Beispiel #1
0
func main() {
	var (
		showUser bool
	)
	fmt.Printf("ldap uid (eg. jvehent)> ")
	scanner := bufio.NewScanner(os.Stdin)
	scanner.Scan()
	if err := scanner.Err(); err != nil {
		log.Fatal(err)
	}
	uid := scanner.Text()
	fmt.Printf("ldap password> ")
	pass, err := gopass.GetPasswd()
	if err != nil {
		log.Fatal(err)
	}
	cli, err := mozldap.NewClient(
		"ldap://ldap.db.scl3.mozilla.com/dc=mozilla",
		fmt.Sprintf("mail=%[email protected],o=com,dc=mozilla", uid),
		fmt.Sprintf("%s", pass),
		&tls.Config{InsecureSkipVerify: true},
		true)
	flag.BoolVar(&showUser, "u", false, "Show memberships of a users identified by their ID")
	flag.Parse()
	if len(os.Args) == 0 {
		fmt.Printf("missing groups\nusage: %s <groupid> <groupid>\nusage: %s -u <userid> <userid>",
			os.Args[0], os.Args[0])
		os.Exit(1)
	}
	if err != nil {
		log.Fatal(err)
	}
	var udns []string
	if showUser {
		for _, uid := range flag.Args() {
			dn, err := cli.GetUserDNById(uid)
			if err != nil {
				log.Fatal(err)
			}
			udns = append(udns, dn)
		}
	} else {
		udns, err = cli.GetUsersInGroups(flag.Args())
		if err != nil {
			log.Fatal(err)
		}
	}
	for _, udn := range udns {
		fmt.Printf("\n%s\n", udn)
		groups, err := cli.GetGroupsOfUser(udn)
		if err != nil {
			log.Fatal(err)
		}
		for i, group := range groups {
			fmt.Printf("%d\t%s\n", i, group)
		}
		fmt.Printf("====================================\n")
	}
}
Beispiel #2
0
func run(conf conf) {
	var (
		cli mozldap.Client
		err error
	)
	// instanciate an ldap client
	tlsconf := &tls.Config{
		MinVersion:         tls.VersionTLS12,
		InsecureSkipVerify: conf.Ldap.Insecure,
		ServerName:         cli.Host,
	}
	if len(conf.Ldap.TLSCert) > 0 && len(conf.Ldap.TLSKey) > 0 {
		cert, err := tls.X509KeyPair([]byte(conf.Ldap.TLSCert), []byte(conf.Ldap.TLSKey))
		if err != nil {
			log.Fatal(err)
		}
		tlsconf.Certificates = []tls.Certificate{cert}
	}
	if len(conf.Ldap.CACert) > 0 {
		ca := x509.NewCertPool()
		if ok := ca.AppendCertsFromPEM([]byte(conf.Ldap.CACert)); !ok {
			log.Fatal("failed to import CA Certificate")
		}
		tlsconf.RootCAs = ca
	}
	cli, err = mozldap.NewClient(
		conf.Ldap.URI,
		conf.Ldap.Username,
		conf.Ldap.Password,
		tlsconf,
		conf.Ldap.Starttls,
	)
	if err != nil {
		log.Fatal(err)
	}
	defer cli.Close()
	log.Printf("connected %s on %s:%d, tls:%v starttls:%v\n", cli.BaseDN, cli.Host, cli.Port, cli.UseTLS, cli.UseStartTLS)
	conf.Ldap.cli = cli

	// Channel where modules publish their notifications
	// which are aggregated and sent by the main program
	notifchan := make(chan modules.Notification)
	notifdone := make(chan bool)
	go processNotifications(conf, notifchan, notifdone)

	// store configuration parameters for each module, including
	// the values of notifyUsers, applyChanges, debug, the ldap
	// client and the notification channel
	for i := range conf.Modules {
		conf.Modules[i].ApplyChanges = *applyChanges
		conf.Modules[i].NotifyUsers = *notifyUsers
		conf.Modules[i].LdapCli = cli
		conf.Modules[i].Notify.Channel = notifchan
		conf.Modules[i].Debug = *debug
		conf.Modules[i].ResetUsers = *resetUsers
	}

	moduleHasRun := make(map[string]bool)

	// run each module in the order it appears in the configuration
	for _, modconf := range conf.Modules {
		if *runmod != "all" && *runmod != modconf.Name {
			continue
		}
		if _, ok := modules.Available[modconf.Name]; !ok {
			log.Printf("[warning] %s module not registered, skipping it", modconf.Name)
			continue
		}
		// one-off reset uses the first module config, skips subsequent
		if *resetUsers != "" {
			if _, ok := moduleHasRun[modconf.Name]; ok {
				log.Printf("[warning] SKIPPING duplicate module config %s! Reset uses only the FIRST configuration for a given module.", modconf.Name)
				continue
			}
		}
		log.Println("[info] invoking module", modconf.Name)
		run := modules.Available[modconf.Name].NewRun(modconf)
		err = run.Run()
		if err != nil {
			log.Printf("[error] %s module failed with error: %v", modconf.Name, err)
		}
		moduleHasRun[modconf.Name] = true
	}
	// Modules are done, close the notification channel to tell the goroutine
	// that it can aggregate and send them, and wait for notifdone to come back
	close(notifchan)
	<-notifdone
}