通过ldap操作AD
ldap.go
// Author : Darin Han
// Copyright 2020 OneSmart.Org. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package ad
// package for ad operation by ldap
import (
"errors"
"fmt"
"gopkg.in/ldap.v2"
"log"
)
type UserClaims struct {
UserName string
PassWord string
}
type LDAPClient struct {
Host string
Port int
BaseDN string
UserClaims
Connection *ldap.Conn
}
//Const Name for LDAP Elements
const ObjectCategory_OU string = "organizationalUnit"
const ObjectCategory_Group string = "group"
const ObjectCategory_Person string = "user"
// open connection for ldap, Close() should be called intermediatly with defer
func (client *LDAPClient) Open() (*ldap.Conn, error) {
if client.UserName == "" || client.PassWord == "" {
return nil, errors.New("no user account and password !")
}
con, err := ldap.Dial("tcp", fmt.Sprintf("%s:%d", client.Host, client.Port))
if err != nil {
return nil, err
}
err = con.Bind(client.UserName, client.PassWord)
if err != nil {
return nil, err
}
client.Connection = con
return con, nil
}
// close connection for ldap
func (client *LDAPClient) Close() {
client.Connection.Close()
client.Connection = nil
}
// try to connect ldap server, return error for fail.
func (client *LDAPClient) Connect() (bool, error) {
l, err := ldap.Dial("tcp", fmt.Sprintf("%s:%d", client.Host, client.Port))
if err != nil {
return false, err
}
defer l.Close()
err = l.Bind(client.UserName, client.PassWord)
if err != nil {
log.Fatal(err)
}
return true, nil
}
/*
OU attributes:
description:描述
c:国家简称
co:国家
l:市县
st:省
street:街道
postalCode:邮编
*/
//search ou in the whole tree by dn,return ldap.SearchResult which contains entries , controls
func (client *LDAPClient) SearchOU(search string) (*ldap.SearchResult, error) {
conn, err := client.Open()
if err != nil {
return nil, err
}
defer client.Close()
return conn.Search(ldap.NewSearchRequest(client.BaseDN,
ldap.ScopeWholeSubtree,
ldap.NeverDerefAliase