How to implement LDAP authentication
Question
My task is to implement LDAP authentication a monitoring tool called sensu-uchiwa since it doesn't implement it by default. To learn LDAP and Go, I started a small demo project, a simple API that requires LDAP authentication. I uses this package g o get github.com/shaj13/go-guardian
Here is my sample LDAP implementation
func setupGoGuardian() {
cfg := &ldap.Config{
Port: "389",
Host: "ldapadmin.test",
TLS: &tls.Config{},
BindDN: "cn=olivia,dc=ldapadmin,dc=test",
BindPassword: "root",
Attributes: []string{},
BaseDN: "dc=ldapadmin, dc=test",
Filter: "(uid=%s)",
}
authenticator = auth.New()
cache = store.NewFIFO(context.Background(), time.Minute*10)
strategy := ldap.NewCached(cfg, cache)
authenticator.EnableStrategy(ldap.StrategyKey, strategy)
}
I actually installed phpldadmin in my local machine, just to understand more.In the admin panel, I create a user called John with password John see screenshot
Now I tried to call the api
curl -k http://127.0.0.1:8081/v1/book/1449311601 -u john:john
I still unauthorized. Before using the local ldapadmin, I tried the online ldap test server ldap server with the following configuration
cfg := &ldap.Config{
BaseDN: "dc=example, dc=com",
BindDN: "cn=read-only-admin,dc=example,dc=com",
Port: "389",
Host: "ldap.forumsys.com",
BindPassword: "password",
Filter: "(uid=%s)",
}
And it works well. Now I know I missed or I have done something wrong in my code, but because I am new both to Go and ldap, I need help to figure it out to make work.
Here is the whole main.go
package main
import (
"context"
"crypto/tls"
"fmt"
"log"
"net/http"
"time"
"github.com/gorilla/mux"
"github.com/shaj13/go-guardian/auth"
"github.com/shaj13/go-guardian/auth/strategies/ldap"
"github.com/shaj13/go-guardian/store"
)
var authenticator auth.Authenticator
var cache store.Cache
func main() {
setupGoGuardian()
router := mux.NewRouter()
router.HandleFunc("/", getDefault).Methods("GET")
router.HandleFunc("/v1/book/{id}",
middleware(http.HandlerFunc(getBookAuthor))).Methods("GET")
log.Println("server started and listening on
http://127.0.0.1:8081")
http.ListenAndServe("127.0.0.1:8081", router)
}
func getDefault(w http.ResponseWriter, r *http.Request) {
fmt.Println("Ok default homepage")
w.Write([]byte("Homepage"))
}
func getBookAuthor(w http.ResponseWriter, r *http.Request) {
vars := mux.Vars(r)
id := vars["id"]
books := map[string]string{
"1449311601": "Laura",
"1484250956x": "Yoman",
"1484220498": "Skill",
}
body := fmt.Sprintf("Author: %s \n", books[id])
w.Write([]byte(body))
}
func setupGoGuardian() {
//cfg := &ldap.Config{
// BaseDN: "dc=example, dc=com",
// BindDN: "cn=read-only-admin,dc=example,dc=com",
// Port: "389",
// Host: "ldap.forumsys.com",
// BindPassword: "password",
// Filter: "(uid=%s)",
// }
cfg := &ldap.Config{
Port: "389",
Host: "ldapadmin.test/phpldapadmin",
TLS: &tls.Config{},
BindDN: "cn=olivia,dc=ldapadmin,dc=test",
BindPassword: "root",
Attributes: []string{},
BaseDN: "dc=ldapadmin, dc=test",
Filter: "(uid=%s)",
}
authenticator = auth.New()
cache = store.NewFIFO(context.Background(), time.Minute*10)
strategy := ldap.NewCached(cfg, cache)
authenticator.EnableStrategy(ldap.StrategyKey, strategy)
}
func middleware(next http.Handler) http.HandlerFunc {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
log.Println("Executing Auth Middleware")
user, err := authenticator.Authenticate(r)
if err != nil {
code := http.StatusUnauthorized
http.Error(w, http.StatusText(code), code)
return
}
log.Printf("User %s Authenticated\n", user.UserName())
next.ServeHTTP(w, r)
})
}
My local ldap server is hosted at ldapadmin.test/phpldapadmin
Now when running slapcat inside my ubunut20 machine, the results are
dn: dc=ldapadmin,dc=test
objectClass: top
objectClass: dcObject
objectClass: organization
o: tesldap
dc: ldapadmin
structuralObjectClass: organization
entryUUID: 001f85be-92c9-103b-9d45-bb8a7b47e3b6
creatorsName: cn=admin,dc=ldapadmin,dc=test
createTimestamp: 20210816103228Z
entryCSN: 20210816103228.907585Z#000000#000#000000
modifiersName: cn=admin,dc=ldapadmin,dc=test
modifyTimestamp: 20210816103228Z
dn: cn=admin,dc=ldapadmin,dc=test
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: e1NTSEF9M1V2a3ZLWlFlSStHVUdKQ0U0bzlneFpiRGZVcklsTUo=
structuralObjectClass: organizationalRole
entryUUID: 002078d4-92c9-103b-9d46-bb8a7b47e3b6
creatorsName: cn=admin,dc=ldapadmin,dc=test
createTimestamp: 20210816103228Z
entryCSN: 20210816103228.913850Z#000000#000#000000
modifiersName: cn=admin,dc=ldapadmin,dc=test
modifyTimestamp: 20210816103228Z
dn: ou=people,dc=ldapadmin,dc=test
objectClass: organizationalUnit
objectClass: top
ou: people
structuralObjectClass: organizationalUnit
entryUUID: 432694c6-92d1-103b-806c-51a5a293746f
creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
createTimestamp: 20210816113137Z
entryCSN: 20210816113137.335074Z#000000#000#000000
modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
modifyTimestamp: 20210816113137Z
dn: ou=groups,dc=ldapadmin,dc=test
objectClass: organizationalUnit
objectClass: top
ou: groups
structuralObjectClass: organizationalUnit
entryUUID: 432774a4-92d1-103b-806d-51a5a293746f
creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
createTimestamp: 20210816113137Z
entryCSN: 20210816113137.340805Z#000000#000#000000
modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
modifyTimestamp: 20210816113137Z
dn: uid=olivia,ou=people,dc=ldapadmin,dc=test
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: olivia
cn: olivia
sn: Nightingale
loginShell: /bin/bash
uidNumber: 10000
gidNumber: 10000
homeDirectory: /home/olivia
shadowMax: 60
shadowMin: 1
shadowWarning: 7
shadowInactive: 7
shadowLastChange: 0
structuralObjectClass: inetOrgPerson
entryUUID: a4283248-92d1-103b-806f-51a5a293746f
creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
createTimestamp: 20210816113420Z
userPassword:: e1NTSEF9Q3hOYWFQdnJEVW84dVRjNnhYKzM1MlFZcmlyRmk0Q0o=
entryCSN: 20210816113506.981478Z#000000#000#000000
modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
modifyTimestamp: 20210816113506Z
dn: cn=olivia,ou=groups,dc=ldapadmin,dc=test
objectClass: posixGroup
cn: olivia
gidNumber: 10000
memberUid: olivia
structuralObjectClass: posixGroup
entryUUID: a428afd4-92d1-103b-8070-51a5a293746f
creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
createTimestamp: 20210816113420Z
entryCSN: 20210816113420.087860Z#000000#000#000000
modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
modifyTimestamp: 20210816113420Z
dn: cn=readonly,ou=people,dc=ldapadmin,dc=test
objectClass: organizationalRole
objectClass: simpleSecurityObject
cn: readonly
userPassword:: e1NTSEF9RE5LUEdBMVdtdGtQVDVwRlRCb2NlS2pOQlpndGtKMy8=
description: Bind DN user for LDAP Operations
structuralObjectClass: organizationalRole
entryUUID: 39528972-92d2-103b-8071-51a5a293746f
creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
createTimestamp: 20210816113830Z
entryCSN: 20210816113830.342653Z#000000#000#000000
modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
modifyTimestamp: 20210816113830Z
dn: cn=john doe,ou=people,dc=ldapadmin,dc=test
cn: john doe
givenName: john
gidNumber: 10000
homeDirectory: /home/users/jdoe
sn: doe
loginShell: /bin/sh
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
userPassword:: e01ENX1VbnZWdGRhSjRzTXE2WFRHSXAvM2hRPT0=
uidNumber: 1000
uid: jdoe
structuralObjectClass: inetOrgPerson
entryUUID: a8633cf2-92dd-103b-8a45-b796d7b82159
creatorsName: cn=admin,dc=ldapadmin,dc=test
createTimestamp: 20210816130021Z
entryCSN: 20210816130021.143200Z#000000#000#000000
modifiersName: cn=admin,dc=ldapadmin,dc=test
modifyTimestamp: 20210816130021Z
1 answers
solution1
0 2021-08-16 16:34:22
It turns out I have incorrect configuration. After reading this link https://campus.barracuda.com/product/essentials/doc/3211273/how-to-configure-user-authentication-using-ldap/
I updated my ldap config
cfg := &ldap.Config{
Port: "389",
Host: "ldapadmin.test",
BindDN: "cn=admin,dc=ldapadmin,dc=test",
BindPassword: "root",
BaseDN: "dc=ldapadmin, dc=test",
Filter: "(uid=%s)",
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
How do I implement basic authentication in WebDAV using golang?
Any ideas how to implement OIDC implementation for google provider using Go as part of authentication service
How to add new entry to LDAP server with Golang?
How to convert *ldap.Entry to Array object
How to compose a base ldap string for unknown hierarchy
How to bind to LDAP server with TLS using golang?
How to configure SSL authentication
How to implement _() method?
How to implement a linked list
How to implement slowEqual with golang
Related Tags