mirror of
https://github.com/steveiliop56/tinyauth.git
synced 2025-10-30 21:55:43 +00:00
feat: add ldap support (#232)
* feat: add ldap support * feat: add insecure option for self-signed certificates * fix: recognize ldap as a username provider * test: fix tests * feat: add configurable search filter * fix: fix error message in ldap search result * refactor: bot suggestions
This commit is contained in:
Stavros
77
internal/ldap/ldap.go
Normal file
77
internal/ldap/ldap.go
Normal file
@@ -0,0 +1,77 @@
|
||||
package ldap
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"fmt"
|
||||
"tinyauth/internal/types"
|
||||
|
||||
ldapgo "github.com/go-ldap/ldap/v3"
|
||||
)
|
||||
|
||||
type LDAP struct {
|
||||
Config types.LdapConfig
|
||||
Conn *ldapgo.Conn
|
||||
BaseDN string
|
||||
}
|
||||
|
||||
func NewLDAP(config types.LdapConfig) (*LDAP, error) {
|
||||
// Connect to the LDAP server
|
||||
conn, err := ldapgo.DialURL(config.Address, ldapgo.DialWithTLSConfig(&tls.Config{
|
||||
InsecureSkipVerify: config.Insecure,
|
||||
MinVersion: tls.VersionTLS12,
|
||||
}))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// Bind to the LDAP server with the provided credentials
|
||||
err = conn.Bind(config.BindDN, config.BindPassword)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return &LDAP{
|
||||
Config: config,
|
||||
Conn: conn,
|
||||
BaseDN: config.BaseDN,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (l *LDAP) Search(username string) (string, error) {
|
||||
// Escape the username to prevent LDAP injection
|
||||
escapedUsername := ldapgo.EscapeFilter(username)
|
||||
filter := fmt.Sprintf(l.Config.SearchFilter, escapedUsername)
|
||||
|
||||
// Create a search request to find the user by username
|
||||
searchRequest := ldapgo.NewSearchRequest(
|
||||
l.BaseDN,
|
||||
ldapgo.ScopeWholeSubtree, ldapgo.NeverDerefAliases, 0, 0, false,
|
||||
filter,
|
||||
[]string{"dn"},
|
||||
nil,
|
||||
)
|
||||
|
||||
// Perform the search
|
||||
searchResult, err := l.Conn.Search(searchRequest)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
if len(searchResult.Entries) != 1 {
|
||||
return "", fmt.Errorf("err multiple or no entries found for user %s", username)
|
||||
}
|
||||
|
||||
// User found, return the distinguished name (DN)
|
||||
userDN := searchResult.Entries[0].DN
|
||||
|
||||
return userDN, nil
|
||||
}
|
||||
|
||||
func (l *LDAP) Bind(userDN string, password string) error {
|
||||
// Bind to the LDAP server with the user's DN and password
|
||||
err := l.Conn.Bind(userDN, password)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
Reference in New Issue
Block a user