使用 go-ldap/ldap 实现 LDAP 的基本操作,包括查询、添加、修改、删除等。
go get gopkg.in/ldap.v3
连接
import "gopkg.in/ldap.v3"
// l, err := ldap.DialTLS("tcp", "ldap.example.com:636", &tls.Config{InsecureSkipVerify: true})
l, err := ldap.DialTLS("tcp", "ldap.example.com:389", nil)
if err != nil {
log.Fatal(err)
}
defer l.Close()
搜索
searchRequest := ldap.NewSearchRequest(
"dc=example,dc=com",
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
"(&(objectClass=organizationalUnit))",
[]string{"ou", "description"},
nil,
)
package main
import (
"crypto/tls"
"fmt"
"gopkg.in/ldap.v3"
)
func authenticateUser(username string, password string) error {
// 连接到 LDAP 服务器
l, err := ldap.DialTLS("tcp", "ldap.example.com:636", &tls.Config{InsecureSkipVerify: true})
if err != nil {
return fmt.Errorf("Failed to connect to LDAP server: %s", err)
}
defer l.Close()
// 构建 LDAP 搜索过滤器
filter := fmt.Sprintf("(sAMAccountName=%s)", username)
searchRequest := ldap.NewSearchRequest(
"dc=example,dc=com", // Base DN
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
filter, // Filter
[]string{"dn"}, // Attributes to retrieve
nil,
)
// 搜索 LDAP 目录
sr, err := l.Search(searchRequest)
if err != nil {
return fmt.Errorf("LDAP search failed: %s", err)
}
if len(sr.Entries) != 1 {
return fmt.Errorf("User does not exist or too many entries returned")
}
userDN := sr.Entries[0].DN
// 绑定到 LDAP 目录并验证密码
err = l.Bind(userDN, password)
if err != nil {
return fmt.Errorf("LDAP authentication failed: %s", err)
}
// 身份验证成功
return nil
}
func main() {
// 示例使用
err := authenticateUser("testuser", "testpassword")
if err != nil {
fmt.Printf("Authentication failed: %s\n", err)
} else {
fmt.Println("Authentication successful")
}
}
新增
addRequest := ldap.NewAddRequest("cn=admin,dc=example,dc=com")
addRequest.Attribute("objectClass", []string{"top", "person", "organizationalPerson", "inetOrgPerson"})
addRequest.Attribute("cn", "admin")
addRequest.Attribute("sn", "admin")
addRequest.Attribute("userPassword", "admin")
addRequest.Attribute("description", "LDAP administrator")
修改
modifyRequest := ldap.NewModifyRequest("cn=admin,dc=example,dc=com")
modifyRequest.Replace("description", []string{"LDAP administrator"})
删除
deleteRequest := ldap.NewDelRequest("cn=admin,dc=example,dc=com")