Ejemplo n.º 1
0
func Authenticate(a Authorizer, url string, user string, passwd string) error {
	ldap, err := openldap.Initialize(url)

	if err != nil {
		logger.Get().Error("Failed to connect the server. error: %v", err)
		return err
	}

	ldap.SetOption(openldap.LDAP_OPT_PROTOCOL_VERSION, openldap.LDAP_VERSION3)
	if a.directory.Uid != "" {
		err = ldap.Bind(fmt.Sprintf("%s=%s,%s", a.directory.Uid, user, a.directory.Base), passwd)

		if err != nil {
			logger.Get().Error("Error binding to LDAP Server:%s. error: %v", url, err)
			return err
		}
	} else {
		if ldap.Bind(fmt.Sprintf("uid=%s,%s", user, a.directory.Base), passwd) != nil {
			err = ldap.Bind(fmt.Sprintf("cn=%s,%s", user, a.directory.Base), passwd)
			if err != nil {
				logger.Get().Error("Error binding to LDAP Server:%s. error: %v", url, err)
				return err
			}
		}
	}
	return nil
}
Ejemplo n.º 2
0
/*
 *
 * openldap example program :
 *
 *  - 1 :
 *
 *    - specify URL for LDAP connexion with user and passwd
 *    - ldap and ldaps is supported,
 *    - anonymous connexion is done with an empty user string
 *    - base (DN) is needed for many LDAP server (it depends on LDAP data design)
 *
 *  - 2 :
 *
 *    - you can set some LDAP options.
 *    - authentification with Bind()
 *
 *  - 3 : setup LDAP query search.
 *  - 4 : print search results.
 *
 */
func main() {

	var user, passwd, url, base string

	// (1) - connexion options
	url = "ldap://some.host:389/"
	// url = "ldaps://some.host:636/"
	user = "******"
	passwd = "..."
	base = ""

	ldap, err := openldap.Initialize(url)

	if err != nil {
		fmt.Printf("LDAP::Initialize() : connexion error\n")
		return
	}

	// (2.1) - options
	ldap.SetOption(openldap.LDAP_OPT_PROTOCOL_VERSION, openldap.LDAP_VERSION3)

	// (2.2) - authentification (Bind)
	err = ldap.Bind(user, passwd)
	if err != nil {
		fmt.Printf("LDAP::Bind() : bind error\n")
		fmt.Println(err)
		return
	}
	defer ldap.Close()

	// (3) : search method
	// -------------------------------------- Ldap::SearchAll() --------------------------------------
	scope := openldap.LDAP_SCOPE_SUBTREE // LDAP_SCOPE_BASE, LDAP_SCOPE_ONELEVEL, LDAP_SCOPE_SUBTREE
	filter := "cn=*admin*"
	attributes := []string{"cn", "sn", "givenname", "mail"} // leave empty for all attributes

	// SearchAll(base string, scope int, filter string, attributes []string) (*LdapSearchResult, error)
	result, err := ldap.SearchAll(base, scope, filter, attributes)

	if err != nil {
		fmt.Println(err)
		return
	}

	// (4) - print LdapSearchResult(s)
	fmt.Printf("# num results : %d\n", result.Count())
	fmt.Printf("# search : %s\n", result.Filter())
	fmt.Printf("# base : %s\n", result.Base())
	fmt.Printf("# attributes : [%s]\n", strings.Join(result.Attributes(), ", "))

	for _, entry := range result.Entries() {
		fmt.Printf("dn=%s\n", entry.Dn())
		for _, attr := range entry.Attributes() {
			fmt.Printf("%s=[%s]\n", attr.Name(), strings.Join(attr.Values(), ", "))
		}

		fmt.Printf("\n")
	}
}
Ejemplo n.º 3
0
Archivo: ldap.go Proyecto: dogeerf/tool
func initLdap() {
	url = "ldap://ldap.domain.com:1389/"
	base_dn = "ou=People,dc=dc,dc=com"

	ldap, err = openldap.Initialize(url)
	if err != nil {
		fmt.Printf("LDAP::Initialize() : connexion error\n")
		return
	}
	ldap.SetOption(openldap.LDAP_OPT_PROTOCOL_VERSION, openldap.LDAP_VERSION3)
}
Ejemplo n.º 4
0
/*

uses:
https://github.com/mqu/openldap
 *
 * openldap example program :
 *
 *  - 1 :
 *
 *    - specify URL for LDAP connexion with user and passwd
 *    - ldap and ldaps is supported,
 *    - anonymous connexion is done with an empty user string
 *    - base (DN) is needed for many LDAP server (it depends on LDAP data design)
 *
 *  - 2 :
 *
 *    - you can set some LDAP options.
 *    - authentification with Bind()
 *
 *  - 3 : setup LDAP query search.
 *  - 4 : print search results.
 *
*/
func main() {
	var user, passwd, url string

	// (1) - connexion options
	url = "ldap://*****:*****@gmial.com"}
	m["password"] = []string{"Changepwd1"}

	ldap.Add("cn=pankaj,ou=people,o=sevenSeas", m)

	fmt.Println("Successfully added an entry")

}
Ejemplo n.º 5
0
// Connect and Bind to LDAP server using self.opts
func (self *LdapSearchApp) Connect() error {

	var err error
	self.ldap, err = openldap.Initialize(self.opts.host)

	if err != nil {
		return err
	}

	//FIXME: should be an external option
	self.ldap.SetOption(openldap.LDAP_OPT_PROTOCOL_VERSION, openldap.LDAP_VERSION3)

	err = self.ldap.Bind(self.opts.user, self.opts.passwd)
	if err != nil {
		return err
	}

	return nil
}
Ejemplo n.º 6
0
func lookupLdap(username, password string) bool {
	ldap_server, _ := globalCfg.ReadString("ldap_server", "")
	dn_fmt, _ := globalCfg.ReadString("dn_fmt", "")
	ldap, err := openldap.Initialize(ldap_server)
	if err != nil {
		log.Error(err)
		return false
	}

	ldap.SetOption(openldap.LDAP_OPT_PROTOCOL_VERSION, openldap.LDAP_VERSION3)
	dn := fmt.Sprintf(dn_fmt, username)
	err = ldap.Bind(dn, password)
	if err != nil {
		log.Warning(err)
		return false
	}

	ldap.Close()
	return true
}
Ejemplo n.º 7
0
func Authenticate(directory models.Directory, url string, user string, passwd string) error {
	if len(directory.Base) == 0 || len(passwd) == 0 {
		logger.Get().Error("Failed to find any LDAP configuration")
		return mkerror("Failed to find any LDAP configuration")
	}

	ldap, err := openldap.Initialize(url)

	if err != nil {
		logger.Get().Error("Failed to connect the server. error: %v", err)
		return err
	}
	ldap.SetOption(openldap.LDAP_OPT_PROTOCOL_VERSION, openldap.LDAP_VERSION3)
	err = ldap.Bind(fmt.Sprintf("%s=%s,%s", directory.Uid, user, directory.Base), passwd)

	if err != nil {
		logger.Get().Error("Error binding to LDAP Server:%s. error: %v", url, err)
		return err
	}
	return nil
}
Ejemplo n.º 8
0
func connectOpenldap(host string, port string, dn string,
	passwd string) (*openldap.Ldap, error) {
	//init
	url := "ldap://" + host + ":" + port + "/"
	ldap, err := openldap.Initialize(url)
	if err != nil {
		log.Printf("Cannot connect to openldap.Reason:%v", err)
		return nil, err
	}
	log.Printf("Connected")

	//setup
	ldap.SetOption(openldap.LDAP_OPT_PROTOCOL_VERSION, openldap.LDAP_VERSION3)

	//connect
	err = ldap.Bind(dn, passwd)
	if err != nil {
		log.Printf("Cannot bind to openldap.Reason:%v", err)
		return nil, err
	}
	log.Printf("Binded")
	return ldap, err
}
Ejemplo n.º 9
0
// Authenticate checks user's credential agains LDAP based on basedn template and LDAP URL,
// if the check is successful a dummy record will be insert into DB, such that this user can
// be associated to other entities in the system.
func (l *Auth) Authenticate(m models.AuthModel) (*models.User, error) {

	ldapURL := os.Getenv("LDAP_URL")
	if ldapURL == "" {
		return nil, errors.New("Can not get any available LDAP_URL.")
	}
	log.Debug("ldapURL:", ldapURL)

	p := m.Principal
	for _, c := range metaChars {
		if strings.ContainsRune(p, c) {
			return nil, fmt.Errorf("the principal contains meta char: %q", c)
		}
	}

	ldap, err := openldap.Initialize(ldapURL)
	if err != nil {
		return nil, err
	}

	ldap.SetOption(openldap.LDAP_OPT_PROTOCOL_VERSION, openldap.LDAP_VERSION3)

	ldapBaseDn := os.Getenv("LDAP_BASE_DN")
	if ldapBaseDn == "" {
		return nil, errors.New("Can not get any available LDAP_BASE_DN.")
	}

	baseDn := fmt.Sprintf(ldapBaseDn, m.Principal)
	log.Debug("baseDn:", baseDn)

	err = ldap.Bind(baseDn, m.Password)
	if err != nil {
		return nil, err
	}
	defer ldap.Close()

	scope := openldap.LDAP_SCOPE_SUBTREE // LDAP_SCOPE_BASE, LDAP_SCOPE_ONELEVEL, LDAP_SCOPE_SUBTREE
	filter := "objectClass=*"
	attributes := []string{"mail"}

	result, err := ldap.SearchAll(baseDn, scope, filter, attributes)
	if err != nil {
		return nil, err
	}
	u := models.User{}
	if len(result.Entries()) == 1 {
		en := result.Entries()[0]
		for _, attr := range en.Attributes() {
			val := attr.Values()[0]
			if attr.Name() == "mail" {
				u.Email = val
			}
		}
	}

	u.Username = m.Principal
	log.Debug("username:"******",email:", u.Email)

	exist, err := dao.UserExists(u, "username")
	if err != nil {
		return nil, err
	}

	if exist {
		currentUser, err := dao.GetUser(u)
		if err != nil {
			return nil, err
		}
		u.UserID = currentUser.UserID
	} else {
		u.Realname = m.Principal
		u.Password = "******"
		u.Comment = "registered from LDAP."
		userID, err := dao.Register(u)
		if err != nil {
			return nil, err
		}
		u.UserID = int(userID)
	}
	return &u, nil
}
Ejemplo n.º 10
0
// Authenticate checks user's credential against LDAP based on basedn template and LDAP URL,
// if the check is successful a dummy record will be inserted into DB, such that this user can
// be associated to other entities in the system.
func (l *Auth) Authenticate(m models.AuthModel) (*models.User, error) {

	p := m.Principal
	for _, c := range metaChars {
		if strings.ContainsRune(p, c) {
			return nil, fmt.Errorf("the principal contains meta char: %q", c)
		}
	}
	ldapURL := config.LDAP().URL
	if ldapURL == "" {
		return nil, errors.New("can not get any available LDAP_URL")
	}
	log.Debug("ldapURL:", ldapURL)
	ldap, err := openldap.Initialize(ldapURL)
	if err != nil {
		return nil, err
	}
	ldap.SetOption(openldap.LDAP_OPT_PROTOCOL_VERSION, openldap.LDAP_VERSION3)

	ldapBaseDn := config.LDAP().BaseDn
	if ldapBaseDn == "" {
		return nil, errors.New("can not get any available LDAP_BASE_DN")
	}
	log.Debug("baseDn:", ldapBaseDn)

	ldapSearchDn := config.LDAP().SearchDn
	if ldapSearchDn != "" {
		log.Debug("Search DN: ", ldapSearchDn)
		ldapSearchPwd := config.LDAP().SearchPwd
		err = ldap.Bind(ldapSearchDn, ldapSearchPwd)
		if err != nil {
			log.Debug("Bind search dn error", err)
			return nil, err
		}
	}

	attrName := config.LDAP().UID
	filter := config.LDAP().Filter
	if filter != "" {
		filter = "(&" + filter + "(" + attrName + "=" + m.Principal + "))"
	} else {
		filter = "(" + attrName + "=" + m.Principal + ")"
	}
	log.Debug("one or more filter", filter)

	ldapScope := config.LDAP().Scope
	var scope int
	if ldapScope == "1" {
		scope = openldap.LDAP_SCOPE_BASE
	} else if ldapScope == "2" {
		scope = openldap.LDAP_SCOPE_ONELEVEL
	} else {
		scope = openldap.LDAP_SCOPE_SUBTREE
	}
	attributes := []string{"uid", "cn", "mail", "email"}
	result, err := ldap.SearchAll(ldapBaseDn, scope, filter, attributes)
	if err != nil {
		return nil, err
	}
	if len(result.Entries()) == 0 {
		log.Warningf("Not found an entry.")
		return nil, nil
	} else if len(result.Entries()) != 1 {
		log.Warningf("Found more than one entry.")
		return nil, nil
	}
	en := result.Entries()[0]
	bindDN := en.Dn()
	log.Debug("found entry:", en)
	err = ldap.Bind(bindDN, m.Password)
	if err != nil {
		log.Debug("Bind user error", err)
		return nil, err
	}
	defer ldap.Close()

	u := models.User{}
	for _, attr := range en.Attributes() {
		val := attr.Values()[0]
		switch attr.Name() {
		case "uid":
			u.Realname = val
		case "cn":
			u.Realname = val
		case "mail":
			u.Email = val
		case "email":
			u.Email = val
		}
	}
	u.Username = m.Principal
	log.Debug("username:"******",email:", u.Email)
	exist, err := dao.UserExists(u, "username")
	if err != nil {
		return nil, err
	}

	if exist {
		currentUser, err := dao.GetUser(u)
		if err != nil {
			return nil, err
		}
		u.UserID = currentUser.UserID
	} else {
		u.Realname = m.Principal
		u.Password = "******"
		u.Comment = "registered from LDAP."
		if u.Email == "" {
			u.Email = u.Username + "@placeholder.com"
		}
		userID, err := dao.Register(u)
		if err != nil {
			return nil, err
		}
		u.UserID = int(userID)
	}
	return &u, nil
}
Ejemplo n.º 11
0
// List the LDAP users
func (a Authorizer) ListExternalUsers() (users []models.User, err error) {
	url := GetUrl(a.directory.Address, a.directory.Port)
	Uid := "Uid"
	DisplayName := "DisplayName"
	FullName := "CN"
	if a.directory.Uid != "" {
		Uid = a.directory.Uid
	}
	if a.directory.DisplayName != "" {
		DisplayName = a.directory.DisplayName
	}
	if a.directory.FullName != "" {
		FullName = a.directory.FullName
	}

	ldap, err := openldap.Initialize(url)
	if err != nil {
		logger.Get().Error("failed to connect the LDAP/AD server. error: %v", err)
		return nil, err
	}

	if a.directory.DomainAdmin != "" {
		err = ldap.Bind(fmt.Sprintf("%s=%s,%s", Uid, a.directory.DomainAdmin, a.directory.Base), a.directory.Password)
		if err != nil {
			logger.Get().Error("Error binding to LDAP Server:%s. error: %v", url, err)
			return nil, err
		}
	}

	scope := openldap.LDAP_SCOPE_SUBTREE
	filter := "(objectclass=*)"
	attributes := []string{Uid, DisplayName, FullName, "Mail"}

	rv, err := ldap.SearchAll(a.directory.Base, scope, filter, attributes)

	if err != nil {
		logger.Get().Error("Failed to search LDAP/AD server. error: %v", err)
		return nil, err
	}

	for _, entry := range rv.Entries() {
		user := models.User{}
		fullName := ""
		for _, attr := range entry.Attributes() {
			switch attr.Name() {
			case Uid:
				user.Username = strings.Join(attr.Values(), ", ")
			case "Mail":
				user.Email = strings.Join(attr.Values(), ", ")
			case DisplayName:
				user.FirstName = strings.Join(attr.Values(), ", ")
			case FullName:
				fullName = strings.Join(attr.Values(), ", ")
			}
			if len(fullName) != 0 && len(user.FirstName) != 0 {
				lastName := strings.Split(fullName, user.FirstName)
				if len(lastName) > 1 {
					user.LastName = strings.TrimSpace(lastName[1])
				}
			}

		}
		// Assiging the default roles
		user.Role = a.defaultRole
		user.Groups = append(user.Groups, a.defaultGroup)
		user.Type = authprovider.External
		if len(user.Username) != 0 {
			users = append(users, user)
		}
	}
	return users, nil
}
Ejemplo n.º 12
0
// List the LDAP users
func (a Authorizer) ListExternalUsers(search string, page, count int) (externalUsers models.ExternalUsers, err error) {
	directory, err := a.GetDirectory()
	if err != nil {
		return externalUsers, err
	}
	url := GetUrl(directory.LdapServer, directory.Port)
	DisplayName := "DisplayName"
	FirstName := "CN"
	LastName := "SN"
	Email := "mail"
	if directory.DisplayName != "" {
		DisplayName = directory.DisplayName
	}
	if directory.FirstName != "" {
		FirstName = directory.FirstName
	}
	if directory.LastName != "" {
		LastName = directory.LastName
	}
	if directory.Email != "" {
		Email = directory.Email
	}

	ldap, err := openldap.Initialize(url)
	if err != nil {
		logger.Get().Error("failed to connect the LDAP/AD server. error: %v", err)
		return externalUsers, err
	}

	if directory.DomainAdmin != "" {
		block, err := aes.NewCipher([]byte(CipherKey))
		if err != nil {
			logger.Get().Error("failed to generate new cipher")
			return externalUsers, nil
		}

		ciphertext := []byte(directory.Password)
		iv := ciphertext[:aes.BlockSize]
		stream := cipher.NewOFB(block, iv)
		hkey := make([]byte, 100)
		stream = cipher.NewOFB(block, iv)
		stream.XORKeyStream(hkey, ciphertext[aes.BlockSize:])
		err = ldap.Bind(fmt.Sprintf("%s=%s,%s", directory.Uid, directory.DomainAdmin, directory.Base), string(hkey))
		if err != nil {
			logger.Get().Error("Error binding to LDAP Server:%s. error: %v", url, err)
			return externalUsers, err
		}
	}

	scope := openldap.LDAP_SCOPE_SUBTREE
	// If the search string is empty, it will list all the users
	// If the search string contains 'mail=tjey*' it will returns the list of all
	// users start with 'tjey'
	// If the search string contains 'tim' this will return list of all users
	// names contains the word 'tim'
	// Possible search strings 'mail=t*redhat.com' / 'tim*' / '*john*' / '*peter'
	filter := "(objectclass=*)"
	if len(search) > 0 {
		if strings.Contains(search, "=") {
			filter = fmt.Sprintf("(%s*)", search)
		} else if strings.Contains(search, "*") {
			filter = fmt.Sprintf("(%s=%s)", directory.Uid, search)
		} else {
			filter = fmt.Sprintf("(%s=*%s*)", directory.Uid, search)
		}
	}

	attributes := []string{directory.Uid, DisplayName, FirstName, LastName, Email}
	rv, err := ldap.SearchAll(directory.Base, scope, filter, attributes)

	if err != nil {
		logger.Get().Error("Failed to search LDAP/AD server. error: %v", err)
		return externalUsers, err
	}

	from := (page-1)*count + 1
	to := from + count - 1
	i := 0

	for _, entry := range rv.Entries() {
		i++
		if i < from {
			continue
		}
		if i > to {
			break
		}
		user := models.User{}
		for _, attr := range entry.Attributes() {
			switch attr.Name() {
			case directory.Uid:
				user.Username = strings.Join(attr.Values(), ", ")
			case Email:
				user.Email = strings.Join(attr.Values(), ", ")
			// Some setup may have an attribute like mail or email
			// or operator can't be used between strings to combind cases
			case "email":
				user.Email = strings.Join(attr.Values(), ", ")
			case FirstName:
				user.FirstName = strings.Join(attr.Values(), ", ")
			case LastName:
				user.LastName = strings.Join(attr.Values(), ", ")
			}
		}
		// Assiging the default roles
		user.Role = a.defaultRole
		user.Groups = append(user.Groups, a.defaultGroup)
		user.Type = authprovider.External
		if len(user.Username) != 0 {
			externalUsers.Users = append(externalUsers.Users, user)
		}
	}
	externalUsers.TotalCount = rv.Count()
	externalUsers.StartIndex = from
	externalUsers.EndIndex = to
	if externalUsers.EndIndex > externalUsers.TotalCount {
		externalUsers.EndIndex = externalUsers.TotalCount
	}
	return externalUsers, nil
}