// List the LDAP users
func (a Authorizer) ListExternalUsers(search string, page, count int) (externalUsers models.ExternalUsers, err error) {
directory, err := a.GetDirectory()
if err != nil {
return externalUsers, err
}
url := GetUrl(directory.LdapServer, directory.Port)
DisplayName := "DisplayName"
FirstName := "CN"
LastName := "SN"
Email := "mail"
if directory.DisplayName != "" {
DisplayName = directory.DisplayName
}
if directory.FirstName != "" {
FirstName = directory.FirstName
}
if directory.LastName != "" {
LastName = directory.LastName
}
if directory.Email != "" {
Email = directory.Email
}
ldap, err := openldap.Initialize(url)
if err != nil {
logger.Get().Error("failed to connect the LDAP/AD server. error: %v", err)
return externalUsers, err
}
if directory.DomainAdmin != "" {
block, err := aes.NewCipher([]byte(CipherKey))
if err != nil {
logger.Get().Error("failed to generate new cipher")
return externalUsers, nil
}
ciphertext := []byte(directory.Password)
iv := ciphertext[:aes.BlockSize]
stream := cipher.NewOFB(block, iv)
hkey := make([]byte, 100)
stream = cipher.NewOFB(block, iv)
stream.XORKeyStream(hkey, ciphertext[aes.BlockSize:])
err = ldap.Bind(fmt.Sprintf("%s=%s,%s", directory.Uid, directory.DomainAdmin, directory.Base), string(hkey))
if err != nil {
logger.Get().Error("Error binding to LDAP Server:%s. error: %v", url, err)
return externalUsers, err
}
}
scope := openldap.LDAP_SCOPE_SUBTREE
// If the search string is empty, it will list all the users
// If the search string contains 'mail=tjey*' it will returns the list of all
// users start with 'tjey'
// If the search string contains 'tim' this will return list of all users
// names contains the word 'tim'
// Possible search strings 'mail=t*redhat.com' / 'tim*' / '*john*' / '*peter'
filter := "(objectclass=*)"
if len(search) > 0 {
if strings.Contains(search, "=") {
filter = fmt.Sprintf("(%s*)", search)
} else if strings.Contains(search, "*") {
filter = fmt.Sprintf("(%s=%s)", directory.Uid, search)
} else {
filter = fmt.Sprintf("(%s=*%s*)", directory.Uid, search)
}
}
attributes := []string{directory.Uid, DisplayName, FirstName, LastName, Email}
rv, err := ldap.SearchAll(directory.Base, scope, filter, attributes)
if err != nil {
logger.Get().Error("Failed to search LDAP/AD server. error: %v", err)
return externalUsers, err
}
from := (page-1)*count + 1
to := from + count - 1
i := 0
for _, entry := range rv.Entries() {
i++
if i < from {
continue
}
if i > to {
break
}
user := models.User{}
for _, attr := range entry.Attributes() {
switch attr.Name() {
case directory.Uid:
user.Username = strings.Join(attr.Values(), ", ")
case Email:
user.Email = strings.Join(attr.Values(), ", ")
// Some setup may have an attribute like mail or email
// or operator can't be used between strings to combind cases
case "email":
user.Email = strings.Join(attr.Values(), ", ")
case FirstName:
user.FirstName = strings.Join(attr.Values(), ", ")
case LastName:
user.LastName = strings.Join(attr.Values(), ", ")
}
}
// Assiging the default roles
user.Role = a.defaultRole
user.Groups = append(user.Groups, a.defaultGroup)
user.Type = authprovider.External
if len(user.Username) != 0 {
externalUsers.Users = append(externalUsers.Users, user)
}
}
externalUsers.TotalCount = rv.Count()
externalUsers.StartIndex = from
externalUsers.EndIndex = to
if externalUsers.EndIndex > externalUsers.TotalCount {
externalUsers.EndIndex = externalUsers.TotalCount
}
return externalUsers, nil
}
func (a *App) addUsers(rw http.ResponseWriter, req *http.Request) {
ctxt, err := GetContext(req)
if err != nil {
logger.Get().Error("Error Getting the context. error: %v", err)
}
var user models.User
body, err := ioutil.ReadAll(req.Body)
if err != nil {
logger.Get().Error("%s-Error parsing http request body:%s", ctxt, err)
HandleHttpError(rw, err)
return
}
var m map[string]interface{}
if err = json.Unmarshal(body, &m); err != nil {
logger.Get().Error("%s-Unable to Unmarshall the data:%s", ctxt, err)
HandleHttpError(rw, err)
return
}
var password string
if val, ok := m["username"]; ok {
user.Username = val.(string)
}
if val, ok := m["email"]; ok {
user.Email = val.(string)
}
if val, ok := m["role"]; ok {
user.Role = val.(string)
}
if val, ok := m["type"]; ok {
user.Type = int(val.(float64))
}
if val, ok := m["firstname"]; ok {
user.FirstName = val.(string)
}
if val, ok := m["lastname"]; ok {
user.LastName = val.(string)
}
if val, ok := m["notificationenabled"]; ok {
if user.Email == "" {
user.NotificationEnabled = false
} else {
user.NotificationEnabled = val.(bool)
}
}
if val, ok := m["password"]; ok {
password = val.(string)
}
if err := GetAuthProvider().AddUser(user, password); err != nil {
if err := logAuditEvent(
EventTypes["USER_ADDED"],
fmt.Sprintf("Addition of user: %s failed", user.Username),
fmt.Sprintf("Addition of user: %s failed. Reason: %v", user.Username, err),
nil,
nil,
models.NOTIFICATION_ENTITY_USER,
nil,
false,
ctxt); err != nil {
logger.Get().Error("%s- Unable to log User event. Error: %v", ctxt, err)
}
logger.Get().Error("%s-Unable to create User:%s", ctxt, err)
HandleHttpError(rw, err)
return
}
if err := logAuditEvent(
EventTypes["USER_ADDED"],
fmt.Sprintf("New user: %s added to skyring", user.Username),
fmt.Sprintf("New user: %s with role: %s added to skyring", user.Username, user.Role),
nil,
nil,
models.NOTIFICATION_ENTITY_USER,
nil,
false,
ctxt); err != nil {
logger.Get().Error("%s- Unable to log User event. Error: %v", ctxt, err)
}
}