Home >Backend Development >Golang >How to connect Ldap in Golang
The following tutorial column from golang will introduce to you how to connect Golang to Ldap. I hope it will be helpful to friends in need!
Today I will write about how Golang connects to ldap
Golang has some ldap packages, I use
go get -u "gopkg.in/ldap.v2"
My ldap environment:
rootdn: uid=admin,dc=wjq,dc=com password: openldap
dn: dc=wjq,dc=com dc: wjq objectClass: top objectClass: domain dn: ou=Group,dc=wjq,dc=com ou: Group objectClass: top objectClass: organizationalUnit dn: ou=People,dc=wjq,dc=com ou: People objectClass: top objectClass: organizationalUnit dn: uid=admin,dc=wjq,dc=com uid: admin objectClass: top objectClass: account
A group and a user:
#组信息 dn: cn=test,ou=Group,dc=wjq,dc=com gidNumber: 1003 cn: test objectClass: posixGroup #用户信息 dn: uid=test,ou=People,dc=wjq,dc=com uidNumber: 1009 gidNumber: 1003 gecos: test homeDirectory: /home/test uid: test shadowMin: 0 shadowMax: 99999 shadowWarning: 7 loginShell: /bin/bash shadowInactive: -1 shadowExpire: -1 shadowFlag: -1 objectClass: posixAccount objectClass: shadowAccount objectClass: account cn: test userPassword:: e1NTSEF9d053TWhYRTR4STJUUmpJWm5MTkF4VFlBTFhJdStaZ0Q= shadowLastChange: 17858
golang processing steps are as follows:
1. ldap .Dail #This step is the underlying connection
2. ldap.Bind #Similar to username and password authentication
3. Operations such as query, delete, add user
Step one: Dail
## Dail has two parameters network, address, return (*Conn, error) network: refers to the network Protocol tcp, udp address: It is the address to be connected to the bottom layer and needs to have a port numbercon, err := ldap.Dial("tcp", "127.0.0.1:389")
Step 2: Authentication
Bind(rootdn, password) (error)berror := conn.Bind("uid=admin,dc=wjq,dc=com", "openldap")
Step 3: Operation;
The operation is very unique, I think Maybe it is the characteristics of golang language, such as query, ldap provides a query structure--ldap.NewSearchRequest, as long as we fill in the data and then call ldap.Search Add, ldap Provide an added structure -- ldap.NewAddRequest, fill in the data, and then call ldap.Add to delete, ldap provides a deletion structure -- ldap.NewDelRequest, and then call ldap.Del User password modification, ldap provides a structure for modifying user passwords -- ldap.NewPasswordModifyRequest, and then calls ldap.PasswordModify This is very unique, let’s take a look: Query user group NewSearchRequest:func NewSearchRequest( BaseDN string, Scope, DerefAliases, SizeLimit, TimeLimit int, TypesOnly bool, Filter string, Attributes []string, Controls []Control, ) *SearchRequestBaseDN: According to my ldap environment, it should be ou=Group,dc=wjq,dc=comscope: What I understand is the scope of the query. ldap is a directory tree. I General settings ldap.ScopeWholeSubtree DerefAiases: Whether aliases (cn, ou) are discarded in search, settings: ldap.NeverDerefAliasesSizeLimit: Size settings, generally set to 0TimeLimit: Time setting, usually set to 0TypesOnly: Set to false (it seems to return a little more value)Controls: It is a control that I have not used much, usually set to nilI don’t understand these thoroughly, you can refer to: https://tools.ietf.org/html/rfc4511The main two parameters in the query are Filter and AttributesFilter Is the attribute value returned by the filter condition Attributes
Create the SearchRequest structure:
srsql := ldap.NewSearchRequest("ou=Group,dc=wjq,dc=com", ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, "(&(objectClass=posixGroup))", []string{"dn", "cn", "uid"}, nil)Filter: (&objectClass=posixGroup )) Find all groups and return the dn, cn, uid of each groupFilter test user group: (&(objectClass=posixGroup)(cn=test)) Filter user cn= test, or uid=test (of course baseDn is the user's): "(|(&(objectClass=posixAccount)(cn=test))(&(objectClass=posixAccount)(uid=test)))"
Execute Search and obtain the results (in cur.Entries):
cur, er := l.Search(srsql) if er != nil { log.Fatalln(er) } if (len(cur.Entries) > 0){ for _, item := range cur.Entries { cn := item.GetAttributeValue("cn") if cn == "" { cn = item.GetAttributeValue("uid") } fmt.Println(cn) } }The above are the steps of Search. Let’s take a look at adding a user: NewAddRequestAdd User: wujq Password: 123456 Home directory: /home /wujq The group it belongs to: test (id=1003)1. First confirm the user dn I need to add: uid=wujq,ou=People,dc=wjq,dc=com 2. gidNumber is 10033. Because the uidNumber value is required, assume that I set it to 1010 (not used by the system)The execution code is as follows:
sql := ldap.NewAddRequest("uid=wujq,ou=People,dc=wjq,dc=com") sql.Attribute("uidNumber", []string{"1010"}) sql.Attribute("gidNumber", []string{"1003"}) sql.Attribute("userPassword", []string{"123456"}) sql.Attribute("homeDirectory", []string{"/home/wujq"}) sql.Attribute("cn", []string{"wujq"}) sql.Attribute("uid", []string{"wujq"}) sql.Attribute("objectClass", []string{"shadowAccount", "posixAccount", "account"}) er := ldapcon.Add(sql)
The above is the detailed content of How to connect Ldap in Golang. For more information, please follow other related articles on the PHP Chinese website!