Compare commits
No commits in common. "v1.0.0" and "main" have entirely different histories.
2
Makefile
2
Makefile
@ -1,5 +1,5 @@
|
|||||||
build: clean
|
build: clean
|
||||||
go build -ldflags="-s -w" -o dist/ .
|
CGO_ENABLED=0 go build -ldflags="-s -w" -o dist/ .
|
||||||
|
|
||||||
test: clean
|
test: clean
|
||||||
go run .
|
go run .
|
||||||
|
36
README.md
36
README.md
@ -0,0 +1,36 @@
|
|||||||
|
# ProxmoxAAS LDAP - Simple REST API for LDAP
|
||||||
|
|
||||||
|
ProxmoxAAS LDAP provides a simple API for managing users and groups in a simplified LDAP server. Expected LDAP configuration can be initialized using [open-ldap-setup](https://git.tronnet.net/tronnet/open-ldap-setup).
|
||||||
|
|
||||||
|
## Installation
|
||||||
|
|
||||||
|
### Prerequisites
|
||||||
|
|
||||||
|
- Initialized LDAP server with the following configuration
|
||||||
|
- Structure
|
||||||
|
- Users: ou=people,...
|
||||||
|
- objectType: inetOrgPerson
|
||||||
|
- At least 1 user which is a member of admin group
|
||||||
|
- Groups: ou=groups,...
|
||||||
|
- objectType: groupOfNames
|
||||||
|
- At least 1 admin group
|
||||||
|
- Permissions:
|
||||||
|
- Admin group should have write access
|
||||||
|
- Users should have write access to own attributes (cn, sn, userPassword)
|
||||||
|
- Enable anonymous binding
|
||||||
|
- Load MemberOf Policy:
|
||||||
|
- olcMemberOfDangling: ignore
|
||||||
|
- olcMemberOfRefInt: TRUE
|
||||||
|
- olcMemberOfGroupOC: groupOfNames
|
||||||
|
- olcMemberOfMemberAD: member
|
||||||
|
- olcMemberOfMemberOfAD: memberOf
|
||||||
|
- Password Policy and TLS are recommended but not required
|
||||||
|
|
||||||
|
### Installation
|
||||||
|
|
||||||
|
1. Download `proxmoxaas-ldap` binary and `template.config.json` file from [releases](releases)
|
||||||
|
2. Rename `template.config.json` to `config.json` and modify:
|
||||||
|
- ldapURL: url to the ldap server ie. `ldap://ldap.domain.net`
|
||||||
|
- baseDN: base DN ie. `dc=domain,dc=net`
|
||||||
|
- sessionSecretKey: random value used to randomize cookie values, replace with any sufficiently large random string
|
||||||
|
3. Run the binary
|
@ -15,7 +15,7 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
var LDAPSessions map[string]*LDAPClient
|
var LDAPSessions map[string]*LDAPClient
|
||||||
var APIVersion = "1.0.0"
|
var APIVersion = "1.0.1"
|
||||||
|
|
||||||
func Run() {
|
func Run() {
|
||||||
gob.Register(LDAPClient{})
|
gob.Register(LDAPClient{})
|
||||||
|
26
app/ldap.go
26
app/ldap.go
@ -34,8 +34,8 @@ func (l LDAPClient) GetAllUsers() (int, gin.H) {
|
|||||||
searchRequest := ldap.NewSearchRequest(
|
searchRequest := ldap.NewSearchRequest(
|
||||||
l.peopledn, // The base dn to search
|
l.peopledn, // The base dn to search
|
||||||
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
|
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
|
||||||
"(&(objectClass=inetOrgPerson))", // The filter to apply
|
"(&(objectClass=inetOrgPerson))", // The filter to apply
|
||||||
[]string{"dn", "cn", "sn", "mail", "uid"}, // A list attributes to retrieve
|
[]string{"dn", "cn", "sn", "mail", "uid", "memberOf"}, // A list attributes to retrieve
|
||||||
nil,
|
nil,
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -53,10 +53,11 @@ func (l LDAPClient) GetAllUsers() (int, gin.H) {
|
|||||||
results = append(results, gin.H{
|
results = append(results, gin.H{
|
||||||
"dn": entry.DN,
|
"dn": entry.DN,
|
||||||
"attributes": gin.H{
|
"attributes": gin.H{
|
||||||
"cn": entry.GetAttributeValue("cn"),
|
"cn": entry.GetAttributeValue("cn"),
|
||||||
"sn": entry.GetAttributeValue("sn"),
|
"sn": entry.GetAttributeValue("sn"),
|
||||||
"mail": entry.GetAttributeValue("mail"),
|
"mail": entry.GetAttributeValue("mail"),
|
||||||
"uid": entry.GetAttributeValue("uid"),
|
"uid": entry.GetAttributeValue("uid"),
|
||||||
|
"memberOf": entry.GetAttributeValues("memberOf"),
|
||||||
},
|
},
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
@ -103,8 +104,8 @@ func (l LDAPClient) GetUser(uid string) (int, gin.H) {
|
|||||||
searchRequest := ldap.NewSearchRequest( // setup search for user by uid
|
searchRequest := ldap.NewSearchRequest( // setup search for user by uid
|
||||||
fmt.Sprintf("uid=%s,%s", uid, l.peopledn), // The base dn to search
|
fmt.Sprintf("uid=%s,%s", uid, l.peopledn), // The base dn to search
|
||||||
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
|
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
|
||||||
"(&(objectClass=inetOrgPerson))", // The filter to apply
|
"(&(objectClass=inetOrgPerson))", // The filter to apply
|
||||||
[]string{"dn", "cn", "sn", "mail", "uid"}, // A list attributes to retrieve
|
[]string{"dn", "cn", "sn", "mail", "uid", "memberOf"}, // A list attributes to retrieve
|
||||||
nil,
|
nil,
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -120,10 +121,11 @@ func (l LDAPClient) GetUser(uid string) (int, gin.H) {
|
|||||||
result := gin.H{
|
result := gin.H{
|
||||||
"dn": entry.DN,
|
"dn": entry.DN,
|
||||||
"attributes": gin.H{
|
"attributes": gin.H{
|
||||||
"cn": entry.GetAttributeValue("cn"),
|
"cn": entry.GetAttributeValue("cn"),
|
||||||
"sn": entry.GetAttributeValue("sn"),
|
"sn": entry.GetAttributeValue("sn"),
|
||||||
"mail": entry.GetAttributeValue("mail"),
|
"mail": entry.GetAttributeValue("mail"),
|
||||||
"uid": entry.GetAttributeValue("uid"),
|
"uid": entry.GetAttributeValue("uid"),
|
||||||
|
"memberOf": entry.GetAttributeValues("memberOf"),
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -8,6 +8,6 @@
|
|||||||
"path": "/",
|
"path": "/",
|
||||||
"httpOnly": true,
|
"httpOnly": true,
|
||||||
"secure": false,
|
"secure": false,
|
||||||
"maxAge": 7200000
|
"maxAge": 7200
|
||||||
}
|
}
|
||||||
}
|
}
|
Loading…
Reference in New Issue
Block a user