tronnet/ProxmoxAAS-LDAP
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity

Compare commits

base: tronnet:aab78cc262c529bf814c3223ffd5a3afcb7c6cfc
Branches Tags
tronnet:main tronnet:go-rewrite
tronnet:1.0.7 tronnet:v1.0.6 tronnet:v1.0.5 tronnet:v1.0.0 tronnet:v1.0.1 tronnet:v1.0.3 tronnet:v1.0.4 tronnet:v1.0.2
..
compare: tronnet:v1.0.5
Branches Tags
tronnet:main tronnet:go-rewrite
tronnet:1.0.7 tronnet:v1.0.6 tronnet:v1.0.5 tronnet:v1.0.0 tronnet:v1.0.1 tronnet:v1.0.3 tronnet:v1.0.4 tronnet:v1.0.2

16 Commits
aab78cc262 ... v1.0.5

Author SHA1 Message Date
Arthur Lu
b8b0504a70 add unit tests for various utility functions, 
add integration test for LDAPClient,
add aiutomatic openldap configuration for testing through make,
add make targets for tests
improve make targets for build/clean,
update README with build and test instructions
 2024-10-19 04:16:17 +00:00
Arthur Lu
99242b70a0 add starttls support, 
add starttls option to config
 2024-10-18 04:38:26 +00:00
Arthur Lu
fd84f9a991 Update README.md 2024-10-16 05:03:58 +00:00
Arthur Lu
0689ee46fd improve ModGroup to perform NOP 2024-10-15 21:34:34 +00:00
Arthur Lu
ca0832a010 update go mod 2024-10-14 22:21:44 +00:00
Arthur Lu
5d41b605b9 add better ldap response error handling 2024-10-14 22:21:10 +00:00
Arthur Lu
03177eb4d9 add mail attribute to user, 
bump API version to 1.0.3
 2024-10-12 22:33:34 +00:00
Arthur Lu
95ad75b20d go mod tidy 2024-10-10 20:59:01 +00:00
Arthur Lu
8cefdb0b01 update go version and dependencies 2024-10-10 20:57:29 +00:00
Arthur Lu
eacc349cac fix critical userPassword bug, 
improve ldap user/group data handling
 2024-10-05 00:08:58 +00:00
Arthur Lu
bf0596d385 add memberOf attribute to users, 
bump version to 1.0.1
 2024-07-26 01:25:46 +00:00
Arthur Lu
f11e5ccc31 fix default session cookie max age, 
disable cgo in build
 2024-07-18 20:22:12 +00:00
Arthur Lu
8f8f6bd1e8 add installation instructions to README 2024-07-06 03:11:30 +00:00
Arthur Lu
d41bca141c add version route 2024-07-06 02:46:10 +00:00
Arthur Lu
05e0c02fe8 rename config.template,json to template.config.json 2024-06-27 02:40:09 +00:00
alu
eea5b8599e Merge pull request 'Rewrite API in GO' (#1) from go-rewrite into main 
Reviewed-on: #1
 2024-06-21 23:33:29 +00:00
10 changed files with 38 additions and 51 deletions
Expand all files Collapse all files

6
.gitignore vendored
View File

@@ -1,3 +1,3 @@
go.sum **/go.sum
dist/* **/config.json
**/config.json dist/*

4
Makefile
View File

@@ -1,10 +1,10 @@
.PHONY: build test clean dev-init dev-reinit .PHONY: build test clean dev-init
build: clean build: clean
@echo "======================== Building Binary =======================" @echo "======================== Building Binary ======================="
CGO_ENABLED=0 go build -ldflags="-s -w" -v -o dist/ . CGO_ENABLED=0 go build -ldflags="-s -w" -v -o dist/ .
test: dev-reinit tests: dev-reinit
@echo "======================== Running Tests =========================" @echo "======================== Running Tests ========================="
go test -v -cover -coverpkg=./app/ -coverprofile coverage ./test/ go test -v -cover -coverpkg=./app/ -coverprofile coverage ./test/
@echo "======================= Coverage Report ========================" @echo "======================= Coverage Report ========================"

13
README.md
View File

@@ -30,16 +30,9 @@ ProxmoxAAS LDAP provides a simple API for managing users and groups in a simplif
1. Download `proxmoxaas-ldap` binary and `template.config.json` file from [releases](https://git.tronnet.net/tronnet/ProxmoxAAS-LDAP/releases) 1. Download `proxmoxaas-ldap` binary and `template.config.json` file from [releases](https://git.tronnet.net/tronnet/ProxmoxAAS-LDAP/releases)
2. Rename `template.config.json` to `config.json` and modify: 2. Rename `template.config.json` to `config.json` and modify:
- listenPort: port for PAAS-LDAP to bind and listen on
- ldapURL: url to the ldap server ie. `ldap://ldap.domain.net` - ldapURL: url to the ldap server ie. `ldap://ldap.domain.net`
- startTLS: true if backend LDAP supports StartTLS - baseDN: base DN ie. `dc=domain,dc=net`
- basedn: base DN ie. `dc=domain,dc=net` - sessionSecretKey: random value used to randomize cookie values, replace with any sufficiently large random string
- sessionCookieName: name of the session cookie
- sessionCookie: specific cookie properties
- path: cookie path
- httpOnly: cookie http-only
- secure: cookie secure
- maxAge: cookie max-age
3. Run the binary 3. Run the binary
## Building and Testing from Source ## Building and Testing from Source
@@ -57,4 +50,4 @@ Building requires the go toolchain. Testing requires the go toolchain, make, and
1. Clone the repository 1. Clone the repository
2. Run `go get` to get requirements 2. Run `go get` to get requirements
3. Run `make dev-init` to install test requirements including openldap (slapd), ldap-utils, debconf-utils 3. Run `make dev-init` to install test requirements including openldap (slapd), ldap-utils, debconf-utils
4. Run `make test` to run all tests 4. Run `make tests` to run all tests

21
app/app.go
View File

@@ -1,7 +1,6 @@
package app package app
import ( import (
"crypto/rand"
"encoding/gob" "encoding/gob"
"flag" "flag"
"log" "log"
@@ -16,12 +15,11 @@ import (
) )
var LDAPSessions map[string]*LDAPClient var LDAPSessions map[string]*LDAPClient
var AppVersion = "1.0.6" var AppVersion = "1.0.5"
var APIVersion = "1.0.4" var APIVersion = "1.0.4"
func Run() { func Run() {
gob.Register(LDAPClient{}) gob.Register(LDAPClient{})
gin.SetMode(gin.ReleaseMode)
log.Printf("Starting ProxmoxAAS-LDAP version %s\n", APIVersion) log.Printf("Starting ProxmoxAAS-LDAP version %s\n", APIVersion)
@@ -30,19 +28,13 @@ func Run() {
config, err := GetConfig(*configPath) config, err := GetConfig(*configPath)
if err != nil { if err != nil {
log.Fatalf("Error when reading config file: %s\n", err) log.Fatal("Error when reading config file: ", err)
} }
log.Printf("Read in config from %s\n", *configPath) log.Printf("Read in config from %s\n", *configPath)
secretKey := make([]byte, 256) gin.SetMode(gin.ReleaseMode)
n, err := rand.Read(secretKey)
if err != nil {
log.Fatalf("Error when generating session secret key: %s\n", err.Error())
}
log.Printf("Generated session secret key of length %d\n", n)
router := gin.Default() router := gin.Default()
store := cookie.NewStore(secretKey) store := cookie.NewStore([]byte(config.SessionSecretKey))
store.Options(sessions.Options{ store.Options(sessions.Options{
Path: config.SessionCookie.Path, Path: config.SessionCookie.Path,
HttpOnly: config.SessionCookie.HttpOnly, HttpOnly: config.SessionCookie.HttpOnly,
@@ -318,8 +310,5 @@ func Run() {
log.Printf("Starting LDAP API on port %s\n", strconv.Itoa(config.ListenPort)) log.Printf("Starting LDAP API on port %s\n", strconv.Itoa(config.ListenPort))
err = router.Run("0.0.0.0:" + strconv.Itoa(config.ListenPort)) router.Run("0.0.0.0:" + strconv.Itoa(config.ListenPort))
if err != nil {
log.Fatalf("Error starting router: %s", err.Error())
}
} }

1
app/utils.go
View File

@@ -13,6 +13,7 @@ type Config struct {
LdapURL string `json:"ldapURL"` LdapURL string `json:"ldapURL"`
StartTLS bool `json:"startTLS"` StartTLS bool `json:"startTLS"`
BaseDN string `json:"baseDN"` BaseDN string `json:"baseDN"`
SessionSecretKey string `json:"sessionSecretKey"`
SessionCookieName string `json:"sessionCookieName"` SessionCookieName string `json:"sessionCookieName"`
SessionCookie struct { SessionCookie struct {
Path string `json:"path"` Path string `json:"path"`

1
configs/template.config.json
View File

@@ -3,6 +3,7 @@
"ldapURL": "ldap://localhost", "ldapURL": "ldap://localhost",
"startTLS": true, "startTLS": true,
"basedn": "dc=example,dc=com", "basedn": "dc=example,dc=com",
"sessionSecretKey": "super secret key",
"sessionCookieName": "PAASLDAPAuthTicket", "sessionCookieName": "PAASLDAPAuthTicket",
"sessionCookie": { "sessionCookie": {
"path": "/", "path": "/",

37
go.mod
View File

@@ -1,35 +1,36 @@
module proxmoxaas-ldap module proxmoxaas-ldap
go 1.23.6 go 1.23
toolchain go1.23.2
require ( require (
github.com/gin-contrib/sessions v1.0.2 github.com/gin-contrib/sessions v1.0.1
github.com/gin-gonic/gin v1.10.0 github.com/gin-gonic/gin v1.10.0
github.com/go-ldap/ldap/v3 v3.4.10 github.com/go-ldap/ldap/v3 v3.4.8
github.com/nu7hatch/gouuid v0.0.0-20131221200532-179d4d0c4d8d github.com/nu7hatch/gouuid v0.0.0-20131221200532-179d4d0c4d8d
) )
require ( require (
github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect
github.com/bytedance/sonic v1.12.8 // indirect github.com/bytedance/sonic v1.12.3 // indirect
github.com/bytedance/sonic/loader v0.2.3 // indirect github.com/bytedance/sonic/loader v0.2.0 // indirect
github.com/cloudwego/base64x v0.1.5 // indirect github.com/cloudwego/base64x v0.1.4 // indirect
github.com/cloudwego/iasm v0.2.0 // indirect github.com/cloudwego/iasm v0.2.0 // indirect
github.com/gabriel-vasile/mimetype v1.4.8 // indirect github.com/gabriel-vasile/mimetype v1.4.6 // indirect
github.com/gin-contrib/sse v1.0.0 // indirect github.com/gin-contrib/sse v0.1.0 // indirect
github.com/go-asn1-ber/asn1-ber v1.5.7 // indirect github.com/go-asn1-ber/asn1-ber v1.5.7 // indirect
github.com/go-playground/locales v0.14.1 // indirect github.com/go-playground/locales v0.14.1 // indirect
github.com/go-playground/universal-translator v0.18.1 // indirect github.com/go-playground/universal-translator v0.18.1 // indirect
github.com/go-playground/validator/v10 v10.24.0 // indirect github.com/go-playground/validator/v10 v10.22.1 // indirect
github.com/goccy/go-json v0.10.5 // indirect github.com/goccy/go-json v0.10.3 // indirect
github.com/google/go-cmp v0.6.0 // indirect github.com/google/go-cmp v0.6.0 // indirect
github.com/google/uuid v1.6.0 // indirect github.com/google/uuid v1.6.0 // indirect
github.com/gorilla/context v1.1.2 // indirect github.com/gorilla/context v1.1.2 // indirect
github.com/gorilla/securecookie v1.1.2 // indirect github.com/gorilla/securecookie v1.1.2 // indirect
github.com/gorilla/sessions v1.4.0 // indirect github.com/gorilla/sessions v1.4.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect github.com/json-iterator/go v1.1.12 // indirect
github.com/klauspost/cpuid/v2 v2.2.9 // indirect github.com/klauspost/cpuid/v2 v2.2.8 // indirect
github.com/knz/go-libedit v1.10.1 // indirect
github.com/leodido/go-urn v1.4.0 // indirect github.com/leodido/go-urn v1.4.0 // indirect
github.com/mattn/go-isatty v0.0.20 // indirect github.com/mattn/go-isatty v0.0.20 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
@@ -37,11 +38,11 @@ require (
github.com/pelletier/go-toml/v2 v2.2.3 // indirect github.com/pelletier/go-toml/v2 v2.2.3 // indirect
github.com/twitchyliquid64/golang-asm v0.15.1 // indirect github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
github.com/ugorji/go/codec v1.2.12 // indirect github.com/ugorji/go/codec v1.2.12 // indirect
golang.org/x/arch v0.14.0 // indirect golang.org/x/arch v0.11.0 // indirect
golang.org/x/crypto v0.33.0 // indirect golang.org/x/crypto v0.28.0 // indirect
golang.org/x/net v0.35.0 // indirect golang.org/x/net v0.30.0 // indirect
golang.org/x/sys v0.30.0 // indirect golang.org/x/sys v0.26.0 // indirect
golang.org/x/text v0.22.0 // indirect golang.org/x/text v0.19.0 // indirect
google.golang.org/protobuf v1.36.5 // indirect google.golang.org/protobuf v1.35.1 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect
) )

4
scripts/Makefile
View File

@@ -1,8 +1,8 @@
.PHONY: prerequisites dev-init dev-reinit .PHONY: dev-init
prerequisites: prerequisites:
@echo "=================== Installing Prerequisites ===================" @echo "=================== Installing Prerequisites ==================="
apt install debconf-utils slapd ldap-utils sudo gettext gnutls-bin apt install debconf-utils slapd ldap-utils sudo gettext
git clone https://git.tronnet.net/tronnet/open-ldap-setup git clone https://git.tronnet.net/tronnet/open-ldap-setup
cd open-ldap-setup/; bash gencert.sh < ../gencert.conf; cd open-ldap-setup/; bash gencert.sh < ../gencert.conf;
rm -rf open-ldap-setup/ rm -rf open-ldap-setup/

1
test/test_config.json
View File

@@ -3,6 +3,7 @@
"ldapURL": "ldap://localhost", "ldapURL": "ldap://localhost",
"startTLS": true, "startTLS": true,
"basedn": "dc=test,dc=paasldap", "basedn": "dc=test,dc=paasldap",
"sessionSecretKey": "test",
"sessionCookieName": "PAASLDAPAuthTicket", "sessionCookieName": "PAASLDAPAuthTicket",
"sessionCookie": { "sessionCookie": {
"path": "/", "path": "/",

1
test/unit_test.go
View File

@@ -18,6 +18,7 @@ func TestConfig_ValidPath(t *testing.T) {
AssertEquals(t, "config.ListenPort", config.ListenPort, 80) AssertEquals(t, "config.ListenPort", config.ListenPort, 80)
AssertEquals(t, "config.LdapURL", config.LdapURL, "ldap://localhost") AssertEquals(t, "config.LdapURL", config.LdapURL, "ldap://localhost")
AssertEquals(t, "config.BaseDN", config.BaseDN, "dc=test,dc=paasldap") AssertEquals(t, "config.BaseDN", config.BaseDN, "dc=test,dc=paasldap")
AssertEquals(t, "config.SessionSecretKey", config.SessionSecretKey, "test")
AssertEquals(t, "config.SessionCookieName", config.SessionCookieName, "PAASLDAPAuthTicket") AssertEquals(t, "config.SessionCookieName", config.SessionCookieName, "PAASLDAPAuthTicket")
AssertEquals(t, "config.SessionCookie.Path", config.SessionCookie.Path, "/") AssertEquals(t, "config.SessionCookie.Path", config.SessionCookie.Path, "/")
AssertEquals(t, "config.SessionCookie.HttpOnly", config.SessionCookie.HttpOnly, true) AssertEquals(t, "config.SessionCookie.HttpOnly", config.SessionCookie.HttpOnly, true)