英文:
Error when trying to connect to LDAP with TLS 'LDAP Result Code 201 "ErrorNetwork": Invalid packet format'
问题
我正在尝试使用LDAP和TLS创建一个身份验证服务,使用http://www.github.com/mavricknz/ldap。当我只使用基本身份验证时,以下代码可以正常工作:
conn := ldap.NewLDAPConnection(ldapHost, ldapPort)
conn.NetworkConnectTimeout = time.Duration(ldapConnTimeout) * time.Millisecond
conn.ReadTimeout = time.Duration(ldapReadTimeout) * time.Millisecond
if err := conn.Connect(); err != nil {
log.Println(err)
resp.WriteHeader(http.StatusInternalServerError)
return
}
defer conn.Close()
// 绑定到LDAP
if err := conn.Bind(username, password); err != nil {
ldaperr := err.(*ldap.LDAPError)
if ldaperr.ResultCode == ldap.LDAPResultInvalidCredentials {
resp.Header().Set("WWW-Authenticate", `Basic realm="Item Codes Database"`)
resp.WriteHeader(http.StatusUnauthorized)
} else {
log.Println(err)
resp.WriteHeader(http.StatusInternalServerError)
}
return
}
但是,当我尝试将TLS应用到我的代码中时,将
conn := ldap.NewLDAPConnection(ldapHost, ldapPort)
改为
ldap.NewLDAPTLSConnection(ldapHost, ldapPort, &tls.Config{})
会出现错误LDAP Result Code 201 "ErrorNetwork": Invalid packet format。这个错误来自于conn.Connect()方法,当我深入研究时,发现它甚至没有到达使用TLS配置或TLS标志的地方。
英文:
I'm trying make an authentication service with LDAP and TLS using http://www.github.com/mavricknz/ldap
When I use only basic authentication using the following code, everything works just fine.
conn := ldap.NewLDAPConnection(ldapHost, ldapPort)
conn.NetworkConnectTimeout = time.Duration(ldapConnTimeout) * time.Millisecond
conn.ReadTimeout = time.Duration(ldapReadTimeout) * time.Millisecond
if err := conn.Connect(); err != nil {
log.Println(err)
resp.WriteHeader(http.StatusInternalServerError)
return
}
defer conn.Close()
// bind to ldap
if err := conn.Bind(username, password); err != nil {
ldaperr := err.(*ldap.LDAPError)
if ldaperr.ResultCode == ldap.LDAPResultInvalidCredentials {
resp.Header().Set("WWW-Authenticate", `Basic realm="Item Codes Database"`)
resp.WriteHeader(http.StatusUnauthorized)
} else {
log.Println(err)
resp.WriteHeader(http.StatusInternalServerError)
}
return
}
but when I try to applying TLS to my code by changing
conn := ldap.NewLDAPConnection(ldapHost, ldapPort)
to
ldap.NewLDAPTLSConnection(ldapHost, ldapPort, &tls.Config{})
It gives me an error LDAP Result Code 201 "ErrorNetwork": Invalid packet format. That error comes from method conn.Connect() which when I dig into it, it didn't even reach the point where the TLS config or TLS flag has been used.
答案1
得分: 0
好的,以下是翻译好的内容:
好的,我找到了解决方案。我需要将LDAP的端口从389更改为使用TLS协议的LDAPS的636。而且,我还必须使用NewLDAPSSLConnection方法来建立隐式的TLS连接。
我不确定为什么NewLDAPTSLConnection不起作用。它使用显式的TLS,需要我们首先建立一个普通连接(使用端口389),然后尝试在该连接上启动TLS。
英文:
Ok, I've found my solution. I need to change the port from ldap's 389 to ldaps' 636 because we use TLS protocol. And I also has to use method NewLDAPSSLConnection instead to establish an implicit TLS connection.
I'm not sure why NewLDAPTSLConnection does not work. It use explicit TLS which require us to establish a normal connection first (which use port 389) and then attempt to start TLS over that connection.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论