Minimal frontend for administering our LDAP server
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 

62 lines
1.3 KiB

package main
import (
"crypto/tls"
"fmt"
"net/url"
"github.com/go-ldap/ldap/v3"
)
type ldapConnection struct {
cfg ldapConfig
}
func newLDAP(cfg ldapConfig) (*ldapConnection, error) {
return &ldapConnection{
cfg: cfg,
}, nil
}
func (l *ldapConnection) ChangePassword(username, password, newPassword string) (bool, error) {
userDN := fmt.Sprintf(l.cfg.UserFormat, username)
c, err := ldap.DialURL(l.cfg.URL)
if err != nil {
return false, fmt.Errorf("can not connect to LDAP: %s", err)
}
if l.cfg.StartTLS {
serverURL, err := url.Parse(l.cfg.URL)
if err != nil {
return false, fmt.Errorf("can not parse server URL: %s", err)
}
tlsConfig := &tls.Config{
ServerName: serverURL.Host,
}
if err := c.StartTLS(tlsConfig); err != nil {
return false, fmt.Errorf("can not enable startTLS: %s", err)
}
}
if err := c.Bind(userDN, password); err != nil {
if ldapErr, ok := err.(*ldap.Error); ok && ldapErr.ResultCode == 49 {
return false, nil
}
return false, fmt.Errorf("can not bind: %s", err)
}
passwordReq := &ldap.PasswordModifyRequest{
UserIdentity: userDN,
OldPassword: password,
NewPassword: newPassword,
}
if _, err := c.PasswordModify(passwordReq); err != nil {
return false, fmt.Errorf("can not modify password: %s", err)
}
return true, nil
}