Compare commits
No commits in common. "main" and "go-rewrite" have entirely different histories.
main
...
go-rewrite
2
Makefile
2
Makefile
@ -1,5 +1,5 @@
|
|||||||
build: clean
|
build: clean
|
||||||
CGO_ENABLED=0 go build -ldflags="-s -w" -o dist/ .
|
go build -ldflags="-s -w" -o dist/ .
|
||||||
|
|
||||||
test: clean
|
test: clean
|
||||||
go run .
|
go run .
|
||||||
|
36
README.md
36
README.md
@ -1,36 +0,0 @@
|
|||||||
# ProxmoxAAS LDAP - Simple REST API for LDAP
|
|
||||||
|
|
||||||
ProxmoxAAS LDAP provides a simple API for managing users and groups in a simplified LDAP server. Expected LDAP configuration can be initialized using [open-ldap-setup](https://git.tronnet.net/tronnet/open-ldap-setup).
|
|
||||||
|
|
||||||
## Installation
|
|
||||||
|
|
||||||
### Prerequisites
|
|
||||||
|
|
||||||
- Initialized LDAP server with the following configuration
|
|
||||||
- Structure
|
|
||||||
- Users: ou=people,...
|
|
||||||
- objectType: inetOrgPerson
|
|
||||||
- At least 1 user which is a member of admin group
|
|
||||||
- Groups: ou=groups,...
|
|
||||||
- objectType: groupOfNames
|
|
||||||
- At least 1 admin group
|
|
||||||
- Permissions:
|
|
||||||
- Admin group should have write access
|
|
||||||
- Users should have write access to own attributes (cn, sn, userPassword)
|
|
||||||
- Enable anonymous binding
|
|
||||||
- Load MemberOf Policy:
|
|
||||||
- olcMemberOfDangling: ignore
|
|
||||||
- olcMemberOfRefInt: TRUE
|
|
||||||
- olcMemberOfGroupOC: groupOfNames
|
|
||||||
- olcMemberOfMemberAD: member
|
|
||||||
- olcMemberOfMemberOfAD: memberOf
|
|
||||||
- Password Policy and TLS are recommended but not required
|
|
||||||
|
|
||||||
### Installation
|
|
||||||
|
|
||||||
1. Download `proxmoxaas-ldap` binary and `template.config.json` file from [releases](releases)
|
|
||||||
2. Rename `template.config.json` to `config.json` and modify:
|
|
||||||
- ldapURL: url to the ldap server ie. `ldap://ldap.domain.net`
|
|
||||||
- baseDN: base DN ie. `dc=domain,dc=net`
|
|
||||||
- sessionSecretKey: random value used to randomize cookie values, replace with any sufficiently large random string
|
|
||||||
3. Run the binary
|
|
@ -15,7 +15,6 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
var LDAPSessions map[string]*LDAPClient
|
var LDAPSessions map[string]*LDAPClient
|
||||||
var APIVersion = "1.0.1"
|
|
||||||
|
|
||||||
func Run() {
|
func Run() {
|
||||||
gob.Register(LDAPClient{})
|
gob.Register(LDAPClient{})
|
||||||
@ -39,10 +38,6 @@ func Run() {
|
|||||||
|
|
||||||
LDAPSessions = make(map[string]*LDAPClient)
|
LDAPSessions = make(map[string]*LDAPClient)
|
||||||
|
|
||||||
router.GET("/version", func(c *gin.Context) {
|
|
||||||
c.JSON(http.StatusOK, gin.H{"version": APIVersion})
|
|
||||||
})
|
|
||||||
|
|
||||||
router.POST("/ticket", func(c *gin.Context) {
|
router.POST("/ticket", func(c *gin.Context) {
|
||||||
var body Login
|
var body Login
|
||||||
if err := c.ShouldBind(&body); err != nil { // bad request from binding
|
if err := c.ShouldBind(&body); err != nil { // bad request from binding
|
||||||
|
@ -35,7 +35,7 @@ func (l LDAPClient) GetAllUsers() (int, gin.H) {
|
|||||||
l.peopledn, // The base dn to search
|
l.peopledn, // The base dn to search
|
||||||
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
|
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
|
||||||
"(&(objectClass=inetOrgPerson))", // The filter to apply
|
"(&(objectClass=inetOrgPerson))", // The filter to apply
|
||||||
[]string{"dn", "cn", "sn", "mail", "uid", "memberOf"}, // A list attributes to retrieve
|
[]string{"dn", "cn", "sn", "mail", "uid"}, // A list attributes to retrieve
|
||||||
nil,
|
nil,
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -57,7 +57,6 @@ func (l LDAPClient) GetAllUsers() (int, gin.H) {
|
|||||||
"sn": entry.GetAttributeValue("sn"),
|
"sn": entry.GetAttributeValue("sn"),
|
||||||
"mail": entry.GetAttributeValue("mail"),
|
"mail": entry.GetAttributeValue("mail"),
|
||||||
"uid": entry.GetAttributeValue("uid"),
|
"uid": entry.GetAttributeValue("uid"),
|
||||||
"memberOf": entry.GetAttributeValues("memberOf"),
|
|
||||||
},
|
},
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
@ -105,7 +104,7 @@ func (l LDAPClient) GetUser(uid string) (int, gin.H) {
|
|||||||
fmt.Sprintf("uid=%s,%s", uid, l.peopledn), // The base dn to search
|
fmt.Sprintf("uid=%s,%s", uid, l.peopledn), // The base dn to search
|
||||||
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
|
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
|
||||||
"(&(objectClass=inetOrgPerson))", // The filter to apply
|
"(&(objectClass=inetOrgPerson))", // The filter to apply
|
||||||
[]string{"dn", "cn", "sn", "mail", "uid", "memberOf"}, // A list attributes to retrieve
|
[]string{"dn", "cn", "sn", "mail", "uid"}, // A list attributes to retrieve
|
||||||
nil,
|
nil,
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -125,7 +124,6 @@ func (l LDAPClient) GetUser(uid string) (int, gin.H) {
|
|||||||
"sn": entry.GetAttributeValue("sn"),
|
"sn": entry.GetAttributeValue("sn"),
|
||||||
"mail": entry.GetAttributeValue("mail"),
|
"mail": entry.GetAttributeValue("mail"),
|
||||||
"uid": entry.GetAttributeValue("uid"),
|
"uid": entry.GetAttributeValue("uid"),
|
||||||
"memberOf": entry.GetAttributeValues("memberOf"),
|
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -8,6 +8,6 @@
|
|||||||
"path": "/",
|
"path": "/",
|
||||||
"httpOnly": true,
|
"httpOnly": true,
|
||||||
"secure": false,
|
"secure": false,
|
||||||
"maxAge": 7200
|
"maxAge": 7200000
|
||||||
}
|
}
|
||||||
}
|
}
|
Loading…
Reference in New Issue
Block a user