Compare commits
9 Commits
v1.0.5
...
929c381cc8
| Author | SHA1 | Date | |
|---|---|---|---|
|
929c381cc8 | ||
|
|
105b11cae5 | ||
| 222864868d | |||
| 33566572fb | |||
| 7da5c22313 | |||
| bf80945168 | |||
| e18737c043 | |||
| 162eda70b9 | |||
| 0d1dd540c0 |
6
.gitignore
vendored
6
.gitignore
vendored
@@ -1,3 +1,3 @@
|
||||
**/go.sum
|
||||
**/config.json
|
||||
dist/*
|
||||
go.sum
|
||||
dist/*
|
||||
**/config.json
|
||||
4
Makefile
4
Makefile
@@ -1,10 +1,10 @@
|
||||
.PHONY: build test clean dev-init
|
||||
.PHONY: build test clean dev-init dev-reinit
|
||||
|
||||
build: clean
|
||||
@echo "======================== Building Binary ======================="
|
||||
CGO_ENABLED=0 go build -ldflags="-s -w" -v -o dist/ .
|
||||
|
||||
tests: dev-reinit
|
||||
test: dev-reinit
|
||||
@echo "======================== Running Tests ========================="
|
||||
go test -v -cover -coverpkg=./app/ -coverprofile coverage ./test/
|
||||
@echo "======================= Coverage Report ========================"
|
||||
|
||||
13
README.md
13
README.md
@@ -30,9 +30,16 @@ ProxmoxAAS LDAP provides a simple API for managing users and groups in a simplif
|
||||
|
||||
1. Download `proxmoxaas-ldap` binary and `template.config.json` file from [releases](https://git.tronnet.net/tronnet/ProxmoxAAS-LDAP/releases)
|
||||
2. Rename `template.config.json` to `config.json` and modify:
|
||||
- listenPort: port for PAAS-LDAP to bind and listen on
|
||||
- ldapURL: url to the ldap server ie. `ldap://ldap.domain.net`
|
||||
- baseDN: base DN ie. `dc=domain,dc=net`
|
||||
- sessionSecretKey: random value used to randomize cookie values, replace with any sufficiently large random string
|
||||
- startTLS: true if backend LDAP supports StartTLS
|
||||
- basedn: base DN ie. `dc=domain,dc=net`
|
||||
- sessionCookieName: name of the session cookie
|
||||
- sessionCookie: specific cookie properties
|
||||
- path: cookie path
|
||||
- httpOnly: cookie http-only
|
||||
- secure: cookie secure
|
||||
- maxAge: cookie max-age
|
||||
3. Run the binary
|
||||
|
||||
## Building and Testing from Source
|
||||
@@ -50,4 +57,4 @@ Building requires the go toolchain. Testing requires the go toolchain, make, and
|
||||
1. Clone the repository
|
||||
2. Run `go get` to get requirements
|
||||
3. Run `make dev-init` to install test requirements including openldap (slapd), ldap-utils, debconf-utils
|
||||
4. Run `make tests` to run all tests
|
||||
4. Run `make test` to run all tests
|
||||
21
app/app.go
21
app/app.go
@@ -1,6 +1,7 @@
|
||||
package app
|
||||
|
||||
import (
|
||||
"crypto/rand"
|
||||
"encoding/gob"
|
||||
"flag"
|
||||
"log"
|
||||
@@ -15,11 +16,12 @@ import (
|
||||
)
|
||||
|
||||
var LDAPSessions map[string]*LDAPClient
|
||||
var AppVersion = "1.0.5"
|
||||
var AppVersion = "1.0.6"
|
||||
var APIVersion = "1.0.4"
|
||||
|
||||
func Run() {
|
||||
gob.Register(LDAPClient{})
|
||||
gin.SetMode(gin.ReleaseMode)
|
||||
|
||||
log.Printf("Starting ProxmoxAAS-LDAP version %s\n", APIVersion)
|
||||
|
||||
@@ -28,13 +30,19 @@ func Run() {
|
||||
|
||||
config, err := GetConfig(*configPath)
|
||||
if err != nil {
|
||||
log.Fatal("Error when reading config file: ", err)
|
||||
log.Fatalf("Error when reading config file: %s\n", err)
|
||||
}
|
||||
log.Printf("Read in config from %s\n", *configPath)
|
||||
|
||||
gin.SetMode(gin.ReleaseMode)
|
||||
secretKey := make([]byte, 256)
|
||||
n, err := rand.Read(secretKey)
|
||||
if err != nil {
|
||||
log.Fatalf("Error when generating session secret key: %s\n", err.Error())
|
||||
}
|
||||
log.Printf("Generated session secret key of length %d\n", n)
|
||||
|
||||
router := gin.Default()
|
||||
store := cookie.NewStore([]byte(config.SessionSecretKey))
|
||||
store := cookie.NewStore(secretKey)
|
||||
store.Options(sessions.Options{
|
||||
Path: config.SessionCookie.Path,
|
||||
HttpOnly: config.SessionCookie.HttpOnly,
|
||||
@@ -310,5 +318,8 @@ func Run() {
|
||||
|
||||
log.Printf("Starting LDAP API on port %s\n", strconv.Itoa(config.ListenPort))
|
||||
|
||||
router.Run("0.0.0.0:" + strconv.Itoa(config.ListenPort))
|
||||
err = router.Run("0.0.0.0:" + strconv.Itoa(config.ListenPort))
|
||||
if err != nil {
|
||||
log.Fatalf("Error starting router: %s", err.Error())
|
||||
}
|
||||
}
|
||||
|
||||
@@ -13,7 +13,6 @@ type Config struct {
|
||||
LdapURL string `json:"ldapURL"`
|
||||
StartTLS bool `json:"startTLS"`
|
||||
BaseDN string `json:"baseDN"`
|
||||
SessionSecretKey string `json:"sessionSecretKey"`
|
||||
SessionCookieName string `json:"sessionCookieName"`
|
||||
SessionCookie struct {
|
||||
Path string `json:"path"`
|
||||
|
||||
@@ -3,7 +3,6 @@
|
||||
"ldapURL": "ldap://localhost",
|
||||
"startTLS": true,
|
||||
"basedn": "dc=example,dc=com",
|
||||
"sessionSecretKey": "super secret key",
|
||||
"sessionCookieName": "PAASLDAPAuthTicket",
|
||||
"sessionCookie": {
|
||||
"path": "/",
|
||||
|
||||
37
go.mod
37
go.mod
@@ -1,36 +1,35 @@
|
||||
module proxmoxaas-ldap
|
||||
|
||||
go 1.23
|
||||
|
||||
toolchain go1.23.2
|
||||
go 1.23.6
|
||||
|
||||
require (
|
||||
github.com/gin-contrib/sessions v1.0.1
|
||||
github.com/gin-contrib/sessions v1.0.2
|
||||
github.com/gin-gonic/gin v1.10.0
|
||||
github.com/go-ldap/ldap/v3 v3.4.8
|
||||
github.com/go-ldap/ldap/v3 v3.4.10
|
||||
github.com/nu7hatch/gouuid v0.0.0-20131221200532-179d4d0c4d8d
|
||||
)
|
||||
|
||||
require (
|
||||
github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect
|
||||
github.com/bytedance/sonic v1.12.3 // indirect
|
||||
github.com/bytedance/sonic/loader v0.2.0 // indirect
|
||||
github.com/cloudwego/base64x v0.1.4 // indirect
|
||||
github.com/bytedance/sonic v1.12.8 // indirect
|
||||
github.com/bytedance/sonic/loader v0.2.3 // indirect
|
||||
github.com/cloudwego/base64x v0.1.5 // indirect
|
||||
github.com/cloudwego/iasm v0.2.0 // indirect
|
||||
github.com/gabriel-vasile/mimetype v1.4.6 // indirect
|
||||
github.com/gin-contrib/sse v0.1.0 // indirect
|
||||
github.com/gabriel-vasile/mimetype v1.4.8 // indirect
|
||||
github.com/gin-contrib/sse v1.0.0 // indirect
|
||||
github.com/go-asn1-ber/asn1-ber v1.5.7 // indirect
|
||||
github.com/go-playground/locales v0.14.1 // indirect
|
||||
github.com/go-playground/universal-translator v0.18.1 // indirect
|
||||
github.com/go-playground/validator/v10 v10.22.1 // indirect
|
||||
github.com/goccy/go-json v0.10.3 // indirect
|
||||
github.com/go-playground/validator/v10 v10.24.0 // indirect
|
||||
github.com/goccy/go-json v0.10.5 // indirect
|
||||
github.com/google/go-cmp v0.6.0 // indirect
|
||||
github.com/google/uuid v1.6.0 // indirect
|
||||
github.com/gorilla/context v1.1.2 // indirect
|
||||
github.com/gorilla/securecookie v1.1.2 // indirect
|
||||
github.com/gorilla/sessions v1.4.0 // indirect
|
||||
github.com/json-iterator/go v1.1.12 // indirect
|
||||
github.com/klauspost/cpuid/v2 v2.2.8 // indirect
|
||||
github.com/klauspost/cpuid/v2 v2.2.9 // indirect
|
||||
github.com/knz/go-libedit v1.10.1 // indirect
|
||||
github.com/leodido/go-urn v1.4.0 // indirect
|
||||
github.com/mattn/go-isatty v0.0.20 // indirect
|
||||
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
|
||||
@@ -38,11 +37,11 @@ require (
|
||||
github.com/pelletier/go-toml/v2 v2.2.3 // indirect
|
||||
github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
|
||||
github.com/ugorji/go/codec v1.2.12 // indirect
|
||||
golang.org/x/arch v0.11.0 // indirect
|
||||
golang.org/x/crypto v0.28.0 // indirect
|
||||
golang.org/x/net v0.30.0 // indirect
|
||||
golang.org/x/sys v0.26.0 // indirect
|
||||
golang.org/x/text v0.19.0 // indirect
|
||||
google.golang.org/protobuf v1.35.1 // indirect
|
||||
golang.org/x/arch v0.14.0 // indirect
|
||||
golang.org/x/crypto v0.33.0 // indirect
|
||||
golang.org/x/net v0.35.0 // indirect
|
||||
golang.org/x/sys v0.30.0 // indirect
|
||||
golang.org/x/text v0.22.0 // indirect
|
||||
google.golang.org/protobuf v1.36.5 // indirect
|
||||
gopkg.in/yaml.v3 v3.0.1 // indirect
|
||||
)
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
.PHONY: dev-init
|
||||
.PHONY: prerequisites dev-init dev-reinit
|
||||
|
||||
prerequisites:
|
||||
@echo "=================== Installing Prerequisites ==================="
|
||||
apt install debconf-utils slapd ldap-utils sudo gettext
|
||||
apt install debconf-utils slapd ldap-utils sudo gettext gnutls-bin
|
||||
git clone https://git.tronnet.net/tronnet/open-ldap-setup
|
||||
cd open-ldap-setup/; bash gencert.sh < ../gencert.conf;
|
||||
rm -rf open-ldap-setup/
|
||||
|
||||
@@ -3,7 +3,6 @@
|
||||
"ldapURL": "ldap://localhost",
|
||||
"startTLS": true,
|
||||
"basedn": "dc=test,dc=paasldap",
|
||||
"sessionSecretKey": "test",
|
||||
"sessionCookieName": "PAASLDAPAuthTicket",
|
||||
"sessionCookie": {
|
||||
"path": "/",
|
||||
|
||||
@@ -18,7 +18,6 @@ func TestConfig_ValidPath(t *testing.T) {
|
||||
AssertEquals(t, "config.ListenPort", config.ListenPort, 80)
|
||||
AssertEquals(t, "config.LdapURL", config.LdapURL, "ldap://localhost")
|
||||
AssertEquals(t, "config.BaseDN", config.BaseDN, "dc=test,dc=paasldap")
|
||||
AssertEquals(t, "config.SessionSecretKey", config.SessionSecretKey, "test")
|
||||
AssertEquals(t, "config.SessionCookieName", config.SessionCookieName, "PAASLDAPAuthTicket")
|
||||
AssertEquals(t, "config.SessionCookie.Path", config.SessionCookie.Path, "/")
|
||||
AssertEquals(t, "config.SessionCookie.HttpOnly", config.SessionCookie.HttpOnly, true)
|
||||
|
||||
Reference in New Issue
Block a user