Add Read-Only mode

merge-requests/6/head
meskio 5 years ago
parent 31f3c0b77d
commit b394fdb699
Signed by: meskio
GPG Key ID: 52B8F5AC97A2DA86
  1. 2
      ldap/group.go
  2. 6
      ldap/group_test.go
  3. 20
      ldap/ldap.go
  4. 7
      ldap/ldap_test.go
  5. 8
      ldap/user.go
  6. 24
      ldap/user_test.go
  7. 11
      main.go

@ -15,7 +15,7 @@ func (l Ldap) InGroup(user string, group string) bool {
defer conn.Close()
searchRequest := ldap.NewSearchRequest(
fmt.Sprintf("cn=%s,ou=group,%s", group, l.dc),
fmt.Sprintf("cn=%s,ou=group,%s", group, l.DC),
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
fmt.Sprintf("(&(objectClass=posixGroup)(memberUid=%s))", user),
[]string{"dn"},

@ -8,11 +8,7 @@ const (
)
func TestInGroup(t *testing.T) {
l, err := Init(addr, dc, pass)
if err != nil {
t.Errorf("Error on Init(): %v", err)
}
l := testLdap()
if !l.InGroup(admin, group) {
t.Errorf("%s should be part of group %s", admin, group)
}

@ -6,27 +6,27 @@ import (
// Ldap configuration
type Ldap struct {
addr string
dc string
pass string
Addr string
DC string
Pass string
RO bool
}
// Init the Ldap
func Init(addr string, dc string, pass string) (*Ldap, error) {
l := Ldap{addr, dc, pass}
// Test that the Ldap is responsive
func (l Ldap) Test() error {
conn, err := l.connect()
if err != nil {
return nil, err
return err
}
defer conn.Close()
return &l, nil
return nil
}
func (l Ldap) connect() (*ldap.Conn, error) {
conn, err := ldap.Dial("tcp", l.addr)
conn, err := ldap.Dial("tcp", l.Addr)
if err != nil {
return nil, err
}
err = conn.Bind("cn=nss,"+l.dc, l.pass)
err = conn.Bind("cn=nss,"+l.DC, l.Pass)
return conn, err
}

@ -9,8 +9,13 @@ const (
)
func TestInit(t *testing.T) {
_, err := Init(addr, dc, pass)
l := testLdap()
err := l.Test()
if err != nil {
t.Errorf("Error on Init(): %v", err)
}
}
func testLdap() *Ldap {
return &Ldap{addr, dc, pass, false}
}

@ -3,6 +3,7 @@ package ldap
import (
"errors"
"fmt"
"log"
"github.com/go-ldap/ldap"
)
@ -24,6 +25,11 @@ func (l *Ldap) ChangePass(user string, oldpass string, newpass string) error {
}
defer conn.Close()
if l.RO {
log.Println("Changing password in read only mode")
return nil
}
passwordModifyRequest := ldap.NewPasswordModifyRequest("", oldpass, newpass)
_, err = conn.PasswordModify(passwordModifyRequest)
return err
@ -45,7 +51,7 @@ func (l *Ldap) login(user string, password string) (*ldap.Conn, error) {
func (l *Ldap) searchUser(user string, conn *ldap.Conn) (entry *ldap.Entry, err error) {
searchRequest := ldap.NewSearchRequest(
"ou=people,"+l.dc,
"ou=people,"+l.DC,
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
fmt.Sprintf("(&(objectClass=posixAccount)(uid=%s))", user),
[]string{"dn"},

@ -8,36 +8,24 @@ const (
)
func TestValidate(t *testing.T) {
l, err := Init(addr, dc, pass)
if err != nil {
t.Errorf("Error on Init(): %v", err)
}
err = l.ValidateUser(user, userPass)
l := testLdap()
err := l.ValidateUser(user, userPass)
if err != nil {
t.Errorf("Error on ValidateUser(): %v", err)
}
}
func TestValidateFails(t *testing.T) {
l, err := Init(addr, dc, pass)
if err != nil {
t.Errorf("Error on Init(): %v", err)
}
err = l.ValidateUser(user, userPass+"bar")
l := testLdap()
err := l.ValidateUser(user, userPass+"bar")
if err == nil {
t.Errorf("ValidateUser() didn't fail to auth the user")
}
}
func TestChangePass(t *testing.T) {
l, err := Init(addr, dc, pass)
if err != nil {
t.Errorf("Error on Init(): %v", err)
}
err = l.ChangePass(user, userPass, "newpass")
l := testLdap()
err := l.ChangePass(user, userPass, "newpass")
if err != nil {
t.Errorf("Error on ChangePass(): %v", err)
}

@ -14,14 +14,21 @@ func main() {
ldapdc = flag.String("ldapdc", "", "LDAP domain components")
nsspass = flag.String("nsspass", "", "Password of the LDAP `nss' user")
httpaddr = flag.String("httpaddr", ":8080", "Web server address and port")
ro = flag.Bool("ro", false, "Read-Only mode")
)
flag.String(flag.DefaultConfigFlagname, "/etc/lowry.conf", "Path to configuration file")
flag.Parse()
l, err := ldap.Init(*ldapaddr, *ldapdc, *nsspass)
l := ldap.Ldap{
Addr: *ldapaddr,
DC: *ldapdc,
Pass: *nsspass,
RO: *ro,
}
err := l.Test()
if err != nil {
log.Fatal(err)
}
log.Fatal(server.Serve(*httpaddr, l))
log.Fatal(server.Serve(*httpaddr, &l))
}

Loading…
Cancel
Save