|  Lunny Xiao
				
				79ea34e70e
				ldap support | %!s(int64=11) %!d(string=hai) anos | |
|---|---|---|
| .. | ||
| README.md | %!s(int64=11) %!d(string=hai) anos | |
| ldap.go | %!s(int64=11) %!d(string=hai) anos | |
Authenticat user against LDAP directories
It will bind with the user's login/pasword and query attributs ("mail" for instance) in a pool of directory servers
The first OK wins.
If there's connection error, the server will be disabled and won't be checked again
In the [security] section, set
LDAP_AUTH = true
then for each LDAP source, set
[LdapSource-someuniquename] name=canonicalName host=hostname-or-ip port=3268 # or regular LDAP port
the following settings depend highly how you've configured your AD
basedn=dc=ACME,dc=COM MSADSAFORMAT=%s@ACME.COM filter=(&(objectClass=user)(sAMAccountName=%s))
Only tested on an MS 2008R2 DC, using global catalog (TCP/3268)
This MSAD is a mess.
The way how one checks the directory (CN, DN etc...) may be highly depending local custom configuration