From b4ee79589b80df7909ff286882174e8967ebff5c Mon Sep 17 00:00:00 2001 From: Arthur Lu Date: Tue, 28 Nov 2023 00:20:54 +0000 Subject: [PATCH] implement group methods, implement modUser --- openldap/init.sh | 2 +- src/ldap.js | 69 +++++++++++++++++++++++++++++++++++++++--------- src/main.js | 33 ----------------------- 3 files changed, 57 insertions(+), 47 deletions(-) diff --git a/openldap/init.sh b/openldap/init.sh index 5131654..12403af 100755 --- a/openldap/init.sh +++ b/openldap/init.sh @@ -1,7 +1,7 @@ export BASE_DN='' read -p "Base DN: " BASE_DN -export PAAS_PASSWD=$(tr -dc 'A-Za-z0-9!"#$%&'\''()*+,-./:;<=>?@[\]^_`{|}~' ?@[\]^_`{|}~' < /dev/urandom | head -c 256; echo) echo "$PAAS_PASSWD" -n > paas.token echo "Saved PAAS Authentication Token (password) to paas.token" diff --git a/src/ldap.js b/src/ldap.js index ef6ee9b..a576c1a 100644 --- a/src/ldap.js +++ b/src/ldap.js @@ -44,7 +44,26 @@ export default class LDAP { return await this.#client.search(this.#peopledn, opts); } - async modUser (bind, uid, attrs) { } + async modUser (bind, uid, newAttrs) { + const result = await this.#client.bind(bind.dn, bind.password); + if (!result.ok) { + return result; + } + const results = []; + for (const attr of ["cn", "sn", "userPassword"]) { + if (attr in newAttrs) { + const change = new ldap.Change({ + operation: "replace", + modification: { + type: attr, + values: [newAttrs[attr]] + } + }); + results.push(await this.#client.modify(`uid=${uid},${this.#peopledn}`, change)); + } + } + return results; + } async delUser (bind, uid) { const result = await this.#client.bind(bind.dn, bind.password); @@ -63,7 +82,7 @@ export default class LDAP { const groupDN = `cn=${gid},${this.#groupsdn}`; const entry = { objectClass: "groupOfNames", - member: "", + member: attrs && attrs.member ? attrs.member : "", cn: gid }; return await this.#client.add(groupDN, entry); @@ -79,10 +98,34 @@ export default class LDAP { } async addUserToGroup (bind, uid, gid) { - + const result = await this.#client.bind(bind.dn, bind.password); + if (!result.ok) { + return result; + } + const change = new ldap.Change({ + operation: "add", + modification: { + type: "member", + values: [`uid=${uid},${this.#peopledn}`] + } + }); + return await this.#client.modify(`cn=${gid},${this.#groupsdn}`, change); } - async delUserFromGroup (bind, uid, gid) { } + async delUserFromGroup (bind, uid, gid) { + const result = await this.#client.bind(bind.dn, bind.password); + if (!result.ok) { + return result; + } + const change = new ldap.Change({ + operation: "delete", + modification: { + type: "member", + values: [`uid=${uid},${this.#peopledn}`] + } + }); + return await this.#client.modify(`cn=${gid},${this.#groupsdn}`, change); + } } class LDAPJS_CLIENT_ASYNC_WRAPPER { @@ -101,10 +144,10 @@ class LDAPJS_CLIENT_ASYNC_WRAPPER { return new Promise((resolve) => { this.#client.bind(dn, password, (err) => { if (err) { - resolve({ ok: false, error: err }); + resolve({ op: `bind ${dn}`, ok: false, error: err }); } else { - resolve({ ok: true }); + resolve({ op: `bind ${dn}`, ok: true }); } }); }); @@ -114,10 +157,10 @@ class LDAPJS_CLIENT_ASYNC_WRAPPER { return new Promise((resolve) => { this.#client.add(dn, entry, (err) => { if (err) { - resolve({ ok: false, error: err }); + resolve({ op: `add ${dn}`, ok: false, error: err }); } else { - resolve({ ok: true }); + resolve({ op: `add ${dn}`, ok: true }); } }); }); @@ -127,7 +170,7 @@ class LDAPJS_CLIENT_ASYNC_WRAPPER { return new Promise((resolve) => { this.#client.search(base, options, (err, res) => { if (err) { - return resolve({ ok: false, error: err }); + return resolve({ op: `search ${base}`, ok: false, error: err }); } const results = { ok: false, status: 1, message: "", entries: [] }; res.on("searchRequest", (searchRequest) => { }); @@ -155,10 +198,10 @@ class LDAPJS_CLIENT_ASYNC_WRAPPER { return new Promise((resolve) => { this.#client.modify(name, changes, (err) => { if (err) { - resolve({ ok: false, error: err }); + resolve({ op: `modify ${name}`, ok: false, error: err }); } else { - resolve({ ok: true }); + resolve({ op: `modify ${name}`, ok: true }); } }); }); @@ -168,10 +211,10 @@ class LDAPJS_CLIENT_ASYNC_WRAPPER { return new Promise((resolve) => { this.#client.del(dn, (err) => { if (err) { - resolve({ ok: false, error: err }); + resolve({ op: `del ${dn}`, ok: false, error: err }); } else { - resolve({ ok: true }); + resolve({ op: `del ${dn}`, ok: true }); } }); }); diff --git a/src/main.js b/src/main.js index 2f15802..94dcffa 100644 --- a/src/main.js +++ b/src/main.js @@ -22,36 +22,3 @@ global.package = _package(global.argv.package); global.config = _config(global.argv.configPath); const ldap = new LDAP(global.argv.ldapURL, global.config.basedn); - -/* import { readFileSync } from "fs"; -const paas = { - dn: `uid=paas,ou=people,${global.config.basedn}`, - password: readFileSync("paas.token").toString() -}; -console.log(await ldap.addUser(paas, "testuser", { cn: "test", sn: "test", userPassword: "test" })); -console.log((await ldap.getUser(paas, "testuser")).entries[0].attributes); -console.log(await ldap.delUser(paas, "testuser")); -console.log(await ldap.addGroup(paas, "testgroup")); -console.log(await ldap.delGroup(paas, "testgroup")); -exit(0); */ - -const app = express(); -app.use(bodyParser.urlencoded({ extended: true })); -app.use(cookieParser()); -app.use(morgan("combined")); - -app.listen(global.argv.listenPort, () => { - console.log(`proxmoxaas-ldap v${global.package.version} listening on port ${global.argv.listenPort}`); -}); - -app.get("/:user", async (req, res) => { -}); - -app.post("/:user", async (req, res) => { -}); - -app.delete("/:user", async (req, res) => { -}); - -app.post("/:user/password", async (req, res) => { -});