func NewLDAPClient(ldapUri, bindDn, bindPass string, searchBase ...string) (ad *LDAPClient, err error) { protoHostPort := strings.Split(ldapUri, "://") if len(protoHostPort) != 2 { err = fmt.Errorf("Invalid LDAP URI: %s", ldapUri) return } ad = &LDAPClient{URI: ldapUri} if protoHostPort[0] == "ldaps" { ad.Conn, err = ldap.DialTLS("tcp", protoHostPort[1], &tls.Config{InsecureSkipVerify: true}) } else { //no ssl port 389 ad.Conn, err = ldap.Dial("tcp", protoHostPort[1]) } if err != nil { return } if len(searchBase) > 0 { ad.DefaultSearchBase = searchBase[0] } err = ad.Bind(bindDn, bindPass) return }
func (a *ldapAuther) Dial() error { var err error var certPool *x509.CertPool if a.server.RootCACert != "" { certPool := x509.NewCertPool() for _, caCertFile := range strings.Split(a.server.RootCACert, " ") { if pem, err := ioutil.ReadFile(caCertFile); err != nil { return err } else { if !certPool.AppendCertsFromPEM(pem) { return errors.New("Failed to append CA certificate " + caCertFile) } } } } for _, host := range strings.Split(a.server.Host, " ") { address := fmt.Sprintf("%s:%d", host, a.server.Port) if a.server.UseSSL { tlsCfg := &tls.Config{ InsecureSkipVerify: a.server.SkipVerifySSL, ServerName: host, RootCAs: certPool, } a.conn, err = ldap.DialTLS("tcp", address, tlsCfg) } else { a.conn, err = ldap.Dial("tcp", address) } if err == nil { return nil } } return err }
func (a *ldapAuther) Dial() error { address := fmt.Sprintf("%s:%d", a.server.Host, a.server.Port) var err error if a.server.UseSSL { a.conn, err = ldap.DialTLS("tcp", address, nil) } else { a.conn, err = ldap.Dial("tcp", address) } return err }
func (lc *LDAPClient) ConnectAndBind() (err error) { if strings.HasPrefix(lc.URI, "ldaps") { lc.LdapConn, err = ldap.DialTLS("tcp", lc.hostPort, &tls.Config{InsecureSkipVerify: true}) } else { //no ssl port 389 lc.LdapConn, err = ldap.Dial("tcp", lc.hostPort) } if err != nil { return } err = lc.LdapConn.Bind(lc.UserBindDN, lc.UserBindPass) return }
func (c *ConfigEntry) DialLDAP() (*ldap.Conn, error) { u, err := url.Parse(c.Url) if err != nil { return nil, err } host, port, err := net.SplitHostPort(u.Host) if err != nil { host = u.Host } var conn *ldap.Conn var tlsConfig *tls.Config switch u.Scheme { case "ldap": if port == "" { port = "389" } conn, err = ldap.Dial("tcp", host+":"+port) if err != nil { break } if conn == nil { err = fmt.Errorf("empty connection after dialing") break } if c.StartTLS { tlsConfig, err = c.GetTLSConfig(host) if err != nil { break } err = conn.StartTLS(tlsConfig) } case "ldaps": if port == "" { port = "636" } tlsConfig, err = c.GetTLSConfig(host) if err != nil { break } conn, err = ldap.DialTLS("tcp", host+":"+port, tlsConfig) default: return nil, fmt.Errorf("invalid LDAP scheme") } if err != nil { return nil, fmt.Errorf("cannot connect to LDAP: %v", err) } return conn, nil }
func (a *ldapAuther) Dial() error { address := fmt.Sprintf("%s:%d", a.server.Host, a.server.Port) var err error if a.server.UseSSL { tlsCfg := &tls.Config{ InsecureSkipVerify: a.server.SkipVerifySSL, ServerName: a.server.Host, } a.conn, err = ldap.DialTLS("tcp", address, tlsCfg) } else { a.conn, err = ldap.Dial("tcp", address) } return err }
func initLdap() (*ldap.Conn, error) { l, err := ldap.DialTLS( "tcp", fmt.Sprintf("%s:%d", ldapServer, ldapPort), &tls.Config{InsecureSkipVerify: true}, ) if err != nil { return nil, err } err = l.Bind(user, passwd) if err != nil { return nil, err } return l, nil }
func (sua *LdapAuthConfig) connect() (*ldap.Conn, error) { if sua.Tls { tlsConfig := &tls.Config{ ServerName: sua.Host, } if sua.Insecure { tlsConfig = &tls.Config{ InsecureSkipVerify: true, } } l, err := ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", sua.Host, sua.Port), tlsConfig) return l, err } else { l, err := ldap.Dial("tcp", fmt.Sprintf("%s:%d", sua.Host, sua.Port)) return l, err } }
//Connect returns an open connection to an Active Directory server specified by the given config func (c *Config) Connect() (*ldap.Conn, error) { if c.TLSConfig == nil { c.TLSConfig = &tls.Config{ ServerName: c.Server, } } switch c.Security { case SecurityNone: conn, err := ldap.Dial("tcp", fmt.Sprintf("%s:%d", c.Server, c.Port)) if err != nil { if c.Debug { log.Printf("DEBUG: LDAP Error %v\n", err) } return nil, err } return conn, nil case SecurityTLS: conn, err := ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", c.Server, c.Port), c.TLSConfig) if err != nil { if c.Debug { log.Printf("DEBUG: LDAP Error %v\n", err) } return nil, err } return conn, nil case SecurityStartTLS: conn, err := ldap.Dial("tcp", fmt.Sprintf("%s:%d", c.Server, c.Port)) if err != nil { if c.Debug { log.Printf("DEBUG: LDAP Error %v\n", err) } return nil, err } err = conn.StartTLS(c.TLSConfig) if err != nil { if c.Debug { log.Printf("DEBUG: LDAP Error %v\n", err) } return nil, err } return conn, nil default: return nil, ConfigError("Invalid Security setting") } }
// Connect returns an established LDAP connection, or an error if the connection could not // be made (or successfully upgraded to TLS). If no error is returned, the caller is responsible for // closing the connection func (l *LDAPClientConfig) Connect() (*ldap.Conn, error) { tlsConfig := l.TLSConfig // Ensure tlsConfig specifies the server we're connecting to if tlsConfig != nil && !tlsConfig.InsecureSkipVerify && len(tlsConfig.ServerName) == 0 { // Add to a copy of the tlsConfig to avoid mutating the original c := *tlsConfig if host, _, err := net.SplitHostPort(l.Host); err == nil { c.ServerName = host } else { c.ServerName = l.Host } tlsConfig = &c } switch l.Scheme { case SchemeLDAP: con, err := ldap.Dial("tcp", l.Host) if err != nil { return nil, err } // If an insecure connection is desired, we're done if l.Insecure { return con, nil } // Attempt to upgrade to TLS if err := con.StartTLS(tlsConfig); err != nil { // We're returning an error on a successfully opened connection // We are responsible for closing the open connection con.Close() return nil, err } return con, nil case SchemeLDAPS: return ldap.DialTLS("tcp", l.Host, tlsConfig) default: return nil, fmt.Errorf("unsupported scheme %q", l.Scheme) } }
func (la *LDAPAuth) ldapConnection() (*ldap.Conn, error) { var l *ldap.Conn var err error if la.config.TLS == "" || la.config.TLS == "none" || la.config.TLS == "starttls" { glog.V(2).Infof("Dial: starting...%s", la.config.Addr) l, err = ldap.Dial("tcp", fmt.Sprintf("%s", la.config.Addr)) if err == nil && la.config.TLS == "starttls" { glog.V(2).Infof("StartTLS...") if tlserr := l.StartTLS(&tls.Config{InsecureSkipVerify: la.config.InsecureTLSSkipVerify}); tlserr != nil { return nil, tlserr } } } else if la.config.TLS == "always" { glog.V(2).Infof("DialTLS: starting...%s", la.config.Addr) l, err = ldap.DialTLS("tcp", fmt.Sprintf("%s", la.config.Addr), &tls.Config{InsecureSkipVerify: la.config.InsecureTLSSkipVerify}) } if err != nil { return nil, err } return l, nil }
func (ls *LdapSource) dial() (*ldap.Conn, error) { if ls.c != nil { return ls.c, nil } var err error if ls.UseSSL { ls.c, err = ldap.DialTLS("tcp", ls.Addr, &tls.Config{InsecureSkipVerify: true}) } else { ls.c, err = ldap.Dial("tcp", ls.Addr) } if err != nil { log.Printf("LDAP Connect error, %s:%v", ls.Addr, err) ls.Enabled = false return nil, err } // ls.c.Debug = ls.Debug return ls.c, nil }