test using base ldap package
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
102
main.go
102
main.go
@@ -1,6 +1,7 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"crypto/x509"
|
||||
"encoding/json"
|
||||
"encoding/pem"
|
||||
@@ -9,7 +10,7 @@ import (
|
||||
"os"
|
||||
"path/filepath"
|
||||
|
||||
auth "github.com/korylprince/go-ad-auth/v3"
|
||||
"github.com/go-ldap/ldap/v3"
|
||||
)
|
||||
|
||||
type Output struct {
|
||||
@@ -112,34 +113,91 @@ func main() {
|
||||
output.CertLoaded = true
|
||||
}
|
||||
|
||||
config := &auth.Config{
|
||||
Server: *server,
|
||||
Port: 636,
|
||||
BaseDN: *baseDN,
|
||||
Security: auth.SecurityTLS,
|
||||
RootCAs: system,
|
||||
}
|
||||
//fmt.Printf("Connecting to ldap server '%s' with DN '%s' on port 636\n", *server, *baseDN)
|
||||
// Start trying to use ldap package
|
||||
|
||||
status, err := auth.Authenticate(config, *username, *password)
|
||||
// Set up TLS to use our custom certificate authority passed in cli argument
|
||||
tlsConfig := &tls.Config{
|
||||
RootCAs: system,
|
||||
}
|
||||
|
||||
// try connecting to AD via TLS and our custom certificate authority
|
||||
ldaps, err := ldap.DialTLS("tcp", fmt.Sprintf("%s:636", *server), tlsConfig)
|
||||
|
||||
if err != nil {
|
||||
//handle err
|
||||
//fmt.Println("Error : %s", err)
|
||||
output.Error = err.Error()
|
||||
output.AuthSuccess = false
|
||||
output.Error = fmt.Sprintf("Dial Error: %s", err)
|
||||
b, _ := json.Marshal(output)
|
||||
fmt.Println(string(b))
|
||||
return
|
||||
}
|
||||
|
||||
output.AuthSuccess = status
|
||||
defer ldaps.Close()
|
||||
|
||||
// try to bind to AD
|
||||
err = ldaps.Bind(*username, *password)
|
||||
if err != nil {
|
||||
output.AuthSuccess = false
|
||||
output.Error = fmt.Sprintf("Bind Error: %s", err)
|
||||
b, _ := json.Marshal(output)
|
||||
fmt.Println(string(b))
|
||||
return
|
||||
}
|
||||
|
||||
searchReq := ldap.NewSearchRequest(
|
||||
*baseDN,
|
||||
ldap.ScopeBaseObject, // you can also use ldap.ScopeWholeSubtree
|
||||
ldap.NeverDerefAliases,
|
||||
0,
|
||||
0,
|
||||
false,
|
||||
"(objectClass=*)",
|
||||
[]string{},
|
||||
nil,
|
||||
)
|
||||
result, err := ldaps.Search(searchReq)
|
||||
if err != nil {
|
||||
output.AuthSuccess = false
|
||||
output.Error = fmt.Sprintf("Search Error: %s", err)
|
||||
b, _ := json.Marshal(output)
|
||||
fmt.Println(string(b))
|
||||
return
|
||||
}
|
||||
|
||||
if len(result.Entries) == 0 {
|
||||
output.AuthSuccess = false
|
||||
output.Error = "No search results"
|
||||
b, _ := json.Marshal(output)
|
||||
fmt.Println(string(b))
|
||||
return
|
||||
} else {
|
||||
output.AuthSuccess = true
|
||||
b, _ := json.Marshal(output)
|
||||
fmt.Println(string(b))
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
if !status {
|
||||
//handle failed authentication
|
||||
fmt.Println("Authentication failed")
|
||||
} else {
|
||||
fmt.Println("success")
|
||||
config := &auth.Config{
|
||||
Server: *server,
|
||||
Port: 636,
|
||||
BaseDN: *baseDN,
|
||||
Security: auth.SecurityTLS,
|
||||
RootCAs: system,
|
||||
}
|
||||
*/
|
||||
|
||||
b, _ := json.Marshal(output)
|
||||
fmt.Println(string(b))
|
||||
//fmt.Printf("Connecting to ldap server '%s' with DN '%s' on port 636\n", *server, *baseDN)
|
||||
|
||||
status, err := auth.Authenticate(config, *username, *password)
|
||||
|
||||
if err != nil {
|
||||
//handle err
|
||||
//fmt.Println("Error : %s", err)
|
||||
output.Error = err.Error()
|
||||
}
|
||||
|
||||
output.AuthSuccess = status
|
||||
|
||||
b, _ := json.Marshal(output)
|
||||
fmt.Println(string(b))
|
||||
*/
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user