start to write a new LDAP interface
This commit is contained in:
@@ -0,0 +1,130 @@
|
||||
package ldap
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"strings"
|
||||
|
||||
"astraltech.xyz/accountmanager/src/logging"
|
||||
"github.com/go-ldap/ldap/v3"
|
||||
)
|
||||
|
||||
type LDAPServer struct {
|
||||
URL string
|
||||
StartTLS bool
|
||||
IgnoreInsecureCert bool
|
||||
}
|
||||
|
||||
func (s *LDAPServer) TestConnection() (bool, error) {
|
||||
l, err := ldap.DialURL(s.URL)
|
||||
l.Close()
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
return true, nil
|
||||
}
|
||||
|
||||
// internal connect, should not be used regularly
|
||||
func (s *LDAPServer) connect() (*ldap.Conn, error) {
|
||||
l, err := ldap.DialURL(s.URL)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if s.StartTLS {
|
||||
err = l.StartTLS(&tls.Config{
|
||||
InsecureSkipVerify: s.IgnoreInsecureCert,
|
||||
})
|
||||
if err != nil {
|
||||
l.Close()
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
|
||||
return l, nil
|
||||
}
|
||||
func (s *LDAPServer) connectAsUser(userDN, password string) (*ldap.Conn, error) {
|
||||
conn, err := s.connect()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
err = conn.Bind(userDN, password)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return conn, nil
|
||||
}
|
||||
|
||||
func (s *LDAPServer) AuthenticateUser(userDN, password string) (bool, error) {
|
||||
conn, err := s.connectAsUser(userDN, password)
|
||||
if err != nil || conn == nil {
|
||||
return false, err
|
||||
}
|
||||
conn.Close()
|
||||
return true, nil
|
||||
}
|
||||
|
||||
func (s *LDAPServer) SerchServer(
|
||||
userDN string, password string,
|
||||
baseDN string,
|
||||
searchFilter string, attributes []string,
|
||||
) (*LDAPSearch, error) {
|
||||
logging.Debugf("Searching %s LDAP server\n\tBase DN: %s\n\tSearch Filter %s\n\tAttributes: %s", s.URL, baseDN, searchFilter, strings.Join(attributes, ","))
|
||||
conn, err := s.connectAsUser(userDN, password)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
defer conn.Close()
|
||||
|
||||
searchRequest := ldap.NewSearchRequest(
|
||||
baseDN,
|
||||
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
|
||||
searchFilter, attributes,
|
||||
nil,
|
||||
)
|
||||
sr, err := conn.Search(searchRequest)
|
||||
if err != nil {
|
||||
logging.Errorf("Failed to search LDAP server %s\n", err.Error())
|
||||
return nil, err
|
||||
}
|
||||
return &LDAPSearch{sr}, nil
|
||||
}
|
||||
|
||||
func (s *LDAPServer) ChangePassword(userDN string, oldPassword string, newPassword string) error {
|
||||
conn, err := s.connectAsUser(userDN, oldPassword)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
defer conn.Close()
|
||||
|
||||
// Perform password modify extended operation
|
||||
_, err = conn.PasswordModify(&ldap.PasswordModifyRequest{
|
||||
UserIdentity: userDN,
|
||||
OldPassword: oldPassword,
|
||||
NewPassword: newPassword,
|
||||
})
|
||||
if err != nil {
|
||||
logging.Errorf("Password modify failed: %s", err.Error())
|
||||
return err
|
||||
}
|
||||
logging.Infof("Password successfully changed for %s", userDN)
|
||||
return nil
|
||||
}
|
||||
|
||||
func (s *LDAPServer) ModifyAttribute(bindUserDN string, password string, userDN string, attribute string, data []string) error {
|
||||
logging.Infof("Modifing LDAP attribute %s", attribute)
|
||||
|
||||
conn, err := s.connectAsUser(bindUserDN, password)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
defer conn.Close()
|
||||
|
||||
modify := ldap.NewModifyRequest(userDN, nil)
|
||||
modify.Replace(attribute, data)
|
||||
err = conn.Modify(modify)
|
||||
if err != nil {
|
||||
logging.Errorf("Failed to modify %s", err.Error())
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
Reference in New Issue
Block a user