ghostream/auth/ldap/ldap.go

// Package ldap provides a LDAP authentification backend
package ldap

import (
	"github.com/go-ldap/ldap/v3"
	"log"
	"strings"
)

// Options holds package configuration
type Options struct {
	Aliases map[string]map[string]string
	URI     string
	UserDn  string
}

// LDAP authentification backend
type LDAP struct {
	Cfg  *Options
	Conn *ldap.Conn
}

// Login tries to bind to LDAP
// Returns (true, nil) if success
func (a LDAP) Login(username string, password string) (bool, string, error) {
	aliasSplit := strings.SplitN(username, "__", 2)
	potentialUsernames := []string{username}

	if len(aliasSplit) == 2 {
		alias := aliasSplit[0]
		trueUsername := aliasSplit[1]
		// Resolve stream alias if necessary
		if aliases, ok := a.Cfg.Aliases[alias]; ok {
			if _, ok := aliases[trueUsername]; ok {
				log.Printf("[LDAP] Use stream alias %s for username %s", alias, trueUsername)
				potentialUsernames = append(potentialUsernames, trueUsername)
			}
		}
	}

	var err error = nil
	for _, username := range potentialUsernames {
		// Try to bind as user
		bindDn := "cn=" + username + "," + a.Cfg.UserDn
		err = a.Conn.Bind(bindDn, password)
		if err == nil {
			// Login succeeded if no error
			return true, aliasSplit[0], nil
		}
	}

	// Unable to log in
	return err == nil, "", err
}

// Close LDAP connection
func (a LDAP) Close() {
	a.Conn.Close()
}

// New instanciates a new LDAP connection
func New(cfg *Options) (LDAP, error) {
	backend := LDAP{Cfg: cfg}

	// Connect to LDAP server
	c, err := ldap.DialURL(backend.Cfg.URI)
	backend.Conn = c
	return backend, err
}
Add package comments 2020-10-09 20:36:02 +00:00			`// Package ldap provides a LDAP authentification backend`
Restructure configuration 2020-09-22 09:42:57 +00:00			`package ldap`

LDAP authentification backend 2020-09-22 10:54:12 +00:00			`import (`
			`"github.com/go-ldap/ldap/v3"`
Add aliases auth support if the authentication method is LDAP 2020-12-06 12:36:24 +00:00			`"log"`
Match aliases as groups 2021-01-03 04:07:25 +00:00			`"strings"`
LDAP authentification backend 2020-09-22 10:54:12 +00:00			`)`

			`// Options holds package configuration`
Restructure configuration 2020-09-22 09:42:57 +00:00			`type Options struct {`
Match aliases as groups 2021-01-03 04:07:25 +00:00			`Aliases map[string]map[string]string`
Add aliases auth support if the authentication method is LDAP 2020-12-06 12:36:24 +00:00			`URI string`
			`UserDn string`
Restructure configuration 2020-09-22 09:42:57 +00:00			`}`
LDAP authentification backend 2020-09-22 10:54:12 +00:00
			`// LDAP authentification backend`
			`type LDAP struct {`
Use NewLDAP to instanciate LDAP backend 2020-09-22 12:16:52 +00:00			`Cfg *Options`
			`Conn *ldap.Conn`
LDAP authentification backend 2020-09-22 10:54:12 +00:00			`}`

			`// Login tries to bind to LDAP`
			`// Returns (true, nil) if success`
Replace the name of the stream if using an alias 2021-01-08 21:23:33 +00:00			`func (a LDAP) Login(username string, password string) (bool, string, error) {`
Match aliases as groups 2021-01-03 04:07:25 +00:00			`aliasSplit := strings.SplitN(username, "__", 2)`
			`potentialUsernames := []string{username}`

Replace the name of the stream if using an alias 2021-01-08 21:23:33 +00:00			`if len(aliasSplit) == 2 {`
Match aliases as groups 2021-01-03 04:07:25 +00:00			`alias := aliasSplit[0]`
			`trueUsername := aliasSplit[1]`
			`// Resolve stream alias if necessary`
			`if aliases, ok := a.Cfg.Aliases[alias]; ok {`
			`if _, ok := aliases[trueUsername]; ok {`
			`log.Printf("[LDAP] Use stream alias %s for username %s", alias, trueUsername)`
			`potentialUsernames = append(potentialUsernames, trueUsername)`
			`}`
			`}`
Add aliases auth support if the authentication method is LDAP 2020-12-06 12:36:24 +00:00			`}`

Match aliases as groups 2021-01-03 04:07:25 +00:00			`var err error = nil`
			`for _, username := range potentialUsernames {`
			`// Try to bind as user`
			`bindDn := "cn=" + username + "," + a.Cfg.UserDn`
			`err = a.Conn.Bind(bindDn, password)`
			`if err == nil {`
			`// Login succeeded if no error`
Replace the name of the stream if using an alias 2021-01-08 21:23:33 +00:00			`return true, aliasSplit[0], nil`
Match aliases as groups 2021-01-03 04:07:25 +00:00			`}`
			`}`
LDAP authentification backend 2020-09-22 10:54:12 +00:00
Match aliases as groups 2021-01-03 04:07:25 +00:00			`// Unable to log in`
Replace the name of the stream if using an alias 2021-01-08 21:23:33 +00:00			`return err == nil, "", err`
LDAP authentification backend 2020-09-22 10:54:12 +00:00			`}`
Use NewLDAP to instanciate LDAP backend 2020-09-22 12:16:52 +00:00
			`// Close LDAP connection`
			`func (a LDAP) Close() {`
			`a.Conn.Close()`
			`}`

Add basic and bypass auth methods 2020-09-22 14:39:06 +00:00			`// New instanciates a new LDAP connection`
			`func New(cfg *Options) (LDAP, error) {`
Use NewLDAP to instanciate LDAP backend 2020-09-22 12:16:52 +00:00			`backend := LDAP{Cfg: cfg}`

			`// Connect to LDAP server`
			`c, err := ldap.DialURL(backend.Cfg.URI)`
			`backend.Conn = c`
			`return backend, err`
			`}`