Joseph Crail 39c068400e Fix spelling errors in comments. 10 роки тому
..
README.md 69e332f432 Removed trailing white spaces 10 роки тому
ldap.go 39c068400e Fix spelling errors in comments. 10 роки тому
ldap_test.go 65e628d1f4 ignore broken tests 10 роки тому

README.md

LDAP authentication

Goal

Authenticat user against LDAP directories

It will bind with the user's login/pasword and query attributs ("mail" for instance) in a pool of directory servers

The first OK wins.

If there's connection error, the server will be disabled and won't be checked again

Usage

In the [security] section, set

LDAP_AUTH = true

then for each LDAP source, set

[LdapSource-someuniquename] name=canonicalName host=hostname-or-ip port=3268 # or regular LDAP port

the following settings depend highly how you've configured your AD

basedn=dc=ACME,dc=COM MSADSAFORMAT=%s@ACME.COM filter=(&(objectClass=user)(sAMAccountName=%s))

Limitation

Only tested on an MS 2008R2 DC, using global catalog (TCP/3268)

This MSAD is a mess.

The way how one checks the directory (CN, DN etc...) may be highly depending local custom configuration

Todo

  • Define a timeout per server
  • Check servers marked as "Disabled" when they'll come back online
  • Find a more flexible way to define filter/MSADSAFORMAT/Attributes etc... maybe text/template ?
  • Check OpenLDAP server
  • SSL support ?