closed-social
/
gitea
3
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1002 Commits
2 Branches
178 MiB
Tree: 31fd45ba02
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '31fd45ba02'
${ noResults }
gitea/modules/auth/ldap/ldap.go

87 lines
2.7 KiB
Raw Normal View History

initial support for LDAP authentication/MSAD
10 years ago
ldap support
10 years ago
initial support for LDAP authentication/MSAD
10 years ago
ldap support
10 years ago
initial support for LDAP authentication/MSAD
10 years ago
ldap support
10 years ago
initial support for LDAP authentication/MSAD
10 years ago
ldap support
10 years ago
initial support for LDAP authentication/MSAD
10 years ago
ldap support
10 years ago
initial support for LDAP authentication/MSAD
10 years ago
 
  1. // Copyright github.com/juju2013. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. // package ldap provide functions & structure to query a LDAP ldap directory

  6. // For now, it's mainly tested again an MS Active Directory service, see README.md for more information

  7. package ldap
  8. 

  9. import (
  10. 	"fmt"
  11. 

  12. 	"github.com/gogits/gogs/modules/log"
  13. 	goldap "github.com/juju2013/goldap"
  14. )
  15. 

  16. // Basic LDAP authentication service

  17. type Ldapsource struct {
  18. 	Name         string // canonical name (ie. corporate.ad)

  19. 	Host         string // LDAP host

  20. 	Port         int    // port number

  21. 	BaseDN       string // Base DN

  22. 	Attributes   string // Attribut to search

  23. 	Filter       string // Query filter to validate entry

  24. 	MsAdSAFormat string // in the case of MS AD Simple Authen, the format to use (see: http://msdn.microsoft.com/en-us/library/cc223499.aspx)

  25. 	Enabled      bool   // if this source is disabled

  26. }
  27. 

  28. //Global LDAP directory pool

  29. var (
  30. 	Authensource []Ldapsource
  31. )
  32. 

  33. // Add a new source (LDAP directory) to the global pool

  34. func AddSource(name string, host string, port int, basedn string, attributes string, filter string, msadsaformat string) {
  35. 	ldaphost := Ldapsource{name, host, port, basedn, attributes, filter, msadsaformat, true}
  36. 	Authensource = append(Authensource, ldaphost)
  37. }
  38. 

  39. //LoginUser : try to login an user to LDAP sources, return requested (attribut,true) if ok, ("",false) other wise

  40. //First match wins

  41. //Returns first attribute if exists

  42. func LoginUser(name, passwd string) (a string, r bool) {
  43. 	r = false
  44. 	for _, ls := range Authensource {
  45. 		a, r = ls.searchEntry(name, passwd)
  46. 		if r {
  47. 			return
  48. 		}
  49. 	}
  50. 	return
  51. }
  52. 

  53. // searchEntry : search an LDAP source if an entry (name, passwd) is valide and in the specific filter

  54. func (ls Ldapsource) searchEntry(name, passwd string) (string, bool) {
  55. 	l, err := goldap.Dial("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port))
  56. 	if err != nil {
  57. 		log.Debug("LDAP Connect error, disabled source %s", ls.Host)
  58. 		ls.Enabled = false
  59. 		return "", false
  60. 	}
  61. 	defer l.Close()
  62. 

  63. 	nx := fmt.Sprintf(ls.MsAdSAFormat, name)
  64. 	err = l.Bind(nx, passwd)
  65. 	if err != nil {
  66. 		log.Debug("LDAP Authan failed for %s, reason: %s", nx, err.Error())
  67. 		return "", false
  68. 	}
  69. 

  70. 	search := goldap.NewSearchRequest(
  71. 		ls.BaseDN,
  72. 		goldap.ScopeWholeSubtree, goldap.NeverDerefAliases, 0, 0, false,
  73. 		fmt.Sprintf(ls.Filter, name),
  74. 		[]string{ls.Attributes},
  75. 		nil)
  76. 	sr, err := l.Search(search)
  77. 	if err != nil {
  78. 		log.Debug("LDAP Authen OK but not in filter %s", name)
  79. 		return "", false
  80. 	}
  81. 	log.Debug("LDAP Authen OK: %s", name)
  82. 	if len(sr.Entries) > 0 {
  83. 		r := sr.Entries[0].GetAttributeValue(ls.Attributes)
  84. 		return r, true
  85. 	}
  86. 	return "", true
  87. }