func search(l *ldap.Conn, filter string, attributes []string) (*ldap.Entry, *ldap.Error) {
search := ldap.NewSearchRequest(
BaseDN,
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
filter,
attributes,
nil)
sr, err := l.Search(search)
if err != nil {
log.Fatalf("ERROR: %s\n", err)
return nil, err
}
log.Printf("Search: %s -> num of entries = %d\n", search.Filter, len(sr.Entries))
if len(sr.Entries) == 0 {
return nil, ldap.NewError(ldap.ErrorDebugging, errors.New(fmt.Sprintf("no entries found for: %s", filter)))
}
return sr.Entries[0], nil
}
func (o *opts) doquery(q query) (*ldap.SearchResult, error) {
sr := &ldap.SearchResult{}
// parse the ldap URL
u, err := url.Parse(q.ldapURL)
if err != nil {
return sr, err
}
var port int
if u.Scheme == "ldaps" {
port = 636
} else if u.Scheme == "ldap" {
port = 389
} else {
return sr, fmt.Errorf("Unknown LDAP scheme: %s", u.Scheme)
}
parts := strings.Split(u.Host, ":")
hostname := parts[0]
if len(parts) > 1 {
port, err = strconv.Atoi(parts[1])
if err != nil {
return sr, err
}
}
// connect to the ldap server
var l *ldap.Conn
if u.Scheme == "ldaps" {
tlsConfig := tls.Config{}
if o.goklp_insecure_skip_verify {
tlsConfig.InsecureSkipVerify = true
}
l, err = ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", hostname, port), &tlsConfig)
if err != nil {
return sr, err
}
} else if u.Scheme == "ldap" {
l, err = ldap.Dial("tcp", fmt.Sprintf("%s:%d", hostname, port))
if err != nil {
return sr, err
}
}
defer l.Close()
// do an ldap bind
err = l.Bind(q.user, q.passwd)
if err != nil {
return sr, err
}
// do the ldap search
search := ldap.NewSearchRequest(
q.baseDN,
ldap.ScopeWholeSubtree,
ldap.NeverDerefAliases, 0, 0, false,
q.filter,
q.Attributes,
nil)
sr, err = l.Search(search)
if err != nil {
return sr, err
}
return sr, nil
}
func pingLdap(url *url.URL, dial func(proto, addr string) (*ldap.Conn, error)) (err error) {
var proto, addr string
proto, addr, err = utilUrl.Socket(url.Host)
if err != nil {
return e.Forward(err)
}
var conn *ldap.Conn
conn, err = dial(proto, addr)
if err != nil {
return e.Forward(err)
}
defer func() {
conn.Close()
}()
pass, ok := url.User.Password()
if !ok {
err = e.New("no password")
return
}
if len(url.Path) > 0 {
url.Path = url.Path[1:]
}
dn := "cn=" + url.User.Username() + "," + url.Path
err = conn.Bind(dn, pass)
if err != nil {
err = e.Forward(err)
return
}
attrs := map[string]bool{
"cn": true,
"uid": true,
"uidNumber": true,
"gidNumber": true,
}
attrsStr := make([]string, 0, len(attrs))
for val := range attrs {
attrsStr = append(attrsStr, val)
}
search := &ldap.SearchRequest{
BaseDN: basedn(dn),
Scope: ldap.ScopeWholeSubtree,
DerefAliases: ldap.DerefAlways,
Filter: "(&(objectclass=*)(cn=" + url.User.Username() + "))",
Attributes: attrsStr,
}
sr, err := conn.Search(search)
if err != nil {
err = e.Forward(err)
return
}
if len(sr.Entries) == 1 {
entry := sr.Entries[0]
if entry.DN == dn {
count := 0
for _, attr := range entry.Attributes {
if _, found := attrs[attr.Name]; found {
count++
} else {
return e.New("ldap search returned a no requested attribute")
}
}
if count != len(attrs) {
return e.New("wrong number of attributes, required %v, got %v", len(attrs), count)
}
}
}
return nil
}