ldap

package
v0.6.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 9, 2026 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Overview

Package ldap provides LDAP authentication and directory service integration.

Index

Constants

This section is empty.

Variables

View Source 
var DefaultConfigs = map[string]*Config{
	"active_directory": {
		Port:                 389,
		UseSSL:               false,
		UseTLS:               true,
		UserFilter:           "(sAMAccountName=%s)",
		EmailAttribute:       "mail",
		FirstNameAttribute:   "givenName",
		LastNameAttribute:    "sn",
		DisplayNameAttribute: "displayName",
		GroupFilter:          "(&(objectClass=group)(member=%s))",
		GroupAttribute:       "cn",
		IsActiveDirectory:    true,
		Timeout:              30,
	},
	"openldap": {
		Port:                 389,
		UseSSL:               false,
		UseTLS:               true,
		UserFilter:           "(uid=%s)",
		EmailAttribute:       "mail",
		FirstNameAttribute:   "givenName",
		LastNameAttribute:    "sn",
		DisplayNameAttribute: "cn",
		GroupFilter:          "(&(objectClass=groupOfNames)(member=%s))",
		GroupAttribute:       "cn",
		IsActiveDirectory:    false,
		Timeout:              30,
	},
	"389ds": {
		Port:                 389,
		UseSSL:               false,
		UseTLS:               true,
		UserFilter:           "(uid=%s)",
		EmailAttribute:       "mail",
		FirstNameAttribute:   "givenName",
		LastNameAttribute:    "sn",
		DisplayNameAttribute: "cn",
		GroupFilter:          "(&(objectClass=groupOfUniqueNames)(uniqueMember=%s))",
		GroupAttribute:       "cn",
		IsActiveDirectory:    false,
		Timeout:              30,
	},
}

DefaultConfigs provides common LDAP configurations.

View Source 
var ExampleConfigs = map[string]string{
	"active_directory": `# Active Directory Configuration
LDAP_ENABLED=true
LDAP_TYPE=active_directory
LDAP_HOST=dc.company.com
LDAP_PORT=389
LDAP_USE_TLS=true
LDAP_BIND_DN=cn=goatflow-service,ou=Service Accounts,dc=company,dc=com
LDAP_BIND_PASSWORD=your-bind-password
LDAP_BASE_DN=dc=company,dc=com
LDAP_USER_FILTER=(sAMAccountName=%s)
LDAP_GROUP_BASE_DN=ou=Groups,dc=company,dc=com
LDAP_GROUP_FILTER=(&(objectClass=group)(member=%s))
LDAP_EMAIL_ATTRIBUTE=mail
LDAP_FIRST_NAME_ATTRIBUTE=givenName
LDAP_LAST_NAME_ATTRIBUTE=sn
LDAP_DISPLAY_NAME_ATTRIBUTE=displayName
LDAP_GROUP_ATTRIBUTE=cn
LDAP_IS_ACTIVE_DIRECTORY=true
LDAP_DOMAIN=company.com
LDAP_ADMIN_GROUPS=Domain Admins,GoatFlow Administrators
LDAP_AGENT_GROUPS=Support Team,IT Helpdesk`,

	"openldap": `# OpenLDAP Configuration
LDAP_ENABLED=true
LDAP_TYPE=openldap
LDAP_HOST=ldap.company.com
LDAP_PORT=389
LDAP_USE_TLS=true
LDAP_BIND_DN=cn=goatflow,ou=system,dc=company,dc=com
LDAP_BIND_PASSWORD=your-bind-password
LDAP_BASE_DN=dc=company,dc=com
LDAP_USER_FILTER=(uid=%s)
LDAP_GROUP_BASE_DN=ou=groups,dc=company,dc=com
LDAP_GROUP_FILTER=(&(objectClass=groupOfNames)(member=%s))
LDAP_EMAIL_ATTRIBUTE=mail
LDAP_FIRST_NAME_ATTRIBUTE=givenName
LDAP_LAST_NAME_ATTRIBUTE=sn
LDAP_DISPLAY_NAME_ATTRIBUTE=cn
LDAP_GROUP_ATTRIBUTE=cn
LDAP_ADMIN_GROUPS=goatflow-admins,system-admins
LDAP_AGENT_GROUPS=goatflow-agents,support-team`,

	"389ds": `# 389 Directory Server Configuration
LDAP_ENABLED=true
LDAP_TYPE=389ds
LDAP_HOST=ldap.company.com
LDAP_PORT=389
LDAP_USE_TLS=true
LDAP_BIND_DN=uid=goatflow,cn=sysaccounts,cn=etc,dc=company,dc=com
LDAP_BIND_PASSWORD=your-bind-password
LDAP_BASE_DN=dc=company,dc=com
LDAP_USER_FILTER=(uid=%s)
LDAP_GROUP_BASE_DN=cn=groups,cn=accounts,dc=company,dc=com
LDAP_GROUP_FILTER=(&(objectClass=groupOfUniqueNames)(uniqueMember=%s))
LDAP_EMAIL_ATTRIBUTE=mail
LDAP_FIRST_NAME_ATTRIBUTE=givenName
LDAP_LAST_NAME_ATTRIBUTE=sn
LDAP_DISPLAY_NAME_ATTRIBUTE=cn
LDAP_GROUP_ATTRIBUTE=cn
LDAP_ADMIN_GROUPS=goatflow-admins,admins
LDAP_AGENT_GROUPS=goatflow-agents,support`,
}

ExampleConfigs provides example configurations for documentation.

Functions

func GetEnvironmentTemplate 

func GetEnvironmentTemplate(ldapType string) map[string]string

GetEnvironmentTemplate returns environment variables template for LDAP configuration.

func Initialize 

func Initialize() (*AuthMiddleware, *LDAPHandlers, error)

Initialize sets up the global LDAP components.

func IsEnabled 

func IsEnabled() bool

IsEnabled returns true if LDAP authentication is enabled.

func Reinitialize 

func Reinitialize() error

This is useful for configuration updates at runtime.

func ValidateConfig 

func ValidateConfig(config *Config) []string

ValidateConfig validates LDAP configuration.

Types

type AuthError 

type AuthError struct {
	Message string
}

AuthError represents an LDAP authentication error.

func (*AuthError) Error 

func (e *AuthError) Error() string

type AuthMiddleware 

type AuthMiddleware struct {
	// contains filtered or unexported fields
}

AuthMiddleware provides LDAP authentication middleware.

func GetMiddleware 

func GetMiddleware() *AuthMiddleware

GetMiddleware returns the global LDAP middleware instance.

func NewAuthMiddleware 

func NewAuthMiddleware(config *Config, enabled, fallbackAuth bool) *AuthMiddleware

NewAuthMiddleware creates a new LDAP authentication middleware.

func (*AuthMiddleware) AuthenticateUser 

func (m *AuthMiddleware) AuthenticateUser(username, password string) (*User, error)

AuthenticateUser authenticates a user with LDAP.

func (*AuthMiddleware) ConfigurationHandler 

func (m *AuthMiddleware) ConfigurationHandler(c *gin.Context)

ConfigurationHandler handles LDAP configuration endpoints.

func (*AuthMiddleware) GetUserInfoHandler 

func (m *AuthMiddleware) GetUserInfoHandler(c *gin.Context)

GetUserInfoHandler retrieves user information from LDAP.

func (*AuthMiddleware) HandleLogin 

func (m *AuthMiddleware) HandleLogin(c *gin.Context)

HandleLogin handles LDAP login requests.

func (*AuthMiddleware) SyncUserMiddleware 

func (m *AuthMiddleware) SyncUserMiddleware() gin.HandlerFunc

SyncUserMiddleware synchronizes LDAP users with local database.

func (*AuthMiddleware) TemplateHandler 

func (m *AuthMiddleware) TemplateHandler(c *gin.Context)

TemplateHandler provides LDAP configuration templates.

func (*AuthMiddleware) TestConnectionHandler 

func (m *AuthMiddleware) TestConnectionHandler(c *gin.Context)

TestConnectionHandler provides an endpoint to test LDAP connection.

type AuthResult 

type AuthResult struct {
	Success      bool   `json:"success"`
	User         *User  `json:"user,omitempty"`
	ErrorMessage string `json:"error_message,omitempty"`
}

AuthResult represents authentication result.

type Config 

type Config struct {
	// Connection settings
	Host    string `json:"host"`
	Port    int    `json:"port"`
	UseSSL  bool   `json:"use_ssl"`
	UseTLS  bool   `json:"use_tls"`
	SkipTLS bool   `json:"skip_tls_verify"`
	Timeout int    `json:"timeout_seconds"`

	// Bind settings
	BindDN       string `json:"bind_dn"`
	BindPassword string `json:"bind_password"`

	// User search settings
	BaseDN     string `json:"base_dn"`
	UserFilter string `json:"user_filter"`  // e.g., "(uid=%s)" or "(sAMAccountName=%s)"
	UserBaseDN string `json:"user_base_dn"` // Optional, defaults to BaseDN

	// User attributes mapping
	EmailAttribute       string `json:"email_attribute"`        // e.g., "mail"
	FirstNameAttribute   string `json:"first_name_attribute"`   // e.g., "givenName"
	LastNameAttribute    string `json:"last_name_attribute"`    // e.g., "sn"
	DisplayNameAttribute string `json:"display_name_attribute"` // e.g., "displayName"

	// Group settings (optional)
	GroupBaseDN    string `json:"group_base_dn"`
	GroupFilter    string `json:"group_filter"`    // e.g., "(&(objectClass=group)(member=%s))"
	GroupAttribute string `json:"group_attribute"` // e.g., "cn"

	// Role mapping
	AdminGroups []string `json:"admin_groups"`
	AgentGroups []string `json:"agent_groups"`

	// Active Directory specific
	IsActiveDirectory bool   `json:"is_active_directory"`
	Domain            string `json:"domain"` // For AD, e.g., "company.com"
}

Config holds LDAP configuration.

func GetConfigTemplate 

func GetConfigTemplate(ldapType string) (*Config, error)

GetConfigTemplate returns a configuration template for a specific LDAP type.

func LoadFromEnvironment 

func LoadFromEnvironment() (*Config, error)

LoadFromEnvironment loads LDAP configuration from environment variables.

type ConfigManager 

type ConfigManager struct {
	// contains filtered or unexported fields
}

ConfigManager handles LDAP configuration loading and saving.

func NewConfigManager 

func NewConfigManager(configPath string) *ConfigManager

NewConfigManager creates a new config manager.

func (*ConfigManager) LoadFromFile 

func (cm *ConfigManager) LoadFromFile() (*Config, error)

LoadFromFile loads LDAP configuration from JSON file.

func (*ConfigManager) SaveToFile 

func (cm *ConfigManager) SaveToFile(config *Config) error

SaveToFile saves LDAP configuration to JSON file.

type LDAPHandlers 

type LDAPHandlers struct {
	// contains filtered or unexported fields
}

LDAPHandlers provides HTTP handlers for LDAP management.

func GetHandlers 

func GetHandlers() *LDAPHandlers

GetHandlers returns the global LDAP handlers instance.

func NewLDAPHandlers 

func NewLDAPHandlers(middleware *AuthMiddleware) *LDAPHandlers

NewLDAPHandlers creates a new LDAP handlers instance.

func (*LDAPHandlers) GetConfiguration 

func (h *LDAPHandlers) GetConfiguration(c *gin.Context)

GetConfiguration returns current LDAP configuration.

func (*LDAPHandlers) GetGroupMembers 

func (h *LDAPHandlers) GetGroupMembers(c *gin.Context)

GetGroupMembers returns members of a specific group.

func (*LDAPHandlers) GetHealth 

func (h *LDAPHandlers) GetHealth(c *gin.Context)

GetHealth returns LDAP health status.

func (*LDAPHandlers) GetStatistics 

func (h *LDAPHandlers) GetStatistics(c *gin.Context)

GetStatistics returns LDAP usage statistics.

func (*LDAPHandlers) GetTemplate 

func (h *LDAPHandlers) GetTemplate(c *gin.Context)

GetTemplate returns a specific LDAP configuration template.

func (*LDAPHandlers) GetTemplates 

func (h *LDAPHandlers) GetTemplates(c *gin.Context)

GetTemplates returns available LDAP configuration templates.

func (*LDAPHandlers) GetUserGroups 

func (h *LDAPHandlers) GetUserGroups(c *gin.Context)

GetUserGroups retrieves groups for a specific user.

func (*LDAPHandlers) GetUserInfo 

func (h *LDAPHandlers) GetUserInfo(c *gin.Context)

GetUserInfo retrieves user information from LDAP.

func (*LDAPHandlers) ListGroups 

func (h *LDAPHandlers) ListGroups(c *gin.Context)

ListGroups lists groups from LDAP (limited implementation).

func (*LDAPHandlers) SetConfiguration 

func (h *LDAPHandlers) SetConfiguration(c *gin.Context)

SetConfiguration sets LDAP configuration.

func (*LDAPHandlers) SetupLDAPRoutes 

func (h *LDAPHandlers) SetupLDAPRoutes(router gin.IRouter)

SetupLDAPRoutes sets up LDAP management routes.

func (*LDAPHandlers) SyncUser 

func (h *LDAPHandlers) SyncUser(c *gin.Context)

SyncUser synchronizes user information from LDAP to local database.

func (*LDAPHandlers) TestAuthentication 

func (h *LDAPHandlers) TestAuthentication(c *gin.Context)

TestAuthentication tests LDAP authentication with provided credentials.

func (*LDAPHandlers) TestConnection 

func (h *LDAPHandlers) TestConnection(c *gin.Context)

TestConnection tests LDAP connection.

func (*LDAPHandlers) UpdateConfiguration 

func (h *LDAPHandlers) UpdateConfiguration(c *gin.Context)

UpdateConfiguration updates LDAP configuration (same as SetConfiguration).

type Provider 

type Provider struct {
	// contains filtered or unexported fields
}

Provider implements LDAP/Active Directory authentication.

func GetProvider 

func GetProvider() *Provider

GetProvider returns the global LDAP provider instance.

func NewProvider 

func NewProvider(config *Config) *Provider

NewProvider creates a new LDAP provider.

func (*Provider) Authenticate 

func (p *Provider) Authenticate(username, password string) *AuthResult

Authenticate authenticates a user with username and password.

func (*Provider) Close 

func (p *Provider) Close()

Close closes the LDAP connection.

func (*Provider) Connect 

func (p *Provider) Connect() error

Connect establishes connection to LDAP server.

func (*Provider) TestConnection 

func (p *Provider) TestConnection() error

TestConnection tests LDAP connection and authentication.

type User 

type User struct {
	DN          string   `json:"dn"`
	Username    string   `json:"username"`
	Email       string   `json:"email"`
	FirstName   string   `json:"first_name"`
	LastName    string   `json:"last_name"`
	DisplayName string   `json:"display_name"`
	Groups      []string `json:"groups"`
	Role        string   `json:"role"` // Admin, Agent, Customer
}

User represents an LDAP user.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.