Giters

go-ldap / ldap

Basic LDAP v3 functionality for the GO programming language.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Do support checking the locked status of a user?

xiaolongzhou123 opened this issue · comments

commented

Both incorrect password input and user lockout return the same result. How can these two situations be distinguished?

root@ldap-server:/# ldapwhoami -x -D "cn=abc,cn=dev,ou=tech,dc=example,dc=org" -H ldap://127.0.0.1 -w 12345678 -e ppolicy -v
ldap_initialize( ldap://127.0.0.1:389/??base )
ldap_bind: Invalid credentials (49); Account locked

dn: cn=abc,cn=dev,ou=tech,dc=example,dc=org
cn: abc
gidnumber: 500
givenname: abc
homedirectory: /home/users/1
loginshell: /bin/bash
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: top
sn: abc
uid: 1
uidnumber: 1000
userpassword: {SSHA}9y1aXd4RvVJk1MM5Hxahn5aYNWV4wnO1

func main() {
l, err := ldap.Dial("tcp", "18.18.2.2:389")
if err != nil {
fmt.Println("连接失败", err)
}

    _, err = l.SimpleBind(&ldap.SimpleBindRequest{
            Username: "cn=abc,cn=dev,ou=tech,dc=example,dc=org",
            Password: "123456",
    })

    fmt.Println(err)

}

"LDAP Result Code 49 "Invalid Credentials": "

commented

I would suggest checking the underlying error first by type asserting it to the ldap error struct. There are additional fields which may have the information you desire.