.gitignore

@@ -1,3 +1,3 @@
-go.sum
+**/go.sum
-dist/*
 **/config.json
+dist/*

Makefile

@@ -1,23 +1,9 @@
-.PHONY: build test clean dev-init dev-reinit
-
 build: clean
-	@echo "======================== Building Binary ======================="
+	go build -ldflags="-s -w" -o dist/ .
-	CGO_ENABLED=0 go build -ldflags="-s -w" -v -o dist/ .
 
-test: dev-reinit
+test: clean
-	@echo "======================== Running Tests ========================="
+	go run .
-	go test -v -cover -coverpkg=./app/ -coverprofile coverage ./test/
-	@echo "======================= Coverage Report ========================"
-	go tool cover -func=coverage
-	@rm -f coverage
 
 clean:
-	@echo "======================== Cleaning Project ======================"
 	go clean
 	rm -f dist/*
-
-dev-init:
-	@cd scripts; make dev-init
-
-dev-reinit:
-	@cd scripts; make dev-reinit

README.md

@@ -1,53 +0,0 @@
-# ProxmoxAAS LDAP - Simple REST API for LDAP
-
-ProxmoxAAS LDAP provides a simple API for managing users and groups in a simplified LDAP server. Expected LDAP configuration can be initialized using [open-ldap-setup](https://git.tronnet.net/tronnet/open-ldap-setup). 
-
-## Installation
-
-### Prerequisites
-
-- Initialized LDAP server with the following configuration
-    - Structure
-        - Users: ou=people,...
-            - objectType: inetOrgPerson
-            - At least 1 user which is a member of admin group
-        - Groups: ou=groups,...
-            - objectType: groupOfNames
-            - At least 1 admin group
-    - Permissions:
-        - Admin group should have write access
-        - Users should have write access to own attributes (cn, sn, userPassword)
-        - Enable anonymous binding
-    - Load MemberOf Policy:
-        - olcMemberOfDangling: ignore
-        - olcMemberOfRefInt: TRUE
-        - olcMemberOfGroupOC: groupOfNames
-        - olcMemberOfMemberAD: member
-        - olcMemberOfMemberOfAD: memberOf
-    - Password Policy and TLS are recommended but not required
-
-### Installation
-
-1. Download `proxmoxaas-ldap` binary and `template.config.json` file from [releases](https://git.tronnet.net/tronnet/ProxmoxAAS-LDAP/releases)
-2. Rename `template.config.json` to `config.json` and modify:
-    - ldapURL: url to the ldap server ie. `ldap://ldap.domain.net`
-    - baseDN: base DN ie. `dc=domain,dc=net`
-    - sessionSecretKey: random value used to randomize cookie values, replace with any sufficiently large random string
-3. Run the binary
-
-## Building and Testing from Source
-
-Building requires the go toolchain. Testing requires the go toolchain, make, and apt. Currently only supports Debian.
-
-### Building from Source
-
-1. Clone the repository
-2. Run `go get` to get requirements
-3. Run `make` to build the binary
-
-### Testing Source
-
-1. Clone the repository
-2. Run `go get` to get requirements
-3. Run `make dev-init` to install test requirements including openldap (slapd), ldap-utils, debconf-utils
-4. Run `make tests` to run all tests

app/app.go

@@ -15,22 +15,15 @@ import (
 )
 
 var LDAPSessions map[string]*LDAPClient
-var AppVersion = "1.0.5"
-var APIVersion = "1.0.4"
 
 func Run() {
 	gob.Register(LDAPClient{})
 
-	log.Printf("Starting ProxmoxAAS-LDAP version %s\n", APIVersion)
-
 	configPath := flag.String("config", "config.json", "path to config.json file")
 	flag.Parse()
 
-	config, err := GetConfig(*configPath)
+	config := GetConfig(*configPath)
-	if err != nil {
+	log.Println("Initialized config from " + *configPath)
-		log.Fatal("Error when reading config file: ", err)
-	}
-	log.Printf("Read in config from %s\n", *configPath)
 
 	gin.SetMode(gin.ReleaseMode)
 	router := gin.Default()
@@ -43,14 +36,8 @@ func Run() {
 	})
 	router.Use(sessions.Sessions(config.SessionCookieName, store))
 
-	log.Printf("Started API router and cookie store (Name: %s Params: %+v)\n", config.SessionCookieName, config.SessionCookie)
-
 	LDAPSessions = make(map[string]*LDAPClient)
 
-	router.GET("/version", func(c *gin.Context) {
-		c.JSON(http.StatusOK, gin.H{"version": APIVersion, "app-version": AppVersion})
-	})
-
 	router.POST("/ticket", func(c *gin.Context) {
 		var body Login
 		if err := c.ShouldBind(&body); err != nil { // bad request from binding
@@ -94,7 +81,7 @@ func Run() {
 		uuid := SessionUUID.(string)
 		delete(LDAPSessions, uuid)
 		session.Options(sessions.Options{MaxAge: -1}) // set max age to -1 so it is deleted
-		session.Save()
+		_ = session.Save()
 		c.JSON(http.StatusUnauthorized, gin.H{"auth": false})
 	})
 
@@ -113,7 +100,7 @@ func Run() {
 		}
 
 		status, res := LDAPSession.GetAllUsers()
-		c.JSON(status, HandleResponse(res))
+		c.JSON(status, res)
 	})
 
 	router.POST("/users/:userid", func(c *gin.Context) {
@@ -130,24 +117,20 @@ func Run() {
 			return
 		}
 
+		var body User
+		if err := c.ShouldBind(&body); err != nil { // bad request from binding
+			c.JSON(http.StatusBadRequest, gin.H{"auth": false, "error": err.Error()})
+			return
+		}
+
 		// check if user already exists
 		status, res := LDAPSession.GetUser(c.Param("userid"))
 		if status != 200 && ldap.IsErrorWithCode(res["error"].(error), ldap.LDAPResultNoSuchObject) { // user does not already exist, create new user
-			var body UserRequired                       // all user attributes required for new users
-			if err := c.ShouldBind(&body); err != nil { // attempt to bind user data
-				c.JSON(http.StatusBadRequest, gin.H{"auth": false, "error": err.Error()})
-				return
-			}
 			status, res = LDAPSession.AddUser(c.Param("userid"), body)
-			c.JSON(status, HandleResponse(res))
+			c.JSON(status, res)
 		} else { // user already exists, attempt to modify user
-			var body UserOptional                       // all user attributes optional for new users
-			if err := c.ShouldBind(&body); err != nil { // attempt to bind user data
-				c.JSON(http.StatusBadRequest, gin.H{"auth": false, "error": err.Error()})
-				return
-			}
 			status, res = LDAPSession.ModUser(c.Param("userid"), body)
-			c.JSON(status, HandleResponse(res))
+			c.JSON(status, res)
 		}
 	})
 
@@ -166,7 +149,7 @@ func Run() {
 		}
 
 		status, res := LDAPSession.GetUser(c.Param("userid"))
-		c.JSON(status, HandleResponse(res))
+		c.JSON(status, res)
 	})
 
 	router.DELETE("/users/:userid", func(c *gin.Context) {
@@ -184,7 +167,7 @@ func Run() {
 		}
 
 		status, res := LDAPSession.DelUser(c.Param("userid"))
-		c.JSON(status, HandleResponse(res))
+		c.JSON(status, res)
 	})
 
 	router.GET("/groups", func(c *gin.Context) {
@@ -202,7 +185,7 @@ func Run() {
 		}
 
 		status, res := LDAPSession.GetAllGroups()
-		c.JSON(status, HandleResponse(res))
+		c.JSON(status, res)
 	})
 
 	router.GET("/groups/:groupid", func(c *gin.Context) {
@@ -220,7 +203,7 @@ func Run() {
 		}
 
 		status, res := LDAPSession.GetGroup(c.Param("groupid"))
-		c.JSON(status, HandleResponse(res))
+		c.JSON(status, res)
 	})
 
 	router.POST("/groups/:groupid", func(c *gin.Context) {
@@ -243,14 +226,14 @@ func Run() {
 			return
 		}
 
-		// check if group already exists
+		// check if user already exists
 		status, res := LDAPSession.GetGroup(c.Param("groupid"))
-		if status != 200 && ldap.IsErrorWithCode(res["error"].(error), ldap.LDAPResultNoSuchObject) { // group does not already exist, create new group
+		if status != 200 && ldap.IsErrorWithCode(res["error"].(error), ldap.LDAPResultNoSuchObject) { // user does not already exist, create new user
 			status, res = LDAPSession.AddGroup(c.Param("groupid"), body)
-			c.JSON(status, HandleResponse(res))
+			c.JSON(status, res)
-		} else { // group already exists, attempt to modify group
+		} else { // user already exists, attempt to modify user
 			status, res = LDAPSession.ModGroup(c.Param("groupid"), body)
-			c.JSON(status, HandleResponse(res))
+			c.JSON(status, res)
 		}
 	})
 
@@ -269,7 +252,7 @@ func Run() {
 		}
 
 		status, res := LDAPSession.DelGroup(c.Param("groupid"))
-		c.JSON(status, HandleResponse(res))
+		c.JSON(status, res)
 	})
 
 	router.POST("/groups/:groupid/members/:userid", func(c *gin.Context) {
@@ -287,7 +270,7 @@ func Run() {
 		}
 
 		status, res := LDAPSession.AddUserToGroup(c.Param("userid"), c.Param("groupid"))
-		c.JSON(status, HandleResponse(res))
+		c.JSON(status, res)
 	})
 
 	router.DELETE("/groups/:groupid/members/:userid", func(c *gin.Context) {
@@ -305,10 +288,8 @@ func Run() {
 		}
 
 		status, res := LDAPSession.DelUserFromGroup(c.Param("userid"), c.Param("groupid"))
-		c.JSON(status, HandleResponse(res))
+		c.JSON(status, res)
 	})
 
-	log.Printf("Starting LDAP API on port %s\n", strconv.Itoa(config.ListenPort))
-
 	router.Run("0.0.0.0:" + strconv.Itoa(config.ListenPort))
 }

app/ldap.go

@@ -1,8 +1,6 @@
 package app
 
 import (
-	"crypto/tls"
-	"errors"
 	"fmt"
 	"net/http"
 
@@ -10,7 +8,6 @@ import (
 	"github.com/go-ldap/ldap/v3"
 )
 
-// LDAPClient wrapper struct containing the connection, baseDN, peopleDN, and groupsDN
 type LDAPClient struct {
 	client   *ldap.Conn
 	basedn   string
@@ -18,20 +15,8 @@ type LDAPClient struct {
 	groupsdn string
 }
 
-// returns a new LDAPClient from the config
 func NewLDAPClient(config Config) (*LDAPClient, error) {
 	LDAPConn, err := ldap.DialURL(config.LdapURL)
-	if err != nil {
-		return nil, err
-	}
-
-	if config.StartTLS {
-		err = LDAPConn.StartTLS(&tls.Config{InsecureSkipVerify: true})
-		if err != nil {
-			return nil, err
-		}
-	}
-
 	return &LDAPClient{
 		client:   LDAPConn,
 		basedn:   config.BaseDN,
@@ -40,7 +25,6 @@ func NewLDAPClient(config Config) (*LDAPClient, error) {
 	}, err
 }
 
-// bind a user using username and password to the LDAPClient
 func (l LDAPClient) BindUser(username string, password string) error {
 	userdn := fmt.Sprintf("uid=%s,%s", username, l.peopledn)
 	return l.client.Bind(userdn, password)
@@ -51,7 +35,7 @@ func (l LDAPClient) GetAllUsers() (int, gin.H) {
 		l.peopledn, // The base dn to search
 		ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
 		"(&(objectClass=inetOrgPerson))",          // The filter to apply
-		[]string{"dn", "cn", "sn", "mail", "uid", "memberOf"}, // A list attributes to retrieve
+		[]string{"dn", "cn", "sn", "mail", "uid"}, // A list attributes to retrieve
 		nil,
 	)
 
@@ -66,8 +50,15 @@ func (l LDAPClient) GetAllUsers() (int, gin.H) {
 	var results = []gin.H{} // create list of results
 
 	for _, entry := range searchResponse.Entries { // for each result,
-		user := LDAPEntryToLDAPUser(entry)
+		results = append(results, gin.H{
-		results = append(results, LDAPUserToGin(user))
+			"dn": entry.DN,
+			"attributes": gin.H{
+				"cn":   entry.GetAttributeValue("cn"),
+				"sn":   entry.GetAttributeValue("sn"),
+				"mail": entry.GetAttributeValue("mail"),
+				"uid":  entry.GetAttributeValue("uid"),
+			},
+		})
 	}
 
 	return http.StatusOK, gin.H{
@@ -77,43 +68,11 @@ func (l LDAPClient) GetAllUsers() (int, gin.H) {
 	}
 }
 
-func (l LDAPClient) GetUser(uid string) (int, gin.H) {
+func (l LDAPClient) AddUser(uid string, user User) (int, gin.H) {
-	searchRequest := ldap.NewSearchRequest( //  setup search for user by uid
+	if user.CN == "" || user.SN == "" || user.UserPassword == "" {
-		fmt.Sprintf("uid=%s,%s", uid, l.peopledn), // The base dn to search
-		ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
-		"(&(objectClass=inetOrgPerson))",                      // The filter to apply
-		[]string{"dn", "cn", "sn", "mail", "uid", "memberOf"}, // A list attributes to retrieve
-		nil,
-	)
-
-	searchResponse, err := l.client.Search(searchRequest) // perform search
-	if err != nil {
 		return http.StatusBadRequest, gin.H{
 			"ok":    false,
-			"error": err,
+			"error": "Missing one of required fields: cn, sn, userpassword",
-		}
-	}
-
-	entry := searchResponse.Entries[0]
-
-	user := LDAPEntryToLDAPUser(entry)
-	result := LDAPUserToGin(user)
-
-	return http.StatusOK, gin.H{
-		"ok":    true,
-		"error": nil,
-		"user":  result,
-	}
-}
-
-func (l LDAPClient) AddUser(uid string, user UserRequired) (int, gin.H) {
-	if user.CN == "" || user.SN == "" || user.UserPassword == "" || user.Mail == "" {
-		return http.StatusBadRequest, gin.H{
-			"ok": false,
-			"error": ldap.NewError(
-				ldap.LDAPResultUnwillingToPerform,
-				errors.New("missing one of required fields: cn, sn, mail, userpassword"),
-			),
 		}
 	}
 
@@ -123,8 +82,7 @@ func (l LDAPClient) AddUser(uid string, user UserRequired) (int, gin.H) {
 	)
 	addRequest.Attribute("sn", []string{user.SN})
 	addRequest.Attribute("cn", []string{user.CN})
-	addRequest.Attribute("mail", []string{user.Mail})
+	addRequest.Attribute("userPassword", []string{user.CN})
-	addRequest.Attribute("userPassword", []string{user.UserPassword})
 	addRequest.Attribute("objectClass", []string{"inetOrgPerson"})
 
 	err := l.client.Add(addRequest)
@@ -141,14 +99,46 @@ func (l LDAPClient) AddUser(uid string, user UserRequired) (int, gin.H) {
 	}
 }
 
-func (l LDAPClient) ModUser(uid string, user UserOptional) (int, gin.H) {
+func (l LDAPClient) GetUser(uid string) (int, gin.H) {
-	if user.CN == "" && user.SN == "" && user.UserPassword == "" && user.Mail == "" {
+	searchRequest := ldap.NewSearchRequest( //  setup search for user by uid
+		fmt.Sprintf("uid=%s,%s", uid, l.peopledn), // The base dn to search
+		ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
+		"(&(objectClass=inetOrgPerson))",          // The filter to apply
+		[]string{"dn", "cn", "sn", "mail", "uid"}, // A list attributes to retrieve
+		nil,
+	)
+
+	searchResponse, err := l.client.Search(searchRequest) // perform search
+	if err != nil {
 		return http.StatusBadRequest, gin.H{
 			"ok":    false,
-			"error": ldap.NewError(
+			"error": err,
-				ldap.LDAPResultUnwillingToPerform,
+		}
-				errors.New("requires one of fields: cn, sn, mail, userpassword"),
+	}
-			),
+
+	entry := searchResponse.Entries[0]
+	result := gin.H{
+		"dn": entry.DN,
+		"attributes": gin.H{
+			"cn":   entry.GetAttributeValue("cn"),
+			"sn":   entry.GetAttributeValue("sn"),
+			"mail": entry.GetAttributeValue("mail"),
+			"uid":  entry.GetAttributeValue("uid"),
+		},
+	}
+
+	return http.StatusOK, gin.H{
+		"ok":    true,
+		"error": nil,
+		"user":  result,
+	}
+}
+
+func (l LDAPClient) ModUser(uid string, user User) (int, gin.H) {
+	if user.CN == "" && user.SN == "" && user.UserPassword == "" {
+		return http.StatusBadRequest, gin.H{
+			"ok":    false,
+			"error": "Requires one of fields: cn, sn, userpassword",
 		}
 	}
 
@@ -162,9 +152,6 @@ func (l LDAPClient) ModUser(uid string, user UserOptional) (int, gin.H) {
 	if user.SN != "" {
 		modifyRequest.Replace("sn", []string{user.SN})
 	}
-	if user.Mail != "" {
-		modifyRequest.Replace("mail", []string{user.Mail})
-	}
 	if user.UserPassword != "" {
 		modifyRequest.Replace("userPassword", []string{user.UserPassword})
 	}
@@ -227,8 +214,13 @@ func (l LDAPClient) GetAllGroups() (int, gin.H) {
 	var results = []gin.H{} // create list of results
 
 	for _, entry := range searchResponse.Entries { // for each result,
-		group := LDAPEntryToLDAPGroup(entry)
+		results = append(results, gin.H{
-		results = append(results, LDAPGroupToGin(group))
+			"dn": entry.DN,
+			"attributes": gin.H{
+				"cn":     entry.GetAttributeValue("cn"),
+				"member": entry.GetAttributeValues("member"),
+			},
+		})
 	}
 
 	return http.StatusOK, gin.H{
@@ -256,8 +248,13 @@ func (l LDAPClient) GetGroup(gid string) (int, gin.H) {
 	}
 
 	entry := searchResponse.Entries[0]
-	group := LDAPEntryToLDAPGroup(entry)
+	result := gin.H{
-	result := LDAPGroupToGin(group)
+		"dn": entry.DN,
+		"attributes": gin.H{
+			"cn":     entry.GetAttributeValue("cn"),
+			"member": entry.GetAttributeValues("member"),
+		},
+	}
 
 	return http.StatusOK, gin.H{
 		"ok":    true,
@@ -290,22 +287,7 @@ func (l LDAPClient) AddGroup(gid string, group Group) (int, gin.H) {
 }
 
 func (l LDAPClient) ModGroup(gid string, group Group) (int, gin.H) {
-	modifyRequest := ldap.NewModifyRequest(
+	return 200, gin.H{
-		fmt.Sprintf("cn=%s,%s", gid, l.groupsdn),
-		nil,
-	)
-
-	modifyRequest.Replace("cn", []string{gid})
-
-	err := l.client.Modify(modifyRequest)
-	if err != nil {
-		return http.StatusBadRequest, gin.H{
-			"ok":    false,
-			"error": err,
-		}
-	}
-
-	return http.StatusOK, gin.H{
 		"ok":    true,
 		"error": nil,
 	}

app/utils.go

@@ -2,16 +2,13 @@ package app
 
 import (
 	"encoding/json"
+	"log"
 	"os"
-
-	"github.com/gin-gonic/gin"
-	"github.com/go-ldap/ldap/v3"
 )
 
 type Config struct {
 	ListenPort        int    `json:"listenPort"`
 	LdapURL           string `json:"ldapURL"`
-	StartTLS          bool   `json:"startTLS"`
 	BaseDN            string `json:"baseDN"`
 	SessionSecretKey  string `json:"sessionSecretKey"`
 	SessionCookieName string `json:"sessionCookieName"`
@@ -23,17 +20,17 @@ type Config struct {
 	}
 }
 
-func GetConfig(configPath string) (Config, error) {
+func GetConfig(configPath string) Config {
 	content, err := os.ReadFile(configPath)
 	if err != nil {
-		return Config{}, err
+		log.Fatal("Error when opening config file: ", err)
 	}
 	var config Config
 	err = json.Unmarshal(content, &config)
 	if err != nil {
-		return Config{}, err
+		log.Fatal("Error during parsing config file: ", err)
 	}
-	return config, nil
+	return config
 }
 
 type Login struct { // login body struct
@@ -41,103 +38,11 @@ type Login struct { // login body struct
 	Password string `form:"password" binding:"required"`
 }
 
-type LDAPUserAttributes struct {
+type User struct { // add or modify user body struct
-	CN       string
-	SN       string
-	Mail     string
-	UID      string
-	MemberOf []string
-}
-
-type LDAPUser struct {
-	DN         string
-	Attributes LDAPUserAttributes
-}
-
-func LDAPEntryToLDAPUser(entry *ldap.Entry) LDAPUser {
-	return LDAPUser{
-		DN: entry.DN,
-		Attributes: LDAPUserAttributes{
-			CN:       entry.GetAttributeValue("cn"),
-			SN:       entry.GetAttributeValue("sn"),
-			Mail:     entry.GetAttributeValue("mail"),
-			UID:      entry.GetAttributeValue("uid"),
-			MemberOf: entry.GetAttributeValues("memberOf"),
-		},
-	}
-}
-
-func LDAPUserToGin(user LDAPUser) gin.H {
-	return gin.H{
-		"dn": user.DN,
-		"attributes": gin.H{
-			"cn":       user.Attributes.CN,
-			"sn":       user.Attributes.SN,
-			"mail":     user.Attributes.Mail,
-			"uid":      user.Attributes.UID,
-			"memberOf": user.Attributes.MemberOf,
-		},
-	}
-}
-
-type LDAPGroupAttributes struct {
-	CN     string
-	Member []string
-}
-
-type LDAPGroup struct {
-	DN         string
-	Attributes LDAPGroupAttributes
-}
-
-func LDAPEntryToLDAPGroup(entry *ldap.Entry) LDAPGroup {
-	return LDAPGroup{
-		DN: entry.DN,
-		Attributes: LDAPGroupAttributes{
-			CN:     entry.GetAttributeValue("cn"),
-			Member: entry.GetAttributeValues("member"),
-		},
-	}
-}
-
-func LDAPGroupToGin(group LDAPGroup) gin.H {
-	return gin.H{
-		"dn": group.DN,
-		"attributes": gin.H{
-			"cn":     group.Attributes.CN,
-			"member": group.Attributes.Member,
-		},
-	}
-}
-
-type UserOptional struct { // add or modify user body struct
 	CN           string `form:"cn"`
 	SN           string `form:"sn"`
-	Mail         string `form:"mail"`
 	UserPassword string `form:"userpassword"`
 }
 
-type UserRequired struct { // add or modify user body struct
-	CN           string `form:"cn" binding:"required"`
-	SN           string `form:"sn" binding:"required"`
-	Mail         string `form:"mail" binding:"required"`
-	UserPassword string `form:"userpassword" binding:"required"`
-}
-
 type Group struct { // add or modify group body struct
 }
-
-func HandleResponse(response gin.H) gin.H {
-	if response["error"] != nil {
-		err := response["error"].(error)
-		LDAPerr := err.(*ldap.Error)
-		response["error"] = gin.H{
-			"code":    LDAPerr.ResultCode,
-			"result":  ldap.LDAPResultCodeMap[LDAPerr.ResultCode],
-			"message": LDAPerr.Err.Error(),
-		}
-		return response
-	} else {
-		return response
-	}
-}

configs/config.template.json

@@ -1,7 +1,6 @@
 {
     "listenPort": 80,
     "ldapURL": "ldap://localhost",
-    "startTLS": true,
     "basedn": "dc=example,dc=com",
     "sessionSecretKey": "super secret key",
     "sessionCookieName": "PAASLDAPAuthTicket",
@@ -9,6 +8,6 @@
         "path": "/",
         "httpOnly": true,
         "secure": false,
-        "maxAge": 7200
+        "maxAge": 7200000
     }
 }

go.mod

@@ -1,6 +1,6 @@
 module proxmoxaas-ldap
 
-go 1.23.2
+go 1.22.4
 
 require (
 	github.com/gin-contrib/sessions v1.0.1
@@ -11,37 +11,35 @@ require (
 
 require (
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect
-	github.com/bytedance/sonic v1.12.3 // indirect
+	github.com/bytedance/sonic v1.11.8 // indirect
-	github.com/bytedance/sonic/loader v0.2.1 // indirect
+	github.com/bytedance/sonic/loader v0.1.1 // indirect
 	github.com/cloudwego/base64x v0.1.4 // indirect
 	github.com/cloudwego/iasm v0.2.0 // indirect
-	github.com/gabriel-vasile/mimetype v1.4.6 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.4 // indirect
 	github.com/gin-contrib/sse v0.1.0 // indirect
 	github.com/go-asn1-ber/asn1-ber v1.5.7 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
-	github.com/go-playground/validator/v10 v10.22.1 // indirect
+	github.com/go-playground/validator/v10 v10.22.0 // indirect
 	github.com/goccy/go-json v0.10.3 // indirect
-	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/gorilla/context v1.1.2 // indirect
 	github.com/gorilla/securecookie v1.1.2 // indirect
-	github.com/gorilla/sessions v1.4.0 // indirect
+	github.com/gorilla/sessions v1.3.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/klauspost/cpuid/v2 v2.2.8 // indirect
-	github.com/knz/go-libedit v1.10.1 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
-	github.com/pelletier/go-toml/v2 v2.2.3 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.2 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/ugorji/go/codec v1.2.12 // indirect
-	golang.org/x/arch v0.11.0 // indirect
+	golang.org/x/arch v0.8.0 // indirect
-	golang.org/x/crypto v0.28.0 // indirect
+	golang.org/x/crypto v0.24.0 // indirect
-	golang.org/x/net v0.30.0 // indirect
+	golang.org/x/net v0.26.0 // indirect
-	golang.org/x/sys v0.26.0 // indirect
+	golang.org/x/sys v0.21.0 // indirect
-	golang.org/x/text v0.19.0 // indirect
+	golang.org/x/text v0.16.0 // indirect
-	google.golang.org/protobuf v1.35.1 // indirect
+	google.golang.org/protobuf v1.34.2 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

scripts/Makefile

@@ -1,18 +0,0 @@
-.PHONY: prerequisites dev-init dev-reinit
-
-prerequisites:
-	@echo "=================== Installing Prerequisites ==================="
-	apt install debconf-utils slapd ldap-utils sudo gettext
-	git clone https://git.tronnet.net/tronnet/open-ldap-setup
-	cd open-ldap-setup/; bash gencert.sh < ../gencert.conf;
-	rm -rf open-ldap-setup/
-
-dev-init: prerequisites dev-reinit
-
-dev-reinit:
-	@echo "====================== Initializing Slapd ======================"
-	cat debconf-slapd.conf | debconf-set-selections
-	DEBIAN_FRONTEND=noninteractive dpkg-reconfigure slapd
-	git clone https://git.tronnet.net/tronnet/open-ldap-setup
-	cd open-ldap-setup/; bash setup.sh < ../setup.conf;
-	rm -rf open-ldap-setup/

scripts/debconf-slapd.conf

@@ -1,16 +0,0 @@
-slapd slapd/password1 password admin
-slapd slapd/internal/adminpw password admin
-slapd slapd/internal/generated_adminpw password admin
-slapd slapd/password2 password admin
-slapd slapd/unsafe_selfwrite_acl note
-slapd slapd/purge_database boolean true
-slapd slapd/domain string test.paasldap
-slapd slapd/ppolicy_schema_needs_update select abort installation
-slapd slapd/invalid_config boolean true
-slapd slapd/move_old_database boolean true
-slapd slapd/backend select MDB
-slapd shared/organization string paasldap
-slapd slapd/dump_database_destdir string /var/backups/slapd-VERSION
-slapd slapd/no_configuration boolean false
-slapd slapd/dump_database select when needed
-slapd slapd/password_mismatch note

scripts/gencert.conf

@@ -1,2 +0,0 @@
-paasldap
-localhost

scripts/setup.conf

@@ -1,10 +0,0 @@
-dc=test,dc=paasldap
-adminuser
-adminuser@test.paasldap
-admin
-user
-admin123
-admin123
-/etc/ssl/certs/ldap-ca-cert.pem
-/etc/ldap/ldap-server-cert.pem
-/etc/ldap/ldap-server-key.pem

test/bad_config.json

@@ -1 +0,0 @@
-{,,}

test/test_config.json

@@ -1,14 +0,0 @@
-{
-    "listenPort": 80,
-    "ldapURL": "ldap://localhost",
-    "startTLS": true,
-    "basedn": "dc=test,dc=paasldap",
-    "sessionSecretKey": "test",
-    "sessionCookieName": "PAASLDAPAuthTicket",
-    "sessionCookie": {
-        "path": "/",
-        "httpOnly": true,
-        "secure": false,
-        "maxAge": 7200
-    }
-}

test/test_utils.go

@@ -1,156 +0,0 @@
-package tests
-
-import (
-	"fmt"
-	"math/rand"
-	"net/http"
-	"proxmoxaas-ldap/app"
-	"reflect"
-	"testing"
-
-	"github.com/gin-gonic/gin"
-	"github.com/go-ldap/ldap/v3"
-)
-
-func RandInt(min int, max int) int {
-	return rand.Intn(max+1-min) + min
-}
-
-func RandString(n int) string {
-	var letters = []rune("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ")
-	b := make([]rune, n)
-	for i := range b {
-		b[i] = letters[rand.Intn(len(letters))]
-	}
-	return string(b)
-}
-
-// random ldap style DN
-func RandDN(n int) string {
-	return fmt.Sprintf("cn=%s,ou=%s,dc=%s,dc=%s", RandString(n), RandString(n), RandString(n), RandString(n))
-}
-
-// typically for testing values of a variable
-func AssertEquals[T comparable](t *testing.T, label string, a T, b T) {
-	t.Helper()
-	if a != b {
-		t.Errorf(`%s = %#v; expected %#v.`, label, a, b)
-	}
-}
-
-// asserting the success or failure of a generic error
-func AssertError(t *testing.T, label string, gotErr error, expectErr error) {
-	t.Helper()
-	if gotErr != nil && expectErr != nil {
-		if gotErr.Error() != expectErr.Error() {
-			t.Errorf(`%s returned %s; expected %s`, label, gotErr.Error(), expectErr.Error())
-		}
-	} else {
-		if gotErr != expectErr {
-			t.Errorf(`%s returned %s; expected %s`, label, gotErr.Error(), expectErr.Error())
-		}
-	}
-}
-
-// typically for asserting the success or failure of an ldap result
-func AssertLDAPError(t *testing.T, label string, gotErr any, expectErrCode uint16) {
-	t.Helper()
-	expectError := ldap.LDAPResultCodeMap[expectErrCode]
-	if expectErrCode == ldap.LDAPResultSuccess { // expect success
-		if gotErr != nil { // got an error
-			gotErr := gotErr.(error)
-			t.Errorf(`%s returned %s; expected %s.`, label, gotErr.Error(), "success")
-		} // did not get an error
-	} else { // expect error
-		if gotErr == nil { // did not get an error
-			t.Errorf(`%s returned %s; expected %s.`, label, "success", expectError)
-			return
-		}
-		gotErr := gotErr.(error)
-		if !ldap.IsErrorWithCode(gotErr, expectErrCode) { // got an error that does not match the expected error
-			t.Errorf(`%s returned %s; expected %s.`, label, gotErr.Error(), expectError)
-		} // got the expected error
-	}
-}
-
-// typically for asserting the success or failure of an http result
-func AssertStatus(t *testing.T, label string, gotCode int, expectCode int) {
-	t.Helper()
-	if expectCode == http.StatusOK {
-		if gotCode != http.StatusOK { // got an error
-			t.Errorf(`%s returned %d; expected %d.`, label, gotCode, expectCode)
-		}
-	} else { // expect error
-		if gotCode == http.StatusOK { // did not get an error
-			t.Errorf(`%s returned %d; expected %d.`, label, gotCode, expectCode)
-		} else if gotCode != expectCode { // got an error that does not match the expected error
-			t.Errorf(`%s returned %d; expected %d.`, label, gotCode, expectCode)
-		}
-	}
-}
-
-// compare if two users are equal, accepts LDAPUser or gin.H
-func AssertLDAPUserEquals(t *testing.T, label string, a any, b app.LDAPUser) {
-	t.Helper()
-
-	aObj, ok := a.(app.LDAPUser)
-	if ok {
-		if !reflect.DeepEqual(aObj, b) {
-			t.Errorf(`%s = %#v; expected %#v.`, label, aObj, b)
-		}
-		return
-	}
-
-	aGin, ok := a.(gin.H)
-	if ok {
-		bGin := app.LDAPUserToGin(b)
-		if !reflect.DeepEqual(aGin, bGin) {
-			t.Errorf(`%s = %#v; expected %#v.`, label, aGin, bGin)
-		}
-		return
-	}
-
-	// not a supported type
-	t.Errorf(`%s = %#v; expected %#v.`, label, a, b)
-}
-
-// compare if two users are equal, accepts LDAPUser or gin.H
-func AssertLDAPGroupEquals(t *testing.T, label string, a any, b app.LDAPGroup) {
-	t.Helper()
-
-	aObj, ok := a.(app.LDAPGroup)
-	if ok {
-		if !reflect.DeepEqual(aObj, b) {
-			t.Errorf(`%s = %#v; expected %#v.`, label, aObj, b)
-		}
-		return
-	}
-
-	aGin, ok := a.(gin.H)
-	if ok {
-		bGin := app.LDAPGroupToGin(b)
-		if !reflect.DeepEqual(aGin, bGin) {
-			t.Errorf(`%s = %#v; expected %#v.`, label, aGin, bGin)
-		}
-		return
-	}
-
-	// not a supported type
-	t.Errorf(`%s = %#v; expected %#v.`, label, a, b)
-}
-
-var _config, _ = app.GetConfig("test_config.json")
-var BaseDN = _config.BaseDN
-var PeopleDN = fmt.Sprintf("ou=people,%s", BaseDN)
-var GroupDN = fmt.Sprintf("ou=groups,%s", BaseDN)
-
-type User struct {
-	username string
-	password string
-	userObj  app.LDAPUser
-}
-
-type Group struct {
-	groupname string
-	groupObj  app.LDAPGroup
-}

test/unit_test.go

@@ -1,126 +0,0 @@
-package tests
-
-import (
-	"errors"
-	"fmt"
-	app "proxmoxaas-ldap/app"
-	"testing"
-
-	"github.com/gin-gonic/gin"
-	"github.com/go-ldap/ldap/v3"
-)
-
-// test the GetConfig utility function because it used in other tests
-func TestConfig_ValidPath(t *testing.T) {
-	config, err := app.GetConfig("test_config.json")
-
-	AssertError(t, "GetConfig()", err, nil)
-	AssertEquals(t, "config.ListenPort", config.ListenPort, 80)
-	AssertEquals(t, "config.LdapURL", config.LdapURL, "ldap://localhost")
-	AssertEquals(t, "config.BaseDN", config.BaseDN, "dc=test,dc=paasldap")
-	AssertEquals(t, "config.SessionSecretKey", config.SessionSecretKey, "test")
-	AssertEquals(t, "config.SessionCookieName", config.SessionCookieName, "PAASLDAPAuthTicket")
-	AssertEquals(t, "config.SessionCookie.Path", config.SessionCookie.Path, "/")
-	AssertEquals(t, "config.SessionCookie.HttpOnly", config.SessionCookie.HttpOnly, true)
-	AssertEquals(t, "config.SessionCookie.Secure", config.SessionCookie.Secure, false)
-	AssertEquals(t, "config.SessionCookie.MaxAge", config.SessionCookie.MaxAge, 7200)
-}
-
-func TestConfig_InvalidPath(t *testing.T) {
-	badFileName := RandString(16)
-	_, err := app.GetConfig(badFileName)
-	expectedErr := fmt.Errorf("open %s: no such file or directory", badFileName)
-	AssertError(t, "GetConfig()", err, expectedErr)
-
-	_, err = app.GetConfig("bad_config.json")
-	expectedErr = fmt.Errorf("invalid character ',' looking for beginning of object key string")
-	AssertError(t, "GetConfig()", err, expectedErr)
-}
-
-// test the LDAPEntryToUser and LDAPUserToGin utility functions
-func TestLDAPUserDataPipeline(t *testing.T) {
-	var memberOf []string
-	for i := 0; i < RandInt(5, 20); i++ {
-		memberOf = append(memberOf, RandDN(16))
-	}
-
-	expectedUser := app.LDAPUser{
-		DN: RandDN(16),
-		Attributes: app.LDAPUserAttributes{
-			CN:       RandString(16),
-			SN:       RandString(16),
-			Mail:     RandString(16),
-			UID:      RandString(16),
-			MemberOf: memberOf,
-		},
-	}
-
-	attributes := make(map[string][]string)
-	attributes["cn"] = []string{expectedUser.Attributes.CN}
-	attributes["sn"] = []string{expectedUser.Attributes.SN}
-	attributes["mail"] = []string{expectedUser.Attributes.Mail}
-	attributes["uid"] = []string{expectedUser.Attributes.UID}
-	attributes["memberOf"] = expectedUser.Attributes.MemberOf
-
-	entry := ldap.NewEntry(expectedUser.DN, attributes)
-
-	user := app.LDAPEntryToLDAPUser(entry)
-	AssertLDAPUserEquals(t, "LDAPEntryToLDAPUser(entry) -> user", user, expectedUser)
-
-	json := app.LDAPUserToGin(user)
-	AssertLDAPUserEquals(t, "LDAPUserToGin(user) -> json", json, expectedUser)
-}
-
-// test the LDAPEntryToGroup and LDAPGroupToGin utility functions
-func TestLDAPGroupDataPipeline(t *testing.T) {
-	var member []string
-	for i := 0; i < RandInt(5, 20); i++ {
-		member = append(member, RandDN(16))
-	}
-
-	expectedGroup := app.LDAPGroup{
-		DN: RandDN(16),
-		Attributes: app.LDAPGroupAttributes{
-			Member: member,
-		},
-	}
-
-	attributes := make(map[string][]string)
-	attributes["member"] = expectedGroup.Attributes.Member
-
-	entry := ldap.NewEntry(expectedGroup.DN, attributes)
-
-	group := app.LDAPEntryToLDAPGroup(entry)
-	AssertLDAPGroupEquals(t, "LDAPEntryToLDAPGroup(entry) -> group", group, expectedGroup)
-
-	json := app.LDAPGroupToGin(group)
-	AssertLDAPGroupEquals(t, "LDAPGroupToGin(group) -> json", json, expectedGroup)
-}
-
-func TestHandleResponse(t *testing.T) {
-	for errorCode := range ldap.LDAPResultCodeMap {
-		expectedMessage := RandString(16)
-		LDAPerr := ldap.NewError(errorCode, errors.New(expectedMessage))
-		res := gin.H{
-			"error": LDAPerr,
-		}
-		LDAPResult := ldap.LDAPResultCodeMap[errorCode]
-
-		handledResponseError := (app.HandleResponse(res))["error"].(gin.H)
-
-		AssertEquals(t, `HandleResponse(res)["error"]["code"]`, handledResponseError["code"].(uint16), errorCode)
-		AssertEquals(t, `HandleResponse(res)["error"]["result"]`, handledResponseError["result"].(string), LDAPResult)
-		AssertEquals(t, `HandleResponse(res)["error"]["message"]`, handledResponseError["message"].(string), expectedMessage)
-	}
-
-	res := gin.H{
-		"ok":     true,
-		"status": RandInt(0, 600),
-	}
-
-	handledResponse := app.HandleResponse(res)
-
-	AssertEquals(t, `HandleResponse(res)["ok"]`, handledResponse["ok"].(bool), res["ok"].(bool))
-	AssertEquals(t, `HandleResponse(res)["satus"]`, handledResponse["status"].(int), res["status"].(int))
-	AssertEquals(t, `HandleResponse(res)["error"]`, handledResponse["error"], nil)
-}