package mainimport ( "bufio" "crypto/tls" "fmt" "os" "strings" "github.

1. package main
2.  
3. import (
4. "bufio"
5. "crypto/tls"
6. "fmt"
7. "os"
8. "strings"
9.  
10. "github.com/go-ldap/ldap"
11. "github.com/howeyc/gopass"
12. )
13.  
14. const (
15. usernameAttr = "sAMAccountName"
16. surnameAttr = "sn"
17. emailAttr = "mail"
18. nameAttr = "givenName"
19. memberOfAttr = "memberOf"
20.  
21. groupSearchFilter = "(&(objectClass=user)(memberof:1.2.840.113556.1.4.1941:=CN=SEC - Cloud DevOps Support,OU=Security Groups,DC=MyDomain,DC=net))" //"(&(objectClass=user)(memberof:1.2.840.113556.1.4.1941:=%s))"
22. groupSearchAttr = "distinguishedName"
23. )
24.  
25. func main() {
26. fmt.Println("Connecting to ad.mydomain.net:636")
27.  
28. conn, err := ldap.DialTLS("tcp", "ad.mydomain.net:636", &tls.Config{
29. InsecureSkipVerify: true,
30. ServerName: "ad.mydomain.net",
31. })
32. defer conn.Close()
33.  
34. if err != nil {
35. panic(err)
36. }
37.  
38. scanner := bufio.NewReader(os.Stdin)
39. fmt.Printf("Username: ")
40.  
41. un, err := scanner.ReadString('\n')
42. if err != nil {
43. panic(err)
44. }
45.  
46. fmt.Printf("Password: ")
47. pw, err := gopass.GetPasswd()
48. if err != nil {
49. panic(err)
50. }
51.  
52. fmt.Println("Binding")
53. if err := conn.Bind(strings.TrimSpace(un), string(pw)); err != nil {
54. panic(err)
55. }
56.  
57. request := ldap.SearchRequest{
58. BaseDN: "dc=mydomain, dc=net",
59. Scope: ldap.ScopeWholeSubtree,
60. DerefAliases: ldap.NeverDerefAliases,
61. Attributes: []string{
62. nameAttr,
63. surnameAttr,
64. usernameAttr,
65. memberOfAttr,
66. emailAttr,
67. },
68. Filter: "(sAMAccountName=nlowe)",
69. }
70.  
71. fmt.Println("Searching")
72. result, err := conn.Search(&request)
73. if err != nil {
74. panic(err)
75. }
76.  
77. if len(result.Entries) != 1 {
78. panic(fmt.Sprintf("Expected exactly one entry but got %d", len(result.Entries)))
79. }
80.  
81. fmt.Println("Got it!\n\n")
82. fmt.Println("Groups from filter:")
83. for _, attr := range result.Entries[0].Attributes {
84. fmt.Printf("Found attr %s\n", attr.Name)
85. if attr.Name == "memberOf" {
86. for _, v := range attr.Values {
87. fmt.Printf(" * %s\n", v)
88. }
89. }
90. }
91.  
92. groupSearchReq := ldap.SearchRequest{
93. BaseDN: "dc=mydomain,dc=net",
94. Scope: ldap.ScopeWholeSubtree,
95. DerefAliases: ldap.NeverDerefAliases,
96. Attributes: []string{memberOfAttr},
97. Filter: strings.Replace(groupSearchFilter, "%s", ldap.EscapeFilter(getLdapAttr(groupSearchAttr, result)), -1),
98. }
99.  
100. if groups, err := conn.Search(&groupSearchReq); err != nil {
101. panic(err)
102. } else {
103. fmt.Println("Groups from secondary search:")
104. for i := range groups.Entries {
105. fmt.Printf(" * %s\n", getLdapAttrN(memberOfAttr, groups, i))
106. }
107. }
108.  
109. fmt.Printf("DN: %s\n", result.Entries[0].DN)
110. fmt.Printf("LastName: %s\n", getLdapAttr(surnameAttr, result))
111. fmt.Printf("FirstName: %s\n", getLdapAttr(nameAttr, result))
112. fmt.Printf("Username: %s\n", getLdapAttr(usernameAttr, result))
113. fmt.Printf("Email: %s\n", getLdapAttr(emailAttr, result))
114. }
115.  
116. func getLdapAttrN(name string, result *ldap.SearchResult, n int) string {
117. if strings.ToLower(name) == "dn" {
118. return result.Entries[n].DN
119. }
120. for _, attr := range result.Entries[n].Attributes {
121. if attr.Name == name {
122. if len(attr.Values) > 0 {
123. return attr.Values[0]
124. }
125. }
126. }
127. return ""
128. }
129.  
130. func getLdapAttr(name string, result *ldap.SearchResult) string {
131. return getLdapAttrN(name, result, 0)
132. }