Compare commits
	
		
			6 Commits
		
	
	
		
			aab78cc262
			...
			v1.0.1
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| bf0596d385 | |||
| f11e5ccc31 | |||
| 8f8f6bd1e8 | |||
| d41bca141c | |||
| 05e0c02fe8 | |||
| eea5b8599e | 
							
								
								
									
										2
									
								
								Makefile
									
									
									
									
									
								
							
							
						
						
									
										2
									
								
								Makefile
									
									
									
									
									
								
							| @@ -1,5 +1,5 @@ | |||||||
| build: clean | build: clean | ||||||
| 	go build -ldflags="-s -w" -o dist/ . | 	CGO_ENABLED=0 go build -ldflags="-s -w" -o dist/ . | ||||||
|  |  | ||||||
| test: clean | test: clean | ||||||
| 	go run . | 	go run . | ||||||
|   | |||||||
							
								
								
									
										36
									
								
								README.md
									
									
									
									
									
								
							
							
						
						
									
										36
									
								
								README.md
									
									
									
									
									
								
							| @@ -0,0 +1,36 @@ | |||||||
|  | # ProxmoxAAS LDAP - Simple REST API for LDAP | ||||||
|  |  | ||||||
|  | ProxmoxAAS LDAP provides a simple API for managing users and groups in a simplified LDAP server. Expected LDAP configuration can be initialized using [open-ldap-setup](https://git.tronnet.net/tronnet/open-ldap-setup).  | ||||||
|  |  | ||||||
|  | ## Installation | ||||||
|  |  | ||||||
|  | ### Prerequisites | ||||||
|  |  | ||||||
|  | - Initialized LDAP server with the following configuration | ||||||
|  |     - Structure | ||||||
|  |         - Users: ou=people,... | ||||||
|  |             - objectType: inetOrgPerson | ||||||
|  |             - At least 1 user which is a member of admin group | ||||||
|  |         - Groups: ou=groups,... | ||||||
|  |             - objectType: groupOfNames | ||||||
|  |             - At least 1 admin group | ||||||
|  |     - Permissions: | ||||||
|  |         - Admin group should have write access | ||||||
|  |         - Users should have write access to own attributes (cn, sn, userPassword) | ||||||
|  |         - Enable anonymous binding | ||||||
|  |     - Load MemberOf Policy: | ||||||
|  |         - olcMemberOfDangling: ignore | ||||||
|  |         - olcMemberOfRefInt: TRUE | ||||||
|  |         - olcMemberOfGroupOC: groupOfNames | ||||||
|  |         - olcMemberOfMemberAD: member | ||||||
|  |         - olcMemberOfMemberOfAD: memberOf | ||||||
|  |     - Password Policy and TLS are recommended but not required | ||||||
|  |  | ||||||
|  | ### Installation | ||||||
|  |  | ||||||
|  | 1. Download `proxmoxaas-ldap` binary and `template.config.json` file from [releases](releases) | ||||||
|  | 2. Rename `template.config.json` to `config.json` and modify: | ||||||
|  |     - ldapURL: url to the ldap server ie. `ldap://ldap.domain.net` | ||||||
|  |     - baseDN: base DN ie. `dc=domain,dc=net` | ||||||
|  |     - sessionSecretKey: random value used to randomize cookie values, replace with any sufficiently large random string | ||||||
|  | 3. Run the binary | ||||||
| @@ -15,6 +15,7 @@ import ( | |||||||
| ) | ) | ||||||
|  |  | ||||||
| var LDAPSessions map[string]*LDAPClient | var LDAPSessions map[string]*LDAPClient | ||||||
|  | var APIVersion = "1.0.1" | ||||||
|  |  | ||||||
| func Run() { | func Run() { | ||||||
| 	gob.Register(LDAPClient{}) | 	gob.Register(LDAPClient{}) | ||||||
| @@ -38,6 +39,10 @@ func Run() { | |||||||
|  |  | ||||||
| 	LDAPSessions = make(map[string]*LDAPClient) | 	LDAPSessions = make(map[string]*LDAPClient) | ||||||
|  |  | ||||||
|  | 	router.GET("/version", func(c *gin.Context) { | ||||||
|  | 		c.JSON(http.StatusOK, gin.H{"version": APIVersion}) | ||||||
|  | 	}) | ||||||
|  |  | ||||||
| 	router.POST("/ticket", func(c *gin.Context) { | 	router.POST("/ticket", func(c *gin.Context) { | ||||||
| 		var body Login | 		var body Login | ||||||
| 		if err := c.ShouldBind(&body); err != nil { // bad request from binding | 		if err := c.ShouldBind(&body); err != nil { // bad request from binding | ||||||
|   | |||||||
							
								
								
									
										26
									
								
								app/ldap.go
									
									
									
									
									
								
							
							
						
						
									
										26
									
								
								app/ldap.go
									
									
									
									
									
								
							| @@ -34,8 +34,8 @@ func (l LDAPClient) GetAllUsers() (int, gin.H) { | |||||||
| 	searchRequest := ldap.NewSearchRequest( | 	searchRequest := ldap.NewSearchRequest( | ||||||
| 		l.peopledn, // The base dn to search | 		l.peopledn, // The base dn to search | ||||||
| 		ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, | 		ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, | ||||||
| 		"(&(objectClass=inetOrgPerson))",          // The filter to apply | 		"(&(objectClass=inetOrgPerson))",                      // The filter to apply | ||||||
| 		[]string{"dn", "cn", "sn", "mail", "uid"}, // A list attributes to retrieve | 		[]string{"dn", "cn", "sn", "mail", "uid", "memberOf"}, // A list attributes to retrieve | ||||||
| 		nil, | 		nil, | ||||||
| 	) | 	) | ||||||
|  |  | ||||||
| @@ -53,10 +53,11 @@ func (l LDAPClient) GetAllUsers() (int, gin.H) { | |||||||
| 		results = append(results, gin.H{ | 		results = append(results, gin.H{ | ||||||
| 			"dn": entry.DN, | 			"dn": entry.DN, | ||||||
| 			"attributes": gin.H{ | 			"attributes": gin.H{ | ||||||
| 				"cn":   entry.GetAttributeValue("cn"), | 				"cn":       entry.GetAttributeValue("cn"), | ||||||
| 				"sn":   entry.GetAttributeValue("sn"), | 				"sn":       entry.GetAttributeValue("sn"), | ||||||
| 				"mail": entry.GetAttributeValue("mail"), | 				"mail":     entry.GetAttributeValue("mail"), | ||||||
| 				"uid":  entry.GetAttributeValue("uid"), | 				"uid":      entry.GetAttributeValue("uid"), | ||||||
|  | 				"memberOf": entry.GetAttributeValues("memberOf"), | ||||||
| 			}, | 			}, | ||||||
| 		}) | 		}) | ||||||
| 	} | 	} | ||||||
| @@ -103,8 +104,8 @@ func (l LDAPClient) GetUser(uid string) (int, gin.H) { | |||||||
| 	searchRequest := ldap.NewSearchRequest( //  setup search for user by uid | 	searchRequest := ldap.NewSearchRequest( //  setup search for user by uid | ||||||
| 		fmt.Sprintf("uid=%s,%s", uid, l.peopledn), // The base dn to search | 		fmt.Sprintf("uid=%s,%s", uid, l.peopledn), // The base dn to search | ||||||
| 		ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, | 		ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, | ||||||
| 		"(&(objectClass=inetOrgPerson))",          // The filter to apply | 		"(&(objectClass=inetOrgPerson))",                      // The filter to apply | ||||||
| 		[]string{"dn", "cn", "sn", "mail", "uid"}, // A list attributes to retrieve | 		[]string{"dn", "cn", "sn", "mail", "uid", "memberOf"}, // A list attributes to retrieve | ||||||
| 		nil, | 		nil, | ||||||
| 	) | 	) | ||||||
|  |  | ||||||
| @@ -120,10 +121,11 @@ func (l LDAPClient) GetUser(uid string) (int, gin.H) { | |||||||
| 	result := gin.H{ | 	result := gin.H{ | ||||||
| 		"dn": entry.DN, | 		"dn": entry.DN, | ||||||
| 		"attributes": gin.H{ | 		"attributes": gin.H{ | ||||||
| 			"cn":   entry.GetAttributeValue("cn"), | 			"cn":       entry.GetAttributeValue("cn"), | ||||||
| 			"sn":   entry.GetAttributeValue("sn"), | 			"sn":       entry.GetAttributeValue("sn"), | ||||||
| 			"mail": entry.GetAttributeValue("mail"), | 			"mail":     entry.GetAttributeValue("mail"), | ||||||
| 			"uid":  entry.GetAttributeValue("uid"), | 			"uid":      entry.GetAttributeValue("uid"), | ||||||
|  | 			"memberOf": entry.GetAttributeValues("memberOf"), | ||||||
| 		}, | 		}, | ||||||
| 	} | 	} | ||||||
|  |  | ||||||
|   | |||||||
| @@ -8,6 +8,6 @@ | |||||||
|         "path": "/", |         "path": "/", | ||||||
|         "httpOnly": true, |         "httpOnly": true, | ||||||
|         "secure": false, |         "secure": false, | ||||||
|         "maxAge": 7200000 |         "maxAge": 7200 | ||||||
|     } |     } | ||||||
| } | } | ||||||
		Reference in New Issue
	
	Block a user