wangwei
/
aiforge
Not watched
1
0
Fork 0
Code
Releases 128 Wiki Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain
You can not select more than 25 topics Topics must start with a chinese character,a letter or number, can include dashes ('-') and can be up to 35 characters long.
2610 Commits
197 Branches
346 MB
572 Download
Tree: 24d7a86a8d
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '24d7a86a8d'
${ noResults }
aiforge/modules/auth/ldap/ldap.go

ldap.go 4.6 kB
Raw Normal View History

Merge branch 'develop' of https://github.com/SergioBenitez/gogs into develop # Conflicts: # modules/bindata/bindata.go
10 years ago
initial support for LDAP authentication/MSAD
11 years ago
Merge branch 'develop' of https://github.com/SergioBenitez/gogs into develop # Conflicts: # modules/bindata/bindata.go
10 years ago
initial support for LDAP authentication/MSAD
11 years ago
ldap support
11 years ago
Remove ldap dep
11 years ago
initial support for LDAP authentication/MSAD
11 years ago
ldap support
11 years ago
Merge branch 'develop' of https://github.com/SergioBenitez/gogs into develop # Conflicts: # modules/bindata/bindata.go
10 years ago
Set IsAdmin using LDAP The IsAdmin flag is set based on whether the admin filter returned any result. The admin filter is applied with the user dn as the search root. In the future, we should update IsAdmin as well on each login. Alternately, we can have a periodic sync operation.
10 years ago
Merge branch 'develop' of https://github.com/SergioBenitez/gogs into develop # Conflicts: # modules/bindata/bindata.go
10 years ago
initial support for LDAP authentication/MSAD
11 years ago
Merge branch 'develop' of https://github.com/SergioBenitez/gogs into develop # Conflicts: # modules/bindata/bindata.go
10 years ago
Significantly enhanced LDAP support in Gogs.
10 years ago
Merge branch 'develop' of https://github.com/SergioBenitez/gogs into develop # Conflicts: # modules/bindata/bindata.go
10 years ago
Significantly enhanced LDAP support in Gogs.
10 years ago
initial support for LDAP authentication/MSAD
11 years ago
Significantly enhanced LDAP support in Gogs.
10 years ago
work on #986 and fix a LDAP crash
10 years ago
Merge branch 'develop' of https://github.com/SergioBenitez/gogs into develop # Conflicts: # modules/bindata/bindata.go
10 years ago
initial support for LDAP authentication/MSAD
11 years ago
Significantly enhanced LDAP support in Gogs.
10 years ago
work on #986 and fix a LDAP crash
10 years ago
Merge branch 'develop' of https://github.com/SergioBenitez/gogs into develop # Conflicts: # modules/bindata/bindata.go
10 years ago
Significantly enhanced LDAP support in Gogs.
10 years ago
Merge branch 'develop' of https://github.com/SergioBenitez/gogs into develop # Conflicts: # modules/bindata/bindata.go
10 years ago
initial support for LDAP authentication/MSAD
11 years ago
Significantly enhanced LDAP support in Gogs.
10 years ago
Merge branch 'develop' of https://github.com/SergioBenitez/gogs into develop # Conflicts: # modules/bindata/bindata.go
10 years ago
Significantly enhanced LDAP support in Gogs.
10 years ago
Merge branch 'develop' of https://github.com/SergioBenitez/gogs into develop # Conflicts: # modules/bindata/bindata.go
10 years ago
Significantly enhanced LDAP support in Gogs.
10 years ago
Merge branch 'develop' of https://github.com/SergioBenitez/gogs into develop # Conflicts: # modules/bindata/bindata.go
10 years ago
initial support for LDAP authentication/MSAD
11 years ago
Significantly enhanced LDAP support in Gogs.
10 years ago
Set IsAdmin using LDAP The IsAdmin flag is set based on whether the admin filter returned any result. The admin filter is applied with the user dn as the search root. In the future, we should update IsAdmin as well on each login. Alternately, we can have a periodic sync operation.
10 years ago
Significantly enhanced LDAP support in Gogs.
10 years ago
Set IsAdmin using LDAP The IsAdmin flag is set based on whether the admin filter returned any result. The admin filter is applied with the user dn as the search root. In the future, we should update IsAdmin as well on each login. Alternately, we can have a periodic sync operation.
10 years ago
Significantly enhanced LDAP support in Gogs.
10 years ago
Add LDAP over SSL support
11 years ago
initial support for LDAP authentication/MSAD
11 years ago
New UI merge in progress
11 years ago
initial support for LDAP authentication/MSAD
11 years ago
Set IsAdmin using LDAP The IsAdmin flag is set based on whether the admin filter returned any result. The admin filter is applied with the user dn as the search root. In the future, we should update IsAdmin as well on each login. Alternately, we can have a periodic sync operation.
10 years ago
initial support for LDAP authentication/MSAD
11 years ago
Significantly enhanced LDAP support in Gogs.
10 years ago
initial support for LDAP authentication/MSAD
11 years ago
Significantly enhanced LDAP support in Gogs.
10 years ago
initial support for LDAP authentication/MSAD
11 years ago
work on #986 and fix a LDAP crash
10 years ago
Set IsAdmin using LDAP The IsAdmin flag is set based on whether the admin filter returned any result. The admin filter is applied with the user dn as the search root. In the future, we should update IsAdmin as well on each login. Alternately, we can have a periodic sync operation.
10 years ago
initial support for LDAP authentication/MSAD
11 years ago
Significantly enhanced LDAP support in Gogs.
10 years ago
Remove ldap dep
11 years ago
Significantly enhanced LDAP support in Gogs.
10 years ago
initial support for LDAP authentication/MSAD
11 years ago
Significantly enhanced LDAP support in Gogs.
10 years ago
initial support for LDAP authentication/MSAD
11 years ago
work on #986 and fix a LDAP crash
10 years ago
Set IsAdmin using LDAP The IsAdmin flag is set based on whether the admin filter returned any result. The admin filter is applied with the user dn as the search root. In the future, we should update IsAdmin as well on each login. Alternately, we can have a periodic sync operation.
10 years ago
Significantly enhanced LDAP support in Gogs.
10 years ago
Set IsAdmin using LDAP The IsAdmin flag is set based on whether the admin filter returned any result. The admin filter is applied with the user dn as the search root. In the future, we should update IsAdmin as well on each login. Alternately, we can have a periodic sync operation.
10 years ago
initial support for LDAP authentication/MSAD
11 years ago
Significantly enhanced LDAP support in Gogs.
10 years ago
Set IsAdmin using LDAP The IsAdmin flag is set based on whether the admin filter returned any result. The admin filter is applied with the user dn as the search root. In the future, we should update IsAdmin as well on each login. Alternately, we can have a periodic sync operation.
10 years ago
initial support for LDAP authentication/MSAD
11 years ago
Add LDAP over SSL support
11 years ago
Remove ldap dep
11 years ago
Add LDAP over SSL support
11 years ago
Significantly enhanced LDAP support in Gogs.
10 years ago
Remove ldap dep
11 years ago
Add LDAP over SSL support
11 years ago
Remove ldap dep
11 years ago
Add LDAP over SSL support
11 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148 
  1. // Copyright 2014 The Gogs Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. // Package ldap provide functions & structure to query a LDAP ldap directory

  6. // For now, it's mainly tested again an MS Active Directory service, see README.md for more information

  7. package ldap

  8. 

  9. import (

  10. 	"fmt"

  11. 

  12. 	"github.com/gogits/gogs/modules/ldap"

  13. 	"github.com/gogits/gogs/modules/log"

  14. )

  15. 

  16. // Basic LDAP authentication service

  17. type Ldapsource struct {

  18. 	Name             string // canonical name (ie. corporate.ad)

  19. 	Host             string // LDAP host

  20. 	Port             int    // port number

  21. 	UseSSL           bool   // Use SSL

  22. 	BindDN           string // DN to bind with

  23. 	BindPassword     string // Bind DN password

  24. 	UserBase         string // Base search path for users

  25. 	AttributeName    string // First name attribute

  26. 	AttributeSurname string // Surname attribute

  27. 	AttributeMail    string // E-mail attribute

  28. 	Filter           string // Query filter to validate entry

  29. 	AdminFilter      string // Query filter to check if user is admin

  30. 	Enabled          bool   // if this source is disabled

  31. }

  32. 

  33. func (ls Ldapsource) FindUserDN(name string) (string, bool) {

  34. 	l, err := ldapDial(ls)

  35. 	if err != nil {

  36. 		log.Error(4, "LDAP Connect error, %s:%v", ls.Host, err)

  37. 		ls.Enabled = false

  38. 		return "", false

  39. 	}

  40. 	defer l.Close()

  41. 

  42. 	log.Trace("Search for LDAP user: %s", name)

  43. 	if ls.BindDN != "" && ls.BindPassword != "" {

  44. 		err = l.Bind(ls.BindDN, ls.BindPassword)

  45. 		if err != nil {

  46. 			log.Debug("Failed to bind as BindDN[%s]: %v", ls.BindDN, err)

  47. 			return "", false

  48. 		}

  49. 		log.Trace("Bound as BindDN %s", ls.BindDN)

  50. 	} else {

  51. 		log.Trace("Proceeding with anonymous LDAP search.")

  52. 	}

  53. 

  54. 	// A search for the user.

  55. 	userFilter := fmt.Sprintf(ls.Filter, name)

  56. 	log.Trace("Searching using filter %s", userFilter)

  57. 	search := ldap.NewSearchRequest(

  58. 		ls.UserBase, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0,

  59. 		false, userFilter, []string{}, nil)

  60. 

  61. 	// Ensure we found a user

  62. 	sr, err := l.Search(search)

  63. 	if err != nil || len(sr.Entries) < 1 {

  64. 		log.Debug("Failed search using filter[%s]: %v", userFilter, err)

  65. 		return "", false

  66. 	} else if len(sr.Entries) > 1 {

  67. 		log.Debug("Filter '%s' returned more than one user.", userFilter)

  68. 		return "", false

  69. 	}

  70. 

  71. 	userDN := sr.Entries[0].DN

  72. 	if userDN == "" {

  73. 		log.Error(4, "LDAP search was succesful, but found no DN!")

  74. 		return "", false

  75. 	}

  76. 

  77. 	return userDN, true

  78. }

  79. 

  80. // searchEntry : search an LDAP source if an entry (name, passwd) is valid and in the specific filter

  81. func (ls Ldapsource) SearchEntry(name, passwd string) (string, string, string, bool, bool) {

  82. 	userDN, found := ls.FindUserDN(name)

  83. 	if !found {

  84. 		return "", "", "", false, false

  85. 	}

  86. 

  87. 	l, err := ldapDial(ls)

  88. 	if err != nil {

  89. 		log.Error(4, "LDAP Connect error, %s:%v", ls.Host, err)

  90. 		ls.Enabled = false

  91. 		return "", "", "", false, false

  92. 	}

  93. 

  94. 	defer l.Close()

  95. 

  96. 	log.Trace("Binding with userDN: %s", userDN)

  97. 	err = l.Bind(userDN, passwd)

  98. 	if err != nil {

  99. 		log.Debug("LDAP auth. failed for %s, reason: %v", userDN, err)

  100. 		return "", "", "", false, false

  101. 	}

  102. 

  103. 	log.Trace("Bound successfully with userDN: %s", userDN)

  104. 	userFilter := fmt.Sprintf(ls.Filter, name)

  105. 	search := ldap.NewSearchRequest(

  106. 		userDN, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, userFilter,

  107. 		[]string{ls.AttributeName, ls.AttributeSurname, ls.AttributeMail},

  108. 		nil)

  109. 

  110. 	sr, err := l.Search(search)

  111. 	if err != nil {

  112. 		log.Error(4, "LDAP Search failed unexpectedly! (%v)", err)

  113. 		return "", "", "", false, false

  114. 	} else if len(sr.Entries) < 1 {

  115. 		log.Error(4, "LDAP Search failed unexpectedly! (0 entries)")

  116. 		return "", "", "", false, false

  117. 	}

  118. 

  119. 	name_attr := sr.Entries[0].GetAttributeValue(ls.AttributeName)

  120. 	sn_attr := sr.Entries[0].GetAttributeValue(ls.AttributeSurname)

  121. 	mail_attr := sr.Entries[0].GetAttributeValue(ls.AttributeMail)

  122. 

  123. 	search = ldap.NewSearchRequest(

  124. 		userDN, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, ls.AdminFilter,

  125. 		[]string{ls.AttributeName},

  126. 		nil)

  127. 

  128. 	sr, err = l.Search(search)

  129. 	admin_attr := false

  130. 	if err != nil {

  131. 		log.Error(4, "LDAP Admin Search failed unexpectedly! (%v)", err)

  132. 	} else if len(sr.Entries) < 1 {

  133. 		log.Error(4, "LDAP Admin Search failed")

  134. 	} else {

  135. 		admin_attr = true

  136. 	}

  137. 

  138. 	return name_attr, sn_attr, mail_attr, admin_attr, true

  139. }

  140. 

  141. func ldapDial(ls Ldapsource) (*ldap.Conn, error) {

  142. 	if ls.UseSSL {

  143. 		log.Debug("Using TLS for LDAP")

  144. 		return ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), nil)

  145. 	} else {

  146. 		return ldap.Dial("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port))

  147. 	}

  148. }

No Description