tronnet/ProxmoxAAS-LDAP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Compare commits

base: tronnet:main
Branches Tags
tronnet:main
tronnet:go-rewrite
tronnet:v1.0.1
tronnet:v1.0.0
..
compare: tronnet:go-rewrite
Branches Tags
tronnet:main
tronnet:go-rewrite
tronnet:v1.0.1
tronnet:v1.0.0

No commits in common. "main" and "go-rewrite" have entirely different histories.
main ... go-rewrite

5 changed files with 14 additions and 57 deletions
Show Stats Expand all files Collapse all files

2
Makefile
View File

@ -1,5 +1,5 @@
build: clean build: clean
CGO_ENABLED=0 go build -ldflags="-s -w" -o dist/ . go build -ldflags="-s -w" -o dist/ .
test: clean test: clean
go run . go run .

36
README.md
View File

@ -1,36 +0,0 @@
# ProxmoxAAS LDAP - Simple REST API for LDAP
ProxmoxAAS LDAP provides a simple API for managing users and groups in a simplified LDAP server. Expected LDAP configuration can be initialized using [open-ldap-setup](https://git.tronnet.net/tronnet/open-ldap-setup).
## Installation
### Prerequisites
- Initialized LDAP server with the following configuration
- Structure
- Users: ou=people,...
- objectType: inetOrgPerson
- At least 1 user which is a member of admin group
- Groups: ou=groups,...
- objectType: groupOfNames
- At least 1 admin group
- Permissions:
- Admin group should have write access
- Users should have write access to own attributes (cn, sn, userPassword)
- Enable anonymous binding
- Load MemberOf Policy:
- olcMemberOfDangling: ignore
- olcMemberOfRefInt: TRUE
- olcMemberOfGroupOC: groupOfNames
- olcMemberOfMemberAD: member
- olcMemberOfMemberOfAD: memberOf
- Password Policy and TLS are recommended but not required
### Installation
1. Download `proxmoxaas-ldap` binary and `template.config.json` file from [releases](releases)
2. Rename `template.config.json` to `config.json` and modify:
- ldapURL: url to the ldap server ie. `ldap://ldap.domain.net`
- baseDN: base DN ie. `dc=domain,dc=net`
- sessionSecretKey: random value used to randomize cookie values, replace with any sufficiently large random string
3. Run the binary

5
app/app.go
View File

@ -15,7 +15,6 @@ import (
) )
var LDAPSessions map[string]*LDAPClient var LDAPSessions map[string]*LDAPClient
var APIVersion = "1.0.1"
func Run() { func Run() {
gob.Register(LDAPClient{}) gob.Register(LDAPClient{})
@ -39,10 +38,6 @@ func Run() {
LDAPSessions = make(map[string]*LDAPClient) LDAPSessions = make(map[string]*LDAPClient)
router.GET("/version", func(c *gin.Context) {
c.JSON(http.StatusOK, gin.H{"version": APIVersion})
})
router.POST("/ticket", func(c *gin.Context) { router.POST("/ticket", func(c *gin.Context) {
var body Login var body Login
if err := c.ShouldBind(&body); err != nil { // bad request from binding if err := c.ShouldBind(&body); err != nil { // bad request from binding

26
app/ldap.go
View File

@ -34,8 +34,8 @@ func (l LDAPClient) GetAllUsers() (int, gin.H) {
searchRequest := ldap.NewSearchRequest( searchRequest := ldap.NewSearchRequest(
l.peopledn, // The base dn to search l.peopledn, // The base dn to search
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
"(&(objectClass=inetOrgPerson))", // The filter to apply "(&(objectClass=inetOrgPerson))", // The filter to apply
[]string{"dn", "cn", "sn", "mail", "uid", "memberOf"}, // A list attributes to retrieve []string{"dn", "cn", "sn", "mail", "uid"}, // A list attributes to retrieve
nil, nil,
) )
@ -53,11 +53,10 @@ func (l LDAPClient) GetAllUsers() (int, gin.H) {
results = append(results, gin.H{ results = append(results, gin.H{
"dn": entry.DN, "dn": entry.DN,
"attributes": gin.H{ "attributes": gin.H{
"cn": entry.GetAttributeValue("cn"), "cn": entry.GetAttributeValue("cn"),
"sn": entry.GetAttributeValue("sn"), "sn": entry.GetAttributeValue("sn"),
"mail": entry.GetAttributeValue("mail"), "mail": entry.GetAttributeValue("mail"),
"uid": entry.GetAttributeValue("uid"), "uid": entry.GetAttributeValue("uid"),
"memberOf": entry.GetAttributeValues("memberOf"),
}, },
}) })
} }
@ -104,8 +103,8 @@ func (l LDAPClient) GetUser(uid string) (int, gin.H) {
searchRequest := ldap.NewSearchRequest( // setup search for user by uid searchRequest := ldap.NewSearchRequest( // setup search for user by uid
fmt.Sprintf("uid=%s,%s", uid, l.peopledn), // The base dn to search fmt.Sprintf("uid=%s,%s", uid, l.peopledn), // The base dn to search
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
"(&(objectClass=inetOrgPerson))", // The filter to apply "(&(objectClass=inetOrgPerson))", // The filter to apply
[]string{"dn", "cn", "sn", "mail", "uid", "memberOf"}, // A list attributes to retrieve []string{"dn", "cn", "sn", "mail", "uid"}, // A list attributes to retrieve
nil, nil,
) )
@ -121,11 +120,10 @@ func (l LDAPClient) GetUser(uid string) (int, gin.H) {
result := gin.H{ result := gin.H{
"dn": entry.DN, "dn": entry.DN,
"attributes": gin.H{ "attributes": gin.H{
"cn": entry.GetAttributeValue("cn"), "cn": entry.GetAttributeValue("cn"),
"sn": entry.GetAttributeValue("sn"), "sn": entry.GetAttributeValue("sn"),
"mail": entry.GetAttributeValue("mail"), "mail": entry.GetAttributeValue("mail"),
"uid": entry.GetAttributeValue("uid"), "uid": entry.GetAttributeValue("uid"),
"memberOf": entry.GetAttributeValues("memberOf"),
}, },
} }

2
configs/template.config.json → configs/config.template.json
View File

@ -8,6 +8,6 @@
"path": "/", "path": "/",
"httpOnly": true, "httpOnly": true,
"secure": false, "secure": false,
"maxAge": 7200 "maxAge": 7200000
} }
} }