Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- package main
- import (
- "bufio"
- "crypto/tls"
- "fmt"
- "os"
- "strings"
- "github.com/go-ldap/ldap"
- "github.com/howeyc/gopass"
- )
- const (
- usernameAttr = "sAMAccountName"
- surnameAttr = "sn"
- emailAttr = "mail"
- nameAttr = "givenName"
- memberOfAttr = "memberOf"
- groupSearchFilter = "(&(objectClass=user)(memberof:1.2.840.113556.1.4.1941:=CN=SEC - Cloud DevOps Support,OU=Security Groups,DC=MyDomain,DC=net))" //"(&(objectClass=user)(memberof:1.2.840.113556.1.4.1941:=%s))"
- groupSearchAttr = "distinguishedName"
- )
- func main() {
- fmt.Println("Connecting to ad.mydomain.net:636")
- conn, err := ldap.DialTLS("tcp", "ad.mydomain.net:636", &tls.Config{
- InsecureSkipVerify: true,
- ServerName: "ad.mydomain.net",
- })
- defer conn.Close()
- if err != nil {
- panic(err)
- }
- scanner := bufio.NewReader(os.Stdin)
- fmt.Printf("Username: ")
- un, err := scanner.ReadString('\n')
- if err != nil {
- panic(err)
- }
- fmt.Printf("Password: ")
- pw, err := gopass.GetPasswd()
- if err != nil {
- panic(err)
- }
- fmt.Println("Binding")
- if err := conn.Bind(strings.TrimSpace(un), string(pw)); err != nil {
- panic(err)
- }
- request := ldap.SearchRequest{
- BaseDN: "dc=mydomain, dc=net",
- Scope: ldap.ScopeWholeSubtree,
- DerefAliases: ldap.NeverDerefAliases,
- Attributes: []string{
- nameAttr,
- surnameAttr,
- usernameAttr,
- memberOfAttr,
- emailAttr,
- },
- Filter: "(sAMAccountName=nlowe)",
- }
- fmt.Println("Searching")
- result, err := conn.Search(&request)
- if err != nil {
- panic(err)
- }
- if len(result.Entries) != 1 {
- panic(fmt.Sprintf("Expected exactly one entry but got %d", len(result.Entries)))
- }
- fmt.Println("Got it!\n\n")
- fmt.Println("Groups from filter:")
- for _, attr := range result.Entries[0].Attributes {
- fmt.Printf("Found attr %s\n", attr.Name)
- if attr.Name == "memberOf" {
- for _, v := range attr.Values {
- fmt.Printf(" * %s\n", v)
- }
- }
- }
- groupSearchReq := ldap.SearchRequest{
- BaseDN: "dc=mydomain,dc=net",
- Scope: ldap.ScopeWholeSubtree,
- DerefAliases: ldap.NeverDerefAliases,
- Attributes: []string{memberOfAttr},
- Filter: strings.Replace(groupSearchFilter, "%s", ldap.EscapeFilter(getLdapAttr(groupSearchAttr, result)), -1),
- }
- if groups, err := conn.Search(&groupSearchReq); err != nil {
- panic(err)
- } else {
- fmt.Println("Groups from secondary search:")
- for i := range groups.Entries {
- fmt.Printf(" * %s\n", getLdapAttrN(memberOfAttr, groups, i))
- }
- }
- fmt.Printf("DN: %s\n", result.Entries[0].DN)
- fmt.Printf("LastName: %s\n", getLdapAttr(surnameAttr, result))
- fmt.Printf("FirstName: %s\n", getLdapAttr(nameAttr, result))
- fmt.Printf("Username: %s\n", getLdapAttr(usernameAttr, result))
- fmt.Printf("Email: %s\n", getLdapAttr(emailAttr, result))
- }
- func getLdapAttrN(name string, result *ldap.SearchResult, n int) string {
- if strings.ToLower(name) == "dn" {
- return result.Entries[n].DN
- }
- for _, attr := range result.Entries[n].Attributes {
- if attr.Name == name {
- if len(attr.Values) > 0 {
- return attr.Values[0]
- }
- }
- }
- return ""
- }
- func getLdapAttr(name string, result *ldap.SearchResult) string {
- return getLdapAttrN(name, result, 0)
- }
Add Comment
Please, Sign In to add comment