-
Notifications
You must be signed in to change notification settings - Fork 808
/
Copy pathldap.go
129 lines (106 loc) · 2.84 KB
/
ldap.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
package utils
import (
"errors"
"fmt"
"github.com/astaxie/beego"
"gopkg.in/ldap.v2"
)
/*
对应的config
ldap:
host: hostname.yourdomain.com //ldap服务器地址
port: 3268 //ldap服务器端口
attribute: mail //用户名对应ldap object属性
base: DC=yourdomain,DC=com //搜寻范围
user: CN=ldap helper,OU=yourdomain.com,DC=yourdomain,DC=com //第一次绑定用户
password: p@sswd //第一次绑定密码
ssl: false //使用使用ssl
*/
func ValidLDAPLogin(password string) (result bool, err error) {
lc, err := ldap.Dial("tcp", fmt.Sprintf("%s:%d", "192.168.3.104", 389))
if err != nil {
beego.Error("Dial => ", err)
return
}
defer lc.Close()
err = lc.Bind("cn=admin,dc=minho,dc=com", "123456")
if err != nil {
beego.Error("Bind => ", err)
return
}
searchRequest := ldap.NewSearchRequest(
"DC=minho,DC=com",
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
fmt.Sprintf("(&(objectClass=User)(%s=%s))", "mail", "longfei6671@163.com"),
[]string{"dn"},
nil,
)
searchResult, err := lc.Search(searchRequest)
if err != nil {
beego.Error("Search => ", err)
return
}
if len(searchResult.Entries) != 1 {
err = errors.New("ldap.no_user_found_or_many_users_found")
return
}
fmt.Printf("%+v = %d", searchResult.Entries, len(searchResult.Entries))
userDN := searchResult.Entries[0].DN
err = lc.Bind(userDN, password)
if err == nil {
result = true
} else {
beego.Error("Bind2 => ", err)
err = nil
}
return
}
func AddMember(account, password string) error {
lc, err := ldap.Dial("tcp", fmt.Sprintf("%s:%d", "192.168.3.104", 389))
if err != nil {
beego.Error("Dial => ", err)
return err
}
defer lc.Close()
user := fmt.Sprintf("cn=%s,dc=minho,dc=com", account)
member := ldap.NewAddRequest(user)
member.Attribute("mail", []string{"longfei6671@163.com"})
err = lc.Add(member)
if err == nil {
err = lc.Bind(user, "")
if err != nil {
beego.Error("Bind => ", err)
return err
}
passwordModifyRequest := ldap.NewPasswordModifyRequest(user, "", "1q2w3e__ABC")
_, err = lc.PasswordModify(passwordModifyRequest)
if err != nil {
beego.Error("PasswordModify => ", err)
return err
}
return nil
}
beego.Error("Add => ", err)
return err
}
// 修改密码
func ModifyPassword(account, oldPassword, newPassword string) error {
l, err := ldap.Dial("tcp", fmt.Sprintf("%s:%d", "192.168.3.104", 389))
if err != nil {
beego.Error("Dial => ", err)
}
defer l.Close()
user := fmt.Sprintf("cn=%s,dc=minho,dc=com", account)
err = l.Bind(user, oldPassword)
if err != nil {
beego.Error("Bind => ", err)
return err
}
passwordModifyRequest := ldap.NewPasswordModifyRequest(user, oldPassword, newPassword)
_, err = l.PasswordModify(passwordModifyRequest)
if err != nil {
beego.Error(fmt.Sprintf("Password could not be changed: %s", err.Error()))
return err
}
return nil
}