Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Golang communicate with LDAP

Tags:

go

ldap

I'm trying to connect and authenticate a user to ldap with golang.

I'm using the go-ldap-client with the following example code:

package main

import (
    "log"
    "github.com/jtblin/go-ldap-client"
)

func main() {
    client := &ldap.LDAPClient{
        Base:         "dc=example,dc=com",
        Host:         "ldap.example.com",
        Port:         389,
        UseSSL:       false,
        BindDN:       "uid=readonlysuer,ou=People,dc=example,dc=com",
        BindPassword: "readonlypassword",
        UserFilter:   "(uid=%s)",
        GroupFilter: "(memberUid=%s)",
        Attributes:   []string{"givenName", "sn", "mail", "uid"},
    }
    # It is the responsibility of the caller to close the connection
    defer client.Close()

    ok, user, err := client.Authenticate("username", "password")
    if err != nil {
        log.Fatalf("Error authenticating user %s: %+v", "username", err)
    }
    if !ok {
        log.Fatalf("Authenticating failed for user %s", "username")
    }
    log.Printf("User: %+v", user)

    groups, err := client.GetGroupsOfUser("username")
    if err != nil {
        log.Fatalf("Error getting groups for user %s: %+v", "username", err)
    }
    log.Printf("Groups: %+v", groups) 
}

The dependency to gopkg.in/ldap.v2 is installed.

The problem is that I'm getting the following error:

2016/01/15 17:34:55 Error authenticating user username: LDAP Result Code 2 "Protocol Error": ldap: cannot StartTLS (unsupported extended operation)
exit status 1

Any hint about this error?

like image 590
Christos Papoulas Avatar asked Jan 15 '16 15:01

Christos Papoulas


1 Answers

Ok, so let's try authentication using github.com/go-ldap/ldap. First you need to create a an *ldap.Conn. I suggest using TLS, if your LDAP server supports it:

// TLS, for testing purposes disable certificate verification, check https://golang.org/pkg/crypto/tls/#Config for further information.
tlsConfig := &tls.Config{InsecureSkipVerify: true}
l, err := ldap.DialTLS("tcp", "ldap.example.com:636", tlsConfig)

// No TLS, not recommended
l, err := ldap.Dial("tcp", "ldap.example.com:389")

Now you should have an active connection to your LDAP server. Using this connection you have to execute a bind:

err := l.Bind("[email protected]", "password")
if err != nil {
    // error in ldap bind
    log.Println(err)
}
// successful bind
like image 156
Kiril Avatar answered Oct 27 '22 16:10

Kiril