func ConfigureLdapClient(conf LdapConfig) (*mozldap.Client, error) {
	// check if ldap email was entered
	if govalidator.IsEmail(conf.Username) {
		conf.Username = "******" + conf.Username + ",o=com,dc=" + conf.Dc
	}

	// instantiate an ldap client
	ldapClient, err := mozldap.NewTLSClient(
		conf.Uri,
		conf.Username,
		conf.Password,
		conf.ClientCertFile,
		conf.ClientKeyFile,
		conf.CaCertFile,
		&tls.Config{
			InsecureSkipVerify: conf.Insecure,
		},
	)

	return &ldapClient, err
}
Beispiel #2
0
func main() {
	var (
		err  error
		conf conf
		cli  mozldap.Client
	)
	flag.Usage = func() {
		fmt.Fprintf(os.Stderr, "%s - Manage users in various SaaS based on a LDAP source\n"+
			"Usage: %s -c config.yaml\n",
			os.Args[0], os.Args[0])
		flag.PrintDefaults()
	}
	flag.Parse()

	if *drynotif {
		*dryrun = true
	}
	// safeguard, remove in prod
	*dryrun = true
	*drynotif = true

	// load the local configuration file
	fd, err := ioutil.ReadFile(*config)
	if err != nil {
		log.Fatal(err)
	}
	err = yaml.Unmarshal(fd, &conf)
	if err != nil {
		log.Fatalf("error: %v", err)
	}

	// infinite loop, wake up at the cron period
	for {
		if !*once {
			cexpr, err := cronexpr.Parse(conf.Cron)
			if err != nil {
				log.Fatal("failed to parse cron string %q: %v", conf.Cron, err)
			}
			// sleep until the next run is scheduled to happen
			nrun := cexpr.Next(time.Now())
			waitduration := nrun.Sub(time.Now())
			log.Printf("[info] next run will start at %v (in %v)", nrun, waitduration)
			time.Sleep(waitduration)
		}

		// instanciate an ldap client
		if conf.Ldap.TLSCert != "" && conf.Ldap.TLSKey != "" {
			cli, err = mozldap.NewTLSClient(
				conf.Ldap.Uri,
				conf.Ldap.Username,
				conf.Ldap.Password,
				conf.Ldap.TLSCert,
				conf.Ldap.TLSKey,
				conf.Ldap.CACert,
				&tls.Config{InsecureSkipVerify: conf.Ldap.Insecure})
		} else {
			cli, err = mozldap.NewClient(
				conf.Ldap.Uri,
				conf.Ldap.Username,
				conf.Ldap.Password,
				conf.Ldap.CACert,
				&tls.Config{InsecureSkipVerify: conf.Ldap.Insecure},
				conf.Ldap.Starttls)
		}
		if err != nil {
			log.Fatal(err)
		}
		defer cli.Close()
		log.Printf("connected %s on %s:%d, tls:%v starttls:%v\n", cli.BaseDN, cli.Host, cli.Port, cli.UseTLS, cli.UseStartTLS)
		conf.Ldap.cli = cli

		// Channel where modules publish their notifications
		// which are aggregated and sent by the main program
		notifchan := make(chan modules.Notification)
		notifdone := make(chan bool)
		go processNotifications(conf, notifchan, notifdone)

		// store the value of dryrun and the ldap client
		// in the configuration of each module
		for i := range conf.Modules {
			conf.Modules[i].DryRun = *dryrun
			conf.Modules[i].LdapCli = cli
			conf.Modules[i].Notify.Channel = notifchan
		}

		// run each module in the order it appears in the configuration
		for _, modconf := range conf.Modules {
			if *runmod != "all" && *runmod != modconf.Name {
				continue
			}
			if _, ok := modules.Available[modconf.Name]; !ok {
				log.Printf("[warning] %s module not registered, skipping it", modconf.Name)
				continue
			}
			log.Println("[info] invoking module", modconf.Name)
			run := modules.Available[modconf.Name].NewRun(modconf)
			err = run.Run()
			if err != nil {
				log.Printf("[error] %s module failed with error: %v", modconf.Name, err)
			}
		}
		// Modules are done, close the notification channel to tell the goroutine
		// that it can aggregate and send them, and wait for notifdone to come back
		close(notifchan)
		<-notifdone

		if *once {
			break
		}
	}
}