guildgate/ldap.go

package main

import (
	"errors"
	"fmt"
	"log"

	"github.com/go-ldap/ldap"
)

func createLDAPAccount(uname string, pwd string, email string) error {
	if uname == "" || pwd == "" || email == "" {
		log.Printf("error: missing field\n")
		return errors.New("Missing field")
	}
	url := Conf.Ldap.Url
	newdn := fmt.Sprintf("%v=%v,%v,%v", Conf.Ldap.UserAttr, uname, Conf.Ldap.UserOu, Conf.Ldap.LdapDc)
	binddn := fmt.Sprintf("%v,%v", Conf.Ldap.AdminUser, Conf.Ldap.LdapDc)
	l, err := ldap.DialURL(url)
	if err != nil {
		return err
	}
	defer l.Close()
	err = l.Bind(binddn, Conf.Ldap.LdapPass)
	if err != nil {
		return err
	}
	addReq := ldap.NewAddRequest(newdn, []ldap.Control{})
	addReq.Attribute("objectClass", []string{"top", "person", "organizationalPerson", "inetOrgPerson"})
	addReq.Attribute("cn", []string{uname})
	addReq.Attribute("mail", []string{email})
	addReq.Attribute("sn", []string{"The Nameless"})

	if err := l.Add(addReq); err != nil {
		log.Printf("error adding service:", addReq, err)
		return errors.New("Error creating LDAP account")
	}

	passwordModifyRequest := ldap.NewPasswordModifyRequest(newdn, "", pwd)
	_, err = l.PasswordModify(passwordModifyRequest)

	if err != nil {
		log.Printf("Password could not be changed: %s", err.Error())
		return errors.New("Error setting password")
	}
	return nil
}

func loginLDAPAccount(uname string, pwd string) error {
	url := Conf.Ldap.Url
	userdn := fmt.Sprintf("%v=%v,%v,%v", Conf.Ldap.UserAttr, uname, Conf.Ldap.UserOu, Conf.Ldap.LdapDc)
	binddn := fmt.Sprintf("%v,%v", Conf.Ldap.AdminUser, Conf.Ldap.LdapDc)
	basedn := fmt.Sprintf("%v,%v", Conf.Ldap.UserOu, Conf.Ldap.LdapDc)
	l, err := ldap.DialURL(url)
	if err != nil {
		return err
	}
	defer l.Close()
	err = l.Bind(binddn, Conf.Ldap.LdapPass)
	if err != nil {
		return err
	}
	result, err := l.Search(ldap.NewSearchRequest(
		basedn,
		ldap.ScopeWholeSubtree,
		ldap.NeverDerefAliases,
		0,
		0,
		false,
		fmt.Sprintf("(&(objectClass=organizationalPerson)(%s=%s))", Conf.Ldap.UserAttr, uname),
		[]string{"dn"},
		nil,
	))
	if err != nil {
		return err
	}
	if len(result.Entries) != 1 {
		err_text := fmt.Sprintf("Error finding login user: Wanted 1 result, got %v\n", len(result.Entries))
		return errors.New(err_text)
	}
	err = l.Bind(userdn, pwd)
	if err != nil {
		return err
	}
	return nil
}

func resetLDAPAccountPassword(user string, newPass string) error {
	url := Conf.Ldap.Url
	userdn := fmt.Sprintf("%v=%v,%v,%v", Conf.Ldap.UserAttr, user, Conf.Ldap.UserOu, Conf.Ldap.LdapDc)
	binddn := fmt.Sprintf("%v,%v", Conf.Ldap.AdminUser, Conf.Ldap.LdapDc)
	basedn := fmt.Sprintf("%v,%v", Conf.Ldap.UserOu, Conf.Ldap.LdapDc)
	l, err := ldap.DialURL(url)
	if err != nil {
		return err
	}
	defer l.Close()
	err = l.Bind(binddn, Conf.Ldap.LdapPass)
	if err != nil {
		return err
	}
	result, err := l.Search(ldap.NewSearchRequest(
		basedn,
		ldap.ScopeWholeSubtree,
		ldap.NeverDerefAliases,
		0,
		0,
		false,
		fmt.Sprintf("(&(objectClass=organizationalPerson)(%s=%s))", Conf.Ldap.UserAttr, user),
		[]string{"dn"},
		nil,
	))
	if err != nil {
		return err
	}
	if len(result.Entries) != 1 {
		err_text := fmt.Sprintf("Error finding login user: Wanted 1 result, got %v\n", len(result.Entries))
		return errors.New(err_text)
	}
	passwordModifyRequest := ldap.NewPasswordModifyRequest(userdn, "", newPass)
	_, err = l.PasswordModify(passwordModifyRequest)

	if err != nil {
		log.Printf("Password could not be changed: %s", err.Error())
		return errors.New("Error setting password")
	}
	return nil
}

func findLDAPAccountByEmail(email string) (string, error) {
	url := Conf.Ldap.Url
	binddn := fmt.Sprintf("%v,%v", Conf.Ldap.AdminUser, Conf.Ldap.LdapDc)
	basedn := fmt.Sprintf("%v,%v", Conf.Ldap.UserOu, Conf.Ldap.LdapDc)
	l, err := ldap.DialURL(url)
	if err != nil {
		return "", err
	}
	defer l.Close()
	err = l.Bind(binddn, Conf.Ldap.LdapPass)
	if err != nil {
		return "", err
	}
	result, err := l.Search(ldap.NewSearchRequest(
		basedn,
		ldap.ScopeWholeSubtree,
		ldap.NeverDerefAliases,
		0,
		0,
		false,
		fmt.Sprintf("(&(objectClass=organizationalPerson)(mail=%s))", email),
		[]string{"dn", Conf.Ldap.UserAttr},
		nil,
	))
	if err != nil {
		return "", err
	}
	if len(result.Entries) != 1 {
		err_text := fmt.Sprintf("Error finding user: Wanted 1 result, got %v\n", len(result.Entries))
		return "", errors.New(err_text)
	}
	entry := result.Entries[0]

	return entry.GetAttributeValue(Conf.Ldap.UserAttr), nil
}
readd ldap file 2020-09-17 16:20:04 -04:00			`package main`

			`import (`
			`"errors"`
			`"fmt"`
			`"log"`

			`"github.com/go-ldap/ldap"`
			`)`

			`func createLDAPAccount(uname string, pwd string, email string) error {`
fix getting password from registration form 2020-09-17 19:53:02 -04:00			`if uname == "" \|\| pwd == "" \|\| email == "" {`
missing field 2020-09-17 19:56:50 -04:00			`log.Printf("error: missing field\n")`
fix getting password from registration form 2020-09-17 19:53:02 -04:00			`return errors.New("Missing field")`
			`}`
readd ldap file 2020-09-17 16:20:04 -04:00			`url := Conf.Ldap.Url`
			`newdn := fmt.Sprintf("%v=%v,%v,%v", Conf.Ldap.UserAttr, uname, Conf.Ldap.UserOu, Conf.Ldap.LdapDc)`
			`binddn := fmt.Sprintf("%v,%v", Conf.Ldap.AdminUser, Conf.Ldap.LdapDc)`
			`l, err := ldap.DialURL(url)`
			`if err != nil {`
			`return err`
			`}`
			`defer l.Close()`
			`err = l.Bind(binddn, Conf.Ldap.LdapPass)`
			`if err != nil {`
			`return err`
			`}`
			`addReq := ldap.NewAddRequest(newdn, []ldap.Control{})`
			`addReq.Attribute("objectClass", []string{"top", "person", "organizationalPerson", "inetOrgPerson"})`
			`addReq.Attribute("cn", []string{uname})`
			`addReq.Attribute("mail", []string{email})`
			`addReq.Attribute("sn", []string{"The Nameless"})`

			`if err := l.Add(addReq); err != nil {`
			`log.Printf("error adding service:", addReq, err)`
			`return errors.New("Error creating LDAP account")`
			`}`

			`passwordModifyRequest := ldap.NewPasswordModifyRequest(newdn, "", pwd)`
			`_, err = l.PasswordModify(passwordModifyRequest)`

			`if err != nil {`
			`log.Printf("Password could not be changed: %s", err.Error())`
			`return errors.New("Error setting password")`
			`}`
			`return nil`
			`}`

			`func loginLDAPAccount(uname string, pwd string) error {`
			`url := Conf.Ldap.Url`
			`userdn := fmt.Sprintf("%v=%v,%v,%v", Conf.Ldap.UserAttr, uname, Conf.Ldap.UserOu, Conf.Ldap.LdapDc)`
			`binddn := fmt.Sprintf("%v,%v", Conf.Ldap.AdminUser, Conf.Ldap.LdapDc)`
			`basedn := fmt.Sprintf("%v,%v", Conf.Ldap.UserOu, Conf.Ldap.LdapDc)`
			`l, err := ldap.DialURL(url)`
			`if err != nil {`
			`return err`
			`}`
			`defer l.Close()`
			`err = l.Bind(binddn, Conf.Ldap.LdapPass)`
			`if err != nil {`
			`return err`
			`}`
			`result, err := l.Search(ldap.NewSearchRequest(`
			`basedn,`
			`ldap.ScopeWholeSubtree,`
			`ldap.NeverDerefAliases,`
			`0,`
			`0,`
			`false,`
we know what the user attr is so use it 2020-09-22 14:00:28 -04:00			`fmt.Sprintf("(&(objectClass=organizationalPerson)(%s=%s))", Conf.Ldap.UserAttr, uname),`
readd ldap file 2020-09-17 16:20:04 -04:00			`[]string{"dn"},`
			`nil,`
			`))`
			`if err != nil {`
			`return err`
			`}`
			`if len(result.Entries) != 1 {`
			`err_text := fmt.Sprintf("Error finding login user: Wanted 1 result, got %v\n", len(result.Entries))`
			`return errors.New(err_text)`
			`}`
			`err = l.Bind(userdn, pwd)`
			`if err != nil {`
			`return err`
			`}`
			`return nil`
			`}`
add janky password reset form 2020-09-22 18:21:01 -04:00
			`func resetLDAPAccountPassword(user string, newPass string) error {`
			`url := Conf.Ldap.Url`
			`userdn := fmt.Sprintf("%v=%v,%v,%v", Conf.Ldap.UserAttr, user, Conf.Ldap.UserOu, Conf.Ldap.LdapDc)`
			`binddn := fmt.Sprintf("%v,%v", Conf.Ldap.AdminUser, Conf.Ldap.LdapDc)`
			`basedn := fmt.Sprintf("%v,%v", Conf.Ldap.UserOu, Conf.Ldap.LdapDc)`
			`l, err := ldap.DialURL(url)`
			`if err != nil {`
			`return err`
			`}`
			`defer l.Close()`
			`err = l.Bind(binddn, Conf.Ldap.LdapPass)`
			`if err != nil {`
			`return err`
			`}`
			`result, err := l.Search(ldap.NewSearchRequest(`
			`basedn,`
			`ldap.ScopeWholeSubtree,`
			`ldap.NeverDerefAliases,`
			`0,`
			`0,`
			`false,`
			`fmt.Sprintf("(&(objectClass=organizationalPerson)(%s=%s))", Conf.Ldap.UserAttr, user),`
			`[]string{"dn"},`
			`nil,`
			`))`
			`if err != nil {`
			`return err`
			`}`
			`if len(result.Entries) != 1 {`
			`err_text := fmt.Sprintf("Error finding login user: Wanted 1 result, got %v\n", len(result.Entries))`
			`return errors.New(err_text)`
			`}`
			`passwordModifyRequest := ldap.NewPasswordModifyRequest(userdn, "", newPass)`
			`_, err = l.PasswordModify(passwordModifyRequest)`

			`if err != nil {`
			`log.Printf("Password could not be changed: %s", err.Error())`
			`return errors.New("Error setting password")`
			`}`
			`return nil`
			`}`

			`func findLDAPAccountByEmail(email string) (string, error) {`
			`url := Conf.Ldap.Url`
			`binddn := fmt.Sprintf("%v,%v", Conf.Ldap.AdminUser, Conf.Ldap.LdapDc)`
			`basedn := fmt.Sprintf("%v,%v", Conf.Ldap.UserOu, Conf.Ldap.LdapDc)`
			`l, err := ldap.DialURL(url)`
			`if err != nil {`
			`return "", err`
			`}`
			`defer l.Close()`
			`err = l.Bind(binddn, Conf.Ldap.LdapPass)`
			`if err != nil {`
			`return "", err`
			`}`
			`result, err := l.Search(ldap.NewSearchRequest(`
			`basedn,`
			`ldap.ScopeWholeSubtree,`
			`ldap.NeverDerefAliases,`
			`0,`
			`0,`
			`false,`
			`fmt.Sprintf("(&(objectClass=organizationalPerson)(mail=%s))", email),`
			`[]string{"dn", Conf.Ldap.UserAttr},`
			`nil,`
			`))`
			`if err != nil {`
			`return "", err`
			`}`
			`if len(result.Entries) != 1 {`
			`err_text := fmt.Sprintf("Error finding user: Wanted 1 result, got %v\n", len(result.Entries))`
			`return "", errors.New(err_text)`
			`}`
			`entry := result.Entries[0]`

			`return entry.GetAttributeValue(Conf.Ldap.UserAttr), nil`
			`}`