improve version string

.gitignore

@@ -1 +1,3 @@
-log.txt
+log.txt
+*.pem
+authcheck

go.mod

@@ -2,10 +2,10 @@ module go-authcheck
 
 go 1.19
 
-require github.com/korylprince/go-ad-auth/v3 v3.3.0
-
 require (
-	github.com/go-asn1-ber/asn1-ber v1.4.1 // indirect
-	github.com/go-ldap/ldap/v3 v3.1.7 // indirect
-	golang.org/x/text v0.3.2 // indirect
+	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect
+	github.com/go-asn1-ber/asn1-ber v1.5.4 // indirect
+	github.com/go-ldap/ldap/v3 v3.4.5 // indirect
+	golang.org/x/crypto v0.7.0 // indirect
+	golang.org/x/text v0.8.0 // indirect
 )

go.sum

@@ -1,10 +1,62 @@
+github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8=
+github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
+github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/go-asn1-ber/asn1-ber v1.3.1/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
 github.com/go-asn1-ber/asn1-ber v1.4.1 h1:qP/QDxOtmMoJVgXHCXNzDpA0+wkgYB2x5QoLMVOciyw=
 github.com/go-asn1-ber/asn1-ber v1.4.1/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
+github.com/go-asn1-ber/asn1-ber v1.5.4 h1:vXT6d/FNDiELJnLb6hGNa309LMsrCoYFvpwHDF0+Y1A=
+github.com/go-asn1-ber/asn1-ber v1.5.4/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
 github.com/go-ldap/ldap/v3 v3.1.7 h1:aHjuWTgZsnxjMgqzx0JHwNqz4jBYZTcNarbPFkW1Oww=
 github.com/go-ldap/ldap/v3 v3.1.7/go.mod h1:5Zun81jBTabRaI8lzN7E1JjyEl1g6zI6u9pd8luAK4Q=
+github.com/go-ldap/ldap/v3 v3.4.5 h1:ekEKmaDrpvR2yf5Nc/DClsGG9lAmdDixe44mLzlW5r8=
+github.com/go-ldap/ldap/v3 v3.4.5/go.mod h1:bMGIq3AGbytbaMwf8wdv5Phdxz0FWHTIYMSzyrYgnQs=
 github.com/korylprince/go-ad-auth/v3 v3.3.0 h1:iXuB+sCk4GniHnpUn0BAHH8rKeOLTKuYcBNvERa773Y=
 github.com/korylprince/go-ad-auth/v3 v3.3.0/go.mod h1:19M0geaOeNN489k1MO6GCqOCgbruYRQkHRBfhhUZAoE=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.7.0 h1:AvwMYaRytfdeVt3u6mLaxYtErKYjxA2OXjJ1HHq6t3A=
+golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

main.go

@@ -1,109 +1,268 @@
 package main
 
 import (
+	"crypto/tls"
 	"crypto/x509"
+	"encoding/json"
+	"encoding/pem"
 	"flag"
 	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
 
-	auth "github.com/korylprince/go-ad-auth/v3"
+	"github.com/go-ldap/ldap/v3"
 )
 
-const WSDCCertPem = `
------BEGIN CERTIFICATE-----
-MIIJZzCCCE+gAwIBAgIKYQTouAAAAAAABzANBgkqhkiG9w0BAQsFADCBpzELMAkG
-A1UEBhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MSQwIgYDVQQK
-ExtXZXN0cGFjIEJhbmtpbmcgQ29ycG9yYXRpb24xLzAtBgNVBAsTJkRpZ2l0YWwg
-Q2VydGlmaWNhdGVzIFNlY3VyaXR5IFNlcnZpY2VzMSIwIAYDVQQDExlXZXN0cGFj
-IFNIQTIgUm9vdCBDQSBXU0RDMB4XDTE1MTIwNDEyMjE1OFoXDTI1MTIwNDEyMzE1
-OFowgaYxCzAJBgNVBAYTAkFVMQwwCgYDVQQIEwNOU1cxDzANBgNVBAcTBlN5ZG5l
-eTEkMCIGA1UEChMbV2VzdHBhYyBCYW5raW5nIENvcnBvcmF0aW9uMS8wLQYDVQQL
-EyZEaWdpdGFsIENlcnRpZmljYXRlcyBTZWN1cml0eSBTZXJ2aWNlczEhMB8GA1UE
-AxMYV2VzdHBhYyBTSEEyIFNTTCBDQSBXU0RDMIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEApWhYg/T7gQK3ZGZeFO28eNM9qYyNt2g6BJzLn+QM539HO2fo
-7bPlp7fVvqD1QXINPQRpuG1CzqrACz3dOPeyRCZVC/oK3eQNRFXoxy4TEZjpjIC8
-/0TdWrrZGAairSQ1Rtv/GFP4TjidnmbgD+XPaDbVFNfo6j9K7jzi5Nc7IRSdtExQ
-g+Lbjx4eMC0aUHAvzFvtdjdBOS4oAqF6ndE+AGbLBB+kXCevym5o7cqDe9z7HGfW
-MFx9QmKzewxkef6gtEMABHYkGM+9308hKyepddGHbV5B5f+pd33sEnsWgwZGZjCK
-XbPge6AiW6Zuhy5vIgMzbTBcVwiH33PhCyWIgwIDAQABo4IFkjCCBY4wEAYJKwYB
-BAGCNxUBBAMCAQAwHQYDVR0OBBYEFF1+3xpWzgOE3hFspVuy354o3IBmMIICKgYD
-VR0gBIICITCCAh0wgcMGCysGAQQBnBOHaAIDMIGzMGQGCCsGAQUFBwICMFgeVgBX
-AGUAcwB0AHAAYQBjACAAQwBlAHIAdABpAGYAaQBjAGEAdABlACAAUAByAGEAYwB0
-AGkAYwBlACAAUwB0AGEAdABlAG0AZQBuAHQAIABXAFMARABDMEsGCCsGAQUFBwIB
-Fj9odHRwOi8vd2JjY2EucGtpMi5zcnYud2VzdHBhYy5jb20uYXUvV2VzdHBhY1Bv
-bGljeS9XQkNfQ1BTMi5wZGYwgaIGDCsGAQQBnBOHaAEBATCBkTBCBggrBgEFBQcC
-AjA2HjQAVwBlAHMAdABwAGEAYwAgAEkAVAAgAFMAZQBjAHUAcgBpAHQAeQAgAFAA
-bwBsAGkAYwB5MEsGCCsGAQUFBwIBFj9odHRwOi8vd2JjY2EucGtpMi5zcnYud2Vz
-dHBhYy5jb20uYXUvV2VzdHBhY1BvbGljeS9XQkNfSVRTUC5wZGYwga8GDCsGAQQB
-nBOHaAEBBDCBnjBQBggrBgEFBQcCAjBEHkIAVwBlAHMAdABwAGEAYwAgAEMAZQBy
-AHQAaQBmAGkAYwBhAHQAZQAgAFAAcgBvAGYAaQBsAGUAcwAgAFcAUwBEAEMwSgYI
-KwYBBQUHAgEWPmh0dHA6Ly93YmNjYS5wa2kyLnNydi53ZXN0cGFjLmNvbS5hdS9X
-ZXN0cGFjUG9saWN5L1dCQ19DUDIucGRmMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIA
-QwBBMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFJbX
-BR/dYnyLVCATnF30doMrvjuAMIIBawYDVR0fBIIBYjCCAV4wggFaoIIBVqCCAVKG
-cGh0dHA6Ly93YmNjYS5wa2kyLnNydi53ZXN0cGFjLmNvbS5hdS9DRFAvV2VzdHBh
-YyUyMFNIQTIlMjBSb290JTIwQ0ElMjBXU0RDL1dlc3RwYWMlMjBTSEEyJTIwUm9v
-dCUyMENBJTIwV1NEQy5jcmyGgd1sZGFwOi8vL0NOPVdlc3RwYWMlMjBTSEEyJTIw
-Um9vdCUyMENBJTIwV1NEQyxDTj1BVTIxMDZTUENBMDIwLENOPUNEUCxDTj1QdWJs
-aWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1Db25maWd1cmF0aW9u
-LERDPXdiY2F1LERDPVdlc3RwYWMsREM9Y29tLERDPWF1P2NlcnRpZmljYXRlUmV2
-b2NhdGlvbkxpc3Q/YmFzZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRpb25Qb2lu
-dDCCAWIGCCsGAQUFBwEBBIIBVDCCAVAwfAYIKwYBBQUHMAKGcGh0dHA6Ly93YmNj
-YS5wa2kyLnNydi53ZXN0cGFjLmNvbS5hdS9BSUEvV2VzdHBhYyUyMFNIQTIlMjBS
-b290JTIwQ0ElMjBXU0RDL1dlc3RwYWMlMjBTSEEyJTIwUm9vdCUyMENBJTIwV1NE
-Qy5jcnQwgc8GCCsGAQUFBzAChoHCbGRhcDovLy9DTj1XZXN0cGFjJTIwU0hBMiUy
-MFJvb3QlMjBDQSUyMFdTREMsQ049QUlBLENOPVB1YmxpYyUyMEtleSUyMFNlcnZp
-Y2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9d2JjYXUsREM9V2Vz
-dHBhYyxEQz1jb20sREM9YXU/Y0FDZXJ0aWZpY2F0ZT9iYXNlP29iamVjdENsYXNz
-PWNlcnRpZmljYXRpb25BdXRob3JpdHkwDQYJKoZIhvcNAQELBQADggEBAA97qWdS
-we3VgFAYCpolB1E3/k6oXRMlGRw7/DhEV9HC5af0X/aFclbBGqw9keinnrm4bnGD
-AftuJumE+d8Gcpqidlj7EwXbjJPVUbIc74OA4OEPI99/tjqGcGb9a2hsPHrnn8Ok
-LUccuf4f451lnZk1XDIzIQAkYS/pbZ9o8UV0/EOkUMvJL/wU47QYYqVZFu9qozUa
-BM5G+7fCEVZ51/hk8TAWy+fW6Tr1pKLR2kWROXJZ5DuNpQQ7qlebw6Ju5Nz2DrSb
-JVwrw4kzVvFqHRL13NTTyZCzVDLRaX3hGK7lRxhtwm4Lmh/eTNA01wSGl2UgY/gW
-lS3ZUQcHCLtUbTw=
------END CERTIFICATE-----
-`
+type Output struct {
+	Server      string
+	AuthSuccess bool
+	Error       string
+	CertLoaded  bool
+	Results     string
+	Groups      string
+	Version     string
+}
+
+// For build numbers, from https://blog.kowalczyk.info/article/vEja/embedding-build-number-in-go-executable.html
+var sha1ver string   // sha1 revision used to build the program
+var buildTime string // when the executable was built
+
+func GetFilePath(path string) string {
+	// Check for empty filename
+	if len(path) == 0 {
+		return ""
+	}
+
+	// check if filename exists
+	if _, err := os.Stat(path); os.IsNotExist((err)) {
+		fmt.Printf("File '%s' not found, searching in same directory as binary\n", path)
+		// if not, check that it exists in the same directory as the currently executing binary
+		ex, err2 := os.Executable()
+		if err2 != nil {
+			//log.Printf("Error determining binary path : '%s'", err)
+			return ""
+		}
+		binaryPath := filepath.Dir(ex)
+		path = filepath.Join(binaryPath, path)
+	}
+	return path
+}
+
+func isFlagPassed(name string) bool {
+	found := false
+	flag.Visit(func(f *flag.Flag) {
+		if f.Name == name {
+			found = true
+		}
+	})
+	return found
+}
+
+// GetGroupsOfUser returns the group for a user.
+// Taken from https://github.com/jtblin/go-ldap-client/issues/13#issuecomment-456090979
+func GetGroupsOfUser(username string, baseDN string, conn *ldap.Conn) ([]string, error) {
+	var samAccountName string
+	var groups []string
+
+	if strings.Contains(username, "@") {
+		s := strings.Split(username, "@")
+		samAccountName = s[0]
+	} else if strings.Contains(username, "\\") {
+		s := strings.Split(username, "\\")
+		samAccountName = s[len(s)-1]
+	} else {
+		samAccountName = username
+	}
+
+	// Get the users DN
+	// Search for the given username
+	searchRequest := ldap.NewSearchRequest(
+		baseDN,
+		ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
+		fmt.Sprintf("(CN=%s)", ldap.EscapeFilter(samAccountName)),
+		[]string{},
+		nil,
+	)
+
+	sr, err := conn.Search(searchRequest)
+	if err != nil {
+		return nil, err
+	}
+
+	if len(sr.Entries) != 1 {
+		return nil, fmt.Errorf("user '%s' does not exist", samAccountName)
+	} else {
+		// Get the groups of the first result
+		groups = sr.Entries[0].GetAttributeValues("memberOf")
+		/*
+			for _, entry := range sr.Entries {
+				entry.PrettyPrint(2)
+			}
+		*/
+	}
+
+	/*
+		userdn := sr.Entries[0].DN
+		fmt.Printf("userdn is '%s' from CN '%s'", userdn, samAccountName)
+
+		searchRequest = ldap.NewSearchRequest(
+			baseDN,
+			ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
+			fmt.Sprintf("(memberUid=%s)", userdn),
+			[]string{}, // can it be something else than "cn"?
+			nil,
+		)
+		sr, err = conn.Search(searchRequest)
+		if err != nil {
+			return nil, err
+		}
+
+		for _, entry := range sr.Entries {
+			fmt.Println(entry.GetAttributeValue("cn"))
+			groups = append(groups, entry.GetAttributeValue("cn"))
+		}
+	*/
+	return groups, nil
+}
+
+// Some good ideas at https://gist.github.com/tboerger/4840e1b5464fc26fbb165b168be23345
 
 func main() {
+	var output Output
+
 	// Process command line arguments
 	server := flag.String("server", "ldap.example.com", "LDAP server to bind to")
 	baseDN := flag.String("baseDN", "OU=Users,DC=example,DC=com", "Base DN to use when attempting to bind to AD")
 	username := flag.String("username", "user", "Username to use when attempting to bind to AD")
 	password := flag.String("password", "pass", "Password to use when attempting to bind to AD")
+	certFile := flag.String("cert-file", "rootca.pem", "Filename to load trusted certificate from")
 	flag.Parse()
 
+	output.Server = *server
+	output.Version = fmt.Sprintf("Built %s from %s", buildTime, sha1ver)
+
 	// Get a copy of the system defined CA's
 	system, err := x509.SystemCertPool()
 	if err != nil {
-		panic("failed to access system CA list")
+		output.AuthSuccess = false
+		output.Error = "failed to access system CA list"
+		b, _ := json.Marshal(output)
+		fmt.Println(string(b))
+		return
 	}
 
-	// Add custom certificate to the system cert pool
-	ok := system.AppendCertsFromPEM([]byte(WSDCCertPem))
-	if !ok {
-		panic("failed to parse WSDC intermediate certificate")
+	// only try to load certificate from file if the command line argument was specified
+	if isFlagPassed("cert-file") {
+		// Try to read the file
+		cf, err := os.ReadFile(GetFilePath(*certFile))
+		if err != nil {
+			output.AuthSuccess = false
+			output.Error = err.Error()
+			b, _ := json.Marshal(output)
+			fmt.Println(string(b))
+			return
+		}
+
+		// Get the certificate from the file
+		cpb, _ := pem.Decode(cf)
+		crt, err := x509.ParseCertificate(cpb.Bytes)
+		//fmt.Printf("Loaded certificate with subject %s\n", crt.Subject)
+
+		if err != nil {
+			output.AuthSuccess = false
+			output.Error = err.Error()
+			b, _ := json.Marshal(output)
+			fmt.Println(string(b))
+			return
+		}
+
+		// Add custom certificate to the system cert pool
+		system.AddCert(crt)
+		/*
+			ok := system.AppendCertsFromPEM(crt)
+			if !ok {
+				output.AuthSuccess = false
+				output.Error = "failed to parse WSDC intermediate certificate"
+				b, _ := json.Marshal(output)
+				fmt.Println(string(b))
+				return
+			}
+		*/
+		output.CertLoaded = true
 	}
 
-	config := &auth.Config{
-		Server:   *server,
-		Port:     636,
-		BaseDN:   *baseDN,
-		Security: auth.SecurityTLS,
-		RootCAs:  system,
-	}
-	fmt.Printf("Connecting to ldap server '%s' with DN '%s' on port 636\n", *server, *baseDN)
+	// Start trying to use ldap package
 
-	status, err := auth.Authenticate(config, *username, *password)
+	// Set up TLS to use our custom certificate authority passed in cli argument
+	tlsConfig := &tls.Config{
+		RootCAs: system,
+	}
+
+	// try connecting to AD via TLS and our custom certificate authority
+	ldaps, err := ldap.DialTLS("tcp", fmt.Sprintf("%s:636", *server), tlsConfig)
 
 	if err != nil {
-		//handle err
-		fmt.Println(err)
+		output.AuthSuccess = false
+		output.Error = fmt.Sprintf("Dial Error: %s", err)
+		b, _ := json.Marshal(output)
+		fmt.Println(string(b))
+		return
 	}
 
-	if !status {
-		//handle failed authentication
-		fmt.Println(err)
+	defer ldaps.Close()
+
+	// try to bind to AD
+	err = ldaps.Bind(*username, *password)
+	if err != nil {
+		output.AuthSuccess = false
+		output.Error = fmt.Sprintf("Bind Error: %s", err)
+		b, _ := json.Marshal(output)
+		fmt.Println(string(b))
+		return
 	}
 
-	fmt.Println("success")
+	searchReq := ldap.NewSearchRequest(
+		*baseDN,
+		ldap.ScopeBaseObject, // you can also use ldap.ScopeWholeSubtree
+		ldap.NeverDerefAliases,
+		0,
+		0,
+		false,
+		"(objectClass=*)",
+		[]string{},
+		nil,
+	)
+	result, err := ldaps.Search(searchReq)
+	if err != nil {
+		output.AuthSuccess = false
+		output.Error = fmt.Sprintf("Search Error: %s", err)
+		b, _ := json.Marshal(output)
+		fmt.Println(string(b))
+		return
+	}
+
+	if len(result.Entries) == 0 {
+		output.AuthSuccess = false
+		output.Error = "No search results"
+		b, _ := json.Marshal(output)
+		fmt.Println(string(b))
+		return
+	} else {
+		output.AuthSuccess = true
+		output.Results = fmt.Sprintf("Search result count: %d; %s", len(result.Entries), result.Entries[0].DN)
+
+		// Since we have a successful connection, try getting group membership
+		groups, err := GetGroupsOfUser(*username, *baseDN, ldaps)
+		if err != nil {
+			output.AuthSuccess = false
+			output.Results = fmt.Sprintf("Group search Error: %s", err)
+		} else {
+			output.Groups = strings.Join(groups[:], ";")
+		}
+
+		b, _ := json.Marshal(output)
+		fmt.Println(string(b))
+		return
+	}
 }