try retrieving groups of user
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
@@ -30,7 +30,7 @@ Written by Nathan Coad (nathan.coad@dell.com)
|
||||
| BIND_IP | Specify the local IP address to bind to. | 127.0.0.1 | Primary IPv4 address |
|
||||
| BIND_PORT | Specify the TCP/IP port to bind to. | 443 | 8443 |
|
||||
| LDAP_BIND_ADDRESS | If LDAP integration is needed, specify the LDAP Bind address. Only LDAPS on port 636 is supported. Do not specify port 636 in the bind address | dc.example.com | No default specified |
|
||||
| LDAP_BASE_DN | If LDAP integration is needed, specify the base DN to use when binding to AD | "OU=Users,DC=example,DC=com" | No default specified |
|
||||
| LDAP_BASE_DN | If LDAP integration is needed, specify the base DN to use when binding to AD | "CN=Users,DC=example,DC=com" | No default specified |
|
||||
| LDAP_TRUST_CERT_FILE | If LDAP integration is needed, specify filepath to PEM format public certificate of Certificate Authority signing LDAPS communications | caroot.pem | No default specified, must define this value |
|
||||
| TLS_KEY_FILE | Specify the filename of the TLS certificate private key (must be unencrypted) in PEM format | key.pem | privkey.pem |
|
||||
| TLS_CERT_FILE | Specify the filename of the TLS certificate file in PEM format | cert.pem | cert.pem |
|
||||
|
||||
@@ -213,25 +213,34 @@ func VerifyLdapCreds(username string, password string) bool {
|
||||
log.Printf("VerifyLdapCreds successfully bound to LDAP\n")
|
||||
}
|
||||
|
||||
log.Printf("Attempting LDAP search request from base DN '%s'\n", LdapBaseDn)
|
||||
searchReq := ldap.NewSearchRequest(
|
||||
LdapBaseDn,
|
||||
ldap.ScopeWholeSubtree, // you can also use ldap.ScopeWholeSubtree
|
||||
ldap.NeverDerefAliases,
|
||||
0,
|
||||
0,
|
||||
false,
|
||||
"(objectClass=*)",
|
||||
[]string{},
|
||||
nil,
|
||||
)
|
||||
result, err := ldaps.Search(searchReq)
|
||||
/*
|
||||
log.Printf("Attempting LDAP search request from base DN '%s'\n", LdapBaseDn)
|
||||
searchReq := ldap.NewSearchRequest(
|
||||
LdapBaseDn,
|
||||
ldap.ScopeWholeSubtree, // you can also use ldap.ScopeWholeSubtree
|
||||
ldap.NeverDerefAliases,
|
||||
0,
|
||||
0,
|
||||
false,
|
||||
"(objectClass=*)",
|
||||
[]string{},
|
||||
nil,
|
||||
)
|
||||
result, err := ldaps.Search(searchReq)
|
||||
if err != nil {
|
||||
log.Printf("VerifyLdapCreds search error : '%s'\n", err)
|
||||
return false
|
||||
}
|
||||
|
||||
log.Printf("result: %v\n", result)
|
||||
*/
|
||||
|
||||
groups, err := GetGroupsOfUser(username, LdapBaseDn, ldaps)
|
||||
if err != nil {
|
||||
log.Printf("VerifyLdapCreds search error : '%s'\n", err)
|
||||
log.Printf("VerifyLdapCreds group search error : '%s'\n", err)
|
||||
return false
|
||||
}
|
||||
|
||||
log.Printf("result: %v\n", result)
|
||||
fmt.Printf("groups: %v\n", groups)
|
||||
|
||||
return true
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user