func (_s *LDAP) InitS(rLog SBMSystem.LogFile, user, password, server string) int {
var err error
_s.CS = -1
rLog.LogDbg(2, "LDAP Init SRV ***** Trying connect to server ", server, " with login ", user)
_s.D, err = ldap.Dial("tcp", server)
if err != nil {
rLog.LogDbg(0, "LDAP::Dial() to server ", server, " error: ", err)
return -1
}
//L.Debug()
err = _s.D.Bind(user, password)
if err != nil {
rLog.LogDbg(1, "LDAP::Bind() to server ", server, " with login ", user, " error: ", err)
return -1
}
rLog.LogDbg(2, "LDAP Init SRV ***** Success! Connected to server ", server, " with login ", user)
_s.CS = 0
return 0
}
func (_s *LDAP) _getBaseDN(rLog SBMSystem.LogFile, search, basedn string) string {
var uattr = []string{"dn"}
lsearch := ldap.NewSearchRequest(basedn, 2, ldap.NeverDerefAliases, 0, 0, false, search, uattr, nil)
sr, err := _s.D.Search(lsearch)
if err != nil {
rLog.LogDbg(0, "LDAP::Search() ", basedn, " error: ", err)
}
if len(sr.Entries) > 0 {
for _, entry := range sr.Entries {
return entry.DN
}
}
return ""
}
func (_s *LDAP) _checkGroupMember(rLog SBMSystem.LogFile, userDN, groupDN, baseDN string, recurse_count int) int {
var (
uattr = []string{"memberOf"}
result = int(-1)
)
if userDN == "" || groupDN == "" {
return -1
}
if recurse_count <= 0 {
return -1
}
lsearch := ldap.NewSearchRequest(userDN, 0, ldap.NeverDerefAliases, 0, 0, false, "(objectclass=*)", uattr, nil)
sr, err := _s.D.Search(lsearch)
if err != nil {
rLog.LogDbg(0, "LDAP::Search() ", userDN, " error: ", err)
}
if len(sr.Entries) > 0 {
for _, entry := range sr.Entries {
for _, attr := range entry.Attributes {
if attr.Name == "memberOf" {
for _, x := range attr.Values {
if groupDN == x {
return 0
} else {
if x != userDN {
result = _s._checkGroupMember(rLog, x, groupDN, baseDN, recurse_count-1)
if result == 0 {
return 0
}
}
}
}
}
}
}
}
return -1
}
func (_s *LDAP) CheckGroupMember(rLog SBMSystem.LogFile, user, group, baseDN string) int {
const (
recurs_count = 10
)
rLog.LogDbg(2, "LDAP CheckGroupMember...")
userDN := _s._getBaseDN(rLog, user, baseDN)
groupDN := _s._getBaseDN(rLog, group, baseDN)
if userDN == "" || groupDN == "" {
return -1
}
if _s._checkGroupMember(rLog, userDN, groupDN, baseDN, 1) == 0 {
return 0
} else {
return _s._checkGroupMember(rLog, userDN, groupDN, baseDN, recurs_count)
}
return -1
}
func (_s *LDAP) Init(conf SBMSystem.ReadJSONConfig, rLog SBMSystem.LogFile) int {
var (
attemptCounter = int(0)
err error
)
_s.CS = -1
for {
if attemptCounter > len(conf.Conf.LDAP_URL)*2 {
rLog.LogDbg(0, "LDAP Init SRV ***** Error connect to all LDAP servers !!!")
return -1
}
if LDAPCounter > len(conf.Conf.LDAP_URL)-1 {
LDAPCounter = 0
}
rLog.LogDbg(2, "LDAP Init SRV ***** Trying connect to server ", LDAPCounter+1, " of ", len(conf.Conf.LDAP_URL), ": ", conf.Conf.LDAP_URL[LDAPCounter][0])
_s.D, err = ldap.Dial("tcp", conf.Conf.LDAP_URL[LDAPCounter][0])
if err != nil {
LDAPCounter++
attemptCounter++
continue
}
rLog.LogDbg(2, "LDAP Init SRV ***** Success! Connected to server ", LDAPCounter+1, " of ", len(conf.Conf.LDAP_URL), ": ", conf.Conf.LDAP_URL[LDAPCounter][0])
LDAPCounter++
break
}
//_s.D.Debug()
err = _s.D.Bind(conf.Conf.LDAP_URL[0][1], conf.Conf.LDAP_URL[0][2])
if err != nil {
rLog.LogDbg(0, "LDAP::Bind() to server ", conf.Conf.LDAP_URL[LDAPCounter][0], " with login ", conf.Conf.LDAP_URL[0][1], " error: ", err)
return -1
}
_s.CS = 0
return 0
}
