ldap test

modules/auth/ldapAuth/go.mod

@@ -0,0 +1,5 @@
+module ldapAuth
+
+go 1.13
+
+require github.com/go-ldap/ldap/v3 v3.2.4

modules/auth/ldapAuth/go.sum

@@ -0,0 +1,13 @@
+github.com/Azure/go-ntlmssp v0.0.0-20200615164410-66371956d46c h1:/IBSNwUN8+eKzUzbJPqhK839ygXJ82sde8x3ogr6R28=
+github.com/Azure/go-ntlmssp v0.0.0-20200615164410-66371956d46c/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
+github.com/go-asn1-ber/asn1-ber v1.5.1 h1:pDbRAunXzIUXfx4CB2QJFv5IuPiuoW+sWvr/Us009o8=
+github.com/go-asn1-ber/asn1-ber v1.5.1/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
+github.com/go-ldap/ldap/v3 v3.2.4 h1:PFavAq2xTgzo/loE8qNXcQaofAaqIpI4WgaLdv+1l3E=
+github.com/go-ldap/ldap/v3 v3.2.4/go.mod h1:iYS1MdmrmceOJ1QOTnRXrIs7i3kloqtmGQjRvjKpyMg=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9 h1:vEg9joUBmeBcK9iSJftGNf3coIG4HqZElCPehJsfAYM=
+golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=

modules/auth/ldapAuth/ldapAuth.go

@@ -0,0 +1,75 @@
+package ldapAuth
+
+import (
+	"crypto/tls"
+	"fmt"
+
+	ldap "github.com/go-ldap/ldap/v3"
+)
+
+type Ldapparam struct {
+	LDAPURL            string //LDAP Server IP or dns
+	LDAPSearchDN       string //有读取LDAP树权限的用户，格式：cn=xxx,ou=xxx,dc=xxx,dc=com
+	LDAPSearchPassword string
+	LDAPBaseDN         string //从哪个分支开始读
+	LDAPUid            string //sAMAccountName
+	TLS                bool   //是否启用加密
+}
+
+func ldapConn(lp Ldapparam) (l *ldap.Conn, err error) {
+	ldapUrl := "ldap://" + lp.LDAPURL + ":389"
+
+	l, err = ldap.DialURL(ldapUrl)
+	if nil != err {
+		return
+	}
+	if lp.TLS {
+		err = l.StartTLS(&tls.Config{InsecureSkipVerify: true})
+		if nil != err {
+			return
+		}
+	}
+	//bind
+	err = l.Bind(lp.LDAPSearchDN, lp.LDAPSearchPassword)
+	if nil != err {
+		return
+	}
+	return
+}
+
+//search usr
+func searchUsr(lp Ldapparam, userName string, l *ldap.Conn) (find bool, err error) {
+	find = false
+	searchRequest := ldap.NewSearchRequest(
+		lp.LDAPBaseDN, // The base dn to search
+		ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
+		fmt.Sprintf("(&(objectClass=organizationalPerson)(%s=%s))", lp.LDAPUid, userName),
+		//"(&(objectClass=organizationalPerson))", // The filter to apply
+		[]string{"dn"}, // A list attributes to retrieve
+		nil,
+	)
+	_, err = l.Search(searchRequest)
+	if nil != err {
+		return
+	}
+	find = true
+	return
+}
+
+func LdapAuth(userName string, pw string, lp Ldapparam) (bool, error) {
+	l, err := ldapConn(lp)
+	defer l.Close()
+	if nil != err {
+		return false, err
+	}
+	find := false
+	find, err = searchUsr(lp, userName, l)
+	if nil != err {
+		return false, err
+	}
+	err = l.Bind(userName, pw)
+	if nil != err {
+		return false, err
+	}
+	return find, err
+}

modules/auth/ldapAuth/ldapAuth_test.go

@@ -0,0 +1,23 @@
+package ldapAuth
+
+import (
+	"fmt"
+	"testing"
+)
+
+func TestLdapAuth(t *testing.T) {
+	lp := Ldapparam{
+		"192.168.1.1",
+		"cn=xxx,ou=xxx,dc=test,dc=com,dc=cn",
+		"sdfer",
+		"ou=xxx,dc=test,dc=com,dc=cn",
+		"sAMAccountName",
+		true,
+	}
+	t1, err := LdapAuth("test11", "Abc123456", lp)
+	if nil != err {
+		fmt.Printf("出错信息：%v, %s\n", t1, err)
+	} else {
+		fmt.Printf("认证通过否：%v, %s\n", t1, err)
+	}
+}