5 changed files with 53 additions and 15 deletions
--- a/2
+++ b/2
@ -1,5 +1,5 @@
 build: clean
-	go build -ldflags="-s -w" -o dist/ .
+	CGO_ENABLED=0 go build -ldflags="-s -w" -o dist/ .

 test: clean
 	go run .
--- a/README.md
+++ b/README.md
@ -0,0 +1,36 @@
+# ProxmoxAAS LDAP - Simple REST API for LDAP
+
+ProxmoxAAS LDAP provides a simple API for managing users and groups in a simplified LDAP server. Expected LDAP configuration can be initialized using [open-ldap-setup](https://git.tronnet.net/tronnet/open-ldap-setup). 
+
+## Installation
+
+### Prerequisites
+
+- Initialized LDAP server with the following configuration
+    - Structure
+        - Users: ou=people,...
+            - objectType: inetOrgPerson
+            - At least 1 user which is a member of admin group
+        - Groups: ou=groups,...
+            - objectType: groupOfNames
+            - At least 1 admin group
+    - Permissions:
+        - Admin group should have write access
+        - Users should have write access to own attributes (cn, sn, userPassword)
+        - Enable anonymous binding
+    - Load MemberOf Policy:
+        - olcMemberOfDangling: ignore
+        - olcMemberOfRefInt: TRUE
+        - olcMemberOfGroupOC: groupOfNames
+        - olcMemberOfMemberAD: member
+        - olcMemberOfMemberOfAD: memberOf
+    - Password Policy and TLS are recommended but not required
+
+### Installation
+
+1. Download `proxmoxaas-ldap` binary and `template.config.json` file from [releases](releases)
+2. Rename `template.config.json` to `config.json` and modify:
+    - ldapURL: url to the ldap server ie. `ldap://ldap.domain.net`
+    - baseDN: base DN ie. `dc=domain,dc=net`
+    - sessionSecretKey: random value used to randomize cookie values, replace with any sufficiently large random string
+3. Run the binary
--- a/app/app.go
+++ b/app/app.go
@ -15,7 +15,7 @@ import (
 )

 var LDAPSessions map[string]*LDAPClient
-var APIVersion = "1.0.0"
+var APIVersion = "1.0.1"

 func Run() {
 	gob.Register(LDAPClient{})
--- a/app/ldap.go
+++ b/app/ldap.go
@ -34,8 +34,8 @@ func (l LDAPClient) GetAllUsers() (int, gin.H) {
 	searchRequest := ldap.NewSearchRequest(
 		l.peopledn, // The base dn to search
 		ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
-		"(&(objectClass=inetOrgPerson))",          // The filter to apply
-		[]string{"dn", "cn", "sn", "mail", "uid"}, // A list attributes to retrieve
+		"(&(objectClass=inetOrgPerson))",                      // The filter to apply
+		[]string{"dn", "cn", "sn", "mail", "uid", "memberOf"}, // A list attributes to retrieve
 		nil,
 	)

@ -53,10 +53,11 @@ func (l LDAPClient) GetAllUsers() (int, gin.H) {
 		results = append(results, gin.H{
 			"dn": entry.DN,
 			"attributes": gin.H{
-				"cn":   entry.GetAttributeValue("cn"),
-				"sn":   entry.GetAttributeValue("sn"),
-				"mail": entry.GetAttributeValue("mail"),
-				"uid":  entry.GetAttributeValue("uid"),
+				"cn":       entry.GetAttributeValue("cn"),
+				"sn":       entry.GetAttributeValue("sn"),
+				"mail":     entry.GetAttributeValue("mail"),
+				"uid":      entry.GetAttributeValue("uid"),
+				"memberOf": entry.GetAttributeValues("memberOf"),
 			},
 		})
 	}
@ -103,8 +104,8 @@ func (l LDAPClient) GetUser(uid string) (int, gin.H) {
 	searchRequest := ldap.NewSearchRequest( //  setup search for user by uid
 		fmt.Sprintf("uid=%s,%s", uid, l.peopledn), // The base dn to search
 		ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
-		"(&(objectClass=inetOrgPerson))",          // The filter to apply
-		[]string{"dn", "cn", "sn", "mail", "uid"}, // A list attributes to retrieve
+		"(&(objectClass=inetOrgPerson))",                      // The filter to apply
+		[]string{"dn", "cn", "sn", "mail", "uid", "memberOf"}, // A list attributes to retrieve
 		nil,
 	)

@ -120,10 +121,11 @@ func (l LDAPClient) GetUser(uid string) (int, gin.H) {
 	result := gin.H{
 		"dn": entry.DN,
 		"attributes": gin.H{
-			"cn":   entry.GetAttributeValue("cn"),
-			"sn":   entry.GetAttributeValue("sn"),
-			"mail": entry.GetAttributeValue("mail"),
-			"uid":  entry.GetAttributeValue("uid"),
+			"cn":       entry.GetAttributeValue("cn"),
+			"sn":       entry.GetAttributeValue("sn"),
+			"mail":     entry.GetAttributeValue("mail"),
+			"uid":      entry.GetAttributeValue("uid"),
+			"memberOf": entry.GetAttributeValues("memberOf"),
 		},
 	}

--- a/configs/template.config.json
+++ b/configs/template.config.json
@ -8,6 +8,6 @@
        "path": "/",
        "httpOnly": true,
        "secure": false,
-        "maxAge": 7200000
+        "maxAge": 7200
    }
 }