Blog

【Go】Goのldapモジュールで認証をLDAP認証をかける

Posted by:

2020年9月22日
no comments yet

＜スポンサーリンク＞

認証したいユーザー

cn=yuta

ldapモジュールをインストール

github.com/go-ldap/ldapを取得します

				1

						github.com/go-ldap/ldapを取得します

サンプルコード

<span class="k">パッケージ</span> <span class="n">メイン</span>

<span class="k">インポート</span> <span class="p">（</span>
    <span class="s">"fmt" </span>
    <span class="s">"github.com/go-ldap/ldap/v3" </span>
    <span class="s">"log" </span>
<span class="p">）</span>

<span class="k">var </span> <span class="p">（</span>
    <span class="n">ldapServer </span> <span class="o">= </span> <span class="s">"ldap：// localhost：389" </span>
    <span class="n">baseDN </span>     <span class="o">= </span> <span class="s">"dc = vamdemic、dc = black" </span>
    <span class="n">username </span> <span class="o">= </span> <span class="s">" </span><span class="n">yuta </span><span class="s">" </span>
    <span class="n">password </span> <span class="o">= </span> <span class="s">"password" </span>
    <span class="n">bindusername </span> <span class="o">= </span> <span class="s">"cn = admin、dc = vamdemic、dc = black" </span>
    <span class="n">bindpassword </span> <span class="o">= </span> <span class="s">「パスワード」</span>

<span class="p">）</span>

<span class="c">//この例は、典型的なアプリケーションがログイン試行を検証する方法を示しています</span>
<span class="k">func </span> <span class="n">Example_userAuthentication </span><span class="p">（）</span> <span class="p">{ </span>
    <span class="n">l </span><span class="p">、</span> <span class="n">err </span> <span class="o">：= </span> <span class="n">ldap </span><span class="o">。</span><span class="n">DialURL </span><span class="p">（</span><span class="n">ldapServer </span><span class="p">）</span>
    <span class="k">if </span> <span class="n">err </span> <span class="o">！= </span> <span class="no">nil </span> <span class="p">{ </span>
        <span class="n">log </span><span class="o">。</span><span class="n">Fatal </span><span class="p">（</span><span class="n">err </span><span class="p">）</span>
    <span class="p">} </span>
    <span class="k">defer </span> <span class="n">l </span><span class="o">。</span><span class="n">閉じる</span><span class="p">（）</span>

    <span class="c">//最初に読み取り専用ユーザー</span>
    <span class="n">err </span> <span class="o">= </span> <span class="n">lで</span><span class="c">バインドします</span><span class="o">。</span><span class="n">バインドする</span><span class="p">（</span><span class="n">bindusername </span><span class="p">、</span> <span class="n">bindpassword </span><span class="p">）</span>
    <span class="k">if </span> <span class="n">err </span> <span class="o">！= </span> <span class="no">nil </span> <span class="p">{ </span>
        <span class="n">log </span><span class="o">。</span><span class="n">致命的</span><span class="p">（</span><span class="n">err </span><span class="p">）</span>
    <span class="p">}</span>

    <span class="c">//指定されたユーザー名</span>
    <span class="n">searchRequest </span> <span class="o">：= </span> <span class="n">ldapを</span><span class="c">検索します</span><span class="o">。</span><span class="n">NewSearchRequest </span><span class="p">（</span>
        <span class="n">ベースDN </span><span class="p">、</span>
        <span class="n">LDAP </span><span class="o">。</span><span class="n">ScopeWholeSubtree </span><span class="p">、</span> <span class="n">LDAP </span><span class="o">。</span><span class="n">NeverDerefAliases </span><span class="p">、</span> <span class="m">0 </span><span class="p">、</span> <span class="m">0 </span><span class="p">、</span> <span class="no">偽</span><span class="p">、</span>
        <span class="n">FMT </span><span class="o">。</span><span class="n">SPRINTF </span><span class="p">（</span><span class="s">"（＆（オブジェクトクラス= organizationalPersonを）（CN =％S））" </span><span class="p">、
</span> <span class="n">ユーザ名</span><span class="p">）、</span>
        <span class="p">[] </span><span class="kt">の文字列</span><span class="p">{ </span><span class="s">"DN" </span><span class="p">} 、</span>
        <span class="no">nil </span><span class="p">、</span>
    <span class="p">）</span>

    <span class="n">sr </span><span class="p">、</span> <span class="n">err </span> <span class="o">：= </span> <span class="n">l </span><span class="o">。</span><span class="n">検索</span><span class="p">（</span><span class="n">searchRequest </span><span class="p">）</span>
    <span class="k">if </span> <span class="n">err </span> <span class="o">！= </span> <span class="no">nil </span> <span class="p">{ </span>
        <span class="n">log </span><span class="o">。</span><span class="n">致命的</span><span class="p">（</span><span class="n">err </span><span class="p">）</span>
    <span class="p">}</span>

    <span class="k">場合</span> <span class="nb">でlen </span><span class="p">（</span><span class="n">SR </span><span class="o">。</span><span class="n">エントリー</span><span class="p">）</span> <span class="o">！= </span> <span class="m">1 </span> <span class="p">{ </span>
        <span class="n">ログ</span><span class="o">。</span><span class="n">致命的</span><span class="p">（</span><span class="s">「ユーザーが存在しないか、返されるエントリが多すぎます」</span><span class="p">）</span>
    <span class="p">}</span>

    <span class="n">userdn </span> <span class="o">：= </span> <span class="n">sr </span><span class="o">。</span><span class="n">エントリー</span><span class="p">[ </span><span class="m">0 </span><span class="p">] </span><span class="o">。</span><span class="n">DN</span>

    <span class="c">//ユーザーとしてバインドして、パスワードを確認します</span>
    <span class="n">err </span> <span class="o">= </span> <span class="n">l </span><span class="o">。</span><span class="n">err </span><span class="o">！= </span><span class="no">nil </span><span class="p">{ </span><span class="n">logの</span><span class="k">場合</span><span class="p">、</span><span class="n">バインド</span><span class="p">（</span><span class="n">userdn </span><span class="p">、</span> <span class="n">パスワード</span><span class="p">）</span>
    <span class="o">。</span><span class="n">致命的</span><span class="p">（</span><span class="n">err </span><span class="p">）</span><span class="p">}</span>    
        
    

    <span class="c">//これ以降のクエリでは、読み取り専用ユーザーとして再バインドします</span>
    <span class="n">err </span> <span class="o">= </span> <span class="n">l </span><span class="o">。</span><span class="n">バインドする</span><span class="p">（</span><span class="n">bindusername </span><span class="p">、</span> <span class="n">bindpassword </span><span class="p">）</span>
    <span class="k">if </span> <span class="n">err </span> <span class="o">！= </span> <span class="no">nil </span> <span class="p">{ </span>
        <span class="n">log </span><span class="o">。</span><span class="n">致命的</span><span class="p">（</span><span class="n">エラー</span><span class="p">）</span>
    <span class="p">} </span>
<span class="p">}</span>

<span class="k">func </span> <span class="n">main </span><span class="p">（）</span> <span class="p">{ </span>
    <span class="n">Example_userAuthentication </span><span class="p">（）</span>
<span class="p">}</span>

				
					
				1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69

						<span class="k">パッケージ</span> <span class="n">メイン</span>
 
<span class="k">インポート</span> <span class="p">（</span>
    <span class="s">"fmt" </span>
    <span class="s">"github.com/go-ldap/ldap/v3" </span>
    <span class="s">"log" </span>
<span class="p">）</span>
 
<span class="k">var </span> <span class="p">（</span>
    <span class="n">ldapServer </span> <span class="o">= </span> <span class="s">"ldap：// localhost：389" </span>
    <span class="n">baseDN </span>     <span class="o">= </span> <span class="s">"dc = vamdemic、dc = black" </span>
    <span class="n">username </span> <span class="o">= </span> <span class="s">" </span><span class="n">yuta </span><span class="s">" </span>
    <span class="n">password </span> <span class="o">= </span> <span class="s">"password" </span>
    <span class="n">bindusername </span> <span class="o">= </span> <span class="s">"cn = admin、dc = vamdemic、dc = black" </span>
    <span class="n">bindpassword </span> <span class="o">= </span> <span class="s">「パスワード」</span>
 
<span class="p">）</span>
 
<span class="c">//この例は、典型的なアプリケーションがログイン試行を検証する方法を示しています</span>
<span class="k">func </span> <span class="n">Example_userAuthentication </span><span class="p">（）</span> <span class="p">{ </span>
    <span class="n">l </span><span class="p">、</span> <span class="n">err </span> <span class="o">：= </span> <span class="n">ldap </span><span class="o">。</span><span class="n">DialURL </span><span class="p">（</span><span class="n">ldapServer </span><span class="p">）</span>
    <span class="k">if </span> <span class="n">err </span> <span class="o">！= </span> <span class="no">nil </span> <span class="p">{ </span>
        <span class="n">log </span><span class="o">。</span><span class="n">Fatal </span><span class="p">（</span><span class="n">err </span><span class="p">）</span>
    <span class="p">} </span>
    <span class="k">defer </span> <span class="n">l </span><span class="o">。</span><span class="n">閉じる</span><span class="p">（）</span>
 
    <span class="c">//最初に読み取り専用ユーザー</span>
    <span class="n">err </span> <span class="o">= </span> <span class="n">lで</span><span class="c">バインドします</span><span class="o">。</span><span class="n">バインドする</span><span class="p">（</span><span class="n">bindusername </span><span class="p">、</span> <span class="n">bindpassword </span><span class="p">）</span>
    <span class="k">if </span> <span class="n">err </span> <span class="o">！= </span> <span class="no">nil </span> <span class="p">{ </span>
        <span class="n">log </span><span class="o">。</span><span class="n">致命的</span><span class="p">（</span><span class="n">err </span><span class="p">）</span>
    <span class="p">}</span>
 
    <span class="c">//指定されたユーザー名</span>
    <span class="n">searchRequest </span> <span class="o">：= </span> <span class="n">ldapを</span><span class="c">検索します</span><span class="o">。</span><span class="n">NewSearchRequest </span><span class="p">（</span>
        <span class="n">ベースDN </span><span class="p">、</span>
        <span class="n">LDAP </span><span class="o">。</span><span class="n">ScopeWholeSubtree </span><span class="p">、</span> <span class="n">LDAP </span><span class="o">。</span><span class="n">NeverDerefAliases </span><span class="p">、</span> <span class="m">0 </span><span class="p">、</span> <span class="m">0 </span><span class="p">、</span> <span class="no">偽</span><span class="p">、</span>
        <span class="n">FMT </span><span class="o">。</span><span class="n">SPRINTF </span><span class="p">（</span><span class="s">"（＆（オブジェクトクラス= organizationalPersonを）（CN =％S））" </span><span class="p">、
</span> <span class="n">ユーザ名</span><span class="p">）、</span>
        <span class="p">[] </span><span class="kt">の文字列</span><span class="p">{ </span><span class="s">"DN" </span><span class="p">} 、</span>
        <span class="no">nil </span><span class="p">、</span>
    <span class="p">）</span>
 
    <span class="n">sr </span><span class="p">、</span> <span class="n">err </span> <span class="o">：= </span> <span class="n">l </span><span class="o">。</span><span class="n">検索</span><span class="p">（</span><span class="n">searchRequest </span><span class="p">）</span>
    <span class="k">if </span> <span class="n">err </span> <span class="o">！= </span> <span class="no">nil </span> <span class="p">{ </span>
        <span class="n">log </span><span class="o">。</span><span class="n">致命的</span><span class="p">（</span><span class="n">err </span><span class="p">）</span>
    <span class="p">}</span>
 
    <span class="k">場合</span> <span class="nb">でlen </span><span class="p">（</span><span class="n">SR </span><span class="o">。</span><span class="n">エントリー</span><span class="p">）</span> <span class="o">！= </span> <span class="m">1 </span> <span class="p">{ </span>
        <span class="n">ログ</span><span class="o">。</span><span class="n">致命的</span><span class="p">（</span><span class="s">「ユーザーが存在しないか、返されるエントリが多すぎます」</span><span class="p">）</span>
    <span class="p">}</span>
 
    <span class="n">userdn </span> <span class="o">：= </span> <span class="n">sr </span><span class="o">。</span><span class="n">エントリー</span><span class="p">[ </span><span class="m">0 </span><span class="p">] </span><span class="o">。</span><span class="n">DN</span>
 
    <span class="c">//ユーザーとしてバインドして、パスワードを確認します</span>
    <span class="n">err </span> <span class="o">= </span> <span class="n">l </span><span class="o">。</span><span class="n">err </span><span class="o">！= </span><span class="no">nil </span><span class="p">{ </span><span class="n">logの</span><span class="k">場合</span><span class="p">、</span><span class="n">バインド</span><span class="p">（</span><span class="n">userdn </span><span class="p">、</span> <span class="n">パスワード</span><span class="p">）</span>
    <span class="o">。</span><span class="n">致命的</span><span class="p">（</span><span class="n">err </span><span class="p">）</span><span class="p">}</span>    
        
    
 
    <span class="c">//これ以降のクエリでは、読み取り専用ユーザーとして再バインドします</span>
    <span class="n">err </span> <span class="o">= </span> <span class="n">l </span><span class="o">。</span><span class="n">バインドする</span><span class="p">（</span><span class="n">bindusername </span><span class="p">、</span> <span class="n">bindpassword </span><span class="p">）</span>
    <span class="k">if </span> <span class="n">err </span> <span class="o">！= </span> <span class="no">nil </span> <span class="p">{ </span>
        <span class="n">log </span><span class="o">。</span><span class="n">致命的</span><span class="p">（</span><span class="n">エラー</span><span class="p">）</span>
    <span class="p">} </span>
<span class="p">}</span>
 
<span class="k">func </span> <span class="n">main </span><span class="p">（）</span> <span class="p">{ </span>
    <span class="n">Example_userAuthentication </span><span class="p">（）</span>
<span class="p">}</span>

					

			

Blog

【Go】Goのldapモジュールで認証をLDAP認証をかける

認証したいユーザー

ldapモジュールをインストール

サンプルコード

関連

コメントを残すコメントをキャンセル

最近の投稿

カテゴリー

最近のコメント

閲覧数

メタ情報

Blog

【Go】Goのldapモジュールで認証をLDAP認証をかける

認証したいユーザー

ldapモジュールをインストール

サンプルコード

Share this:

関連

コメントを残す コメントをキャンセル

最近の投稿

カテゴリー

最近のコメント

閲覧数

メタ情報

コメントを残すコメントをキャンセル