Documentation
¶
Index ¶
- func ChannelBindingHash(cert *x509.Certificate) []byte
- func Connect(ctx context.Context, authOpts *adauth.Options, ldapOpts *Options) (conn *ldap.Conn, err error)
- func ConnectTo(ctx context.Context, creds *adauth.Credential, target *adauth.Target, ...) (conn *ldap.Conn, err error)
- func TLSConfig(opts *Options, clientCert *x509.Certificate, clientCertKey crypto.PrivateKey, ...) (*tls.Config, error)
- func UserAndDomainFromPFX(pfxFile string, password string) (user string, domain string, err error)
- type Options
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ChannelBindingHash ¶
func ChannelBindingHash(cert *x509.Certificate) []byte
ChannelBinding hash computes the channel binding token that can be included in the authentication handshake to make sure that the client has established a TLS connection to the correct server.
func Connect ¶
func Connect(ctx context.Context, authOpts *adauth.Options, ldapOpts *Options) (conn *ldap.Conn, err error)
Connect returns an authenticated LDAP connection to the domain controller's LDAP server.
func ConnectTo ¶
func ConnectTo( ctx context.Context, creds *adauth.Credential, target *adauth.Target, ldapOpts *Options, ) (conn *ldap.Conn, err error)
Connect returns an authenticated LDAP connection to the specified target.
func TLSConfig ¶
func TLSConfig( opts *Options, clientCert *x509.Certificate, clientCertKey crypto.PrivateKey, caCerts []*x509.Certificate, ) (*tls.Config, error)
TLSConfig returns a TLS config based on the default config in the provided LDAP options as well as PFX files.
Types ¶
type Options ¶
type Options struct {
// LDAP scheme (ldap or ldaps).
Scheme string
// Verify indicates whether TLS verification should be performed.
Verify bool
// Timeout sets the request timeout for the LDAP connection.
Timeout time.Duration
// Debug can be set to enable debug output, for example with
// adauth.NewDebugFunc(...).
Debug func(string, ...any)
// SimpleBind indicates that SimpleBind authentication should be used
// instead of NTLM, Kerberos or mTLS. For this, a cleartext password is
// required.
SimpleBind bool
// TLSConfig for LDAPS or LDAP+StartTLS. InsecureSkipVerify is ignored and
// set according to Options.Verify. MaxVersion will be changed to 1.2 unless
// Options.DisableChannelBinding is set.
TLSConfig *tls.Config
// DisableChannelBinding omits the TLS certificate hash in Kerberos and NTLM
// authentication.
DisableChannelBinding bool
// StartTLS indicates that a TLS connection should be established even for
// non-LDAPS connections before authenticating. For client-certificate
// authentication on regular LDAP connections, StartTLS will be used even if
// this option is disabled.
StartTLS bool
// DialOptions can be used to customize the connection. DialOptions is
// ignored when a custom LDAPDialer is set.
DialOptions []ldap.DialOpt
// KerberosDialer is a custom dialer that is used to request Kerberos
// tickets. DialContext is used if implemented.
KerberosDialer adauth.Dialer
// LDAPDialer is a custom dialer that is used to establish LDAP connections.
// DialContext is used if implemented.
LDAPDialer adauth.Dialer
}
Options holds LDAP specific options.
func (*Options) RegisterFlags ¶
RegisterFlags registers LDAP specific flags to a pflag.FlagSet such as the default flagset pflag.CommandLine.
Source Files
Click to show internal directories.
Click to hide internal directories.