2020-09-17 16:20:04 -04:00
|
|
|
package main
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"errors"
|
|
|
|
|
"fmt"
|
|
|
|
|
"log"
|
2020-09-24 16:14:54 -04:00
|
|
|
"strconv"
|
2020-09-17 16:20:04 -04:00
|
|
|
|
|
|
|
|
"github.com/go-ldap/ldap"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func createLDAPAccount(uname string, pwd string, email string) error {
|
2020-09-17 19:53:02 -04:00
|
|
|
if uname == "" || pwd == "" || email == "" {
|
2020-09-17 19:56:50 -04:00
|
|
|
log.Printf("error: missing field\n")
|
2020-09-17 19:53:02 -04:00
|
|
|
return errors.New("Missing field")
|
|
|
|
|
}
|
2020-09-17 16:20:04 -04:00
|
|
|
url := Conf.Ldap.Url
|
|
|
|
|
newdn := fmt.Sprintf("%v=%v,%v,%v", Conf.Ldap.UserAttr, uname, Conf.Ldap.UserOu, Conf.Ldap.LdapDc)
|
|
|
|
|
binddn := fmt.Sprintf("%v,%v", Conf.Ldap.AdminUser, Conf.Ldap.LdapDc)
|
|
|
|
|
l, err := ldap.DialURL(url)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
defer l.Close()
|
|
|
|
|
err = l.Bind(binddn, Conf.Ldap.LdapPass)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
addReq := ldap.NewAddRequest(newdn, []ldap.Control{})
|
|
|
|
|
addReq.Attribute("objectClass", []string{"top", "person", "organizationalPerson", "inetOrgPerson"})
|
|
|
|
|
addReq.Attribute("cn", []string{uname})
|
|
|
|
|
addReq.Attribute("mail", []string{email})
|
|
|
|
|
addReq.Attribute("sn", []string{"The Nameless"})
|
2020-09-24 16:14:54 -04:00
|
|
|
addReq.Attribute("givenName", []string{uname})
|
|
|
|
|
addReq.Attribute("employeeType", []string{"default"})
|
|
|
|
|
addReq.Attribute("employeeNumber", []string{strconv.Itoa(getNextId())})
|
|
|
|
|
addReq.Attribute("displayName", []string{uname})
|
2020-09-17 16:20:04 -04:00
|
|
|
|
|
|
|
|
if err := l.Add(addReq); err != nil {
|
|
|
|
|
log.Printf("error adding service:", addReq, err)
|
|
|
|
|
return errors.New("Error creating LDAP account")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
passwordModifyRequest := ldap.NewPasswordModifyRequest(newdn, "", pwd)
|
|
|
|
|
_, err = l.PasswordModify(passwordModifyRequest)
|
|
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
log.Printf("Password could not be changed: %s", err.Error())
|
|
|
|
|
return errors.New("Error setting password")
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func loginLDAPAccount(uname string, pwd string) error {
|
|
|
|
|
url := Conf.Ldap.Url
|
|
|
|
|
userdn := fmt.Sprintf("%v=%v,%v,%v", Conf.Ldap.UserAttr, uname, Conf.Ldap.UserOu, Conf.Ldap.LdapDc)
|
|
|
|
|
binddn := fmt.Sprintf("%v,%v", Conf.Ldap.AdminUser, Conf.Ldap.LdapDc)
|
|
|
|
|
basedn := fmt.Sprintf("%v,%v", Conf.Ldap.UserOu, Conf.Ldap.LdapDc)
|
|
|
|
|
l, err := ldap.DialURL(url)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
defer l.Close()
|
|
|
|
|
err = l.Bind(binddn, Conf.Ldap.LdapPass)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
result, err := l.Search(ldap.NewSearchRequest(
|
|
|
|
|
basedn,
|
|
|
|
|
ldap.ScopeWholeSubtree,
|
|
|
|
|
ldap.NeverDerefAliases,
|
|
|
|
|
0,
|
|
|
|
|
0,
|
|
|
|
|
false,
|
2020-09-22 14:00:28 -04:00
|
|
|
fmt.Sprintf("(&(objectClass=organizationalPerson)(%s=%s))", Conf.Ldap.UserAttr, uname),
|
2020-09-17 16:20:04 -04:00
|
|
|
[]string{"dn"},
|
|
|
|
|
nil,
|
|
|
|
|
))
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
if len(result.Entries) != 1 {
|
|
|
|
|
err_text := fmt.Sprintf("Error finding login user: Wanted 1 result, got %v\n", len(result.Entries))
|
|
|
|
|
return errors.New(err_text)
|
|
|
|
|
}
|
|
|
|
|
err = l.Bind(userdn, pwd)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
2020-09-22 18:21:01 -04:00
|
|
|
|
|
|
|
|
func resetLDAPAccountPassword(user string, newPass string) error {
|
|
|
|
|
url := Conf.Ldap.Url
|
|
|
|
|
userdn := fmt.Sprintf("%v=%v,%v,%v", Conf.Ldap.UserAttr, user, Conf.Ldap.UserOu, Conf.Ldap.LdapDc)
|
|
|
|
|
binddn := fmt.Sprintf("%v,%v", Conf.Ldap.AdminUser, Conf.Ldap.LdapDc)
|
|
|
|
|
basedn := fmt.Sprintf("%v,%v", Conf.Ldap.UserOu, Conf.Ldap.LdapDc)
|
|
|
|
|
l, err := ldap.DialURL(url)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
defer l.Close()
|
|
|
|
|
err = l.Bind(binddn, Conf.Ldap.LdapPass)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
result, err := l.Search(ldap.NewSearchRequest(
|
|
|
|
|
basedn,
|
|
|
|
|
ldap.ScopeWholeSubtree,
|
|
|
|
|
ldap.NeverDerefAliases,
|
|
|
|
|
0,
|
|
|
|
|
0,
|
|
|
|
|
false,
|
|
|
|
|
fmt.Sprintf("(&(objectClass=organizationalPerson)(%s=%s))", Conf.Ldap.UserAttr, user),
|
|
|
|
|
[]string{"dn"},
|
|
|
|
|
nil,
|
|
|
|
|
))
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
if len(result.Entries) != 1 {
|
|
|
|
|
err_text := fmt.Sprintf("Error finding login user: Wanted 1 result, got %v\n", len(result.Entries))
|
|
|
|
|
return errors.New(err_text)
|
|
|
|
|
}
|
|
|
|
|
passwordModifyRequest := ldap.NewPasswordModifyRequest(userdn, "", newPass)
|
|
|
|
|
_, err = l.PasswordModify(passwordModifyRequest)
|
|
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
log.Printf("Password could not be changed: %s", err.Error())
|
|
|
|
|
return errors.New("Error setting password")
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func findLDAPAccountByEmail(email string) (string, error) {
|
|
|
|
|
url := Conf.Ldap.Url
|
|
|
|
|
binddn := fmt.Sprintf("%v,%v", Conf.Ldap.AdminUser, Conf.Ldap.LdapDc)
|
|
|
|
|
basedn := fmt.Sprintf("%v,%v", Conf.Ldap.UserOu, Conf.Ldap.LdapDc)
|
|
|
|
|
l, err := ldap.DialURL(url)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", err
|
|
|
|
|
}
|
|
|
|
|
defer l.Close()
|
|
|
|
|
err = l.Bind(binddn, Conf.Ldap.LdapPass)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", err
|
|
|
|
|
}
|
|
|
|
|
result, err := l.Search(ldap.NewSearchRequest(
|
|
|
|
|
basedn,
|
|
|
|
|
ldap.ScopeWholeSubtree,
|
|
|
|
|
ldap.NeverDerefAliases,
|
|
|
|
|
0,
|
|
|
|
|
0,
|
|
|
|
|
false,
|
|
|
|
|
fmt.Sprintf("(&(objectClass=organizationalPerson)(mail=%s))", email),
|
|
|
|
|
[]string{"dn", Conf.Ldap.UserAttr},
|
|
|
|
|
nil,
|
|
|
|
|
))
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", err
|
|
|
|
|
}
|
|
|
|
|
if len(result.Entries) != 1 {
|
|
|
|
|
err_text := fmt.Sprintf("Error finding user: Wanted 1 result, got %v\n", len(result.Entries))
|
|
|
|
|
return "", errors.New(err_text)
|
|
|
|
|
}
|
|
|
|
|
entry := result.Entries[0]
|
|
|
|
|
|
|
|
|
|
return entry.GetAttributeValue(Conf.Ldap.UserAttr), nil
|
|
|
|
|
}
|
2020-09-24 16:14:54 -04:00
|
|
|
|
|
|
|
|
func findLDAPMaxID() (int, error) {
|
|
|
|
|
url := Conf.Ldap.Url
|
|
|
|
|
binddn := fmt.Sprintf("%v,%v", Conf.Ldap.AdminUser, Conf.Ldap.LdapDc)
|
|
|
|
|
basedn := fmt.Sprintf("%v,%v", Conf.Ldap.UserOu, Conf.Ldap.LdapDc)
|
|
|
|
|
|
|
|
|
|
l, err := ldap.DialURL(url)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return -1, err
|
|
|
|
|
}
|
|
|
|
|
defer l.Close()
|
|
|
|
|
err = l.Bind(binddn, Conf.Ldap.LdapPass)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return -1, err
|
|
|
|
|
}
|
|
|
|
|
result, err := l.Search(ldap.NewSearchRequest(
|
|
|
|
|
basedn,
|
|
|
|
|
ldap.ScopeWholeSubtree,
|
|
|
|
|
ldap.NeverDerefAliases,
|
|
|
|
|
0,
|
|
|
|
|
0,
|
|
|
|
|
false,
|
|
|
|
|
fmt.Sprintf("(&(objectClass=organizationalPerson)(employeeNumber=*))"),
|
|
|
|
|
[]string{"employeeNumber"},
|
|
|
|
|
nil,
|
|
|
|
|
))
|
|
|
|
|
if err != nil {
|
|
|
|
|
return -1, err
|
|
|
|
|
}
|
|
|
|
|
maxId := 0
|
|
|
|
|
for _, entry := range result.Entries {
|
|
|
|
|
i, err := strconv.Atoi(entry.GetAttributeValue("employeeNumber"))
|
|
|
|
|
if err != nil {
|
|
|
|
|
return -1, err
|
|
|
|
|
}
|
|
|
|
|
if i > maxId {
|
|
|
|
|
maxId = i
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return maxId + 1, nil
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func getNextId() int {
|
|
|
|
|
if Conf.MaxID == 0 {
|
|
|
|
|
return -1
|
|
|
|
|
}
|
|
|
|
|
Conf.lock.Lock()
|
|
|
|
|
i := Conf.MaxID
|
|
|
|
|
Conf.MaxID = Conf.MaxID + 1
|
|
|
|
|
Conf.lock.Unlock()
|
|
|
|
|
return i
|
|
|
|
|
}
|
