{"id":19738077,"url":"https://github.com/merlinz01/ldapserver","last_synced_at":"2025-10-13T04:09:46.461Z","repository":{"id":233000156,"uuid":"785724829","full_name":"merlinz01/ldapserver","owner":"merlinz01","description":"A LDAP server library in Go for custom integrations or full implementations","archived":false,"fork":false,"pushed_at":"2024-07-15T12:00:11.000Z","size":71,"stargazers_count":4,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-05-22T06:03:37.769Z","etag":null,"topics":["asn1-ber","authentication","go","integration","ldap","ldap-library","ldap-server","ldaps","rfc4511"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/merlinz01.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2024-04-12T13:44:12.000Z","updated_at":"2025-04-28T14:03:29.000Z","dependencies_parsed_at":"2024-04-15T15:10:25.666Z","dependency_job_id":null,"html_url":"https://github.com/merlinz01/ldapserver","commit_stats":null,"previous_names":["merlinz01/ldapserver"],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/merlinz01/ldapserver","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/merlinz01%2Fldapserver","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/merlinz01%2Fldapserver/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/merlinz01%2Fldapserver/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/merlinz01%2Fldapserver/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/merlinz01","download_url":"https://codeload.github.com/merlinz01/ldapserver/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/merlinz01%2Fldapserver/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279013591,"owners_count":26085389,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-13T02:00:06.723Z","response_time":61,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["asn1-ber","authentication","go","integration","ldap","ldap-library","ldap-server","ldaps","rfc4511"],"created_at":"2024-11-12T01:13:12.210Z","updated_at":"2025-10-13T04:09:46.413Z","avatar_url":"https://github.com/merlinz01.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ldapserver\r\n\r\nA LDAPv3 server framework for custom integrations or full-blown LDAP servers, with no external dependencies.\r\nFocus on the logic of your integration and forget the low-level details.\r\n\r\n```\r\ngo get github.com/merlinz01/ldapserver\r\n```\r\n\r\n## Why another LDAP library?\r\n\r\nI needed to integrate an LDAP-compatible web app with my website database's stored login information.\r\nI didn't want to try to remotely manipulate an off-the-shelf LDAP server\r\nfrom my website's code, so a custom LDAP server \r\nwas what I was looking for.\r\nThe existing LDAP server frameworks I found threw obscure errors\r\nwhen I tested them. Being suspicious of the security implications\r\nof such errors, I decided to write a new framework,\r\nspecifically focused on enabling the building of custom integrations.\r\n\r\n## Usage\r\n\r\nThis package provides an interface similar to that of `net/http`.\r\nSee `test/main.go` for a working demo implementation.\r\n\r\n### Create a handler\r\n\r\nCreate an object implementing the `Handler` interface.\r\nThe recommended way to do this is to define a struct that inherits\r\nthe `BaseHandler` type, which provides default handling\r\nfor all methods, and also handles StartTLS extended requests.\r\n\r\n```go\r\ntype MyHandler struct {\r\n    ldapserver.BaseHandler\r\n}\r\nhandler := \u0026MyHandler{}\r\n```\r\n\r\n### Create a LDAP server\r\n\r\nCreate a `LDAPServer` object using `NewLDAPServer()`.\r\n\r\n```go\r\nserver := ldapserver.NewLDAPServer(handler)\r\n```\r\n\r\n### Set up TLS\r\n\r\nProvide a key pair to the server using `SetupTLS()`.\r\n\r\n```go\r\nerr := server.SetupTLS(\"cert.pem\", \"key.pem\")\r\nif err != nil {\r\n    log.Println(\"Error setting up TLS:\", err)\r\n    return\r\n}\r\n```\r\n\r\nOr you can set/modify the server's `TLSConfig` field\r\nfor more specific configuration.\r\nThe server's `TLSConfig` must not be `nil` if you want\r\nto support StartTLS or initial TLS.\r\n\r\n### Start the server\r\n\r\nUse `ListenAndServe()` for a `ldap://` server,\r\nor `ListenAndServeTLS()` for a `ldaps://` server.\r\n\r\n```go\r\nserver.ListenAndServe(\":389\")\r\n```\r\n```go\r\nserver.ListenAndServeTLS(\":636\")\r\n```\r\n\r\n### Shut down the server\r\n\r\nIf you need to shut down the server gracefully,\r\ncall its `Shutdown()` method.\r\n\r\n```go\r\nserver.Shutdown()\r\n```\r\n\r\n## Implementing LDAP operations\r\n\r\nTo enable more functionality,\r\ndefine your own methods on the handler.\r\n\r\n```go\r\nfunc (h *MyHandler) Bind(conn *ldapserver.Conn, msg *ldapserver.Message, req *ldapserver.BindRequest) {\r\n    // Put your authentication logic here\r\n    result := \u0026ldapserver.BindResponse{}\r\n    result.ResultCode = ldapserver.LDAPResultSuccess\r\n    conn.SendResult(result)\r\n}\r\n```\r\n\r\n### Extended operations\r\n\r\nThe `BaseHandler` struct handles the StartTLS extended operation.\r\nIf you want to handle other extended operations,\r\ndefine your own `Extended()` method.\r\nUse a `switch` statement to determine which extended operation \r\nto use. For requests you do not handle, simply pass the function\r\narguments on to the `BaseHandler`'s method, which handles\r\nStartTLS and unsupported requests.\r\n\r\n```go\r\nfunc (h *MyHandler) Extended(conn *ldapserver.Conn, msg *ldapserver.Message, req *ldapserver.ExtendedRequest) {\r\n\tswitch req.Name {\r\n\tcase ldapserver.OIDPasswordModify:\r\n\t\tlog.Println(\"Modify password\")\r\n\t\t// Put your password modify code here\r\n\tdefault:\r\n\t\th.BaseHandler.Extended(conn, msg, req)\r\n\t}\r\n}\r\n```\r\n\r\n## Returning results\r\n\r\nTo return a result, create a `Result` struct with the desired `ResultCode`.\r\nFor error results, you should also set the `DiagnosticMessage` field \r\nso that the user knows what sort of error occurred.\r\nPass the result along with the appropriate response type code\r\nto the connection's `SendResult` method.\r\n\r\nThe Bind and Extended requests have their own response types,\r\n`BindResponse` and `ExtendedResponse`, that include a `Result` struct.\r\nThese, as well as the `SearchResultEntry` and `SearchResultReference` structs,\r\ncan also be passed to `Conn.SendResult()`.\r\n\r\nThe library defines the result codes in RFC4511 with a `Result` prefix,\r\ne.g. `ResultNoSuchObject`. \r\nThese constants have an `AsResult()` method that returns a pointer to a `Result` struct with the given `DiagnosticMessage` field\r\nthat can be passed directly to `Conn.SendResult()`.\r\n\r\n## Operation cancellation\r\n\r\nTo support cancellation of an operation, \r\nthe following method is recommended.\r\nSee `test/main.go` for an example.\r\n\r\nAdd a map and an accompanying mutex to your handler's struct.\r\n\r\n```go\r\ntype MyHandler struct {\r\n    ...\r\n    abandonment      map[ldapserver.MessageID]bool // Don't forget to initialize the map!\r\n    abandonmentMutex sync.Mutex\r\n}\r\n```\r\n\r\nAt the beginning of an cancelable method, \r\nput a flag in the `abandonment` map to indicate that\r\nthe operation can be canceled.\r\n\r\n```go\r\nh.abandonment[msg.MessageID] = false // i.e. not cancelled but may be\r\n// Remove the flag when done\r\ndefer func() {\r\n    t.abandonmentLock.Lock()\r\n    delete(t.abandonment, msg.MessageID)\r\n    t.abandonmentLock.Unlock()\r\n}()\r\n```\r\n\r\nWherever in the method you want to be able to cancel\r\n(e.g. at the beginning/end of a loop), put in the following logic:\r\n\r\n```go\r\n...\r\nif t.abandonment[msg.MessageID] {\r\n    log.Println(\"Abandoning operation\")\r\n    return\r\n}\r\n...\r\n```\r\n\r\nThen define your Abandon method like this:\r\n\r\n```go\r\nfunc (t *TestHandler) Abandon(conn *ldapserver.Conn, msg *ldapserver.Message, messageID ldapserver.MessageID) {\r\n    t.abandonmentLock.Lock()\r\n    // Set the flag only if the messageID is in the map\r\n    if _, exists := t.abandonment[messageID]; exists {\r\n        t.abandonment[messageID] = true\r\n    }\r\n    t.abandonmentLock.Unlock()\r\n}\r\n```\r\n\r\n## Authentication\r\n\r\nThe `Conn` object passed to each request method\r\nhas an `Authentication` field with type `any`, \r\nfor storing implementation-defined authentication info.\r\nSee `test/main.go` for an example.\r\n\r\n## Feature support\r\n\r\n- [x] TLS support\r\n- [x] Strict protocol validation\r\n- [x] OID validation\r\n- [x] DN parsing support\r\n- [x] Full concurrency ability\r\n- [x] Comprehensive message parsing tests\r\n- [x] Filter stringification\r\n- [x] Abandon request\r\n- [x] Add request (concurrent)\r\n- [x] Bind request\r\n- [x] Compare request (concurrent)\r\n- [x] Delete request (concurrent)\r\n- [x] Extended requests\r\n- [x] Modify request (concurrent)\r\n- [x] ModifyDN request (concurrent)\r\n- [x] Search request (concurrent)\r\n- [x] StartTLS request\r\n- [x] Unbind request\r\n- [x] Intermediate response\r\n- [x] Unsolicited notifications\r\n- [x] Notice of disconnection\r\n\r\n## Goals\r\n\r\n- Full conformance to the relevant specifications,\r\n  e.g. RFC 4511.\r\n- Support for all builtin operations and common extended operations\r\n- Comprehensive encoding/decoding tests\r\n- Strict client data validity checking\r\n- Ease of use\r\n\r\nContributions and bug reports are welcome!","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmerlinz01%2Fldapserver","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmerlinz01%2Fldapserver","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmerlinz01%2Fldapserver/lists"}