search

go-ldap / ldap

Basic LDAP v3 functionality for the GO programming language.
Other
2.22k stars 354 forks source link

No attributes from Active Directory #204

Open ricardobiundo opened 5 years ago

ricardobiundo commented 5 years ago

My entry attributes are empty and if I try to get the value of an attribute I get nothing either. I get:

CN=Aaron Garlick,OU=Customers,OU=_Microlab,DC=sfh,DC=microlab-eindhoven,DC=nl:

Code:

    searchRequest := ldap.NewSearchRequest(
        "dc=sfh,dc=microlab-eindhoven,dc=nl",
        ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
        fmt.Sprintf("(&(objectClass=organizationalPerson)(sAMAccountName=%s))", username),
        []string{"dn"},
        nil,
    )

    sr, err := conn.Search(searchRequest)
    if err != nil {
        log.Fatal(err)
    }
    for _, entry := range sr.Entries {
        fmt.Printf("%s: %v\n", entry.DN, entry.GetAttributeValue("givenname"))
    }

I have tried with GetAttributeValue, GetAttributeValues and both AD and LDAP names in this table: https://www.manageengine.com/products/ad-manager/help/csv-import-management/active-directory-ldap-attributes.html

The data:

image

ricardobiundo commented 5 years ago

If I try to get a control value I also get null even if the value is set to true in active directory:

    // The username and password we want to check
    username := "test"

    var ldapServer = "IP_ADDRESS"
    var ldapPort = uint16(389)

    conn, err := ldap.Dial("tcp", fmt.Sprintf("%s:%d", ldapServer, ldapPort))
    if err != nil {
        log.Fatal(err)
    }
    defer conn.Close()

    err = conn.Bind("cn=ADMIN_USER,cn=Users,dc=EXAMPLE,dc=COM", "PASSWORD")
    if err != nil {
        log.Fatal(err)
    }
    searchRequest := ldap.NewSearchRequest(
        "dc=EXAMPLE,dc=COM",
        ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
        fmt.Sprintf("(&(objectClass=organizationalPerson)(sAMAccountName=%s))", username),
        []string{"dn"},
        nil,
    )

    sr, err := conn.Search(searchRequest)
    if err != nil {
        log.Fatal(err)
    }
    for _, entry := range sr.Entries {
        fmt.Printf("%s: %v\n", entry.DN, entry.GetAttributeValue("description"))
    }

    passwordMustChangeControl := ldap.FindControl(sr.Controls, ldap.ControlTypeVChuPasswordMustChange)
    fmt.Println("changepass: ", passwordMustChangeControl)
project0 commented 5 years ago

In your provided example you request only []string{"dn"},, if you need more attributes, you need to declare them explicitly in this array.

And ControlTypeVChuPasswordMustChange is not supported by MS AD.