“This is the 15th day of my participation in the November Gwen Challenge. See details of the event: The Last Gwen Challenge 2021”.
preface
In the previous article I wrote a Quick start on OpenLDAP, this article describes the API calls
Ldap Based on go client package portal: github.com/go-ldap/lda…
The package has the following functions:
- Support to connect to ldap server (encrypted, unencrypted, etc.)
- Admin and common user authentication are supported
- Support to add, delete, change and check users
- Supports search, filtering, and conditional search
The installation
Use Go to download the package locally, as the OpenLDAP version we are using is currently v3
go get github.com/go-ldap/ldap/v3
Copy the codeImport can be used in the code editor
import "github.com/go-ldap/ldap"
Copy the codeuse
Connect, administrator authentication
Call dial of the API to create a new instance, then call directly
l, err := ldap.Dial("tcp"."IP:389")
iferr ! = nil { fmt.Println("Connection failed",err)
}
err = l.Bind("cn=admin,dc=libaigo,dc=com"."Password")
iferr ! = nil { fmt.Println("Administrator authentication failed",err)
}
Copy the codeCreate a user
This section first creates the user and then sets the password. You can set a fixed password in the normal way, or you can use random generation, which is demonstrated here
// Create a user
addResponse := ldap.NewAddRequest("uid=java1,ou=java,dc=libaigo,dc=com", []ldap.Control{})
addResponse.Attribute("cn",[]string{"java1"})
addResponse.Attribute("sn",[]string{"java1"})
addResponse.Attribute("uid",[]string{"java1"})
addResponse.Attribute("homeDirectory",[]string{"/home/java1"})
addResponse.Attribute("loginShell",[]string{"java1"})
addResponse.Attribute("gidNumber",[]string{"0"})
addResponse.Attribute("uidNumber",[]string{"8001"})
addResponse.Attribute("objectClass",[]string{"shadowAccount"."posixAccount"."top"."inetOrgPerson"})
err = l.Add(addResponse)
iferr ! = nil { fmt.Println("Failed to create user")}// Randomly generate a password for the user and output the new password
passwordModifyRequest2 := ldap.NewPasswordModifyRequest("uid=java1,ou=java,dc=libaigo,dc=com".""."")
passwordModifyResponse2, err := l.PasswordModify(passwordModifyRequest2)
iferr ! = nil { fmt.Println(err) }generatedPassword := passwordModifyResponse2.GeneratedPassword
fmt.Println("Generated password:",generatedPassword)
Copy the codeCommon User Authentication
Common users have only the authentication permission but no query permission
l, err := ldap.Dial("tcp"."IP:389")
iferr ! = nil { fmt.Println("Connection failed",err)
}
_, err = l.SimpleBind(&ldap.SimpleBindRequest{
Username: "uid=node1,ou=node1,dc=libaigo,dc=com".Password: "node1",})iferr ! = nil { fmt.Println(err) }Copy the codeModifying User Information
Modifying some user descriptions and so on is not very useful
modify := ldap.NewModifyRequest("uid=node1,ou=node1,dc=libaigo,dc=com",nil)
modify.Add("description",[]string{"this is test."})
modify.Replace("mail",[]string{"[email protected]"})
err = l.Modify(modify)
Copy the codeChanging a User password
This password change function supports not entering old passwords
passwordModifyRequest := ldap.NewPasswordModifyRequest("uid=go,ou=go,dc=libaigo,dc=com".""."123456")
//passwordModifyRequest := NewPasswordModifyRequest("", "OldPassword", "NewPassword") // set a NewPassword
_, err = l.PasswordModify(passwordModifyRequest)
iferr ! = nil { fmt.Println("Password cannot be changed, error message:",err.Error())
}
Copy the codeSearch all users
If no filtering criteria are set, all users are found
searchRequest := ldap.NewSearchRequest("dc=libaigo,dc=com",
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0.0.false."(&(objectClass=organizationalPerson))",
[]string{"dn"."cn"}, nil)
search, err := l.Search(searchRequest)
iferr ! = nil { fmt.Println(err) }for _,entry := range search.Entries {
fmt.Printf("%s: %v\n", entry.DN, entry.GetAttributeValue("cn"))}Copy the codeSearching for a specified user
username := "node1"
searchRequest := ldap.NewSearchRequest("dc=libaigo,dc=com",
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0.0.false,
fmt.Sprintf("(&(objectClass=organizationalPerson)(uid=%s))", ldap.EscapeFilter(username)),
[]string{"dn"},
nil, )
sr,err := l.Search(searchRequest)
iferr ! = nil { fmt.Println(err) }iflen(sr.Entries) ! =1 {
fmt.Println("User does not exist or returns too many entries")}Copy the codeDelete user
Construct a user to pass into the Del function
err= l.Del(&ldap.DelRequest{
DN: "uid=java1,ou=java1,dc=libaigo,dc=com".Controls: nil,
})
iferr ! = nil { fmt.Println("Error deleting user")}Copy the code