Add & remove users

merge-requests/6/head
meskio 5 years ago
parent dec4f29f41
commit 418eb23c5e
Signed by: meskio
GPG Key ID: 52B8F5AC97A2DA86
  1. 34
      ldap/group.go
  2. 16
      ldap/group_test.go
  3. 51
      ldap/ldap.go
  4. 2
      ldap/ldap_test.go
  5. 46
      ldap/user.go
  6. 29
      ldap/user_test.go
  7. 10
      main.go

@ -26,7 +26,7 @@ func (l Ldap) InGroup(user string, group string) bool {
searchRequest := ldap.NewSearchRequest(
fmt.Sprintf("cn=%s,ou=group,%s", ldap.EscapeFilter(group), l.DC),
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
fmt.Sprintf("(&(objectClass=posixGroup)(memberUid=%s))", user),
fmt.Sprintf("(&(objectClass=posixGroup)(memberUid=%s))", ldap.EscapeFilter(user)),
[]string{"dn"},
nil,
)
@ -60,13 +60,13 @@ func (l Ldap) UserGroups(user string) ([]Group, error) {
return l.searchGroup(filter)
}
// CreateGroup adds the group to ldap
func (l Ldap) CreateGroup(name string) error {
// AddGroup adds the group to ldap
func (l Ldap) AddGroup(name string) error {
if _, err := l.GetGroup(name); err == nil {
return errors.New("Group '" + name + "' already exist, can't create it")
}
gid, err := l.getLastGid()
gid, err := l.getLastID("gidNumber")
if err != nil {
return err
}
@ -87,32 +87,12 @@ func (l Ldap) CreateGroup(name string) error {
return conn.Add(addRequest)
}
// DeleteGroup removes the group in ldap
func (l Ldap) DeleteGroup(name string) error {
conn, err := l.connect()
if err != nil {
return err
}
defer conn.Close()
// DelGroup removes the group in ldap
func (l Ldap) DelGroup(name string) error {
dn := fmt.Sprintf("cn=%s,ou=group,%s", ldap.EscapeFilter(name), l.DC)
delRequest := ldap.NewDelRequest(dn, nil)
return conn.Del(delRequest)
return l.del(dn)
}
func (l Ldap) getLastGid() (int, error) {
filter := "(&(objectClass=posixGroup))"
groups, err := l.searchGroup(filter)
if err != nil {
return 0, err
}
gid := 1000
for _, group := range groups {
if group.GID > gid {
gid = group.GID
}
}
return gid, err
}
func (l Ldap) searchGroup(filter string) ([]Group, error) {

@ -75,7 +75,7 @@ func TestUserGroups(t *testing.T) {
}
}
func TestCreateDeleteGroups(t *testing.T) {
func TestAddDelGroups(t *testing.T) {
const name = "test"
l := testLdap()
@ -85,7 +85,7 @@ func TestCreateDeleteGroups(t *testing.T) {
t.Errorf("group %s allready exist", name)
}
err = l.CreateGroup(name)
err = l.AddGroup(name)
if err != nil {
t.Fatalf("CreateGroup(\"%s\") failed: %v", name, err)
}
@ -93,8 +93,18 @@ func TestCreateDeleteGroups(t *testing.T) {
if err != nil {
t.Errorf("GetGroup(\"%s\") failed: %v", name, err)
}
err = l.DeleteGroup(name)
err = l.DelGroup(name)
if err != nil {
t.Errorf("DeleteGroup(\"%s\") failed: %v", name, err)
}
}
func TestAddExistingGroup(t *testing.T) {
l := testLdap()
err := l.AddGroup("adm")
if err == nil {
t.Errorf("Create group 'adm' didn't fail")
}
}

@ -1,15 +1,19 @@
package ldap
import (
"fmt"
"strconv"
"github.com/go-ldap/ldap"
)
// Ldap configuration
type Ldap struct {
Addr string
DC string
Pass string
RO bool
Addr string
DC string
Pass string
HomePath string
RO bool
}
// Test that the Ldap is responsive
@ -30,3 +34,42 @@ func (l Ldap) connect() (*ldap.Conn, error) {
err = conn.Bind("cn=admin,"+l.DC, l.Pass)
return conn, err
}
func (l Ldap) getLastID(attribute string) (int, error) {
conn, err := l.connect()
if err != nil {
return 0, err
}
defer conn.Close()
searchRequest := ldap.NewSearchRequest(
l.DC,
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
fmt.Sprintf("(&(%s=*))", attribute),
[]string{attribute},
nil,
)
sr, err := conn.Search(searchRequest)
if err != nil {
return 0, err
}
id := 0
for _, entry := range sr.Entries {
valueID, err := strconv.Atoi(entry.GetAttributeValue(attribute))
if err == nil && valueID > id {
id = valueID
}
}
return id, nil
}
func (l Ldap) del(dn string) error {
conn, err := l.connect()
if err != nil {
return err
}
defer conn.Close()
delRequest := ldap.NewDelRequest(dn, nil)
return conn.Del(delRequest)
}

@ -17,5 +17,5 @@ func TestInit(t *testing.T) {
}
func testLdap() *Ldap {
return &Ldap{addr, dc, pass, false}
return &Ldap{addr, dc, pass, "/home/", false}
}

@ -88,6 +88,52 @@ func (l *Ldap) ListUsers() ([]User, error) {
return users, nil
}
// AddUser to the ldap
func (l *Ldap) AddUser(user string, pass string, gid int) error {
conn, err := l.connect()
if err != nil {
return err
}
defer conn.Close()
entry, err := l.searchUser(user, conn)
if entry != nil {
return errors.New("User name already exist: " + user)
}
uid, err := l.getLastID("uidNumber")
if err != nil {
return err
}
uid++
userStr := ldap.EscapeFilter(user)
dn := fmt.Sprintf("cn=%s,ou=people,%s", userStr, l.DC)
addRequest := ldap.NewAddRequest(dn)
addRequest.Attribute("uid", []string{userStr})
addRequest.Attribute("cn", []string{userStr})
addRequest.Attribute("objectClass", []string{"account", "posixAccount"})
addRequest.Attribute("loginShell", []string{"/bin/false"})
addRequest.Attribute("homeDirectory", []string{l.HomePath + userStr})
addRequest.Attribute("uidNumber", []string{strconv.Itoa(uid)})
addRequest.Attribute("gidNumber", []string{strconv.Itoa(gid)})
err = conn.Add(addRequest)
if err != nil {
return err
}
passwordModifyRequest := ldap.NewPasswordModifyRequest(dn, "", pass)
_, err = conn.PasswordModify(passwordModifyRequest)
return err
}
// DelUser removes the user from ldap
func (l Ldap) DelUser(user string) error {
dn := fmt.Sprintf("cn=%s,ou=people,%s", ldap.EscapeFilter(user), l.DC)
return l.del(dn)
}
func (l *Ldap) login(user string, password string) (*ldap.Conn, error) {
conn, err := l.connect()
if err != nil {

@ -113,3 +113,32 @@ func TestListUsers(t *testing.T) {
t.Errorf("Not the righ number of users: %v", users)
}
}
func TestAddUser(t *testing.T) {
const newUser = "newUser"
l := testLdap()
err := l.AddUser(newUser, newPass, 0)
if err != nil {
t.Errorf("Error on AddUser(): %v", err)
}
err = l.ValidateUser(newUser, newPass)
if err != nil {
t.Errorf("Error on ValidateUser(): %v", err)
}
err = l.DelUser(newUser)
if err != nil {
t.Errorf("Error on DelUser(): %v", err)
}
}
func TestAddExistingUser(t *testing.T) {
l := testLdap()
err := l.AddUser(user, newPass, 0)
if err == nil {
t.Errorf("It was possible to create an already existing user")
}
}

@ -13,6 +13,7 @@ func main() {
ldapaddr = flag.String("ldapaddr", "localhost:389", "LDAP server address and port")
ldapdc = flag.String("ldapdc", "", "LDAP domain components")
ldappass = flag.String("ldappass", "", "Password of the LDAP `admin' user")
homepath = flag.String("homepath", "/home/", "Path to the user homes")
httpaddr = flag.String("httpaddr", ":8080", "Web server address and port")
ro = flag.Bool("ro", false, "Read-Only mode")
)
@ -20,10 +21,11 @@ func main() {
flag.Parse()
l := ldap.Ldap{
Addr: *ldapaddr,
DC: *ldapdc,
Pass: *ldappass,
RO: *ro,
Addr: *ldapaddr,
DC: *ldapdc,
Pass: *ldappass,
HomePath: *homepath,
RO: *ro,
}
err := l.Test()
if err != nil {

Loading…
Cancel
Save