Get groups from ldap

merge-requests/6/head
meskio 5 years ago
parent 67c9d94f4d
commit 48c9b2b97a
Signed by: meskio
GPG Key ID: 52B8F5AC97A2DA86
  1. 7
      examples/data.ldif
  2. 65
      ldap/group.go
  3. 53
      ldap/group_test.go

@ -49,3 +49,10 @@ cn: adm
gidNumber: 1
structuralObjectClass: posixGroup
memberUid: superuser
dn: cn=user,ou=Group,dc=nodomain
objectClass: top
objectClass: posixGroup
cn: user
gidNumber: 1000
structuralObjectClass: posixGroup

@ -1,11 +1,18 @@
package ldap
import (
"errors"
"fmt"
"github.com/go-ldap/ldap"
)
// Group has the ldap data of the group
type Group struct {
Name string
Members []string
}
// InGroup checks if user is part of group
func (l Ldap) InGroup(user string, group string) bool {
conn, err := l.connect()
@ -24,3 +31,61 @@ func (l Ldap) InGroup(user string, group string) bool {
sr, err := conn.Search(searchRequest)
return err == nil && len(sr.Entries) > 0
}
// GetGroup returns the group matching the name
func (l Ldap) GetGroup(name string) (Group, error) {
filter := fmt.Sprintf("(&(objectClass=posixGroup)(cn=%s))", ldap.EscapeFilter(name))
groups, err := l.searchGroup(filter)
if err != nil {
return Group{}, err
}
if len(groups) == 0 {
return Group{}, errors.New("Can't find group " + name)
}
return groups[0], nil
}
// ListGroups returns all groups in ldap with members
func (l Ldap) ListGroups() ([]Group, error) {
filter := "(&(objectClass=posixGroup)(memberUid=*))"
return l.searchGroup(filter)
}
// UserGroups returns a list of groups the user is member of
func (l Ldap) UserGroups(user string) ([]Group, error) {
filter := fmt.Sprintf("(&(objectClass=posixGroup)(memberUid=%s))", ldap.EscapeFilter(user))
return l.searchGroup(filter)
}
func (l Ldap) searchGroup(filter string) ([]Group, error) {
conn, err := l.connect()
if err != nil {
return nil, err
}
defer conn.Close()
searchRequest := ldap.NewSearchRequest(
"ou=group,"+l.DC,
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
filter,
[]string{"cn", "memberUid"},
nil,
)
sr, err := conn.Search(searchRequest)
if err != nil {
return nil, err
}
groups := []Group{}
for _, entry := range sr.Entries {
groups = append(groups, newGroup(entry))
}
return groups, nil
}
func newGroup(entry *ldap.Entry) Group {
return Group{
Name: entry.GetAttributeValue("cn"),
Members: entry.GetAttributeValues("memberUid"),
}
}

@ -21,3 +21,56 @@ func TestInGroup(t *testing.T) {
t.Errorf("%s should not be part of nonexistinggroup", admin)
}
}
func TestGetGroup(t *testing.T) {
l := testLdap()
group, err := l.GetGroup("adm")
if err != nil {
t.Errorf("GetGroup(adm) failed: %v", err)
}
if group.Name != "adm" {
t.Errorf("Wrong group name not in adm: %v", group)
}
if group.Members[0] != "superuser" {
t.Errorf("superuser not part of adm: %v", group)
}
}
func TestListGroups(t *testing.T) {
l := testLdap()
groups, err := l.ListGroups()
if err != nil {
t.Errorf("ListGroups() failed: %v", err)
}
if len(groups) != 1 {
t.Errorf("Wrong number of groups: %v", groups)
}
if groups[0].Name != "adm" {
t.Errorf("Wrong group name not in adm: %v", groups)
}
}
func TestUserGroups(t *testing.T) {
l := testLdap()
groups, err := l.UserGroups("user")
if err != nil {
t.Errorf("UserGroups(\"user\") failed: %v", err)
}
if len(groups) != 0 {
t.Errorf("user is member of some groups: %v", groups)
}
groups, err = l.UserGroups("superuser")
if err != nil {
t.Errorf("UserGroups(\"superuser\") failed: %v", err)
}
if len(groups) != 1 {
t.Errorf("superuser grong number of groups: %v", groups)
}
if groups[0].Name != "adm" {
t.Errorf("superuser not in adm: %v", groups)
}
}

Loading…
Cancel
Save