closed-social
/
gitea
3
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1535 Commits
2 Branches
178 MiB
Tree: c1ceec45da
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'c1ceec45da'
${ noResults }
gitea/modules/auth/ldap/ldap.go

96 lines
2.9 KiB
Raw Normal View History

initial support for LDAP authentication/MSAD
10 years ago
ldap support
10 years ago
Remove ldap dep
10 years ago
initial support for LDAP authentication/MSAD
10 years ago
ldap support
10 years ago
initial support for LDAP authentication/MSAD
10 years ago
Add LDAP over SSL support
10 years ago
initial support for LDAP authentication/MSAD
10 years ago
ldap support
10 years ago
initial support for LDAP authentication/MSAD
10 years ago
Add LDAP over SSL support
10 years ago
initial support for LDAP authentication/MSAD
10 years ago
merge all login methods
10 years ago
initial support for LDAP authentication/MSAD
10 years ago
merge all login methods
10 years ago
Add LDAP over SSL support
10 years ago
initial support for LDAP authentication/MSAD
10 years ago
New UI merge in progress
10 years ago
initial support for LDAP authentication/MSAD
10 years ago
Remove ldap dep
10 years ago
initial support for LDAP authentication/MSAD
10 years ago
Remove ldap dep
10 years ago
initial support for LDAP authentication/MSAD
10 years ago
Add LDAP over SSL support
10 years ago
Remove ldap dep
10 years ago
Add LDAP over SSL support
10 years ago
Remove ldap dep
10 years ago
Add LDAP over SSL support
10 years ago
Remove ldap dep
10 years ago
Add LDAP over SSL support
10 years ago
 
  1. // Copyright github.com/juju2013. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. // package ldap provide functions & structure to query a LDAP ldap directory

  6. // For now, it's mainly tested again an MS Active Directory service, see README.md for more information

  7. package ldap
  8. 

  9. import (
  10. 	"fmt"
  11. 

  12. 	"github.com/gogits/gogs/modules/ldap"
  13. 	"github.com/gogits/gogs/modules/log"
  14. )
  15. 

  16. // Basic LDAP authentication service

  17. type Ldapsource struct {
  18. 	Name         string // canonical name (ie. corporate.ad)

  19. 	Host         string // LDAP host

  20. 	Port         int    // port number

  21. 	UseSSL       bool   // Use SSL

  22. 	BaseDN       string // Base DN

  23. 	Attributes   string // Attribut to search

  24. 	Filter       string // Query filter to validate entry

  25. 	MsAdSAFormat string // in the case of MS AD Simple Authen, the format to use (see: http://msdn.microsoft.com/en-us/library/cc223499.aspx)

  26. 	Enabled      bool   // if this source is disabled

  27. }
  28. 

  29. //Global LDAP directory pool

  30. var (
  31. 	Authensource []Ldapsource
  32. )
  33. 

  34. // Add a new source (LDAP directory) to the global pool

  35. func AddSource(name string, host string, port int, usessl bool, basedn string, attributes string, filter string, msadsaformat string) {
  36. 	ldaphost := Ldapsource{name, host, port, usessl, basedn, attributes, filter, msadsaformat, true}
  37. 	Authensource = append(Authensource, ldaphost)
  38. }
  39. 

  40. //LoginUser : try to login an user to LDAP sources, return requested (attribut,true) if ok, ("",false) other wise

  41. //First match wins

  42. //Returns first attribute if exists

  43. func LoginUser(name, passwd string) (a string, r bool) {
  44. 	r = false
  45. 	for _, ls := range Authensource {
  46. 		a, r = ls.SearchEntry(name, passwd)
  47. 		if r {
  48. 			return
  49. 		}
  50. 	}
  51. 	return
  52. }
  53. 

  54. // searchEntry : search an LDAP source if an entry (name, passwd) is valide and in the specific filter

  55. func (ls Ldapsource) SearchEntry(name, passwd string) (string, bool) {
  56. 	l, err := ldapDial(ls)
  57. 	if err != nil {
  58. 		log.Error(4, "LDAP Connect error, %s:%v", ls.Host, err)
  59. 		ls.Enabled = false
  60. 		return "", false
  61. 	}
  62. 	defer l.Close()
  63. 

  64. 	nx := fmt.Sprintf(ls.MsAdSAFormat, name)
  65. 	err = l.Bind(nx, passwd)
  66. 	if err != nil {
  67. 		log.Debug("LDAP Authan failed for %s, reason: %s", nx, err.Error())
  68. 		return "", false
  69. 	}
  70. 

  71. 	search := ldap.NewSearchRequest(
  72. 		ls.BaseDN,
  73. 		ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
  74. 		fmt.Sprintf(ls.Filter, name),
  75. 		[]string{ls.Attributes},
  76. 		nil)
  77. 	sr, err := l.Search(search)
  78. 	if err != nil {
  79. 		log.Debug("LDAP Authen OK but not in filter %s", name)
  80. 		return "", false
  81. 	}
  82. 	log.Debug("LDAP Authen OK: %s", name)
  83. 	if len(sr.Entries) > 0 {
  84. 		r := sr.Entries[0].GetAttributeValue(ls.Attributes)
  85. 		return r, true
  86. 	}
  87. 	return "", true
  88. }
  89. 

  90. func ldapDial(ls Ldapsource) (*ldap.Conn, error) {
  91. 	if ls.UseSSL {
  92. 		return ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), nil)
  93. 	} else {
  94. 		return ldap.Dial("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port))
  95. 	}
  96. }