我正在尝试使用golang将用户连接并验证为ldap。
我正在使用go-ldap-client以及以下示例代码:
package main
import (
"log"
"github.com/jtblin/go-ldap-client"
)
func main() {
client := &ldap.LDAPClient{
Base: "dc=example,dc=com",
Host: "ldap.example.com",
Port: 389,
UseSSL: false,
BindDN: "uid=readonlysuer,ou=People,dc=example,dc=com",
BindPassword: "readonlypassword",
UserFilter: "(uid=%s)",
GroupFilter: "(memberUid=%s)",
Attributes: []string{"givenName", "sn", "mail", "uid"},
}
# It is the responsibility of the caller to close the connection
defer client.Close()
ok, user, err := client.Authenticate("username", "password")
if err != nil {
log.Fatalf("Error authenticating user %s: %+v", "username", err)
}
if !ok {
log.Fatalf("Authenticating failed for user %s", "username")
}
log.Printf("User: %+v", user)
groups, err := client.GetGroupsOfUser("username")
if err != nil {
log.Fatalf("Error getting groups for user %s: %+v", "username", err)
}
log.Printf("Groups: %+v", groups)
}
安装了对gopkg.in/ldap.v2的依赖性。
问题是我收到以下错误:
2016/01/15 17:34:55 Error authenticating user username: LDAP Result Code 2 "Protocol Error": ldap: cannot StartTLS (unsupported extended operation)
exit status 1
有关此错误的任何提示?
答案 0 :(得分:11)
好的,让我们尝试使用github.com/go-ldap/ldap
进行身份验证。首先,您需要创建一个*ldap.Conn
。如果您的LDAP服务器支持,我建议使用TLS:
// TLS, for testing purposes disable certificate verification, check https://golang.org/pkg/crypto/tls/#Config for further information.
tlsConfig := &tls.Config{InsecureSkipVerify: true}
l, err := ldap.DialTLS("tcp", "ldap.example.com:636", tlsConfig)
// No TLS, not recommended
l, err := ldap.Dial("tcp", "ldap.example.com:389")
现在您应该与LDAP服务器建立活动连接。使用此连接,您必须执行绑定:
err := l.Bind("user@test.com", "password")
if err != nil {
// error in ldap bind
log.Println(err)
}
// successful bind
答案 1 :(得分:0)
package main
import (
"fmt"
"github.com/shaj13/go-guardian/auth/strategies/ldap"
"net/http"
)
func main() {
cfg := ldap.Config{
BaseDN: "dc=example,dc=com",
BindDN: "cn=read-only-admin,dc=example,dc=com",
Port: "389",
Host: "ldap.forumsys.com",
BindPassword: "password",
Filter: "(uid=%s)",
}
r, _ := http.NewRequest("GET", "/", nil)
r.SetBasicAuth("tesla", "password")
user, err := ldap.New(&cfg).Authenticate(r.Context(), r)
fmt.Println(user, err)
}
答案 2 :(得分:0)
问题在于,默认情况下,上述LDAP客户端中未设置“ SkipTLS”标志。您需要将参数显式设置为false:
client := &ldap.LDAPClient{
Base: "dc=example,dc=com",
Host: "ldap.example.com",
Port: 389,
UseSSL: false,
BindDN: "uid=readonlysuer,ou=People,dc=example,dc=com",
BindPassword: "readonlypassword",
UserFilter: "(uid=%s)",
GroupFilter: "(memberUid=%s)",
SkipTLS: true,
Attributes: []string{"givenName", "sn", "mail", "uid"},
}
我将SkipTLS设置为true,并且可以正常工作。 希望这会有所帮助!
答案 3 :(得分:-1)
在一行中我们可以说..
conn,err:= ldap.DialTLS(“tcp”,ldapServer,& tls.Config {InsecureSkipVerify:true})