Lets open a new connection to ldap for each operation

merge-requests/1/head
meskio 5 years ago
parent d4a32b737c
commit ef2ce1d681
  1. 29
      ldap/ldap.go
  2. 40
      ldap/user.go
  3. 5
      main.go
  4. 10
      server/server.go

@ -4,24 +4,29 @@ import (
"github.com/go-ldap/ldap"
)
// Session to the LDAP server
type Session struct {
conn *ldap.Conn
// Ldap configuration
type Ldap struct {
addr string
dc string
pass string
}
// Connect to the LDAP server and return a Session
func Connect(addr string, dc string, pass string) (*Session, error) {
conn, err := ldap.Dial("tcp", addr)
// Init the Ldap
func Init(addr string, dc string, pass string) (*Ldap, error) {
l := Ldap{addr, dc, pass}
conn, err := l.connect()
if err != nil {
return nil, err
}
err = conn.Bind("cn=nss,"+dc, pass)
s := &Session{conn, dc}
return s, err
defer conn.Close()
return &l, nil
}
// Disconnect to the LDAP server
func (s *Session) Disconnect() {
defer s.conn.Close()
func (l Ldap) connect() (*ldap.Conn, error) {
conn, err := ldap.Dial("tcp", l.addr)
if err != nil {
return nil, err
}
err = conn.Bind("cn=nss,"+l.dc, l.pass)
return conn, err
}

@ -7,32 +7,48 @@ import (
"github.com/go-ldap/ldap"
)
// LogIn in the ldap
func (s *Session) LogIn(user string, pass string) error {
entry, err := s.searchUser(user)
// ValidateUser in the ldap
func (l *Ldap) ValidateUser(user string, pass string) error {
conn, err := l.login(user, pass)
defer conn.Close()
return err
}
// ChangePass changes logged in user's password
func (l *Ldap) ChangePass(user string, oldpass string, newpass string) error {
conn, err := l.login(user, oldpass)
defer conn.Close()
if err != nil {
return err
}
userdn := entry.DN
return s.conn.Bind(userdn, pass)
}
// ChangePass changes logged in user's password
func (s *Session) ChangePass(oldpass string, newpass string) error {
passwordModifyRequest := ldap.NewPasswordModifyRequest("", oldpass, newpass)
_, err := s.conn.PasswordModify(passwordModifyRequest)
_, err = conn.PasswordModify(passwordModifyRequest)
return err
}
func (s *Session) searchUser(user string) (entry *ldap.Entry, err error) {
func (l *Ldap) login(user string, password string) (*ldap.Conn, error) {
conn, err := l.connect()
if err != nil {
return nil, err
}
entry, err := l.searchUser(user, conn)
if err != nil {
return nil, err
}
userdn := entry.DN
return conn, conn.Bind(userdn, password)
}
func (l *Ldap) searchUser(user string, conn *ldap.Conn) (entry *ldap.Entry, err error) {
searchRequest := ldap.NewSearchRequest(
"ou=people,"+s.dc,
"ou=people,"+l.dc,
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
fmt.Sprintf("(&(objectClass=posixAccount)(uid=%s))", user),
[]string{"dn"},
nil,
)
sr, err := s.conn.Search(searchRequest)
sr, err := conn.Search(searchRequest)
if err != nil {
return entry, err
}

@ -18,11 +18,10 @@ func main() {
flag.String(flag.DefaultConfigFlagname, "/etc/lowry.conf", "path to configuration")
flag.Parse()
session, err := ldap.Connect(*ldapaddr, *ldapdc, *nsspass)
l, err := ldap.Init(*ldapaddr, *ldapdc, *nsspass)
if err != nil {
log.Fatal(err)
}
defer session.Disconnect()
log.Fatal(server.Serve(*httpaddr, session))
log.Fatal(server.Serve(*httpaddr, l))
}

@ -18,12 +18,12 @@ var tmpl = template.Must(template.ParseFiles(
))
type server struct {
ldap *ldap.Session
ldap *ldap.Ldap
}
// Serve lowry web site
func Serve(addr string, session *ldap.Session) error {
s := server{session}
func Serve(addr string, l *ldap.Ldap) error {
s := server{l}
r := mux.NewRouter()
r.HandleFunc("/", s.homeHandler)
@ -51,7 +51,7 @@ func (s *server) loginHandler(w http.ResponseWriter, r *http.Request) {
user := r.FormValue("user")
pass := r.FormValue("password")
err := s.ldap.LogIn(user, pass)
err := s.ldap.ValidateUser(user, pass)
if err != nil {
tmpl.ExecuteTemplate(w, "login.html", true)
return
@ -86,7 +86,7 @@ func (s *server) passwordHandler(w http.ResponseWriter, r *http.Request) {
return
}
err := s.ldap.ChangePass(oldpass, pass)
err := s.ldap.ChangePass(user, oldpass, pass)
if err != nil {
tmpl.ExecuteTemplate(w, "password.html", "WrongOldpass")
} else {

Loading…
Cancel
Save