// List the LDAP users
func (a Authorizer) ListExternalUsers() (users []models.User, err error) {
url := GetUrl(a.directory.Address, a.directory.Port)
Uid := "Uid"
DisplayName := "DisplayName"
FullName := "CN"
if a.directory.Uid != "" {
Uid = a.directory.Uid
}
if a.directory.DisplayName != "" {
DisplayName = a.directory.DisplayName
}
if a.directory.FullName != "" {
FullName = a.directory.FullName
}
ldap, err := openldap.Initialize(url)
if err != nil {
logger.Get().Error("failed to connect the LDAP/AD server. error: %v", err)
return nil, err
}
if a.directory.DomainAdmin != "" {
err = ldap.Bind(fmt.Sprintf("%s=%s,%s", Uid, a.directory.DomainAdmin, a.directory.Base), a.directory.Password)
if err != nil {
logger.Get().Error("Error binding to LDAP Server:%s. error: %v", url, err)
return nil, err
}
}
scope := openldap.LDAP_SCOPE_SUBTREE
filter := "(objectclass=*)"
attributes := []string{Uid, DisplayName, FullName, "Mail"}
rv, err := ldap.SearchAll(a.directory.Base, scope, filter, attributes)
if err != nil {
logger.Get().Error("Failed to search LDAP/AD server. error: %v", err)
return nil, err
}
for _, entry := range rv.Entries() {
user := models.User{}
fullName := ""
for _, attr := range entry.Attributes() {
switch attr.Name() {
case Uid:
user.Username = strings.Join(attr.Values(), ", ")
case "Mail":
user.Email = strings.Join(attr.Values(), ", ")
case DisplayName:
user.FirstName = strings.Join(attr.Values(), ", ")
case FullName:
fullName = strings.Join(attr.Values(), ", ")
}
if len(fullName) != 0 && len(user.FirstName) != 0 {
lastName := strings.Split(fullName, user.FirstName)
if len(lastName) > 1 {
user.LastName = strings.TrimSpace(lastName[1])
}
}
}
// Assiging the default roles
user.Role = a.defaultRole
user.Groups = append(user.Groups, a.defaultGroup)
user.Type = authprovider.External
if len(user.Username) != 0 {
users = append(users, user)
}
}
return users, nil
}
