From e86d8bd20cf339310cc869016b2c7060ecd35910 Mon Sep 17 00:00:00 2001 From: shayulei Date: Mon, 18 Jan 2021 09:17:30 +0800 Subject: [PATCH] ldap test --- modules/auth/ldapAuth/go.mod | 5 ++ modules/auth/ldapAuth/go.sum | 13 +++++ modules/auth/ldapAuth/ldapAuth.go | 75 ++++++++++++++++++++++++++ modules/auth/ldapAuth/ldapAuth_test.go | 23 ++++++++ 4 files changed, 116 insertions(+) create mode 100644 modules/auth/ldapAuth/go.mod create mode 100644 modules/auth/ldapAuth/go.sum create mode 100644 modules/auth/ldapAuth/ldapAuth.go create mode 100644 modules/auth/ldapAuth/ldapAuth_test.go diff --git a/modules/auth/ldapAuth/go.mod b/modules/auth/ldapAuth/go.mod new file mode 100644 index 000000000..0375af13f --- /dev/null +++ b/modules/auth/ldapAuth/go.mod @@ -0,0 +1,5 @@ +module ldapAuth + +go 1.13 + +require github.com/go-ldap/ldap/v3 v3.2.4 diff --git a/modules/auth/ldapAuth/go.sum b/modules/auth/ldapAuth/go.sum new file mode 100644 index 000000000..c6489741b --- /dev/null +++ b/modules/auth/ldapAuth/go.sum @@ -0,0 +1,13 @@ +github.com/Azure/go-ntlmssp v0.0.0-20200615164410-66371956d46c h1:/IBSNwUN8+eKzUzbJPqhK839ygXJ82sde8x3ogr6R28= +github.com/Azure/go-ntlmssp v0.0.0-20200615164410-66371956d46c/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU= +github.com/go-asn1-ber/asn1-ber v1.5.1 h1:pDbRAunXzIUXfx4CB2QJFv5IuPiuoW+sWvr/Us009o8= +github.com/go-asn1-ber/asn1-ber v1.5.1/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0= +github.com/go-ldap/ldap/v3 v3.2.4 h1:PFavAq2xTgzo/loE8qNXcQaofAaqIpI4WgaLdv+1l3E= +github.com/go-ldap/ldap/v3 v3.2.4/go.mod h1:iYS1MdmrmceOJ1QOTnRXrIs7i3kloqtmGQjRvjKpyMg= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9 h1:vEg9joUBmeBcK9iSJftGNf3coIG4HqZElCPehJsfAYM= +golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= diff --git a/modules/auth/ldapAuth/ldapAuth.go b/modules/auth/ldapAuth/ldapAuth.go new file mode 100644 index 000000000..47a2126c4 --- /dev/null +++ b/modules/auth/ldapAuth/ldapAuth.go @@ -0,0 +1,75 @@ +package ldapAuth + +import ( + "crypto/tls" + "fmt" + + ldap "github.com/go-ldap/ldap/v3" +) + +type Ldapparam struct { + LDAPURL string //LDAP Server IP or dns + LDAPSearchDN string //有读取LDAP树权限的用户,格式:cn=xxx,ou=xxx,dc=xxx,dc=com + LDAPSearchPassword string + LDAPBaseDN string //从哪个分支开始读 + LDAPUid string //sAMAccountName + TLS bool //是否启用加密 +} + +func ldapConn(lp Ldapparam) (l *ldap.Conn, err error) { + ldapUrl := "ldap://" + lp.LDAPURL + ":389" + + l, err = ldap.DialURL(ldapUrl) + if nil != err { + return + } + if lp.TLS { + err = l.StartTLS(&tls.Config{InsecureSkipVerify: true}) + if nil != err { + return + } + } + //bind + err = l.Bind(lp.LDAPSearchDN, lp.LDAPSearchPassword) + if nil != err { + return + } + return +} + +//search usr +func searchUsr(lp Ldapparam, userName string, l *ldap.Conn) (find bool, err error) { + find = false + searchRequest := ldap.NewSearchRequest( + lp.LDAPBaseDN, // The base dn to search + ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, + fmt.Sprintf("(&(objectClass=organizationalPerson)(%s=%s))", lp.LDAPUid, userName), + //"(&(objectClass=organizationalPerson))", // The filter to apply + []string{"dn"}, // A list attributes to retrieve + nil, + ) + _, err = l.Search(searchRequest) + if nil != err { + return + } + find = true + return +} + +func LdapAuth(userName string, pw string, lp Ldapparam) (bool, error) { + l, err := ldapConn(lp) + defer l.Close() + if nil != err { + return false, err + } + find := false + find, err = searchUsr(lp, userName, l) + if nil != err { + return false, err + } + err = l.Bind(userName, pw) + if nil != err { + return false, err + } + return find, err +} diff --git a/modules/auth/ldapAuth/ldapAuth_test.go b/modules/auth/ldapAuth/ldapAuth_test.go new file mode 100644 index 000000000..3584f1d19 --- /dev/null +++ b/modules/auth/ldapAuth/ldapAuth_test.go @@ -0,0 +1,23 @@ +package ldapAuth + +import ( + "fmt" + "testing" +) + +func TestLdapAuth(t *testing.T) { + lp := Ldapparam{ + "192.168.1.1", + "cn=xxx,ou=xxx,dc=test,dc=com,dc=cn", + "sdfer", + "ou=xxx,dc=test,dc=com,dc=cn", + "sAMAccountName", + true, + } + t1, err := LdapAuth("test11", "Abc123456", lp) + if nil != err { + fmt.Printf("出错信息:%v, %s\n", t1, err) + } else { + fmt.Printf("认证通过否:%v, %s\n", t1, err) + } +}