closed-social
/
gitea
3
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1140 Commits
2 Branches
178 MiB
Tree: a0318db2f9
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'a0318db2f9'
${ noResults }
gitea/modules/auth/ldap/ldap.go

96 lines
2.9 KiB
Raw Normal View History

initial support for LDAP authentication/MSAD
10 years ago
ldap support
10 years ago
initial support for LDAP authentication/MSAD
10 years ago
ldap support
10 years ago
initial support for LDAP authentication/MSAD
10 years ago
Add LDAP over SSL support
10 years ago
initial support for LDAP authentication/MSAD
10 years ago
ldap support
10 years ago
initial support for LDAP authentication/MSAD
10 years ago
Add LDAP over SSL support
10 years ago
initial support for LDAP authentication/MSAD
10 years ago
merge all login methods
10 years ago
initial support for LDAP authentication/MSAD
10 years ago
merge all login methods
10 years ago
Add LDAP over SSL support
10 years ago
initial support for LDAP authentication/MSAD
10 years ago
implicated error for ldap dial
10 years ago
initial support for LDAP authentication/MSAD
10 years ago
Add LDAP over SSL support
10 years ago
 
  1. // Copyright github.com/juju2013. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. // package ldap provide functions & structure to query a LDAP ldap directory

  6. // For now, it's mainly tested again an MS Active Directory service, see README.md for more information

  7. package ldap
  8. 

  9. import (
  10. 	"fmt"
  11. 

  12. 	"github.com/gogits/gogs/modules/log"
  13. 	goldap "github.com/juju2013/goldap"
  14. )
  15. 

  16. // Basic LDAP authentication service

  17. type Ldapsource struct {
  18. 	Name         string // canonical name (ie. corporate.ad)

  19. 	Host         string // LDAP host

  20. 	Port         int    // port number

  21. 	UseSSL       bool   // Use SSL

  22. 	BaseDN       string // Base DN

  23. 	Attributes   string // Attribut to search

  24. 	Filter       string // Query filter to validate entry

  25. 	MsAdSAFormat string // in the case of MS AD Simple Authen, the format to use (see: http://msdn.microsoft.com/en-us/library/cc223499.aspx)

  26. 	Enabled      bool   // if this source is disabled

  27. }
  28. 

  29. //Global LDAP directory pool

  30. var (
  31. 	Authensource []Ldapsource
  32. )
  33. 

  34. // Add a new source (LDAP directory) to the global pool

  35. func AddSource(name string, host string, port int, usessl bool, basedn string, attributes string, filter string, msadsaformat string) {
  36. 	ldaphost := Ldapsource{name, host, port, usessl, basedn, attributes, filter, msadsaformat, true}
  37. 	Authensource = append(Authensource, ldaphost)
  38. }
  39. 

  40. //LoginUser : try to login an user to LDAP sources, return requested (attribut,true) if ok, ("",false) other wise

  41. //First match wins

  42. //Returns first attribute if exists

  43. func LoginUser(name, passwd string) (a string, r bool) {
  44. 	r = false
  45. 	for _, ls := range Authensource {
  46. 		a, r = ls.SearchEntry(name, passwd)
  47. 		if r {
  48. 			return
  49. 		}
  50. 	}
  51. 	return
  52. }
  53. 

  54. // searchEntry : search an LDAP source if an entry (name, passwd) is valide and in the specific filter

  55. func (ls Ldapsource) SearchEntry(name, passwd string) (string, bool) {
  56. 	l, err := ldapDial(ls)
  57. 	if err != nil {
  58. 		log.Error("LDAP Connect error, %s:%v", ls.Host, err)
  59. 		ls.Enabled = false
  60. 		return "", false
  61. 	}
  62. 	defer l.Close()
  63. 

  64. 	nx := fmt.Sprintf(ls.MsAdSAFormat, name)
  65. 	err = l.Bind(nx, passwd)
  66. 	if err != nil {
  67. 		log.Debug("LDAP Authan failed for %s, reason: %s", nx, err.Error())
  68. 		return "", false
  69. 	}
  70. 

  71. 	search := goldap.NewSearchRequest(
  72. 		ls.BaseDN,
  73. 		goldap.ScopeWholeSubtree, goldap.NeverDerefAliases, 0, 0, false,
  74. 		fmt.Sprintf(ls.Filter, name),
  75. 		[]string{ls.Attributes},
  76. 		nil)
  77. 	sr, err := l.Search(search)
  78. 	if err != nil {
  79. 		log.Debug("LDAP Authen OK but not in filter %s", name)
  80. 		return "", false
  81. 	}
  82. 	log.Debug("LDAP Authen OK: %s", name)
  83. 	if len(sr.Entries) > 0 {
  84. 		r := sr.Entries[0].GetAttributeValue(ls.Attributes)
  85. 		return r, true
  86. 	}
  87. 	return "", true
  88. }
  89. 

  90. func ldapDial(ls Ldapsource) (*goldap.Conn, error) {
  91. 	if ls.UseSSL {
  92. 		return goldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), nil)
  93. 	} else {
  94. 		return goldap.Dial("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port))
  95. 	}
  96. }