|
| 1 | +package search |
| 2 | + |
| 3 | +import ( |
| 4 | + "crypto/tls" |
| 5 | + |
| 6 | + "github.com/PythonHacker24/linux-acl-management-backend/config" |
| 7 | + "github.com/go-ldap/ldap/v3" |
| 8 | +) |
| 9 | + |
| 10 | +/* |
| 11 | + TODO: Blacklisting |
| 12 | + This needs to be done when admin panel is created. |
| 13 | + Users will be able to add users to blacklist which shouldn't be mentioned to the users. |
| 14 | +*/ |
| 15 | + |
| 16 | +/* returns all users in LDAP server */ |
| 17 | +func GetAllUsersFromLDAP() ([]User, error) { |
| 18 | + |
| 19 | + var l *ldap.Conn |
| 20 | + var err error |
| 21 | + ldapAddress := config.BackendConfig.Authentication.LDAPConfig.Address |
| 22 | + |
| 23 | + /* check if TLS is enabled */ |
| 24 | + if config.BackendConfig.Authentication.LDAPConfig.TLS { |
| 25 | + l, err = ldap.DialURL(ldapAddress, ldap.DialWithTLSConfig(&tls.Config{ |
| 26 | + |
| 27 | + /* true if using self-signed certs (not recommended) */ |
| 28 | + InsecureSkipVerify: true, |
| 29 | + })) |
| 30 | + } else { |
| 31 | + l, err = ldap.DialURL(ldapAddress) |
| 32 | + } |
| 33 | + |
| 34 | + if err != nil { |
| 35 | + return nil, err |
| 36 | + } |
| 37 | + defer l.Close() |
| 38 | + |
| 39 | + /* authenticating with the ldap server with admin */ |
| 40 | + err = l.Bind(config.BackendConfig.Authentication.LDAPConfig.AdminDN, |
| 41 | + config.BackendConfig.Authentication.LDAPConfig.AdminPassword, |
| 42 | + ) |
| 43 | + if err != nil { |
| 44 | + return nil, err |
| 45 | + } |
| 46 | + |
| 47 | + /* search for users */ |
| 48 | + searchRequest := ldap.NewSearchRequest( |
| 49 | + /* Base DN */ |
| 50 | + config.BackendConfig.Authentication.LDAPConfig.AdminDN, |
| 51 | + ldap.ScopeWholeSubtree, |
| 52 | + ldap.NeverDerefAliases, |
| 53 | + /* size limit */ |
| 54 | + 0, |
| 55 | + /* time limit */ |
| 56 | + 0, |
| 57 | + /* types only */ |
| 58 | + false, |
| 59 | + /* filter */ |
| 60 | + "(objectClass=person)", |
| 61 | + /* attributes to retrieve */ |
| 62 | + []string{"cn", "mail", "sAMAccountName"}, // |
| 63 | + nil, |
| 64 | + ) |
| 65 | + |
| 66 | + /* search for request in LDAP Server */ |
| 67 | + sr, err := l.Search(searchRequest) |
| 68 | + if err != nil { |
| 69 | + return nil, err |
| 70 | + } |
| 71 | + |
| 72 | + users := []User{} |
| 73 | + for _, entry := range sr.Entries { |
| 74 | + users = append(users, User{ |
| 75 | + CN: entry.GetAttributeValue("cn"), |
| 76 | + Mail: entry.GetAttributeValue("mail"), |
| 77 | + Username: entry.GetAttributeValue("sAMAccountName"), |
| 78 | + }) |
| 79 | + } |
| 80 | + |
| 81 | + return users, nil |
| 82 | +} |
0 commit comments