {
	case SecurityNone:
		conn, err := ldap.Dial("tcp", fmt.Sprintf("%s:%d", c.Server, c.Port))
		if err != nil {
			if c.Debug {
				log.Printf("DEBUG: LDAP Error %v\n", err)
			}
			return nil, err
		}
		return conn, nil
	case SecurityTLS:
		conn, err := ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", c.Server, c.Port), c.TLSConfig)
		if err != nil {
			if c.Debug {
				log.Printf("DEBUG: LDAP Error %v\n", err)
			}
			return nil, err
		}
		return conn, nil
	case SecurityStartTLS:
		conn, err := ldap.Dial("tcp", fmt.Sprintf("%s:%d", c.Server, c.Port))
		if err != nil {
			if c.Debug {
				log.Printf("DEBUG: LDAP Error %v\n", err)
			}
			return nil, err
		}
		err = conn.StartTLS(c.TLSConfig)
		if err != nil {
			if c.Debug {
				log.Printf("DEBUG: LDAP Error %v\n", err)
			}
			return nil, err
		}
		return conn, nil
	default:
		return nil, ConfigError("Invalid Security setting")
	}
}
Ejemplo n.º 10
0
// Connect returns an established LDAP connection, or an error if the connection could not
// be made (or successfully upgraded to TLS). If no error is returned, the caller is responsible for
// closing the connection
func (l *LDAPClientConfig) Connect() (*ldap.Conn, error) {
	tlsConfig := l.TLSConfig

	// Ensure tlsConfig specifies the server we're connecting to
	if tlsConfig != nil && !tlsConfig.InsecureSkipVerify && len(tlsConfig.ServerName) == 0 {
		// Add to a copy of the tlsConfig to avoid mutating the original
		c := *tlsConfig
		if host, _, err := net.SplitHostPort(l.Host); err == nil {
			c.ServerName = host
		} else {
			c.ServerName = l.Host
		}
		tlsConfig = &c
	}

	switch l.Scheme {
	case SchemeLDAP:
		con, err := ldap.Dial("tcp", l.Host)
		if err != nil {
			return nil, err
		}

		// If an insecure connection is desired, we're done
		if l.Insecure {
			return con, nil
		}

		// Attempt to upgrade to TLS
		if err := con.StartTLS(tlsConfig); err != nil {
			// We're returning an error on a successfully opened connection
			// We are responsible for closing the open connection
			con.Close()
			return nil, err
		}

		return con, nil

	case SchemeLDAPS:
		return ldap.DialTLS("tcp", l.Host, tlsConfig)

	default:
		return nil, fmt.Errorf("unsupported scheme %q", l.Scheme)
	}
}
Ejemplo n.º 11
0
func (la *LDAPAuth) ldapConnection() (*ldap.Conn, error) {
	var l *ldap.Conn
	var err error
	if la.config.TLS == "" || la.config.TLS == "none" || la.config.TLS == "starttls" {
		glog.V(2).Infof("Dial: starting...%s", la.config.Addr)
		l, err = ldap.Dial("tcp", fmt.Sprintf("%s", la.config.Addr))
		if err == nil && la.config.TLS == "starttls" {
			glog.V(2).Infof("StartTLS...")
			if tlserr := l.StartTLS(&tls.Config{InsecureSkipVerify: la.config.InsecureTLSSkipVerify}); tlserr != nil {
				return nil, tlserr
			}
		}
	} else if la.config.TLS == "always" {
		glog.V(2).Infof("DialTLS: starting...%s", la.config.Addr)
		l, err = ldap.DialTLS("tcp", fmt.Sprintf("%s", la.config.Addr), &tls.Config{InsecureSkipVerify: la.config.InsecureTLSSkipVerify})
	}
	if err != nil {
		return nil, err
	}
	return l, nil
}
Ejemplo n.º 12
0
func (ls *LdapSource) dial() (*ldap.Conn, error) {
	if ls.c != nil {
		return ls.c, nil
	}

	var err error
	if ls.UseSSL {
		ls.c, err = ldap.DialTLS("tcp", ls.Addr, &tls.Config{InsecureSkipVerify: true})
	} else {
		ls.c, err = ldap.Dial("tcp", ls.Addr)
	}

	if err != nil {
		log.Printf("LDAP Connect error, %s:%v", ls.Addr, err)
		ls.Enabled = false
		return nil, err
	}

	// ls.c.Debug = ls.Debug

	return ls.c, nil
}