2017-05-16 15:50:12 +08:00
|
|
|
package utils
|
|
|
|
|
|
|
|
import (
|
|
|
|
"errors"
|
2018-01-26 17:17:38 +08:00
|
|
|
"fmt"
|
2021-03-30 14:24:14 +08:00
|
|
|
"github.com/astaxie/beego/logs"
|
2018-01-26 17:17:38 +08:00
|
|
|
"gopkg.in/ldap.v2"
|
2017-05-16 15:50:12 +08:00
|
|
|
)
|
2018-01-26 17:17:38 +08:00
|
|
|
|
2017-05-16 15:50:12 +08:00
|
|
|
/*
|
|
|
|
对应的config
|
|
|
|
ldap:
|
|
|
|
host: hostname.yourdomain.com //ldap服务器地址
|
|
|
|
port: 3268 //ldap服务器端口
|
|
|
|
attribute: mail //用户名对应ldap object属性
|
|
|
|
base: DC=yourdomain,DC=com //搜寻范围
|
|
|
|
user: CN=ldap helper,OU=yourdomain.com,DC=yourdomain,DC=com //第一次绑定用户
|
|
|
|
password: p@sswd //第一次绑定密码
|
|
|
|
ssl: false //使用使用ssl
|
|
|
|
*/
|
|
|
|
|
|
|
|
func ValidLDAPLogin(password string) (result bool, err error) {
|
|
|
|
result = false
|
|
|
|
err = nil
|
|
|
|
lc, err := ldap.Dial("tcp", fmt.Sprintf("%s:%d", "192.168.3.104", 389))
|
|
|
|
if err != nil {
|
2021-03-30 14:24:14 +08:00
|
|
|
logs.Error("Dial => ", err)
|
2017-05-16 15:50:12 +08:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
defer lc.Close()
|
|
|
|
err = lc.Bind("cn=admin,dc=minho,dc=com", "123456")
|
|
|
|
if err != nil {
|
2021-03-30 14:24:14 +08:00
|
|
|
logs.Error("Bind => ", err)
|
2017-05-16 15:50:12 +08:00
|
|
|
return
|
|
|
|
}
|
|
|
|
searchRequest := ldap.NewSearchRequest(
|
|
|
|
"DC=minho,DC=com",
|
|
|
|
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
|
2018-01-26 17:17:38 +08:00
|
|
|
fmt.Sprintf("(&(objectClass=User)(%s=%s))", "mail", "longfei6671@163.com"),
|
2017-05-16 15:50:12 +08:00
|
|
|
[]string{"dn"},
|
|
|
|
nil,
|
|
|
|
)
|
|
|
|
searchResult, err := lc.Search(searchRequest)
|
|
|
|
if err != nil {
|
2021-03-30 14:24:14 +08:00
|
|
|
logs.Error("Search => ", err)
|
2017-05-16 15:50:12 +08:00
|
|
|
return
|
|
|
|
}
|
|
|
|
if len(searchResult.Entries) != 1 {
|
|
|
|
err = errors.New("ldap.no_user_found_or_many_users_found")
|
|
|
|
return
|
|
|
|
}
|
2018-01-26 17:17:38 +08:00
|
|
|
fmt.Printf("%+v = %d", searchResult.Entries, len(searchResult.Entries))
|
2017-05-16 15:50:12 +08:00
|
|
|
|
|
|
|
userdn := searchResult.Entries[0].DN
|
|
|
|
|
|
|
|
err = lc.Bind(userdn, password)
|
|
|
|
if err == nil {
|
|
|
|
result = true
|
|
|
|
} else {
|
2021-03-30 14:24:14 +08:00
|
|
|
logs.Error("Bind2 => ", err)
|
2017-05-16 15:50:12 +08:00
|
|
|
err = nil
|
|
|
|
}
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
func AddMember(account, password string) error {
|
|
|
|
lc, err := ldap.Dial("tcp", fmt.Sprintf("%s:%d", "192.168.3.104", 389))
|
|
|
|
if err != nil {
|
2021-03-30 14:24:14 +08:00
|
|
|
logs.Error("Dial => ", err)
|
2017-05-16 15:50:12 +08:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
defer lc.Close()
|
2018-01-26 17:17:38 +08:00
|
|
|
user := fmt.Sprintf("cn=%s,dc=minho,dc=com", account)
|
2017-05-16 15:50:12 +08:00
|
|
|
|
|
|
|
member := ldap.NewAddRequest(user)
|
|
|
|
|
|
|
|
member.Attribute("mail", []string{"longfei6671@163.com"})
|
|
|
|
|
|
|
|
err = lc.Add(member)
|
|
|
|
|
|
|
|
if err == nil {
|
|
|
|
|
2018-01-26 17:17:38 +08:00
|
|
|
err = lc.Bind(user, "")
|
2017-05-16 15:50:12 +08:00
|
|
|
if err != nil {
|
2021-03-30 14:24:14 +08:00
|
|
|
logs.Error("Bind => ", err)
|
2017-05-16 15:50:12 +08:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
passwordModifyRequest := ldap.NewPasswordModifyRequest(user, "", "1q2w3e__ABC")
|
|
|
|
_, err = lc.PasswordModify(passwordModifyRequest)
|
|
|
|
|
|
|
|
if err != nil {
|
2021-03-30 14:24:14 +08:00
|
|
|
logs.Error("PasswordModify => ", err)
|
2017-05-16 15:50:12 +08:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
2021-03-30 14:24:14 +08:00
|
|
|
logs.Error("Add => ", err)
|
2017-05-16 15:50:12 +08:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
func ModifyPassword(account, old_password, new_password string) error {
|
|
|
|
l, err := ldap.Dial("tcp", fmt.Sprintf("%s:%d", "192.168.3.104", 389))
|
|
|
|
if err != nil {
|
2021-03-30 14:24:14 +08:00
|
|
|
logs.Error("Dial => ", err)
|
2017-05-16 15:50:12 +08:00
|
|
|
}
|
|
|
|
defer l.Close()
|
|
|
|
|
2018-01-26 17:17:38 +08:00
|
|
|
user := fmt.Sprintf("cn=%s,dc=minho,dc=com", account)
|
2017-05-16 15:50:12 +08:00
|
|
|
err = l.Bind(user, old_password)
|
|
|
|
if err != nil {
|
2021-03-30 14:24:14 +08:00
|
|
|
logs.Error("Bind => ", err)
|
2017-05-16 15:50:12 +08:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
passwordModifyRequest := ldap.NewPasswordModifyRequest(user, old_password, new_password)
|
|
|
|
_, err = l.PasswordModify(passwordModifyRequest)
|
|
|
|
|
|
|
|
if err != nil {
|
2021-03-30 14:24:14 +08:00
|
|
|
logs.Error(fmt.Sprintf("Password could not be changed: %s", err.Error()))
|
2017-05-16 15:50:12 +08:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|