func main() {
var (
showUser bool
)
fmt.Printf("ldap uid (eg. jvehent)> ")
scanner := bufio.NewScanner(os.Stdin)
scanner.Scan()
if err := scanner.Err(); err != nil {
log.Fatal(err)
}
uid := scanner.Text()
fmt.Printf("ldap password> ")
pass, err := gopass.GetPasswd()
if err != nil {
log.Fatal(err)
}
cli, err := mozldap.NewClient(
"ldap://ldap.db.scl3.mozilla.com/dc=mozilla",
fmt.Sprintf("mail=%[email protected],o=com,dc=mozilla", uid),
fmt.Sprintf("%s", pass),
&tls.Config{InsecureSkipVerify: true},
true)
flag.BoolVar(&showUser, "u", false, "Show memberships of a users identified by their ID")
flag.Parse()
if len(os.Args) == 0 {
fmt.Printf("missing groups\nusage: %s <groupid> <groupid>\nusage: %s -u <userid> <userid>",
os.Args[0], os.Args[0])
os.Exit(1)
}
if err != nil {
log.Fatal(err)
}
var udns []string
if showUser {
for _, uid := range flag.Args() {
dn, err := cli.GetUserDNById(uid)
if err != nil {
log.Fatal(err)
}
udns = append(udns, dn)
}
} else {
udns, err = cli.GetUsersInGroups(flag.Args())
if err != nil {
log.Fatal(err)
}
}
for _, udn := range udns {
fmt.Printf("\n%s\n", udn)
groups, err := cli.GetGroupsOfUser(udn)
if err != nil {
log.Fatal(err)
}
for i, group := range groups {
fmt.Printf("%d\t%s\n", i, group)
}
fmt.Printf("====================================\n")
}
}
func run(conf conf) {
var (
cli mozldap.Client
err error
)
// instanciate an ldap client
tlsconf := &tls.Config{
MinVersion: tls.VersionTLS12,
InsecureSkipVerify: conf.Ldap.Insecure,
ServerName: cli.Host,
}
if len(conf.Ldap.TLSCert) > 0 && len(conf.Ldap.TLSKey) > 0 {
cert, err := tls.X509KeyPair([]byte(conf.Ldap.TLSCert), []byte(conf.Ldap.TLSKey))
if err != nil {
log.Fatal(err)
}
tlsconf.Certificates = []tls.Certificate{cert}
}
if len(conf.Ldap.CACert) > 0 {
ca := x509.NewCertPool()
if ok := ca.AppendCertsFromPEM([]byte(conf.Ldap.CACert)); !ok {
log.Fatal("failed to import CA Certificate")
}
tlsconf.RootCAs = ca
}
cli, err = mozldap.NewClient(
conf.Ldap.URI,
conf.Ldap.Username,
conf.Ldap.Password,
tlsconf,
conf.Ldap.Starttls,
)
if err != nil {
log.Fatal(err)
}
defer cli.Close()
log.Printf("connected %s on %s:%d, tls:%v starttls:%v\n", cli.BaseDN, cli.Host, cli.Port, cli.UseTLS, cli.UseStartTLS)
conf.Ldap.cli = cli
// Channel where modules publish their notifications
// which are aggregated and sent by the main program
notifchan := make(chan modules.Notification)
notifdone := make(chan bool)
go processNotifications(conf, notifchan, notifdone)
// store configuration parameters for each module, including
// the values of notifyUsers, applyChanges, debug, the ldap
// client and the notification channel
for i := range conf.Modules {
conf.Modules[i].ApplyChanges = *applyChanges
conf.Modules[i].NotifyUsers = *notifyUsers
conf.Modules[i].LdapCli = cli
conf.Modules[i].Notify.Channel = notifchan
conf.Modules[i].Debug = *debug
conf.Modules[i].ResetUsers = *resetUsers
}
moduleHasRun := make(map[string]bool)
// run each module in the order it appears in the configuration
for _, modconf := range conf.Modules {
if *runmod != "all" && *runmod != modconf.Name {
continue
}
if _, ok := modules.Available[modconf.Name]; !ok {
log.Printf("[warning] %s module not registered, skipping it", modconf.Name)
continue
}
// one-off reset uses the first module config, skips subsequent
if *resetUsers != "" {
if _, ok := moduleHasRun[modconf.Name]; ok {
log.Printf("[warning] SKIPPING duplicate module config %s! Reset uses only the FIRST configuration for a given module.", modconf.Name)
continue
}
}
log.Println("[info] invoking module", modconf.Name)
run := modules.Available[modconf.Name].NewRun(modconf)
err = run.Run()
if err != nil {
log.Printf("[error] %s module failed with error: %v", modconf.Name, err)
}
moduleHasRun[modconf.Name] = true
}
// Modules are done, close the notification channel to tell the goroutine
// that it can aggregate and send them, and wait for notifdone to come back
close(notifchan)
<-notifdone
}
