How to connect Ldap in Golang

The following tutorial column from golang will introduce to you how to connect Golang to Ldap. I hope it will be helpful to friends in need!

Today I will write about how Golang connects to ldap

Golang has some ldap packages, I use

go get -u "gopkg.in/ldap.v2"

My ldap environment:

rootdn: uid=admin,dc=wjq,dc=com password: openldap

dn: dc=wjq,dc=com
dc: wjq
objectClass: top
objectClass: domain

dn: ou=Group,dc=wjq,dc=com
ou: Group
objectClass: top
objectClass: organizationalUnit

dn: ou=People,dc=wjq,dc=com
ou: People
objectClass: top
objectClass: organizationalUnit

dn: uid=admin,dc=wjq,dc=com
uid: admin
objectClass: top
objectClass: account

A group and a user:

#组信息
dn: cn=test,ou=Group,dc=wjq,dc=com
gidNumber: 1003
cn: test
objectClass: posixGroup

#用户信息
dn: uid=test,ou=People,dc=wjq,dc=com
uidNumber: 1009
gidNumber: 1003
gecos: test
homeDirectory: /home/test
uid: test
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
shadowInactive: -1
shadowExpire: -1
shadowFlag: -1
objectClass: posixAccount
objectClass: shadowAccount
objectClass: account
cn: test
userPassword:: e1NTSEF9d053TWhYRTR4STJUUmpJWm5MTkF4VFlBTFhJdStaZ0Q=
shadowLastChange: 17858

golang processing steps are as follows:

1. ldap .Dail           #This step is the underlying connection

2. ldap.Bind                 #Similar to username and password authentication

3. Operations such as query, delete, add user

Step one: Dail

## Dail has two parameters network, address, return (*Conn, error)

network: refers to the network Protocol tcp, udp

address: It is the address to be connected to the bottom layer and needs to have a port number

con, err := ldap.Dial("tcp", "127.0.0.1:389")

Step 2: Authentication

Bind(rootdn, password) (error)

berror := conn.Bind("uid=admin,dc=wjq,dc=com", "openldap")

Step 3: Operation;

The operation is very unique, I think Maybe it is the characteristics of golang language, such as

query, ldap provides a query structure--ldap.NewSearchRequest, as long as we fill in the data and then call ldap.Search

Add, ldap Provide an added structure -- ldap.NewAddRequest, fill in the data, and then call ldap.Add

to delete, ldap provides a deletion structure -- ldap.NewDelRequest, and then call ldap.Del

User password modification, ldap provides a structure for modifying user passwords -- ldap.NewPasswordModifyRequest, and then calls ldap.PasswordModify

This is very unique, let’s take a look:

Query user group NewSearchRequest:

func NewSearchRequest(
    BaseDN string,
    Scope, DerefAliases, SizeLimit, TimeLimit int,
    TypesOnly bool,
    Filter string,
    Attributes []string,
    Controls []Control,
) *SearchRequest

BaseDN: According to my ldap environment, it should be ou=Group,dc=wjq,dc=com

scope: What I understand is the scope of the query. ldap is a directory tree. I General settings ldap.ScopeWholeSubtree

DerefAiases: Whether aliases (cn, ou) are discarded in search, settings: ldap.NeverDerefAliases

SizeLimit: Size settings, generally set to 0

TimeLimit: Time setting, usually set to 0

TypesOnly: Set to false (it seems to return a little more value)

Controls: It is a control that I have not used much, usually set to nil

I don’t understand these thoroughly, you can refer to: https://tools.ietf.org/html/rfc4511

The main two parameters in the query are Filter and Attributes

Filter Is the attribute value returned by the filter condition

Attributes

Create the SearchRequest structure:

srsql := ldap.NewSearchRequest("ou=Group,dc=wjq,dc=com",
                       ldap.ScopeWholeSubtree, 
                       ldap.NeverDerefAliases,
                       0,
                       0, 
                      false,
                     "(&(objectClass=posixGroup))", 
                     []string{"dn", "cn", "uid"}, 
 nil)

Filter: (&objectClass=posixGroup )) Find all groups and return the dn, cn, uid of each group

Filter test user group: (&(objectClass=posixGroup)(cn=test))

Filter user cn= test, or uid=test (of course baseDn is the user's): "(|(&(objectClass=posixAccount)(cn=test))(&(objectClass=posixAccount)(uid=test)))"

Execute Search and obtain the results (in cur.Entries):

cur, er := l.Search(srsql)
	if er != nil {
		log.Fatalln(er)
	}

if (len(cur.Entries) > 0){

	for _, item := range cur.Entries {

		cn := item.GetAttributeValue("cn")

		if cn == "" {
			cn = item.GetAttributeValue("uid")
		}

		fmt.Println(cn)

	}
}

The above are the steps of Search.

Let’s take a look at adding a user: NewAddRequest

Add

User: wujq

Password: 123456

Home directory: /home /wujq

The group it belongs to: test (id=1003)

1. First confirm the user dn I need to add: uid=wujq,ou=People,dc=wjq,dc=com

2. gidNumber is 1003

3. Because the uidNumber value is required, assume that I set it to 1010 (not used by the system)

The execution code is as follows:

sql := ldap.NewAddRequest("uid=wujq,ou=People,dc=wjq,dc=com")
sql.Attribute("uidNumber", []string{"1010"})
sql.Attribute("gidNumber", []string{"1003"})
sql.Attribute("userPassword", []string{"123456"})
sql.Attribute("homeDirectory", []string{"/home/wujq"})
sql.Attribute("cn", []string{"wujq"})
sql.Attribute("uid", []string{"wujq"})
sql.Attribute("objectClass", []string{"shadowAccount", "posixAccount", "account"})
er := ldapcon.Add(sql)

The above is the detailed content of How to connect Ldap in Golang. For more information, please follow other related articles on the PHP Chinese website!