Beispiel #1
0
func (ls *LdapSource) SearchGroup(name string) (*models.Group, error) {
	l, err := ls.dial()
	if err != nil {
		return nil, err
	}

	err = l.Bind(ls.BindDN, ls.Passwd)
	if err != nil {
		log.Printf("ERROR: Cannot bind: %s\n", err.Error())
		return nil, err
	}

	search := ldap.NewSearchRequest(
		fmt.Sprintf(groupDnFmt, name, ls.Base),
		ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
		"(objectclass=groupOfNames)",
		[]string{"member"},
		nil)
	sr, err := l.Search(search)
	if err != nil {
		// log.Printf("LDAP search error: %s", err)
		return nil, err
	}

	vals := sr.Entries[0].GetAttributeValues("member")

	members := make([]string, len(vals))
	for i, dn := range vals {
		members[i] = dn[strings.Index(dn, "=")+1 : strings.Index(dn, ",")]
	}

	return &models.Group{name, members}, nil
}
Beispiel #2
0
func (ls *LdapSource) ListPaged(limit int) (staffs []*models.Staff) {
	err := ls.Bind(ls.BindDN, ls.Passwd, false)
	if err != nil {
		// log.Printf("ERROR: Cannot bind: %s\n", err.Error())
		return nil
	}

	if limit < 1 {
		limit = 1
	}
	search := ldap.NewSearchRequest(
		"ou=people,"+ls.Base,
		ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
		ls.Filter,
		ls.Attributes,
		nil)

	sr, err := ls.c.SearchWithPaging(search, uint32(limit))
	if err != nil {
		log.Printf("ERROR: %s for search %v\n", err, search)
		return
	}

	if len(sr.Entries) > 0 {
		staffs = make([]*models.Staff, len(sr.Entries))
		for i, entry := range sr.Entries {
			staffs[i] = entryToUser(entry)
		}
	}

	return
}
Beispiel #3
0
// Example User Authentication shows how a typical application can verify a login attempt
func Example_userAuthentication() {
	// The username and password we want to check
	username := "******"
	password := "******"

	bindusername := "******"
	bindpassword := "******"

	l, err := ldap.Dial("tcp", fmt.Sprintf("%s:%d", "ldap.example.com", 389))
	if err != nil {
		log.Fatal(err)
	}
	defer l.Close()

	// Reconnect with TLS
	err = l.StartTLS(&tls.Config{InsecureSkipVerify: true})
	if err != nil {
		log.Fatal(err)
	}

	// First bind with a read only user
	err = l.Bind(bindusername, bindpassword)
	if err != nil {
		log.Fatal(err)
	}

	// Search for the given username
	searchRequest := ldap.NewSearchRequest(
		"dc=example,dc=com",
		ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
		fmt.Sprintf("(&(objectClass=organizationalPerson)&(uid=%s))", username),
		[]string{"dn"},
		nil,
	)

	sr, err := l.Search(searchRequest)
	if err != nil {
		log.Fatal(err)
	}

	if len(sr.Entries) != 1 {
		log.Fatal("User does not exist or too many entries returned")
	}

	userdn := sr.Entries[0].DN

	// Bind as the user to verify their password
	err = l.Bind(userdn, password)
	if err != nil {
		log.Fatal(err)
	}

	// Rebind as the read only user for any futher queries
	err = l.Bind(bindusername, bindpassword)
	if err != nil {
		log.Fatal(err)
	}
}
Beispiel #4
0
// NewSearchRequest creates a new search request for the LDAP query and optionally includes more attributes
func (q *LDAPQuery) NewSearchRequest(additionalAttributes []string) *ldap.SearchRequest {
	return ldap.NewSearchRequest(
		q.BaseDN,
		int(q.Scope),
		int(q.DerefAliases),
		0, // allowed return size - indicates no limit
		q.TimeLimit,
		false, // not types only
		q.Filter,
		additionalAttributes,
		nil, // no controls
	)
}
Beispiel #5
0
// buildDNQuery builds the query that finds an LDAP entry with the given DN
// this is done by setting the DN to be the base DN for the search and setting the search scope
// to only consider the base object found
func (o *LDAPQueryOnAttribute) buildDNQuery(dn string, attributes []string) *ldap.SearchRequest {
	return ldap.NewSearchRequest(
		dn,
		ldap.ScopeBaseObject, // over-ride original
		int(o.DerefAliases),
		0, // allowed return size - indicates no limit
		o.TimeLimit,
		false,           // not types only
		"objectClass=*", // filter that returns all values
		attributes,
		nil, // no controls
	)
}
Beispiel #6
0
func (_s *LDAP) _getBaseDN(rLog SBMSystem.LogFile, search, basedn string) string {
	var uattr = []string{"dn"}

	lsearch := ldap.NewSearchRequest(basedn, 2, ldap.NeverDerefAliases, 0, 0, false, search, uattr, nil)
	sr, err := _s.D.Search(lsearch)
	if err != nil {
		rLog.LogDbg(0, "LDAP::Search() ", basedn, " error: ", err)
	}

	if len(sr.Entries) > 0 {
		for _, entry := range sr.Entries {
			return entry.DN
		}
	}
	return ""
}
Beispiel #7
0
func (ls *LdapSource) getEntry(udn string) (*ldap.Entry, error) {
	search := ldap.NewSearchRequest(
		udn,
		ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
		ls.Filter,
		ls.Attributes,
		nil)
	sr, err := ls.c.Search(search)
	if err != nil {
		log.Printf("LDAP Search '%s' Error: ", udn, err)
		return nil, err
	}

	if len(sr.Entries) > 0 {
		return sr.Entries[0], nil
	}
	return nil, ErrNotFound
}
Beispiel #8
0
func inGroup(username, group string, config *Config, conn *ldap.Conn, attrs []string) (bool, map[string][]string, error) {
	groupDN, err := getDN(group, config, conn)
	if err != nil {
		if config.Debug {
			log.Printf("DEBUG: Error: %s\n", err)
		}
		return false, nil, err
	}
	search := ldap.NewSearchRequest(
		config.BaseDN,
		ldap.ScopeWholeSubtree,
		ldap.DerefAlways,
		1, 0,
		false,
		fmt.Sprintf("(sAMAccountName=%s)", username),
		append(attrs, "memberOf"),
		nil,
	)
	result, lErr := conn.Search(search)
	if lErr != nil {
		if config.Debug {
			log.Printf("DEBUG: LDAP Error %v\n", lErr)
		}
		return false, nil, lErr
	}
	if len(result.Entries) == 1 {
		entryAttrs := attrsToMap(result.Entries[0])
		if groups, ok := entryAttrs["memberOf"]; ok {
			for _, g := range groups {
				if groupDN == g {
					for _, key := range attrs {
						if key == "memberOf" {
							return true, entryAttrs, nil
						}
					}
					delete(entryAttrs, "memberOf")
					return true, entryAttrs, nil
				}
			}
		}
		return false, entryAttrs, nil
	}
	return false, nil, LDAPError("Amount of Entries returned was not one")
}
Beispiel #9
0
func (_s *LDAP) _checkGroupMember(rLog SBMSystem.LogFile, userDN, groupDN, baseDN string, recurse_count int) int {
	var (
		uattr  = []string{"memberOf"}
		result = int(-1)
	)

	if userDN == "" || groupDN == "" {
		return -1
	}

	if recurse_count <= 0 {
		return -1
	}

	lsearch := ldap.NewSearchRequest(userDN, 0, ldap.NeverDerefAliases, 0, 0, false, "(objectclass=*)", uattr, nil)
	sr, err := _s.D.Search(lsearch)
	if err != nil {
		rLog.LogDbg(0, "LDAP::Search() ", userDN, " error: ", err)
	}

	if len(sr.Entries) > 0 {
		for _, entry := range sr.Entries {
			for _, attr := range entry.Attributes {
				if attr.Name == "memberOf" {
					for _, x := range attr.Values {
						if groupDN == x {
							return 0
						} else {
							if x != userDN {
								result = _s._checkGroupMember(rLog, x, groupDN, baseDN, recurse_count-1)
								if result == 0 {
									return 0
								}
							}
						}
					}
				}
			}
		}
	}
	return -1
}
Beispiel #10
0
// buildAttributeQuery builds the query containing a filter that conjoins the common filter given
// in the configuration with the specific attribute filter for which the attribute value is given
func (o *LDAPQueryOnAttribute) buildAttributeQuery(attributeValue string,
	attributes []string) *ldap.SearchRequest {
	specificFilter := fmt.Sprintf("%s=%s",
		ldap.EscapeFilter(o.QueryAttribute),
		ldap.EscapeFilter(attributeValue))

	filter := fmt.Sprintf("(&(%s)(%s))", o.Filter, specificFilter)

	return ldap.NewSearchRequest(
		o.BaseDN,
		int(o.Scope),
		int(o.DerefAliases),
		0, // allowed return size - indicates no limit
		o.TimeLimit,
		false, // not types only
		filter,
		attributes,
		nil, // no controls
	)
}
Beispiel #11
0
// Search LDAP by cn filter
func searchByName(l *ldap.Conn, name string) (*ldap.SearchResult, error) {
	filter := fmt.Sprintf("(cn=%v)", ReplaceAccents(name))
	search := ldap.NewSearchRequest(
		baseDN,
		ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
		filter,
		attributes,
		nil)

	sr, err := l.Search(search)
	if err != nil {
		return nil, err
	}
	switch {
	case len(sr.Entries) == 0:
		return sr, ErrNoResults
	case len(sr.Entries) > 1:
		return sr, ErrTooManyResults
	}
	return sr, nil
}
Beispiel #12
0
func getDN(cn string, config *Config, conn *ldap.Conn) (string, error) {
	search := ldap.NewSearchRequest(
		config.BaseDN,
		ldap.ScopeWholeSubtree,
		ldap.DerefAlways,
		1, 0,
		false,
		fmt.Sprintf("(cn=%s)", cn),
		nil,
		nil,
	)
	result, err := conn.Search(search)
	if err != nil {
		if config.Debug {
			log.Printf("DEBUG: LDAP Error %v\n", err)
		}
		return "", err
	}
	if len(result.Entries) > 0 {
		return result.Entries[0].DN, nil
	}
	return "", ConfigError(fmt.Sprintf("No DN found for: %s", cn))
}
Beispiel #13
0
func getAttrs(username string, config *Config, conn *ldap.Conn, attrs []string) (map[string][]string, error) {
	search := ldap.NewSearchRequest(
		config.BaseDN,
		ldap.ScopeWholeSubtree,
		ldap.DerefAlways,
		1, 0,
		false,
		fmt.Sprintf("(sAMAccountName=%s)", username),
		attrs,
		nil,
	)
	result, lErr := conn.Search(search)
	if lErr != nil {
		if config.Debug {
			log.Printf("DEBUG: LDAP Error %v\n", lErr)
		}
		return nil, lErr
	}
	if len(result.Entries) == 1 {
		return attrsToMap(result.Entries[0]), nil
	}
	return nil, LDAPError("Amount of Entries returned was not one")
}
Beispiel #14
0
// ExampleConn_Search demonstrates how to use the search interface
func ExampleConn_Search() {
	l, err := ldap.Dial("tcp", fmt.Sprintf("%s:%d", "ldap.example.com", 389))
	if err != nil {
		log.Fatal(err)
	}
	defer l.Close()

	searchRequest := ldap.NewSearchRequest(
		"dc=example,dc=com", // The base dn to search
		ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
		"(&(objectClass=organizationalPerson))", // The filter to apply
		[]string{"dn", "cn"},                    // A list attributes to retrieve
		nil,
	)

	sr, err := l.Search(searchRequest)
	if err != nil {
		log.Fatal(err)
	}

	for _, entry := range sr.Entries {
		fmt.Printf("%s: %v\n", entry.DN, entry.GetAttributeValue("cn"))
	}
}
Beispiel #15
0
//ldap search and return required attributes' value from searched entries
//default return entry's DN value if you leave attrs array empty
func (la *LDAPAuth) ldapSearch(l *ldap.Conn, baseDN *string, filter *string, attrs *[]string) (string, error) {
	if l == nil {
		return "", fmt.Errorf("No ldap connection!")
	}
	glog.V(2).Infof("Searching...basedDN:%s, filter:%s", *baseDN, *filter)
	searchRequest := ldap.NewSearchRequest(
		*baseDN,
		ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
		*filter,
		*attrs,
		nil)
	sr, err := l.Search(searchRequest)
	if err != nil {
		return "", err
	}

	if len(sr.Entries) != 1 {
		return "", fmt.Errorf("User does not exist or too many entries returned.")
	}

	var buffer bytes.Buffer
	for _, entry := range sr.Entries {
		if len(*attrs) == 0 {
			glog.V(2).Infof("Entry DN = %s", entry.DN)
			buffer.WriteString(entry.DN)
		} else {
			for _, attr := range *attrs {
				values := strings.Join(entry.GetAttributeValues(attr), " ")
				glog.V(2).Infof("Entry %s = %s", attr, values)
				buffer.WriteString(values)
			}
		}
	}

	return buffer.String(), nil
}
func goNTUWork(conf SBMSystem.ReadJSONConfig, rLog SBMSystem.LogFile) {

	type usIDPartList struct {
		id   int
		name string
	}

	var (
		ldap_Attr   []string
		ldap_VCard  []string
		queryx      string
		multiInsert = int(64)
		//idxUsers    = int(1)
		idxCards = int(1)
		workMode = string("FULL")
		i        int
		pg       SBMConnect.PgSQL
		my       SBMConnect.MySQL
		ld       SBMConnect.LDAP
		err      error
		pgrows1  *sql.Rows
	)

	rLog.Log("--> WakeUP!")

	for i = 0; i < len(conf.Conf.WLB_LDAP_ATTR); i++ {
		ldap_Attr = append(ldap_Attr, conf.Conf.WLB_LDAP_ATTR[i][0])
		ldap_VCard = append(ldap_VCard, conf.Conf.WLB_LDAP_ATTR[i][1])
	}

	if pg.Init(conf, "") < 0 {
		log.Println("Init PgSQL Error!")
		return
	}
	defer pg.Close()

	if my.Init(conf, mySQL_InitDB) < 0 {
		log.Println("Init MySQL Error!")
		return
	}
	defer my.Close()

	if ld.Init(conf) < 0 {
		log.Println("Init LDAP Error!")
		return
	}
	defer ld.Close()

	time.Sleep(10 * time.Second)

	x := make(map[string]string, len(ldap_Attr))

	multiCount := 0
	rLog.Log("\tCreate cacheDB from LDAP...")

	time_now := time.Now().Unix()
	time_get := pg.QSimple("select updtime from aaa_dav_ntu where userid=0;")

	switch {
	case time_get < 0:
		log.Println("PgSQL: Error reading NTU table")
		return
	case time_get > 0:
		pgrows1, err = pg.D.Query("select x.id, x.login, x.password, x.cdavprefix from aaa_logins as x where x.id in (select userid from aaa_dns where userid=x.id) order by login;")
		if err != nil {
			log.Printf("PG::Query() 02 error: %v\n", err)
			return
		}
		workMode = "FULL"
	case time_get == 0:
		pgrows1, err = pg.D.Query("select x.id, x.login, x.password, x.cdavprefix from aaa_logins as x, aaa_dav_ntu as y where x.id=y.userid and x.id in (select userid from aaa_dns where userid=x.id) order by login;")
		if err != nil {
			log.Printf("PG::Query() 03 error: %v\n", err)
			return
		}
		workMode = "PART"
	}

	usID := 0
	usName := ""
	usPass := ""
	usCDavPrefix := 0
	//userIDGet := 0
	usIDArray := make([]usIDPartList, 0)
	for pgrows1.Next() {
		usCDavPrefix = 0
		pgrows1.Scan(&usID, &usName, &usPass, &usCDavPrefix)
		usIDArray = append(usIDArray, usIDPartList{id: usID, name: usName})
		/*
			userIDGet = my.QSimple("select id from users where username='******';")
			switch {
			case userIDGet < 0:
				log.Println("Error get user ID")
				return
			case userIDGet > 0:
				idxUsers = userIDGet
			case userIDGet == 0:
				userIDGet = my.QSimple("select id from users order by id desc limit 1;")
				if userIDGet > 0 {
					userIDGet++
					idxUsers = userIDGet
				} else {
					userIDGet = 0
					userIDGet++
					log.Println("Error get max user ID")
					//return
				}
			}
		*/
		queryx = fmt.Sprintf("INSERT INTO z_cache_users (id, username, digesta1)\n\tVALUES (%d, '%s', '%s');", usID, usName, usPass)
		queryx = fmt.Sprintf("%s\nINSERT INTO z_cache_principals (id, uri, email, displayname, vcardurl)\n\tVALUES (%d, 'principals/%s', NULL, NULL, NULL);", queryx, usID, usName)
		queryx = fmt.Sprintf("%s\nINSERT INTO z_cache_addressbooks (id, principaluri, uri, ctag)\n\tVALUES (%d, 'principals/%s', 'default', 1); select id from users order by id desc limit 1", queryx, usID, usName)
		//log.Printf("%s\n", queryx)
		_, err = my.D.Query(queryx)
		if err != nil {
			log.Printf("03 MySQL::Query() error: %v\n", err)
			log.Printf("%s\n", queryx)
			return
		}

		pgrows2, err := pg.D.Query(fmt.Sprintf("select dn from aaa_dns where userid=%d;", usID))
		if err != nil {
			log.Printf("02 PG::Query() error: %v\n", err)
			return
		}

		usDN := ""
		for pgrows2.Next() {
			pgrows2.Scan(&usDN)
			log.Printf("\t\t\t%3d/%s - %s\n", usID, usName, usDN)

			search := ldap.NewSearchRequest(usDN, 2, ldap.NeverDerefAliases, 0, 0, false, conf.Conf.LDAP_URL[0][4], ldap_Attr, nil)

			sr, err := ld.D.Search(search)
			if err != nil {
				log.Printf("LDAP::Search() error: %v\n", err)
				return
			}

			queryx = ""
			if len(sr.Entries) > 0 {
				for _, entry := range sr.Entries {
					for k := 0; k < len(ldap_Attr); k++ {
						x[ldap_VCard[k]] = ""
					}
					for _, attr := range entry.Attributes {
						for k := 0; k < len(ldap_Attr); k++ {
							if attr.Name == ldap_Attr[k] {
								x[ldap_VCard[k]] = strings.Join(attr.Values, ",")
								x[ldap_VCard[k]] = strings.Replace(x[ldap_VCard[k]], ",", "\n"+ldap_VCard[k]+":", -1)
							}
						}
					}
					y := fmt.Sprintf("BEGIN:VCARD\n")
					for k := 0; k < len(ldap_Attr); k++ {
						if x[ldap_VCard[k]] != "" {
							if ldap_VCard[k] == "FN" {
								fn_split := strings.Split(x[ldap_VCard[k]], " ")
								fn_nofam := strings.Replace(x[ldap_VCard[k]], fn_split[0], "", -1)
								fn_nofam = strings.Trim(fn_nofam, " ")
								y = fmt.Sprintf("%s%s:%s %s\n", y, ldap_VCard[k], fn_nofam, fn_split[0])
							} else {
								switch usCDavPrefix {
								case 2:
									if ldap_VCard[k] == conf.Conf.CardDAVIPSuffix[0] {
										y = fmt.Sprintf("%s%s:%s@%s\n", y, ldap_VCard[k], x[ldap_VCard[k]], conf.Conf.CardDAVIPSuffix[1])
									}
									y = fmt.Sprintf("%s%s:%s\n", y, ldap_VCard[k], x[ldap_VCard[k]])
								case 1:
									if ldap_VCard[k] == conf.Conf.CardDAVIPSuffix[0] {
										y = fmt.Sprintf("%s%s:%s@%s\n", y, ldap_VCard[k], x[ldap_VCard[k]], conf.Conf.CardDAVIPSuffix[1])
									} else {
										y = fmt.Sprintf("%s%s:%s\n", y, ldap_VCard[k], x[ldap_VCard[k]])
									}
								default:
									y = fmt.Sprintf("%s%s:%s\n", y, ldap_VCard[k], x[ldap_VCard[k]])
								}

							}
						}
					}
					z := md5.New()
					z.Write([]byte(y))
					uid := hex.EncodeToString(z.Sum(nil))
					y = fmt.Sprintf("%sUID:%s\n", y, uid)
					y = fmt.Sprintf("%sEND:VCARD\n", y)
					queryx = fmt.Sprintf("%s\nINSERT INTO z_cache_cards (id, addressbookid, carddata, uri, lastmodified)\n\tVALUES (%d, %d, '%s', '%s.vcf', NULL);", queryx, idxCards, usID, y, uid)
					if multiCount > multiInsert {
						_, err = my.D.Query(queryx)
						if err != nil {
							log.Printf("MySQL::Query() error: %v\n", err)
							log.Printf("%s\n", queryx)
							return
						}
						queryx = ""
						multiCount = 0
					}
					multiCount++
					idxCards++

				}
			}
			_, err = my.D.Query(queryx)
			if err != nil {
				log.Printf("MySQL::Query() error: %v\n", err)
				log.Printf("%s\n", queryx)
				return
			}
			queryx = ""
			multiCount = 0
		}
		//idxUsers++
	}

	rLog.Log("\t\tComplete!")

	if workMode == "PART" {
		rLog.Log("\tUpdate tables in PartialUpdate mode...")
		for j := 0; j < len(usIDArray); j++ {
			log.Printf("\t\t\tUpdate %d/%s...\n", usIDArray[j].id, usIDArray[j].name)
			for i := 0; i < len(mySQL_Update_part1); i++ {
				log.Printf("\t\t\tstep %d (%d of %d)...\n", j+1, i+1, len(mySQL_Update_part1))
				if my.QSimple(strings.Replace(mySQL_Update_part1[i], "XYZIDXYZ", fmt.Sprintf("%d", usIDArray[j].id), -1)) < 0 {
					log.Println("MySQL: Update error")
					return
				}
				time.Sleep(2 * time.Second)
			}
			for i := 0; i < len(mySQL_Update1); i++ {
				log.Printf("\t\t\tstep %d (%d of %d)...\n", j+1, i+1, len(mySQL_Update1))

				if my.QSimple(mySQL_Update1[i]) < 0 {
					log.Println("MySQL: Update error")
					return
				}
				time.Sleep(2 * time.Second)
			}
			for i := 0; i < len(mySQL_Update_part2); i++ {
				log.Printf("\t\t\tstep %d (%d of %d)...\n", j+1, i+1, len(mySQL_Update_part2))
				if my.QSimple(strings.Replace(mySQL_Update_part2[i], "XYZIDXYZ", fmt.Sprintf("%d", usIDArray[j].id), -1)) < 0 {
					log.Println("MySQL: Update error")
					return
				}
				time.Sleep(2 * time.Second)
			}
			for i := 0; i < len(mySQL_Update2); i++ {
				log.Printf("\t\t\tstep %d (%d of %d)...\n", j+1, i+1, len(mySQL_Update2))
				if my.QSimple(mySQL_Update2[i]) < 0 {
					log.Println("MySQL: Update error")
					return
				}
				time.Sleep(2 * time.Second)
			}
			time.Sleep(2 * time.Second)
		}
	} else {
		rLog.Log("\tUpdate tables...")
		for i := 0; i < len(mySQL_Update_full1); i++ {
			log.Printf("\t\t\tstep %d of %d...\n", i+1, len(mySQL_Update_full1))
			if my.QSimple(mySQL_Update_full1[i]) < 0 {
				log.Println("MySQL: Update error")
				return
			}
			time.Sleep(2 * time.Second)
		}
		for i := 0; i < len(mySQL_Update1); i++ {
			log.Printf("\t\t\tstep %d of %d...\n", i+1, len(mySQL_Update1))
			if my.QSimple(mySQL_Update1[i]) < 0 {
				log.Println("MySQL: Update error")
				return
			}
			time.Sleep(2 * time.Second)
		}
		for i := 0; i < len(mySQL_Update_full2); i++ {
			log.Printf("\t\t\tstep %d of %d...\n", i+1, len(mySQL_Update_full2))
			if my.QSimple(mySQL_Update_full2[i]) < 0 {
				log.Println("MySQL: Update error")
				return
			}
			time.Sleep(2 * time.Second)
		}
		for i := 0; i < len(mySQL_Update2); i++ {
			log.Printf("\t\t\tstep %d of %d...\n", i+1, len(mySQL_Update2))
			if my.QSimple(mySQL_Update2[i]) < 0 {
				log.Println("MySQL: Update error")
				return
			}
			time.Sleep(2 * time.Second)
		}
	}

	rLog.Log("\t\tComplete!")

	rLog.Log("\tClean NeedToUpdate table...")

	if pg.QSimple("delete from aaa_dav_ntu where userid=0 or updtime<", time_now, ";") < 0 {
		log.Println("PgSQL: Clean NTU table error")
		return
	}

	rLog.Log("\tComplete!")
	rLog.Bye()
}
Beispiel #17
0
func indexHandler(w http.ResponseWriter, r *http.Request) {
	var (
		xSearchPplMode = int(0)
		xSearch        string
		xMessage       string

		dn          string
		dn_back     string
		dn_back_tmp []string

		go_home_button string

		ldap_Search string

		ldapSearchMode = int(1)

		ckl1 int

		ldap_Attr []string

		xGetDN  [1000]string
		xGetCkl int

		l   *ldap.Conn
		err error

		xFRColor     = string("#FFFFFF")
		xBGColor     = string("#FFFFFF")
		LUserName    = string("")
		setAdminMode = string("")
	)

	username, userperm := CheckUserSession(r, w)

	//fmt.Printf("%s / %d\n", username, userperm)

	switch userperm {
	case roleAdmin:
		xFRColor = "#FF0000"
		xBGColor = "#FFFFFF"
		LUserName = username
		setAdminMode = "Yes"
	case roleUser:
		xFRColor = "#0000FF"
		xBGColor = "#FFFFFF"
		LUserName = username
	default:
		xFRColor = "#FFFFFF"
		xBGColor = "#FFFFFF"
		LUserName = ""
	}

	ldap_Attr = make([]string, len(rconf.WLB_LDAP_ATTR))

	for ckl1 := 0; ckl1 < len(rconf.WLB_LDAP_ATTR); ckl1++ {
		ldap_Attr[ckl1] = rconf.WLB_LDAP_ATTR[ckl1][0]
	}

	SABModules.Log_ON(&rconf)
	defer SABModules.Log_OFF()

	get_dn := r.FormValue("dn")
	get_cn := r.FormValue("cn")
	get_fn := r.FormValue("FirstName")
	get_ln := r.FormValue("LastName")
	searchMode := r.FormValue("SearchMode")

	remIPClient := getIPAddress(r)
	//	log.Printf("DN: %s --- CN: %s", get_dn, get_cn)

	if get_dn == "" {
		dn = rconf.LDAP_URL[ldap_count][3]
	} else {
		dn = get_dn
	}

	if len(dn) < len(rconf.LDAP_URL[ldap_count][3]) {
		dn = rconf.LDAP_URL[ldap_count][3]
	}

	log.Printf("->")
	log.Printf("--> %s", pVersion)
	log.Printf("->")
	ucurl, _ := strconv.Unquote(r.RequestURI)
	log.Println(remIPClient + " --> http://" + r.Host + ucurl)
	log.Printf("%s ++> DN: %s / CN: %s / Mode: %d / Def.DN: %s", remIPClient, dn, ldap_Search, ldapSearchMode, rconf.LDAP_URL[ldap_count][3])

	if get_cn == "" && get_ln == "" && get_fn == "" {
		ldap_Search = rconf.LDAP_URL[ldap_count][4]
	} else {
		log.Printf("%s ++> SQL Search: %s/%s/%s\n", remIPClient, get_cn, get_fn, get_ln)
		dbpg, err := sql.Open("postgres", rconf.PG_DSN)
		if err != nil {
			log.Fatalf("PG_INIT::Open() error: %v\n", err)
		}

		defer dbpg.Close()

		queryx := "select x.dn from ldap_entries as x, ldapx_persons as y where x.uid=y.uid"
		if len(get_cn) > 2 {
			queryx = fmt.Sprintf("%s and lower(fullname) like lower('%%%s%%')", queryx, strings.ToLower(get_cn))
		}
		if len(get_ln) > 2 {
			queryx = fmt.Sprintf("%s and lower(surname) like lower('%s%%')", queryx, strings.ToLower(get_ln))
		}
		if len(get_fn) > 2 {
			queryx = fmt.Sprintf("%s and lower(name) like lower('%s%%')", queryx, strings.ToLower(get_fn))
		}
		if len(get_cn) <= 2 && len(get_ln) <= 2 && len(get_fn) <= 2 {
			queryx = fmt.Sprintf("%s and 2=3;", queryx)
		} else {
			queryx = fmt.Sprintf("%s;", queryx)
		}
		//		log.Printf("Search QUERY: %s\n", queryx)
		rows, err := dbpg.Query(queryx)
		if err != nil {
			fmt.Printf("SQL Error: %s\n", queryx)
			log.Printf("PG::Query() Check LDAP tables error: %v\n", err)
			return
		}
		xGetCkl = 0
		for rows.Next() {
			rows.Scan(&xGetDN[xGetCkl])
			//fmt.Println("XXX:", xGetDN[xGetCkl], dn)
			if strings.Contains(strings.ToLower(xGetDN[xGetCkl]), strings.ToLower(dn)) || searchMode == "Full" {
				log.Printf("%s <-- SQL Found: %s\n", remIPClient, xGetDN[xGetCkl])
				xGetCkl++
				if xGetCkl > userLimit {
					xMessage = fmt.Sprintf("Количество персон по вашему запросу превысило %d! Пожалуйста, задайте критерии более конкретно!", userLimit)
					break
				}
			}
		}
		xSearchPplMode = 1
		ldapSearchMode = 2
	}

	if strings.ToLower(dn) != strings.ToLower(rconf.LDAP_URL[ldap_count][3]) || xSearchPplMode == 1 {
		go_home_button = "+"
	}
	if ldapSearchMode != 2 {
		xSearch = "+"
	}

	if strings.ToLower(dn) != strings.ToLower(rconf.LDAP_URL[ldap_count][3]) {
		if ldapSearchMode == 1 && xSearchPplMode == 0 {
			dn_back_tmp = strings.Split(dn, ",")
			for ckl1 = 1; ckl1 < len(dn_back_tmp); ckl1++ {
				if ckl1 == 1 {
					dn_back = dn_back_tmp[ckl1]
				} else {
					dn_back += fmt.Sprintf(",%s", dn_back_tmp[ckl1])
				}
			}
		}
	}

	//	log.Printf("%s ... Initialize LDAP connector...", remIPClient)

	if initLDAPConnector() == "error" {
		return
	}

	l, err = ldap.Dial("tcp", rconf.LDAP_URL[ldap_count][0])
	if err != nil {
		fmt.Fprintf(w, err.Error())
		log.Printf("LDAP::Initialize() error: %v\n", err)
		return
	}

	//		l.Debug = true
	defer l.Close()

	log.Printf("%s =!= Connected to server %d of %d: %s", remIPClient, ldap_count+1, len(rconf.LDAP_URL), rconf.LDAP_URL[ldap_count][0])

	err = l.Bind(rconf.LDAP_URL[ldap_count][1], rconf.LDAP_URL[ldap_count][2])
	if err != nil {
		fmt.Fprintf(w, err.Error())
		log.Printf("LDAP::Bind() error: %v\n", err)
		return
	}

	t, err := template.ParseFiles("templates/header.html")
	if err != nil {
		fmt.Fprintf(w, err.Error())
		log.Println(err.Error())
		return
	}

	t.ExecuteTemplate(w, "header", template.FuncMap{"Pagetitle": rconf.WLB_HTML_Title, "FRColor": xFRColor, "BGColor": xBGColor})

	t, err = template.ParseFiles("templates/search.html")
	if err != nil {
		fmt.Fprintf(w, err.Error())
		log.Println(err.Error())
		return
	}

	t.ExecuteTemplate(w, "search", template.FuncMap{"GoHome": go_home_button, "PrevDN": dn_back, "DN": dn, "xSearch": xSearch, "xMessage": xMessage, "LineColor": "#EEEEEE", "LUserName": LUserName, "LoginShow": "Yes", "RedirectDN": r.RequestURI})

	t, err = template.ParseFiles("templates/index.html")
	if err != nil {
		fmt.Fprintf(w, err.Error())
		log.Println(err.Error())
		return
	}

	if xSearchPplMode == 0 {

		search := ldap.NewSearchRequest(dn, ldapSearchMode, ldap.NeverDerefAliases, 0, 0, false, ldap_Search, ldap_Attr, nil)

		//	log.Printf("Search: %v\n%v\n%v\n%v\n%v\n%v\n", search, dn, ldapSearchMode, ldap.NeverDerefAliases, ldap_Search, ldap_Attr)

		sr, err := l.Search(search)
		if err != nil {
			fmt.Fprintf(w, err.Error())
			log.Printf("LDAP::Search() error: %v\n", err)
			return
		}

		//	fmt.Printf("\n\nSearch: %v", search)

		log.Printf("%s ++> search: %s // found: %d\n", remIPClient, search.Filter, len(sr.Entries))

		if len(sr.Entries) > 0 {
			dnList := make(map[string]tList, len(sr.Entries))
			for _, entry := range sr.Entries {
				fType := ""
				fField := make(map[string]string, len(rconf.WLB_LDAP_ATTR))
				for _, attr := range entry.Attributes {
					for ckl1 := 0; ckl1 < len(rconf.WLB_LDAP_ATTR); ckl1++ {
						if attr.Name == rconf.WLB_LDAP_ATTR[ckl1][0] {
							fField[rconf.WLB_LDAP_ATTR[ckl1][1]] = fmt.Sprintf("%s", strings.Join(attr.Values, ","))
							//						fmt.Printf("Name: %s==%s --> %s = %s\n", attr.Name, rconf.WLB_LDAP_ATTR[ckl1][0], rconf.WLB_LDAP_ATTR[ckl1][1], fField[rconf.WLB_LDAP_ATTR[ckl1][1]])
							if rconf.WLB_LDAP_ATTR[ckl1][1] == "ORGName" {
								fType = "Org"
							}
							if rconf.WLB_LDAP_ATTR[ckl1][1] == "USERName" {
								fType = "User"
							}
						}
					}
				}
				getMore(remIPClient, fField, fType, l, dnList, setAdminMode)
			}
			t.ExecuteTemplate(w, "index", dnList)
		}
	} else {
		dnList := make(map[string]tList, xGetCkl)
		for ckl1 = 0; ckl1 < xGetCkl; ckl1++ {
			//			fmt.Printf("GET: %s / %d\n", xGetDN[ckl1], ckl1)
			search := ldap.NewSearchRequest(xGetDN[ckl1], 0, ldap.NeverDerefAliases, 0, 0, false, "(objectClass=inetOrgPerson)", ldap_Attr, nil)
			//			fmt.Printf("GET: %v\n", search)
			sr, err := l.Search(search)
			if err != nil {
				fmt.Printf(err.Error())
				//				fmt.Fprintf(w, err.Error())
				log.Printf("LDAP::Search() error: %v %v\n", search, err)
				continue
			}
			fType := "User"
			fField := make(map[string]string, len(rconf.WLB_LDAP_ATTR))
			fField["DN"] = xGetDN[ckl1]
			if len(sr.Entries) > 0 {
				for _, entry := range sr.Entries {
					for _, attr := range entry.Attributes {
						for ckl2 := 0; ckl2 < len(rconf.WLB_LDAP_ATTR); ckl2++ {
							if attr.Name == rconf.WLB_LDAP_ATTR[ckl2][0] {
								fField[rconf.WLB_LDAP_ATTR[ckl2][1]] = fmt.Sprintf("%s", strings.Join(attr.Values, ","))
								//								fmt.Printf("Name: %s==%s --> %s = %s\n", attr.Name, rconf.WLB_LDAP_ATTR[ckl1][0], rconf.WLB_LDAP_ATTR[ckl1][1], fField[rconf.WLB_LDAP_ATTR[ckl1][1]])
							}
						}

					}
				}
			}
			getMore(remIPClient, fField, fType, l, dnList, setAdminMode)
		}
		t.ExecuteTemplate(w, "index", dnList)
	}

	t, err = template.ParseFiles("templates/footer.html")
	if err != nil {
		fmt.Fprintf(w, err.Error())
		log.Println(err.Error())
		return
	}

	t.ExecuteTemplate(w, "footer", template.FuncMap{"WebBookVersion": pVersion, "xMailBT": rconf.WLB_MailBT, "LineColor": "#EEEEEE"})
}
Beispiel #18
0
func main() {
	flag.Usage = func() {
		fmt.Println(`ldapr -term "TERM" [-attr NAME,...] -tmpl "TEMPLATE"`)
		os.Exit(2)
	}

	term := flag.String("term", "", "")
	attr := flag.String("attr", "", "")
	tmpl := flag.String("tmpl", "", "")

	flag.Parse()

	viper.SetConfigName("ldapr")
	viper.SetConfigType("toml")

	viper.AddConfigPath(".")
	viper.AddConfigPath("~")

	if err := viper.ReadInConfig(); err != nil {
		util.Error(err, 1)
	}

	conn, err := ldap.Dial("tcp", viper.GetString("server"))
	if err != nil {
		util.Error(err, 1)
	}

	if err := conn.Bind(viper.GetString("user"), viper.GetString("password")); err != nil {
		util.Error(err, 1)
	}

	var attrs []string
	if *attr != "" {
		attrs = strings.Split(*attr, ",")
	}

	if res, err := conn.SearchWithPaging(ldap.NewSearchRequest(viper.GetString("base"),
		ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
		*term, attrs, []ldap.Control{},
	), 1000); err != nil {
		util.Error(err, 1)
	} else {
		if *tmpl != "" {
			for _, entry := range res.Entries {
				m := map[string]string{
					"DN": entry.DN,
				}

				for _, attr := range entry.Attributes {
					m[attr.Name] = strings.Join(attr.Values, ",")
				}

				if *tmpl != "" {
					tmp, err := template.New("ldapr").Parse(strings.TrimSpace(*tmpl) + "\n")
					if err != nil {
						util.Error(err, 1)
					}
					if err := tmp.Execute(os.Stdout, m); err != nil {
						util.Error(err, 1)
					}
				}
			}
		} else {
			for _, entry := range res.Entries {
				entry.PrettyPrint(0)
			}
		}

	}
}
Beispiel #19
0
// getIdentity looks up a username in an LDAP server, and attempts to bind to the user's DN using the provided password
func (a *Authenticator) getIdentity(username, password string) (authapi.UserIdentityInfo, bool, error) {
	defer func() {
		if e := recover(); e != nil {
			util.HandleError(fmt.Errorf("Recovered panic: %v, %s", e, debug.Stack()))
		}
	}()

	if len(username) == 0 || len(password) == 0 {
		return nil, false, nil
	}

	// Make the connection
	l, err := a.connect()
	if err != nil {
		return nil, false, err
	}
	defer l.Close()

	// If specified, bind the username/password for search phase
	if len(a.options.BindDN) > 0 {
		if err := l.Bind(a.options.BindDN, a.options.BindPassword); err != nil {
			return nil, false, err
		}
	}

	// & together the filter specified in the LDAP options with the user-specific filter
	filter := fmt.Sprintf("(&%s(%s=%s))",
		a.options.URL.Filter,
		ldap.EscapeFilter(a.options.URL.QueryAttribute),
		ldap.EscapeFilter(username),
	)

	// Build list of attributes to retrieve
	attrs := util.NewStringSet(a.options.URL.QueryAttribute)
	attrs.Insert(a.options.AttributeEmail...)
	attrs.Insert(a.options.AttributeName...)
	attrs.Insert(a.options.AttributePreferredUsername...)
	attrs.Insert(a.options.AttributeID...)

	// Search for LDAP record
	searchRequest := ldap.NewSearchRequest(
		a.options.URL.BaseDN,     // base dn
		int(a.options.URL.Scope), // scope
		ldap.NeverDerefAliases,   // deref
		2,            // size limit, we want to know if this is not unique, but don't want the entire tree
		0,            // no client-specified time limit, determined by LDAP server. TODO: make configurable?
		false,        // not types only
		filter,       // filter
		attrs.List(), // attributes to retrieve
		nil,          // controls
	)

	glog.V(4).Infof("searching for %s", filter)
	results, err := l.Search(searchRequest)
	if err != nil {
		return nil, false, err
	}

	if len(results.Entries) == 0 {
		// 0 results means a missing username, not an error
		glog.V(4).Infof("no entries matching %s", filter)
		return nil, false, nil
	}
	if len(results.Entries) > 1 {
		// More than 1 result means a misconfigured server filter or query parameter
		return nil, false, fmt.Errorf("multiple entries found matching %q", username)
	}

	entry := results.Entries[0]
	glog.V(4).Infof("found dn=%q for %s", entry.DN, filter)

	// Bind with given username and password to attempt to authenticate
	if err := l.Bind(entry.DN, password); err != nil {
		glog.V(4).Infof("error binding password for %q: %v", entry.DN, err)
		if err, ok := err.(*ldap.Error); ok {
			switch err.ResultCode {
			case ldap.LDAPResultInappropriateAuthentication:
				// inappropriateAuthentication (48)
				//    Indicates the server requires the client that had attempted
				//    to bind anonymously or without supplying credentials to
				//    provide some form of credentials.
				fallthrough
			case ldap.LDAPResultInvalidCredentials:
				// invalidCredentials (49)
				//    Indicates that the provided credentials (e.g., the user's name
				//    and password) are invalid.

				// Authentication failed, return false, but no error
				return nil, false, nil
			}
		}
		return nil, false, err
	}

	// Build the identity
	uid := getAttributeValue(entry, a.options.AttributeID)
	if uid == "" {
		return nil, false, fmt.Errorf("Could not retrieve a non-empty value from %v attributes for dn=%q", a.options.AttributeID, entry.DN)
	}
	identity := authapi.NewDefaultUserIdentityInfo(a.providerName, uid)

	// Add optional extra attributes if present
	for k, attrs := range map[string][]string{
		authapi.IdentityPreferredUsernameKey: a.options.AttributePreferredUsername,
		authapi.IdentityEmailKey:             a.options.AttributeEmail,
		authapi.IdentityDisplayNameKey:       a.options.AttributeName,
	} {
		if v := getAttributeValue(entry, attrs); len(v) != 0 {
			identity.Extra[k] = v
		}
	}

	return identity, true, nil
}
func AD_to_PG(conf *SABModules.Config_STR, pg_minsert int) int {
	var (
		ckl_servers int
		num_servers int
		ckl         = int(0)
		queryx      string

		pg_AD_Create = string(`
			CREATE TABLE IF NOT EXISTS XYZWorkTableZYX
				(domain character varying(255), server character varying(255),
					displayname character varying(255), cn character varying(255),
					dlogin character varying(255), login character varying(255),
					mail character varying(255),
					ph_int character varying(255),
					ph_mob character varying(255),
					ph_ip character varying(255),
					department character varying(255), title character varying(255),
					dn character varying(255),
					connected character varying(5) NOT NULL DEFAULT 'no'::character varying,
					primary key (dlogin));
			`)

		pg_AD_Create_Status = string(`
			CREATE TABLE IF NOT EXISTS XYZWorkTableZYX
				(server character varying(255), status character varying(255),
					primary key (server));
			`)
		return_result = int(0)
	)

	log.Printf("AD Export to PG...")

	rusFindRegExp := regexp.MustCompile(`[А-Яа-я]`)

	num_servers = len(conf.AD_LDAP)

	//	fmt.Printf("%d\n", num_servers)

	for ckl = 0; ckl < num_servers; ckl++ {
		conf.AD_LDAP[ckl][6] = "enabled"
	}

	db, err := sql.Open("postgres", conf.PG_DSN)
	if err != nil {
		log.Printf("PG::Open() error: %v\n", err)
		return 10
	}

	defer db.Close()

	queryx = strings.Replace(pg_AD_Create, "XYZWorkTableZYX", SABDefine.PG_Table_AD, -1)
	_, err = db.Query(queryx)
	if err != nil {
		log.Printf("PG::Exec() error: %v\n", err)
		return 11
	}
	queryx = strings.Replace(pg_AD_Create_Status, "XYZWorkTableZYX", SABDefine.PG_Table_AD_Status, -1)
	_, err = db.Query(queryx)
	if err != nil {
		log.Printf("PG::Exec() error: %v\n", err)
		return 12
	}

	for ckl_servers = 0; ckl_servers < num_servers; ckl_servers++ {

		if conf.AD_LDAP[ckl_servers][6] != "enabled" {
			continue
		}

		log.Printf("\t\tServer %2d of %2d / Pass  1 of  1 / Domain: %s, Controller: %s\n", ckl_servers+1, num_servers, conf.AD_LDAP[ckl_servers][0], conf.AD_LDAP[ckl_servers][1])

		l, err := ldap.Dial("tcp", conf.AD_LDAP[ckl_servers][1])
		if err != nil {
			log.Printf("LDAP::Initialize() error: %v\n", err)
			continue
		}

		defer l.Close()
		//		l.Debug = true

		err = l.Bind(conf.AD_LDAP[ckl_servers][2], conf.AD_LDAP[ckl_servers][3])
		if err != nil {
			log.Printf("LDAP::Bind() error: %v\n", err)
			continue
		}

		search := ldap.NewSearchRequest(conf.AD_LDAP[ckl_servers][4], ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, conf.AD_LDAP[ckl_servers][5], SABDefine.AD_attr, nil)

		sr, err := l.Search(search)
		if err != nil {
			log.Printf("LDAP::Search() error: %v\n", err)
			continue
		}

		log.Printf("\t\t\t%s // %d\n", search.Filter, len(sr.Entries))

		if len(sr.Entries) > 10 {
			timenow := time.Now().Format("2006.01.02 15:04:05")

			queryx = fmt.Sprintf("INSERT INTO %s (server, status) select '%s', '%s' where not exists (select server from %s where server='%s'); update %s set status='%s' where server='%s'; ", SABDefine.PG_Table_AD_Status, conf.AD_LDAP[ckl_servers][1], timenow, SABDefine.PG_Table_AD_Status, conf.AD_LDAP[ckl_servers][1], SABDefine.PG_Table_AD_Status, timenow, conf.AD_LDAP[ckl_servers][1])
			//			log.Printf("%s\n", queryx)
			_, err = db.Query(queryx)
			if err != nil {
				log.Printf("%s\n", queryx)
				log.Printf("PG::Query() Insert error: %v\n", err)
				return 13
			}

			_, err = db.Query(fmt.Sprintf("delete from %s where server='%s';", SABDefine.PG_Table_AD, conf.AD_LDAP[ckl_servers][1]))
			if err != nil {
				log.Printf("PG::Query() Clean table error: %v\n", err)
				return 14
			}

		}

		ckl = 0
		for _, entry := range sr.Entries {
			if ckl < 1 {
				queryx = ""
			}
			fName := ""
			fCN := ""
			fLogin := ""
			fMail := ""
			fDep := ""
			fTitle := ""
			fDN := ""
			fPhone := ""
			fMobile := ""
			fIPPhone := ""

			for _, attr := range entry.Attributes {
				if attr.Name == "displayName" {
					fName = strings.Join(attr.Values, ",")
				}
				if attr.Name == "cn" {
					fCN = strings.Join(attr.Values, ",")
				}
				if attr.Name == "sAMAccountName" {
					fLogin = strings.Join(attr.Values, ",")
				}
				if attr.Name == "mail" {
					fMail = strings.Join(attr.Values, ",")
				}
				if attr.Name == "department" {
					fDep = strings.Join(attr.Values, ",")
				}
				if attr.Name == "title" {
					fTitle = strings.Join(attr.Values, ",")
				}
				if attr.Name == "distinguishedName" {
					fDN = strings.Join(attr.Values, ",")
				}
				if attr.Name == "telephoneNumber" {
					fPhone = strings.Join(attr.Values, ",")
				}
				if attr.Name == "mobile" {
					fMobile = strings.Join(attr.Values, ",")
				}
				if attr.Name == "pager" {
					fIPPhone = strings.Join(attr.Values, ",")
				}
			}
			if len(fName) > 0 && len(fLogin) > 0 && rusFindRegExp.FindString(fName) != "" {
				return_result = 94
				/*
					if ckl > 0 && state == 1 {
						queryx = fmt.Sprintf("%s , ", queryx)
					}

						fOU = ""
						for ckl1 := int(len(fOUa) - 2); ckl1 > 0; ckl1-- {
							fOU = fmt.Sprintf("%s/%s", fOU, fOUa[ckl1])
						}
						fOU = strings.Trim(strings.Trim(strings.Replace(strings.Replace(fOU, "OU=", "", -1), "O=", "", -1), "/"), " ")
						if fOU == "" {
							fOU = conf.ROOT_OU
						}
						pfName = SABModules.TextMutation(strings.Replace(fName[int(len(fName)-1)], "'", "", -1))
						pfCN = SABModules.TextMutation(strings.Replace(fCN[0], "'", "", -1))
						pfMail = strings.Replace(strings.ToLower(fMail), " ", "", -1)
						queryx = fmt.Sprintf("%sINSERT INTO %s (server, namerus, trnamerus,  namelat, ou, mail) select '%s','%s','%s','%s','%s','%s' where not exists (select mail from %s where mail='%s'); ", queryx, SABDefine.PG_Table_Domino, conf.AD_LDAP[ckl_servers][0], pfName, unidecode.Unidecode(pfName), pfCN, fOU, pfMail, SABDefine.PG_Table_Domino, pfMail)
						//log.Printf("%s", queryx)
						//state = 1
				*/
				queryx = fmt.Sprintf("%s INSERT INTO %s (domain,server,displayname,cn,login,dlogin,mail,department,title,dn,ph_int,ph_mob,ph_ip) values ('%s','%s','%s','%s','%s','%s@%s','%s','%s','%s','%s','%s','%s','%s');", queryx, SABDefine.PG_Table_AD, conf.AD_LDAP[ckl_servers][0], conf.AD_LDAP[ckl_servers][1], SABModules.NameMutation(fName), SABModules.NameMutation(fCN), SABModules.NameMutation(fLogin), SABModules.NameMutation(fLogin), conf.AD_LDAP[ckl_servers][0], fMail, SABModules.NameMutation(fDep), SABModules.NameMutation(fTitle), fDN, fPhone, fMobile, fIPPhone)
				//log.Printf("----- %s\n", queryx)
				//				fmt.Printf("%s/%s/%s/%s/%s/%s/%s/%s\n", conf.AD_LDAP[ckl_servers][0], conf.AD_LDAP[ckl_servers][1], fName, fCN, fLogin, fMail, fDep, fTitle)
			}
			if ckl >= pg_minsert-1 {
				_, err = db.Query(queryx)
				if err != nil {
					log.Printf("%s\n", queryx)
					log.Printf("PG::Query() insert error: %v /// %s\n", err, queryx)
				}
				queryx = ""
				ckl = 0
			} else {
				ckl++
			}
			/*

					if ckl >= pg_minsert-1 {
						//				log.Printf("%s\n\n", queryx)
						_, err = db.Query(queryx)
						if err != nil {
							log.Printf("%s\n", queryx)
							log.Printf("PG::Query() insert error: %v /// %s\n", err, queryx)
						}
						queryx = ""
						ckl = 0
						//				state=0
					} else {
						ckl++
					}
				}
				//		log.Printf("%s\n\n", queryx)
				_, err = db.Query(queryx)
				if err != nil {
					log.Printf("%s\n", queryx)
					log.Printf("PG::Query() Insert into table error: %v\n", err)
			*/
		}

		if len(sr.Entries) > 1 {
			for ckl = 0; ckl < num_servers; ckl++ {
				if conf.AD_LDAP[ckl][0] == conf.AD_LDAP[ckl_servers][0] {
					conf.AD_LDAP[ckl][6] = "ok"
					if ckl != ckl_servers {
						queryx = fmt.Sprintf("INSERT INTO %s (server, status) select '%s', '%s' where not exists (select server from %s where server='%s'); update %s set status='%s' where server='%s'; ", SABDefine.PG_Table_AD_Status, conf.AD_LDAP[ckl][1], "SKIP", SABDefine.PG_Table_AD_Status, conf.AD_LDAP[ckl][1], SABDefine.PG_Table_AD_Status, "SKIP", conf.AD_LDAP[ckl][1])
						//			log.Printf("%s\n", queryx)
						_, err = db.Query(queryx)
						if err != nil {
							log.Printf("%s\n", queryx)
							log.Printf("PG::Query() Create table error: %v\n", err)
							return 19
						}
					}
				}
			}
		}

	}

	log.Printf("\tComplete")

	return return_result

}
Beispiel #21
0
// getIdentity looks up a username in an LDAP server, and attempts to bind to the user's DN using the provided password
func (a *Authenticator) getIdentity(username, password string) (authapi.UserIdentityInfo, bool, error) {
	defer func() {
		if e := recover(); e != nil {
			util.HandleError(fmt.Errorf("Recovered panic: %v, %s", e, debug.Stack()))
		}
	}()

	if len(username) == 0 || len(password) == 0 {
		return nil, false, nil
	}

	// Make the connection and bind to it if a bind DN and password were given
	l, err := a.options.ClientConfig.Connect()
	if err != nil {
		return nil, false, err
	}
	defer l.Close()

	if _, err := a.options.ClientConfig.Bind(l); err != nil {
		return nil, false, err
	}

	// & together the filter specified in the LDAP options with the user-specific filter
	filter := fmt.Sprintf("(&%s(%s=%s))",
		a.options.URL.Filter,
		ldap.EscapeFilter(a.options.URL.QueryAttribute),
		ldap.EscapeFilter(username),
	)

	// Build list of attributes to retrieve
	attrs := sets.NewString(a.options.URL.QueryAttribute)
	attrs.Insert(a.options.UserAttributeDefiner.AllAttributes().List()...)

	// Search for LDAP record
	searchRequest := ldap.NewSearchRequest(
		a.options.URL.BaseDN,     // base dn
		int(a.options.URL.Scope), // scope
		ldap.NeverDerefAliases,   // deref
		2,            // size limit, we want to know if this is not unique, but don't want the entire tree
		0,            // no client-specified time limit, determined by LDAP server. TODO: make configurable?
		false,        // not types only
		filter,       // filter
		attrs.List(), // attributes to retrieve
		nil,          // controls
	)

	glog.V(4).Infof("searching for %s", filter)
	results, err := l.Search(searchRequest)
	if err != nil {
		return nil, false, err
	}

	if len(results.Entries) == 0 {
		// 0 results means a missing username, not an error
		glog.V(4).Infof("no entries matching %s", filter)
		return nil, false, nil
	}
	if len(results.Entries) > 1 {
		// More than 1 result means a misconfigured server filter or query parameter
		return nil, false, fmt.Errorf("multiple entries found matching %q", username)
	}

	entry := results.Entries[0]
	glog.V(4).Infof("found dn=%q for %s", entry.DN, filter)

	// Bind with given username and password to attempt to authenticate
	if err := l.Bind(entry.DN, password); err != nil {
		glog.V(4).Infof("error binding password for %q: %v", entry.DN, err)
		if err, ok := err.(*ldap.Error); ok {
			switch err.ResultCode {
			case ldap.LDAPResultInappropriateAuthentication:
				// inappropriateAuthentication (48)
				//    Indicates the server requires the client that had attempted
				//    to bind anonymously or without supplying credentials to
				//    provide some form of credentials.
				fallthrough
			case ldap.LDAPResultInvalidCredentials:
				// invalidCredentials (49)
				//    Indicates that the provided credentials (e.g., the user's name
				//    and password) are invalid.

				// Authentication failed, return false, but no error
				return nil, false, nil
			}
		}
		return nil, false, err
	}

	// Build the identity
	identity, err := a.identityFactory.IdentityFor(entry)
	if err != nil {
		return nil, false, err
	}
	return identity, true, nil
}
func LDAP_to_PG(conf *SABModules.Config_STR, pg_minsert int) int {

	var (
		ckl_servers int
		num_servers int

		fName []string
		fCN   []string
		fOUa  []string
		fOU   string
		fMail string

		pfName string
		pfCN   string
		pfMail string

		ckl   = int(0)
		state = int(0)

		queryx string

		pg_Domino_Create = string(`
						CREATE TABLE IF NOT EXISTS XYZWorkTableZYX
							(server character varying(255),
							namerus character varying(255), trnamerus character varying(255), namelat character varying(255),
							ou character varying(255), mail character varying(255),
								primary key (mail));
						`)

		pg_Query_Create_Status = string(`
							CREATE TABLE IF NOT EXISTS XYZWorkTableZYX
								(server character varying(255), status character varying(255),
									primary key (server));
						`)

		return_result = int(0)
	)

	log.Printf("LDAP Export to PG...")

	num_servers = len(conf.LDAP_URL)

	db, err := sql.Open("postgres", conf.PG_DSN)
	if err != nil {
		log.Printf("PG::Open() error: %v\n", err)
		return 10
	}

	defer db.Close()

	queryx = strings.Replace(pg_Domino_Create, "XYZWorkTableZYX", SABDefine.PG_Table_Domino, -1)
	_, err = db.Query(queryx)
	if err != nil {
		log.Printf("PG::Query() Create table error: %v\n", err)
		return 11
	}

	queryx = strings.Replace(pg_Query_Create_Status, "XYZWorkTableZYX", SABDefine.PG_Table_Domino_Status, -1)
	_, err = db.Query(queryx)
	if err != nil {
		log.Printf("%s\n", queryx)
		log.Printf("PG::Query() Create table error: %v\n", err)
		return 12
	}

	for ckl_servers = 0; ckl_servers < num_servers; ckl_servers++ {

		log.Printf("\t\tServer %2d of %2d / Pass  1 of  1 / Server name: %s\n", ckl_servers+1, num_servers, conf.LDAP_URL[ckl_servers][0])

		l, err := ldap.Dial("tcp", conf.LDAP_URL[ckl_servers][0])
		if err != nil {
			log.Printf("LDAP::Initialize() error: %v\n", err)
			continue
		}

		defer l.Close()
		//		l.Debug = true

		err = l.Bind(conf.LDAP_URL[ckl_servers][1], conf.LDAP_URL[ckl_servers][2])
		if err != nil {
			log.Printf("LDAP::Bind() error: %v\n", err)
			continue
		}

		search := ldap.NewSearchRequest(conf.LDAP_URL[ckl_servers][3], ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, conf.LDAP_URL[ckl_servers][4], SABDefine.LDAP_attr, nil)

		sr, err := l.Search(search)
		if err != nil {
			log.Printf("LDAP::Search() error: %v\n", err)
			continue
		}

		log.Printf("\t\t\t%s // %d\n", search.Filter, len(sr.Entries))

		if len(sr.Entries) > 10 {
			timenow := time.Now().Format("2006.01.02 15:04:05")

			queryx = fmt.Sprintf("INSERT INTO %s (server, status) select '%s', '%s' where not exists (select server from %s where server='%s'); update %s set status='%s' where server='%s'; ", SABDefine.PG_Table_Domino_Status, conf.LDAP_URL[ckl_servers][0], timenow, SABDefine.PG_Table_Domino_Status, conf.LDAP_URL[ckl_servers][0], SABDefine.PG_Table_Domino_Status, timenow, conf.LDAP_URL[ckl_servers][0])
			//			log.Printf("%s\n", queryx)
			_, err = db.Query(queryx)
			if err != nil {
				log.Printf("%s\n", queryx)
				log.Printf("PG::Query() Create table error: %v\n", err)
				return 14
			}

			_, err = db.Query(fmt.Sprintf("delete from %s where server='%s';", SABDefine.PG_Table_Domino, conf.LDAP_URL[ckl_servers][0]))
			if err != nil {
				log.Printf("PG::Query() Clean table error: %v\n", err)
				return 14
			}

		}

		ckl = 0

		for _, entry := range sr.Entries {

			if ckl < 1 {
				queryx = ""
			}

			for _, attr := range entry.Attributes {
				if attr.Name == "altfullname" {
					x := strings.Join(attr.Values, ",")
					fOUa = strings.Split(x, ",")
					fName = strings.Split(fOUa[0], "=")
				}
				if attr.Name == "cn" {
					x := strings.Join(attr.Values, ",")
					fCN = strings.Split(x, ",")
				}
				if attr.Name == "mail" {
					fMail = strings.Join(attr.Values, ",")
				}
			}

			if len(fName) > 0 && len(fCN) > 0 {

				return_result = 94

				if ckl > 0 && state == 1 {
					queryx = fmt.Sprintf("%s , ", queryx)
				}
				fOU = ""
				for ckl1 := int(len(fOUa) - 2); ckl1 > 0; ckl1-- {
					fOU = fmt.Sprintf("%s/%s", fOU, fOUa[ckl1])
				}
				fOU = strings.Trim(strings.Trim(strings.Replace(strings.Replace(fOU, "OU=", "", -1), "O=", "", -1), "/"), " ")
				if fOU == "" {
					fOU = conf.ROOT_OU
				}
				pfName = SABModules.TextMutation(strings.Replace(fName[int(len(fName)-1)], "'", "", -1))
				pfCN = SABModules.TextMutation(strings.Replace(fCN[0], "'", "", -1))
				pfMail = strings.Replace(strings.ToLower(fMail), " ", "", -1)
				queryx = fmt.Sprintf("%sINSERT INTO %s (server, namerus, trnamerus,  namelat, ou, mail) select '%s','%s','%s','%s','%s','%s' where not exists (select mail from %s where mail='%s'); ", queryx, SABDefine.PG_Table_Domino, conf.LDAP_URL[ckl_servers][0], pfName, unidecode.Unidecode(pfName), pfCN, fOU, pfMail, SABDefine.PG_Table_Domino, pfMail)
				//				log.Printf("%s", queryx)
				//				state = 1
			}

			if ckl >= pg_minsert-1 {
				//				log.Printf("%s\n\n", queryx)
				_, err = db.Query(queryx)
				if err != nil {
					log.Printf("%s\n", queryx)
					log.Printf("PG::Query() insert error: %v /// %s\n", err, queryx)
				}
				queryx = ""
				ckl = 0
				//				state=0
			} else {
				ckl++
			}
		}
		//		log.Printf("%s\n\n", queryx)
		_, err = db.Query(queryx)
		if err != nil {
			log.Printf("%s\n", queryx)
			log.Printf("PG::Query() Insert into table error: %v\n", err)
		}

	}

	log.Printf("\tComplete")

	return return_result

}
Beispiel #23
0
func getMore(remIPClient string, fField map[string]string, fType string, l *ldap.Conn, dnList map[string]tList, setAdminMode string) {
	var (
		fPath            string
		fURL             string
		fURLName         string
		ckl1, ckl2, ckl3 int
		ldap_Attr        []string
		aaa_login        = string("")
		aaa_password     = string("")
		aaa_fullname     = string("")
		aaa_role         = string("")
		aaa_cdavmode     = int(0)
		newSABLogin      string
		get_davdn        = string("")
		err              error
	)

	dbpg, err := sql.Open("postgres", rconf.PG_DSN)
	if err != nil {
		log.Fatalf("PG_INIT::Open() error: %v\n", err)
	}

	defer dbpg.Close()

	if fField["DN"] != "" && (fField["USERName"] != "" || fField["ORGName"] != "") {
		fPath = fField["DN"]
		fPath = strings.Replace(strings.ToLower(fPath), ","+strings.ToLower(rconf.LDAP_URL[ldap_count][3]), "", -1)
		fPath_Split := strings.Split(fPath, ",")
		fURLName = ""
		for ckl1 = 0; ckl1 < len(fPath_Split)-1; ckl1++ {
			fPath_Strip := ""
			for ckl2 = ckl1 + 1; ckl2 < len(fPath_Split); ckl2++ {
				fPath_Strip = fmt.Sprintf("%s%s,", fPath_Strip, fPath_Split[ckl2])
			}
			if fType == "User" {
				fPath_Strip = fmt.Sprintf("%s%s", fPath_Strip, rconf.LDAP_URL[ldap_count][3])
				if ckl1 == 0 {
					fURL = fPath_Strip
				}
				//						log.Printf("X1: %s", fPath_Strip)
				subsearch := ldap.NewSearchRequest(fPath_Strip, 0, ldap.NeverDerefAliases, 0, 0, false, rconf.LDAP_URL[ldap_count][4], ldap_Attr, nil)
				subsr, err := l.Search(subsearch)
				if err != nil {
					//								fmt.Fprintf(w, err.Error())
					log.Printf("LDAP::Search() error: %v\n", err)
				}

				//						log.Printf("Y1: %s / %s / %d\n", fPath_Strip, rconf.LDAP_URL[ldap_count][4], len(subsr.Entries))
				if len(subsr.Entries) > 0 {
					for _, subentry := range subsr.Entries {
						for _, subattr := range subentry.Attributes {
							for ckl3 = 0; ckl3 < len(rconf.WLB_LDAP_ATTR); ckl3++ {
								if subattr.Name == rconf.WLB_LDAP_ATTR[ckl3][0] {
									if rconf.WLB_LDAP_ATTR[ckl3][1] == "ORGName" {
										if ckl1 == 0 {
											fURLName = fmt.Sprintf("%s", strings.Join(subattr.Values, ","))
										} else {
											fURLName = fmt.Sprintf("%s / %s", strings.Join(subattr.Values, ","), fURLName)
										}
										//												log.Printf("Z1: %s", fURLName)
									}
								}
							}
						}
					}
				}
			}
		}

		fField["DN"] = strings.Replace(strings.ToLower(fField["DN"]), "/", ",", -1)
		fmt.Sprintf("/Go%s?dn=%s", fType, fField["DN"])
		fField["DN"] = fmt.Sprintf("/Go%s?dn=%s", fType, fField["DN"])
		fURL = fmt.Sprintf("/Go%s?dn=%s", fType, fURL)
		log.Printf("%s <-- %s", remIPClient, fField["DN"])
		davDN := "LIST:\n"
		if setAdminMode == "Yes" {
			queryx := fmt.Sprintf("select x.dn from aaa_dns as x, aaa_logins as y where y.uid='%s' and y.id=x.userid;", fField["UID"])
			//fmt.Printf("%s\n", queryx)
			rows, err := dbpg.Query(queryx)
			if err != nil {
				log.Printf("PG::Query() Select info from aaa_logins: %v\n", err)
				return
			}

			for rows.Next() {
				rows.Scan(&get_davdn)
				davDN = fmt.Sprintf("%s%s\n", davDN, get_davdn)
			}

			queryx = fmt.Sprintf("select login,password,fullname,role,cdavprefix from aaa_logins where uid='%s';", fField["UID"])
			//fmt.Printf("%s\n", queryx)
			rows, err = dbpg.Query(queryx)
			if err != nil {
				log.Printf("PG::Query() Select info from aaa_logins: %v\n", err)
				return
			}

			rows.Next()
			rows.Scan(&aaa_login, &aaa_password, &aaa_fullname, &aaa_role, &aaa_cdavmode)
			if len(aaa_password) > 0 {
				aaa_password = "******"
			} else {
				aaa_password = "******"
			}
			xt, _ := strconv.Atoi(aaa_role)
			switch xt {
			case roleAdmin:
				aaa_role = "Administrator"
			case roleUser:
				aaa_role = "User"
			default:
				aaa_role = "Guest"
			}
			if len(fField["ADLogin"]) < 2 || len(fField["ADDomain"]) < 2 {
				newSABLogin = fField["Mail"]
			} else {
				newSABLogin = fmt.Sprintf("%s@%s", fField["ADLogin"], fField["ADDomain"])
			}
		}

		dnList[fField["DN"]] = tList{URL: fURL, URLName: fURLName, ORGName: fField["ORGName"], USERName: fField["USERName"], FullName: fField["FullName"], Position: fField["Position"], PhoneInt: fField["PhoneInt"], Mobile: fField["Mobile"], PhoneExt: fField["PhoneExt"], Mail: fField["Mail"], ADLogin: fField["ADLogin"], ADDomain: fField["ADDomain"], AdminMode: setAdminMode, UID: fField["UID"], AAALogin: aaa_login, AAAPassword: aaa_password, AAAFullName: aaa_fullname, AAARole: aaa_role, NewSABLogin: newSABLogin, DavDN: davDN, AAACDMode: cDavMode[aaa_cdavmode], AAACDModeI: aaa_cdavmode}
		//fmt.Printf("%v\n", dnList)
	}
}