mindoc/utils/ldap.go

126 lines
2.8 KiB
Go
Raw Normal View History

2017-05-16 15:50:12 +08:00
package utils
import (
"errors"
"fmt"
"github.com/astaxie/beego/logs"
"gopkg.in/ldap.v2"
2017-05-16 15:50:12 +08:00
)
2017-05-16 15:50:12 +08:00
/*
config
ldap:
host: hostname.yourdomain.com //ldap服务器地址
port: 3268 //ldap服务器端口
attribute: mail //用户名对应ldap object属性
base: DC=yourdomain,DC=com //搜寻范围
user: CN=ldap helper,OU=yourdomain.com,DC=yourdomain,DC=com //第一次绑定用户
password: p@sswd //第一次绑定密码
ssl: false //使用使用ssl
*/
func ValidLDAPLogin(password string) (result bool, err error) {
result = false
err = nil
lc, err := ldap.Dial("tcp", fmt.Sprintf("%s:%d", "192.168.3.104", 389))
if err != nil {
logs.Error("Dial => ", err)
2017-05-16 15:50:12 +08:00
return
}
defer lc.Close()
err = lc.Bind("cn=admin,dc=minho,dc=com", "123456")
if err != nil {
logs.Error("Bind => ", err)
2017-05-16 15:50:12 +08:00
return
}
searchRequest := ldap.NewSearchRequest(
"DC=minho,DC=com",
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
fmt.Sprintf("(&(objectClass=User)(%s=%s))", "mail", "longfei6671@163.com"),
2017-05-16 15:50:12 +08:00
[]string{"dn"},
nil,
)
searchResult, err := lc.Search(searchRequest)
if err != nil {
logs.Error("Search => ", err)
2017-05-16 15:50:12 +08:00
return
}
if len(searchResult.Entries) != 1 {
err = errors.New("ldap.no_user_found_or_many_users_found")
return
}
fmt.Printf("%+v = %d", searchResult.Entries, len(searchResult.Entries))
2017-05-16 15:50:12 +08:00
userdn := searchResult.Entries[0].DN
err = lc.Bind(userdn, password)
if err == nil {
result = true
} else {
logs.Error("Bind2 => ", err)
2017-05-16 15:50:12 +08:00
err = nil
}
return
}
func AddMember(account, password string) error {
lc, err := ldap.Dial("tcp", fmt.Sprintf("%s:%d", "192.168.3.104", 389))
if err != nil {
logs.Error("Dial => ", err)
2017-05-16 15:50:12 +08:00
return err
}
defer lc.Close()
user := fmt.Sprintf("cn=%s,dc=minho,dc=com", account)
2017-05-16 15:50:12 +08:00
member := ldap.NewAddRequest(user)
member.Attribute("mail", []string{"longfei6671@163.com"})
err = lc.Add(member)
if err == nil {
err = lc.Bind(user, "")
2017-05-16 15:50:12 +08:00
if err != nil {
logs.Error("Bind => ", err)
2017-05-16 15:50:12 +08:00
return err
}
passwordModifyRequest := ldap.NewPasswordModifyRequest(user, "", "1q2w3e__ABC")
_, err = lc.PasswordModify(passwordModifyRequest)
if err != nil {
logs.Error("PasswordModify => ", err)
2017-05-16 15:50:12 +08:00
return err
}
return nil
}
logs.Error("Add => ", err)
2017-05-16 15:50:12 +08:00
return err
}
func ModifyPassword(account, old_password, new_password string) error {
l, err := ldap.Dial("tcp", fmt.Sprintf("%s:%d", "192.168.3.104", 389))
if err != nil {
logs.Error("Dial => ", err)
2017-05-16 15:50:12 +08:00
}
defer l.Close()
user := fmt.Sprintf("cn=%s,dc=minho,dc=com", account)
2017-05-16 15:50:12 +08:00
err = l.Bind(user, old_password)
if err != nil {
logs.Error("Bind => ", err)
2017-05-16 15:50:12 +08:00
return err
}
passwordModifyRequest := ldap.NewPasswordModifyRequest(user, old_password, new_password)
_, err = l.PasswordModify(passwordModifyRequest)
if err != nil {
logs.Error(fmt.Sprintf("Password could not be changed: %s", err.Error()))
2017-05-16 15:50:12 +08:00
return err
}
return nil
}