Basic LDAP v3 functionality for the GO programming language.

Related tags

Database tools ldap
Overview

GoDoc Build Status

Basic LDAP v3 functionality for the GO programming language.

The library implements the following specifications:

Features:

  • Connecting to LDAP server (non-TLS, TLS, STARTTLS)
  • Binding to LDAP server
  • Searching for entries
  • Filter Compile / Decompile
  • Paging Search Results
  • Modify Requests / Responses
  • Add Requests / Responses
  • Delete Requests / Responses
  • Modify DN Requests / Responses

Go Modules:

go get github.com/go-ldap/ldap/v3

As go-ldap was v2+ when Go Modules came out, updating to Go Modules would be considered a breaking change.

To maintain backwards compatability, we ultimately decided to use subfolders (as v3 was already a branch). Whilst this duplicates the code, we can move toward implementing a backwards-compatible versioning system that allows for code reuse. The alternative would be to increment the version number, however we believe that this would confuse users as v3 is in line with LDAPv3 (RFC-4511) https://tools.ietf.org/html/rfc4511

For more info, please visit the pull request that updated to modules. https://github.com/go-ldap/ldap/pull/247

To install with GOMODULE111=off, use go get github.com/go-ldap/ldap https://golang.org/cmd/go/#hdr-Legacy_GOPATH_go_get

As always, we are looking for contributors with great ideas on how to best move forward.

Contributing:

Bug reports and pull requests are welcome!

Before submitting a pull request, please make sure tests and verification scripts pass:

make all

To set up a pre-push hook to run the tests and verify scripts before pushing:

ln -s ../../.githooks/pre-push .git/hooks/pre-push

The Go gopher was designed by Renee French. (http://reneefrench.blogspot.com/) The design is licensed under the Creative Commons 3.0 Attributions license. Read this article for more details: http://blog.golang.org/gopher

Comments
  • Attributes retrieve are case sensitive

    Attributes retrieve are case sensitive

    If we use GetAttributeValue function in a search to retrieve an specific attribute, the attribute name is currently case sensitive in this API.

    According to LDAP specifications attribute retrieval must be case insensitive. For exemple, the attribute givenName and givenname are the same attribute, therefore if a client ask for "givenname" and LDAP definitions is set to "givenName", the API must be case insensitive returning the attribute and its value to the client, if present of course.

    opened by memorais 20
  • Add `String()` methods to `DN` and its subtypes

    Add `String()` methods to `DN` and its subtypes

    This patch adds String() string methods to each of the following types:

    • DN
    • RelativeDN
    • AttributeTypeAndValue

    So that a *DN implements the fmt.Stringer interface. These methods also produce normalized strings: Attribute Type and Value are lowercased and joined with a "=" character while multiple attributes of a Relative DN are sorted lexicographically before being joined witha "+" character.

    This allows one to use the string representation of a DN as a map key and ensure that two DNs which Equal() eachother would have the same String() value.

    opened by jlhawn 20
  • Export AddRequest Struct variables in add.go

    Export AddRequest Struct variables in add.go

    wrote get methods to struct AddRequest in add.go, as the struct variables are not global, and it would be easy if an add request wants to be compared with another one before populating it.

    opened by nohupped 13
  • Improved filters

    Improved filters

    This PR makes filter writing much easier for humans, by allowing extra whitespace in the filter input.

    As an example, rather than writing:

    filter = "(&(mail=*)(|(objectClass=contact)(objectClass=group)(objectClass=inetOrgPerson)(objectClass=user)(objectClass=publicFolder))(!(msExchUserAccountControl:1.2.840.113556.1.4.803:=2))(|(userAccountControl:1.2.840.113556.1.4.803:=256)(userAccountControl:1.2.840.113556.1.4.803:=512)(!(userAccountControl=*)))(!(&(msExchWhenMailboxCreated=*)(!(homeMDB=*)))))"
    

    It is now possible to specify the same filter in this much more readable format:

        filter =  `
            (& (mail=*)
                    (|  (objectClass=contact)
                        (objectClass=group)
                        (objectClass=inetOrgPerson)
                        (objectClass=user)
                        (objectClass=publicFolder)
                    )
                    (!  (msExchUserAccountControl:1.2.840.113556.1.4.803:=2))
                    (|  (userAccountControl:1.2.840.113556.1.4.803:=256)
                        (userAccountControl:1.2.840.113556.1.4.803:=512)
                        (!(userAccountControl=*))
                    )
                    (!  (&  (msExchWhenMailboxCreated=*)
                            (!(homeMDB=*))
                        )
                    )
                )
            `
    
    opened by flimzy 13
  • About Disabling Users

    About Disabling Users

    When a member leaves office, how should I disable his account?

    I want to disable it by pwdAccountLockedTime, only prompt when running:

    LDAP Result Code 17 "Undefined Attribute Type": pwdAccountLockedTime: attribute type undefined
    
    opened by eryajf 12
  • Add ability to set a client-side timeout on requests

    Add ability to set a client-side timeout on requests

    If the Ldap process is stopped or otherwise unresponsive, Bind and SimpleBind will block waiting for a response.

    This commit adds BindWithTimeout and SimpleBindWithTimeout to give the developer control over the wait time. The Bind and SimpleBind will return an error after DefaultTimeout.

    opened by sarahkevinking 12
  • filter by memberOf + nested groups

    filter by memberOf + nested groups

    Is the following search filter possible with this library? Didn't seem like it worked, based on my limited testing with a hacked up example_test.go.

    memberOf:CN=Some-App-Group,OU=Groups,DC=example,DC=com
    

    Also, is it possible to search nested group membership, similar to the following?

    memberOf:1.2.840.113556.1.4.1941:=CN=Some-App-Group,OU=Groups,DC=example,DC=com
    

    Apologies if this is obvious in the code -- I'm not a Go developer but need to add this functionality to an app that uses this library.

    opened by tmalkowski 12
  • Program exiting with a panic when trying to do a simplebind with controls.

    Program exiting with a panic when trying to do a simplebind with controls.

    I wrote a test program to check the password controls feature for my LDAP directory but it is failing when I am trying to run the code.

    Some more info on this bug: This happens only when the authentication is successful and when I am expecting to get some info on the pasword policy.

    The same setup works when I use python library. It gives proper info but with this library I always end up with a panic.

    If someone who understands the issue can point me in the right direction that would be more than enough.

    My code:

    var ldapServer = "acmewapp.stage.acme.com"
    var ldapPort = uint16(636)
    
    l, err := ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ldapServer, ldapPort), &tls.Config{InsecureSkipVerify: true})
    //l, err := ldap.Dial("tcp", fmt.Sprintf("%s:%d", ldapServer, ldapPort))
    if err != nil {
    	fmt.Printf(err.Error())
    	return
    }
    defer l.Close()
    
    controls := []ldap.Control{}
    controls = append(controls, ldap.NewControlBeheraPasswordPolicy())
    bindRequest := ldap.NewSimpleBindRequest("cn=acmewapp,dc=stage,dc=acme,dc=com", "[email protected]#", controls)
    r, err := l.SimpleBind(bindRequest)
    
    ppolicyControl := ldap.FindControl(r.Controls, ldap.ControlTypeBeheraPasswordPolicy)
    var ppolicy *ldap.ControlBeheraPasswordPolicy
    if ppolicyControl != nil {
    	ppolicy = ppolicyControl.(*ldap.ControlBeheraPasswordPolicy)
    } else {
    	fmt.Println("ppolicyControl response not available.\n")
    }
    if err != nil {
    	fmt.Println("err simplebind request %s", err.Error())
    	if ppolicy != nil && ppolicy.Error >= 0 {
    		fmt.Println("ppolicy string %s", ppolicy.ErrorString)
    	}
    }
    

    Error that I am seeing:

    go run main.go
    panic: runtime error: invalid memory address or nil pointer dereference
    [signal 0xb code=0x1 addr=0x0 pc=0x460e9d]
    
    goroutine 1 [running]:
    runtime.panic(0x5b11e0, 0x7dbee8)
    	/usr/lib/go/src/pkg/runtime/panic.c:266 +0xb6
    gopkg.in/ldap%2ev2.DecodeControl(0xc2100798c0, 0x0, 0x0)
    	/opt/wapp/golang/src/gopkg.in/ldap.v2/control.go:339 +0x97d
    gopkg.in/ldap%2ev2.(*Conn).SimpleBind(0xc21000f640, 0xc210051480, 0x0, 0x0, 0x0)
    	/opt/wapp/golang/src/gopkg.in/ldap.v2/bind.go:88 +0x5ba
    main.main()
    	/opt/wapp/golang/testproj/main.go:26 +0x46b
    
    goroutine 6 [runnable]:
    net.runtime_pollWait(0x7fb34da06180, 0x72, 0x0)
    	/usr/lib/go/src/pkg/runtime/netpoll.goc:116 +0x6a
    net.(*pollDesc).Wait(0xc210047140, 0x72, 0x7fb34da050c0, 0xb)
    	/usr/lib/go/src/pkg/net/fd_poll_runtime.go:81 +0x34
    net.(*pollDesc).WaitRead(0xc210047140, 0xb, 0x7fb34da050c0)
    	/usr/lib/go/src/pkg/net/fd_poll_runtime.go:86 +0x30
    net.(*netFD).Read(0xc2100470e0, 0xc210070000, 0x800, 0x800, 0x0, ...)
    	/usr/lib/go/src/pkg/net/fd_unix.go:204 +0x2a0
    net.(*conn).Read(0xc210000078, 0xc210070000, 0x800, 0x800, 0x47cd81, ...)
    	/usr/lib/go/src/pkg/net/net.go:122 +0xc5
    crypto/tls.(*block).readFromUntil(0xc21001e840, 0x7fb34da06278, 0xc210000078, 0x5, 0xc210000078, ...)
    	/usr/lib/go/src/pkg/crypto/tls/conn.go:459 +0xb6
    crypto/tls.(*Conn).readRecord(0xc210052780, 0x17, 0x0, 0xc2100007e0)
    	/usr/lib/go/src/pkg/crypto/tls/conn.go:539 +0x107
    crypto/tls.(*Conn).Read(0xc210052780, 0xc2100007e0, 0x1, 0x1, 0x0, ...)
    	/usr/lib/go/src/pkg/crypto/tls/conn.go:897 +0x135
    io.ReadAtLeast(0x7fb34da06608, 0xc210052780, 0xc2100007e0, 0x1, 0x1, ...)
    	/usr/lib/go/src/pkg/io/io.go:288 +0xf6
    io.ReadFull(0x7fb34da06608, 0xc210052780, 0xc2100007e0, 0x1, 0x1, ...)
    	/usr/lib/go/src/pkg/io/io.go:306 +0x71
    gopkg.in/asn1-ber%2ev1.readByte(0x7fb34da06608, 0xc210052780, 0x41f558, 0x7f3780, 0xa)
    	/opt/wapp/golang/src/gopkg.in/asn1-ber.v1/util.go:7 +0x78
    gopkg.in/asn1-ber%2ev1.readIdentifier(0x7fb34da06608, 0xc210052780, 0x4669f7, 0x56cea0, 0x2, ...)
    	/opt/wapp/golang/src/gopkg.in/asn1-ber.v1/identifier.go:15 +0x6c
    gopkg.in/asn1-ber%2ev1.readHeader(0x7fb34da06608, 0xc210052780, 0x0, 0x0, 0xc21000f000, ...)
    	/opt/wapp/golang/src/gopkg.in/asn1-ber.v1/header.go:9 +0x6d
    gopkg.in/asn1-ber%2ev1.readPacket(0x7fb34da06608, 0xc210052780, 0x5a1820, 0x5d6a60, 0xc200000000, ...)
    	/opt/wapp/golang/src/gopkg.in/asn1-ber.v1/ber.go:276 +0x42
    gopkg.in/asn1-ber%2ev1.ReadPacket(0x7fb34da06608, 0xc210052780, 0xc210052780, 0x7fb34da06608, 0xc210052780)
    	/opt/wapp/golang/src/gopkg.in/asn1-ber.v1/ber.go:199 +0x31
    gopkg.in/ldap%2ev2.(*Conn).reader(0xc21000f640)
    	/opt/wapp/golang/src/gopkg.in/ldap.v2/conn.go:442 +0x111
    created by gopkg.in/ldap%2ev2.(*Conn).Start
    	/opt/wapp/golang/src/gopkg.in/ldap.v2/conn.go:155 +0x2e
    
    goroutine 5 [syscall]:
    runtime.goexit()
    	/usr/lib/go/src/pkg/runtime/proc.c:1394
    exit status 2
    

    Any info on this would be helpful.

    Thanks.

    opened by krishtk 11
  • UTF8-Patch V3 2015.09.22.11.45.00

    UTF8-Patch V3 2015.09.22.11.45.00

        [email protected]# go build
        [email protected]# go test
        TestDial: starting...
        TestDial: finished...
        TestDialTLS: starting...
        TestDialTLS: finished...
        TestStartTLS: starting...
        TestStartTLS: finished...
        TestSearch: starting...
        TestSearch: (cn=cis-fac) -> num of entries = 0
        TestSearchStartTLS: starting...
        TestSearchStartTLS: (cn=cis-fac) -> num of entries = 0
        TestSearchStartTLS: upgrading with startTLS
        TestSearchStartTLS: (cn=cis-fac) -> num of entries = 0
        TestSearchWithPaging: starting...
        TestSearchWithPaging: (&(objectclass=rfc822mailgroup)(cn=*Computer*)) -> num of entries = 84
        TestMultiGoroutineSearch: starting...
        TestMultiGoroutineSearch(0): (cn=cis-fac) -> num of entries = 0
        TestMultiGoroutineSearch(1): (&(owner=*)(cn=cis-fac)) -> num of entries = 0
        TestMultiGoroutineSearch(2): (&(objectclass=rfc822mailgroup)(cn=*Computer*)) -> num of entries = 84
        TestMultiGoroutineSearch(3): (&(objectclass=rfc822mailgroup)(cn=*Mathematics*)) -> num of entries = 18
        TestMultiGoroutineSearch: starting...
        TestMultiGoroutineSearch(0): (cn=cis-fac) -> num of entries = 0
        TestMultiGoroutineSearch(1): (&(owner=*)(cn=cis-fac)) -> num of entries = 0
        TestMultiGoroutineSearch(2): (&(objectclass=rfc822mailgroup)(cn=*Computer*)) -> num of entries = 84
        TestMultiGoroutineSearch(3): (&(objectclass=rfc822mailgroup)(cn=*Mathematics*)) -> num of entries = 18
        TestMultiGoroutineSearch: starting...
        TestMultiGoroutineSearch: using StartTLS...
        TestMultiGoroutineSearch(0): (cn=cis-fac) -> num of entries = 0
        TestMultiGoroutineSearch(1): (&(owner=*)(cn=cis-fac)) -> num of entries = 0
        TestMultiGoroutineSearch(2): (&(objectclass=rfc822mailgroup)(cn=*Computer*)) -> num of entries = 84
        TestMultiGoroutineSearch(3): (&(objectclass=rfc822mailgroup)(cn=*Mathematics*)) -> num of entries = 18
        TestCompare: starting...
        TestCompare: -> num of entries = %!d(bool=true)
        PASS
        ok      src/github.com/BestianRU/ldap   10.615s
    
    opened by BestianRU 11
  • Problem with non-latin characters

    Problem with non-latin characters

    Hi! The problem appears when the search string contains Cyrillic (non-ascii) symbols.


    Example for latin (ascii):

    Search request: (|(displayName=Smith)(cn=Smith))

    Debug from ldap library:

    Attribute: (Universal, Primitive, Octet String) Len=11 "displayName"
    Substrings Any: (Context, Primitive, 0x01) Len=5 "Smith"
    Attribute: (Universal, Primitive, Octet String) Len=2 "cn"
    Substrings Any: (Context, Primitive, 0x01) Len=5 "Smith"
    

    Debug by my printf in file gopkg.in/ldap.v1/filter.go, function compileFilter, line number 193: image

    Filter:(|(displayName=*Smith*)(cn=*Smith*)) / filter[newPos]: * / newPos: 15
    Filter:(|(displayName=*Smith*)(cn=*Smith*)) / filter[newPos]: S / newPos: 16
    Filter:(|(displayName=*Smith*)(cn=*Smith*)) / filter[newPos]: m / newPos: 17
    Filter:(|(displayName=*Smith*)(cn=*Smith*)) / filter[newPos]: i / newPos: 18
    Filter:(|(displayName=*Smith*)(cn=*Smith*)) / filter[newPos]: t / newPos: 19
    Filter:(|(displayName=*Smith*)(cn=*Smith*)) / filter[newPos]: h / newPos: 20
    Filter:(|(displayName=*Smith*)(cn=*Smith*)) / filter[newPos]: * / newPos: 21
    

    Debug from LDAP Server:

    55fbcb6d ==>backsql_search(): base="ou=sl it,ou=aup,ou=tsg,ou=quadra,o=enterprise", filter="(|(displayName=smith)(cn=smith))", scope=2, deref=0, attrsonly=0, attributes to load: custom list

    55fbcb72 Constructed query: SELECT DISTINCT ldap_entries.id,ldapx_persons.id,text('inetOrgPerson') AS objectClass,ldap_entries.dn AS dn FROM ldap_entries,ldapx_persons WHERE ldapx_persons.id=ldap_entries.keyval AND ldap_entries.oc_map_id=? AND lower(ldap_entries.dn) LIKE lower('%'||?) AND ldapx_persons.lang=0 AND ((lower(text(ldapx_persons.fullname)) LIKE '%SMITH%') OR (lower(text(ldapx_persons.surname||' '||ldapx_persons.name)) LIKE '%SMITH%'))

    All Good!



    Example for Cyrilic (non-ascii):

    I'll put pictures to avoid problems with Cyrillic and non-printable symbols.

    Search request: image

    Debug from ldap library: image

    Debug by my printf in file gopkg.in/ldap.v1/filter.go, function compileFilter, line number 193: image

    Debug From LDAP Server: image

    ...


    opened by BestianRU 11
  • Auto-(re)connect/bind on connection network errors

    Auto-(re)connect/bind on connection network errors

    As an alternative to #47, I think it would be useful for long-running services if there was a feature for the LDAP connection to attempt to re-connect/bind on connection errors, similar to how database/sql maintains connections.

    However, unlike database/sql and #47, I don't think that LDAP actually needs pooling, because one LDAP connection can handle multiple asynchronous requests.

    opened by emsearcy 10
  • Add support for SSPI GSSAPI SASL mechanism bind

    Add support for SSPI GSSAPI SASL mechanism bind

    This change implements GSSAPI SASL bind using a given GSSAPI (Kerberos) client.

    GSSAPI client interface (ldap.GSSAPIClient) is inspired by golang.org/x/crypto/ssh.GSSAPIClient with the following definition:

    type GSSAPIClient interface {
    	InitSecContext(target string, token []byte) (outputToken []byte, needContinue bool, err error)
    	NegotiateSaslAuth(token []byte, authzid string) ([]byte, error)
    	DeleteSecContext() error
    }
    

    A client using Windows SSPI is included (gssapi.SSPIClient). This client allows Windows clients to use current process' credentials for bind authentication.

    This implementation does not support SASL security layers. Using this implementation (even with TLS) may be a bad idea, see https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC.

    Example:

    package main
    
    import (
    	"fmt"
    	"log"
    
    	"github.com/go-ldap/ldap/v3"
    	"github.com/go-ldap/ldap/v3/gssapi"
    )
    
    func main() {
    	adHost := "addc.domainname.com"
    	baseDnToQuery := "dc=domainname,dc=com"
    	query := "(samaccountname=*bob*)"
    
    	kerberosClient, err := gssapi.NewSSPIClient()
    	if err != nil {
    		log.Fatalf("error getting SSPI Kerberos client: %v", err)
    	}
    	defer kerberosClient.Close()
    
    	// Connect to Active directory at `adHost`
    	conn, err := ldap.DialURL(fmt.Sprintf("ldap://%s:389", adHost))
    	if err != nil {
    		log.Fatalf("error connecting to AD: %v", err)
    	}
    
    	// Bind using supplied kerberosClient against `adHost`
    	err = conn.GSSAPIBind(kerberosClient, fmt.Sprintf("ldap/%s", adHost), "")
    	if err != nil {
    		log.Fatalf("error performing GSSAPI bind: %w", err)
    	}
    
    	// Successfully bound as current process' user.
    	q := ldap.NewSearchRequest(baseDnToQuery,
    		ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
    		query, []string{}, nil)
    	result, err := conn.Search(q)
    	if err != nil {
    		log.Fatalf("error querying AD: %v", err)
    	}
    
    	log.Printf("Result: %+v\n", *result)
    }
    

    This is a partial implementation for #115 (Since only Windows Kerberos client implementation is included).

    enhancement 
    opened by FlipB 3
  • ber: Referral Spec

    ber: Referral Spec

    I'm struggling to find a spec related to how referrals should be BER encoded. Does anyone happen to know where to find such a spec?

    I've got a user who's receiving the referral response with the following byte arrays (both are the same):

    var (
    	bytesHex = []byte{0x30, 0x24, 0x02, 0x01, 0x04, 0x78, 0x1f, 0x0a, 0x01, 0x0a, 0x04, 0x00, 0x04, 0x00, 0xa3, 0x16, 0x04, 0x14, 0x6c, 0x64, 0x61, 0x70, 0x3a, 0x2f, 0x2f, 0x6d, 0x65, 0x6c, 0x6c, 0x6f, 0x69, 0x2e, 0x65, 0x6f, 0x78, 0x2e, 0x61, 0x74}
    	bytesDec = []byte{48, 36, 2, 1, 4, 120, 31, 10, 1, 10, 4, 0, 4, 0, 163, 22, 4, 20, 108, 100, 97, 112, 58, 47, 47, 109, 101, 108, 108, 111, 105, 46, 101, 111, 120, 46, 97, 116}
    )
    

    This is triggering an error in this code (which I wrote most of):

    https://github.com/go-ldap/ldap/blob/master/v3/request.go#L74-L98

    Specifically this line: https://github.com/go-ldap/ldap/blob/master/v3/request.go#L84

    This is the method I'm using to decode it:

    func main() {
    	packet := ber.DecodePacket(bytesHex)
    
    	printPacket("", packet)
    }
    
    func printPacket(level string, packet *ber.Packet) {
    	switch level {
    	case "":
    		fmt.Printf("identifier: %+v\n", packet.Identifier)
    		fmt.Printf("value: %+v\n", packet.Value)
    		fmt.Printf("bvalue: %+v\n", packet.ByteValue)
    		fmt.Printf("description: %+v\n\n", packet.Description)
    		for i, child := range packet.Children {
    			printPacket(fmt.Sprintf("%d", i), child)
    		}
    	default:
    		fmt.Printf("identifier: %s: %+v\n", level, packet.Identifier)
    		fmt.Printf("value: %s: %+v\n", level, packet.Value)
    		fmt.Printf("bvalue: %s: %+v\n", level, packet.ByteValue)
    		fmt.Printf("description: %s: %+v\n\n", level, packet.Description)
    		for i, child := range packet.Children {
    			printPacket(fmt.Sprintf("%s: %d", level, i), child)
    		}
    	}
    }
    

    This indicates to me that child BER in position 2 has tag 24 / 0x18 / Generalized Time, and child BER in position 4 in child BER in position 2 has tag 3 / 0x03 / Bit String, and child BER in position 1 in child BER in position 4 in child BER in position 2 has the tag 4 / 0x4 / Octet String. To me the issue is with the child BER in position 2, the generalized time seems completely inappropriate. However I'm not sure where to check this information.

    See https://github.com/authelia/authelia/issues/4199

    Output
    identifier: {ClassType:0 TagType:32 Tag:16}
    value: <nil>
    bvalue: []
    description: 
    
    identifier: 0: {ClassType:0 TagType:0 Tag:2}
    value: 0: 4
    bvalue: 0: [4]
    description: 0: 
    
    identifier: 1: {ClassType:64 TagType:32 Tag:24}
    value: 1: <nil>
    bvalue: 1: []
    description: 1: 
    
    identifier: 1: 0: {ClassType:0 TagType:0 Tag:10}
    value: 1: 0: 10
    bvalue: 1: 0: [10]
    description: 1: 0: 
    
    identifier: 1: 1: {ClassType:0 TagType:0 Tag:4}
    value: 1: 1: 
    bvalue: 1: 1: []
    description: 1: 1: 
    
    identifier: 1: 2: {ClassType:0 TagType:0 Tag:4}
    value: 1: 2: 
    bvalue: 1: 2: []
    description: 1: 2: 
    
    identifier: 1: 3: {ClassType:128 TagType:32 Tag:3}
    value: 1: 3: <nil>
    bvalue: 1: 3: []
    description: 1: 3: 
    
    identifier: 1: 3: 0: {ClassType:0 TagType:0 Tag:4}
    value: 1: 3: 0: ldap://melloi.eox.at
    bvalue: 1: 3: 0: [108 100 97 112 58 47 47 109 101 108 108 111 105 46 101 111 120 46 97 116]
    description: 1: 3: 0: 
    
    opened by james-d-elliott 0
  • Support proxy

    Support proxy

    Currently the options to configure the dialer receive a net.Dialer and that makes it impossible to replace such dialer with a custom one that passes through a proxy. The solution would be to depend on an interface instead of a concrete type for greater flexibility (the interface could be https://pkg.go.dev/golang.org/x/net/proxy#Dialer or https://pkg.go.dev/golang.org/x/net/proxy#ContextDialer for example). Another option would be to receive a function that returns a connection, like go-redis does https://pkg.go.dev/github.com/go-redis/redis/v8#Options.

    enhancement help wanted 
    opened by seblaz 2
  • Detecting when a connection has been terminated

    Detecting when a connection has been terminated

    I have a use-case where I'm opening a connection that may be long-lived without any activity for a given period of time. Unfortunately it seems that these connections become "stale" sometimes and need to be re-established. Is there a method I can used directly, prior to running the ldap.NewSearchRequest function (in the v3 package) to confirm if the connection is still active/healthy, and if not, re-connect?

    question 
    opened by hartfordfive 5
  • RFC 9266: Channel Bindings for TLS 1.3 support

    RFC 9266: Channel Bindings for TLS 1.3 support

    Can you add the support of RFC 9266: Channel Bindings for TLS 1.3?

    • https://datatracker.ietf.org/doc/html/rfc9266

    Little details, to know easily:

    • tls-unique for TLS =< 1.2
    • tls-exporter for TLS = 1.3

    Thanks in advance.

    Linked to:

    • https://github.com/go-ldap/ldap/issues/391
    opened by Neustradamus 2
Releases(v3.4.4)
Owner
null
This is the code example how to use SQL to query data from any relational databases in Go programming language.

Go with SQL example This is the code example how to use SQL to query data from any relational databases in Go programming language. To start, please m

Muhammad Uzair Mohd Faizul 1 Mar 12, 2022
Schemable - Schemable provides basic struct mapping against a database, using the squirrel package

Schemable Schemable provides basic struct mapping against a database, using the

null 7 Oct 17, 2022
Basic LDAP v3 functionality for the GO programming language.

Basic LDAP v3 functionality for the GO programming language. Install For the latest version use: go get gopkg.in/ldap.v2 Import the latest version wi

null 137 May 24, 2022
Basic LDAP v3 functionality for the GO programming language.

Basic LDAP v3 functionality for the GO programming language. The library implements the following specifications: https://tools.ietf.org/html/rfc4511

null 1.8k Dec 2, 2022
GLAuth 1.8k Dec 3, 2022
A minimalistic LDAP server that is meant for test vulnerability to JNDI+LDAP injection attacks in Java, especially CVE-2021-44228.

jndi-ldap-test-server This is a minimalistic LDAP server that is meant for test vulnerability to JNDI+LDAP injection attacks in Java, especially CVE-2

Rakuten Group, Inc. 10 Oct 3, 2022
Mail-alias-resolve-ldap - Resolve mail alias addresses in LDAP

alias-resolve-ldap alias-resolve-ldap was written to be used as a hook for the c

Björn Busse 1 Jan 30, 2022
Go-ldap-pool - A simple connection pool for go-ldap

Basic connection pool for go-ldap This little library use the go-ldap library an

Vincent 2 May 9, 2022
Authentication Plugin for implementing Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0, SAML Authentication

Authentication Plugin for implementing Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0, SAML Authentication

Paul Greenberg 653 Dec 8, 2022
Api-go-gin-viper - Simple representaion on how to implement CRUD functionality in API using Go programming language

Simple API implementaion in Go To Get Started Clone repo Run the command to clon

Vsevolod Drobyshev 1 Feb 18, 2022
Maybe is a Go package to provide basic functionality for Option type structures

Maybe Maybe is a library that adds an Option data type for some native Go types. What does it offer: The types exported by this library are immutable

Pablo Morelli 9 Oct 4, 2022
Floppa programming language inspired by the brainf*ck programming language. Created just for fun and you can convert your brainf*ck code to floppa code.

Floppa Programming Language Created just for fun. But if you want to contribute, why not? Floppa p.l. inspired by the brainf*ck programming language.

null 19 Oct 20, 2022
T# Programming Language. Something like Porth, Forth but written in Go. Stack-oriented programming language.

The T# Programming Language WARNING! THIS LANGUAGE IS A WORK IN PROGRESS! ANYTHING CAN CHANGE AT ANY MOMENT WITHOUT ANY NOTICE! Something like Forth a

T# 92 Jun 29, 2022
Yayx programming language is begginer friendly programming language.

Yayx Yayx programming language is begginer friendly programming language. What have yayx: Easy syntax Dynamic types Can be compiled to outhers program

null 1 Dec 27, 2021
Yayx programming language is begginer friendly programming language.

Yayx Yayx programming language is begginer friendly programming language. What have yayx: Easy syntax Dynamic types Can be compiled to outhers program

Yayx Programming Language 7 May 20, 2022
Rest-and-go-master - A basic online store API written to learn Go Programming Language

rest-and-go(Not maintained actively) A basic online store API written to learn G

urobin84 0 Jan 12, 2022
Short basic introduction to Go programming language.

Go, Go! Short basic introduction to Go v1.17.6 programming language Go Logo is Copyright 2018 The Go Authors. All rights reserved. About This work was

Gábor 0 May 30, 2022
HA LDAP based key/value solution for projects configuration storing with multi master replication support

Recon is the simple solution for storing configs of you application. There are no specified instruments, no specified data protocols. For the full power of Recon you only need curl.

Mikhail Panfilov 12 Jun 15, 2022
Proof-of-Concept tool for CVE-2021-29156, an LDAP injection vulnerability in ForgeRock OpenAM v13.0.0.

CVE-2021-29156 Proof-of-Concept (c) 2021 GuidePoint Security Charlton Trezevant [email protected] Background Today GuidePoint

GuidePoint Security, LLC 2 Apr 13, 2022
A system written in Golang to help ops team to automate the process of mapping Vault groups to LDAP Groups.

A system written in Golang to help ops team to automate the process of mapping Vault groups to LDAP Groups. This utility automatically adds LDAP Groups' members to the corresponding Vault Groups.

Rahul Indra 0 Nov 12, 2021