guichet/admin.go

package main

import (
	"strings"
	"fmt"
	"html/template"
	"net/http"
	"sort"

	"github.com/go-ldap/ldap/v3"
	"github.com/gorilla/mux"
)

func checkAdminLogin(w http.ResponseWriter, r *http.Request) *LoginStatus {
	login := checkLogin(w, r)
	if login == nil {
		return nil
	}

	can_admin := false
	for _, group := range login.UserEntry.GetAttributeValues("memberof") {
		if config.GroupCanAdmin != "" && group == config.GroupCanAdmin {
			can_admin = true
		}
	}

	if !can_admin {
		http.Redirect(w, r, "/", http.StatusFound)
		return nil
	}

	return login
}

type EntryList []*ldap.Entry

func (d EntryList) Len() int {
	return len(d)
}

func (d EntryList) Swap(i, j int) {
	d[i], d[j] = d[j], d[i]
}

func (d EntryList) Less(i, j int) bool {
	return d[i].DN < d[j].DN
}


type AdminUsersTplData struct {
	Login        *LoginStatus
	UserNameAttr string
	Users        EntryList
}

func handleAdminUsers(w http.ResponseWriter, r *http.Request) {
	templateAdminUsers := template.Must(template.ParseFiles("templates/layout.html", "templates/admin_users.html"))

	login := checkAdminLogin(w, r)
	if login == nil {
		return
	}

	searchRequest := ldap.NewSearchRequest(
		config.UserBaseDN,
		ldap.ScopeSingleLevel, ldap.NeverDerefAliases, 0, 0, false,
		fmt.Sprintf("(&(objectClass=organizationalPerson))"),
		[]string{config.UserNameAttr, "dn", "displayname", "givenname", "sn", "mail"},
		nil)

	sr, err := login.conn.Search(searchRequest)
	if err != nil {
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return
	}

	data := &AdminUsersTplData{
		Login:        login,
		UserNameAttr: config.UserNameAttr,
		Users:        EntryList(sr.Entries),
	}
	sort.Sort(data.Users)

	templateAdminUsers.Execute(w, data)
}

type AdminGroupsTplData struct {
	Login        *LoginStatus
	GroupNameAttr string
	Groups        EntryList
}

func handleAdminGroups(w http.ResponseWriter, r *http.Request) {
	templateAdminGroups := template.Must(template.ParseFiles("templates/layout.html", "templates/admin_groups.html"))

	login := checkAdminLogin(w, r)
	if login == nil {
		return
	}

	searchRequest := ldap.NewSearchRequest(
		config.GroupBaseDN,
		ldap.ScopeSingleLevel, ldap.NeverDerefAliases, 0, 0, false,
		fmt.Sprintf("(&(objectClass=groupOfNames))"),
		[]string{config.GroupNameAttr, "dn", "displayname"},
		nil)

	sr, err := login.conn.Search(searchRequest)
	if err != nil {
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return
	}

	data := &AdminGroupsTplData{
		Login:        login,
		GroupNameAttr: config.GroupNameAttr,
		Groups:        EntryList(sr.Entries),
	}
	sort.Sort(data.Groups)

	templateAdminGroups.Execute(w, data)
}

type AdminLDAPTplData struct {
	DN string

	Path []PathItem
	Children []Child
	Props map[string]*PropValues

	HasMembers bool
	Members []EntryName
	HasGroups bool
	Groups []EntryName

	Error string
	Success bool
}

type EntryName struct {
	DN string
	DisplayName string
}

type Child struct {
	DN string
	Identifier string
	DisplayName string
}

type PathItem struct {
	DN string
	Identifier string
	Active bool
}

type PropValues struct {
	Name string
	Values []string
	Editable bool
}

func handleAdminLDAP(w http.ResponseWriter, r *http.Request) {
	templateAdminLDAP := template.Must(template.ParseFiles("templates/layout.html", "templates/admin_ldap.html"))

	login := checkAdminLogin(w, r)
	if login == nil {
		return
	}

	dn := mux.Vars(r)["dn"]

	dError := ""
	dSuccess := false

	if r.Method == "POST" {
		r.ParseForm()
		action := strings.Join(r.Form["action"], "")
		if action == "modify" {
			attr := strings.Join(r.Form["attr"], "")
			values := strings.Split(strings.Join(r.Form["values"], ""), "\n")
			values_filtered := []string{}
			for _, v := range values {
				v2 := strings.TrimSpace(v)
				if v2 != "" {
					values_filtered = append(values_filtered, v2)
				}
			}

			if len(values_filtered) == 0 {
				dError = "Refusing to delete attribute."
			} else {
				modify_request := ldap.NewModifyRequest(dn, nil)
				modify_request.Replace(attr, values_filtered)

				err := login.conn.Modify(modify_request)
				if err != nil {
					dError = err.Error()
				} else {
					dSuccess = true
				}
			}
		} else if action == "add" {
			attr := strings.Join(r.Form["attr"], "")
			values := strings.Split(strings.Join(r.Form["values"], ""), "\n")
			values_filtered := []string{}
			for _, v := range values {
				v2 := strings.TrimSpace(v)
				if v2 != "" {
					values_filtered = append(values_filtered, v2)
				}
			}

			modify_request := ldap.NewModifyRequest(dn, nil)
			modify_request.Add(attr, values_filtered)

			err := login.conn.Modify(modify_request)
			if err != nil {
				dError = err.Error()
			} else {
				dSuccess = true
			}
		} else if action == "delete" {
			attr := strings.Join(r.Form["attr"], "")

			modify_request := ldap.NewModifyRequest(dn, nil)
			modify_request.Replace(attr, []string{})

			err := login.conn.Modify(modify_request)
			if err != nil {
				dError = err.Error()
			} else {
				dSuccess = true
			}
		} else if action == "delete-from-group" {
			group := strings.Join(r.Form["group"], "")
			modify_request := ldap.NewModifyRequest(group, nil)
			modify_request.Delete("member", []string{dn})

			err := login.conn.Modify(modify_request)
			if err != nil {
				dError = err.Error()
			} else {
				dSuccess = true
			}
		} else if action == "add-to-group" {
			group := strings.Join(r.Form["group"], "")
			modify_request := ldap.NewModifyRequest(group, nil)
			modify_request.Add("member", []string{dn})

			err := login.conn.Modify(modify_request)
			if err != nil {
				dError = err.Error()
			} else {
				dSuccess = true
			}
		} else if action == "delete-member" {
			member := strings.Join(r.Form["member"], "")
			modify_request := ldap.NewModifyRequest(dn, nil)
			modify_request.Delete("member", []string{member})

			err := login.conn.Modify(modify_request)
			if err != nil {
				dError = err.Error()
			} else {
				dSuccess = true
			}
		}
	}

	// Build path
	path := []PathItem{
		PathItem{
			DN: config.BaseDN,
			Identifier: config.BaseDN,
			Active: dn == config.BaseDN,
		},
	}

	len_base_dn := len(strings.Split(config.BaseDN, ","))
	dn_split := strings.Split(dn, ",")
	dn_last_attr := strings.Split(dn_split[0], "=")[0]
	for i := len_base_dn + 1; i <= len(dn_split); i++ {
		path = append(path, PathItem{
			DN: strings.Join(dn_split[len(dn_split)-i:len(dn_split)], ","),
			Identifier: dn_split[len(dn_split)-i],
			Active: i == len(dn_split),
		})
	}

	// Get object and parse it
	searchRequest := ldap.NewSearchRequest(
		dn,
		ldap.ScopeBaseObject, ldap.NeverDerefAliases, 0, 0, false,
		fmt.Sprintf("(objectclass=*)"),
		[]string{},
		nil)

	sr, err := login.conn.Search(searchRequest)
	if err != nil {
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return
	}

	if len(sr.Entries) != 1 {
		http.Error(w, fmt.Sprintf("%d objects found", len(sr.Entries)), http.StatusInternalServerError)
		return
	}

	object := sr.Entries[0]

	props := make(map[string]*PropValues)
	for _, attr := range object.Attributes {
		name_lower := strings.ToLower(attr.Name)
		if name_lower != dn_last_attr {
			if existing, ok := props[name_lower]; ok {
				existing.Values = append(existing.Values, attr.Values...)
			} else {
				editable := true
				for _, restricted := range []string{
					"creatorsname", "modifiersname", "createtimestamp",
					"modifytimestamp", "entryuuid",
				} {
					if strings.EqualFold(attr.Name, restricted) {
						editable = false
						break
					}
				}
				props[name_lower] = &PropValues{
					Name: attr.Name,
					Values: attr.Values,
					Editable: editable,
				}
			}
		}
	}

	members_dn := []string{}
	if mp, ok := props["member"]; ok {
		members_dn = mp.Values
		delete(props, "member")
	}

	members := []EntryName{}
	if len(members_dn) > 0 {
		mapDnToName := make(map[string]string)
		searchRequest = ldap.NewSearchRequest(
			config.UserBaseDN,
			ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
			fmt.Sprintf("(objectClass=organizationalPerson)"),
			[]string{"dn", "displayname"},
			nil)
		sr, err := login.conn.Search(searchRequest)
		if err != nil {
			http.Error(w, err.Error(), http.StatusInternalServerError)
			return
		}
		for _, ent := range sr.Entries {
			mapDnToName[ent.DN] = ent.GetAttributeValue("displayname")
		}
		for _, memdn := range members_dn {
			members = append(members, EntryName{
				DN: memdn,
				DisplayName: mapDnToName[memdn],
			})
		}
	}

	groups_dn := []string{}
	if gp, ok := props["memberof"]; ok {
		groups_dn = gp.Values
		delete(props, "memberof")
	}

	groups := []EntryName{}
	if len(groups_dn) > 0 {
		mapDnToName := make(map[string]string)
		searchRequest = ldap.NewSearchRequest(
			config.GroupBaseDN,
			ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
			fmt.Sprintf("(objectClass=groupOfNames)"),
			[]string{"dn", "displayname"},
			nil)
		sr, err := login.conn.Search(searchRequest)
		if err != nil {
			http.Error(w, err.Error(), http.StatusInternalServerError)
			return
		}
		for _, ent := range sr.Entries {
			mapDnToName[ent.DN] = ent.GetAttributeValue("displayname")
		}
		for _, grpdn := range groups_dn {
			groups = append(groups, EntryName{
				DN: grpdn,
				DisplayName: mapDnToName[grpdn],
			})
		}
	}

	// Get children
	searchRequest = ldap.NewSearchRequest(
		dn,
		ldap.ScopeSingleLevel, ldap.NeverDerefAliases, 0, 0, false,
		fmt.Sprintf("(objectclass=*)"),
		[]string{"dn", "displayname"},
		nil)

	sr, err = login.conn.Search(searchRequest)
	if err != nil {
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return
	}

	sort.Sort(EntryList(sr.Entries))

	children := []Child{}
	for _, item := range sr.Entries {
		children = append(children, Child{
			DN: item.DN,
			Identifier: strings.Split(item.DN, ",")[0],
			DisplayName: item.GetAttributeValue("displayname"),
		})
	}

	// Checkup objectclass
	objectClass := []string{}
	if val, ok := props["objectclass"]; ok {
		objectClass = val.Values
	}
	hasMembers, hasGroups := false, false
	for _, oc := range objectClass {
		if strings.EqualFold(oc, "organizationalperson") || strings.EqualFold(oc, "person") {
			hasGroups = true
		}
		if strings.EqualFold(oc, "groupOfNames") {
			hasMembers = true
		}
	}

	templateAdminLDAP.Execute(w, &AdminLDAPTplData{
		DN: dn,

		Path: path,
		Children: children,
		Props: props,

		HasMembers: len(members) > 0 || hasMembers,
		Members: members,
		HasGroups: len(groups) > 0 || hasGroups,
		Groups: groups,

		Error: dError,
		Success: dSuccess,
	})
}
User list 2020-02-09 17:28:42 +00:00			`package main`

			`import (`
LDAP modification form 2020-02-09 21:06:33 +00:00			`"strings"`
Uniformize templates 2020-02-09 18:56:01 +00:00			`"fmt"`
User list 2020-02-09 17:28:42 +00:00			`"html/template"`
			`"net/http"`
			`"sort"`

			`"github.com/go-ldap/ldap/v3"`
LDAP modification form 2020-02-09 21:06:33 +00:00			`"github.com/gorilla/mux"`
User list 2020-02-09 17:28:42 +00:00			`)`

			`func checkAdminLogin(w http.ResponseWriter, r http.Request) LoginStatus {`
			`login := checkLogin(w, r)`
			`if login == nil {`
			`return nil`
			`}`

			`can_admin := false`
			`for _, group := range login.UserEntry.GetAttributeValues("memberof") {`
			`if config.GroupCanAdmin != "" && group == config.GroupCanAdmin {`
			`can_admin = true`
			`}`
			`}`

			`if !can_admin {`
			`http.Redirect(w, r, "/", http.StatusFound)`
			`return nil`
			`}`

			`return login`
			`}`

LDAP modification form 2020-02-09 21:06:33 +00:00			`type EntryList []*ldap.Entry`

			`func (d EntryList) Len() int {`
			`return len(d)`
			`}`

			`func (d EntryList) Swap(i, j int) {`
			`d[i], d[j] = d[j], d[i]`
			`}`

			`func (d EntryList) Less(i, j int) bool {`
			`return d[i].DN < d[j].DN`
			`}`


User list 2020-02-09 17:28:42 +00:00			`type AdminUsersTplData struct {`
Uniformize templates 2020-02-09 18:56:01 +00:00			`Login *LoginStatus`
User list 2020-02-09 17:28:42 +00:00			`UserNameAttr string`
LDAP modification form 2020-02-09 21:06:33 +00:00			`Users EntryList`
User list 2020-02-09 17:28:42 +00:00			`}`

			`func handleAdminUsers(w http.ResponseWriter, r *http.Request) {`
			`templateAdminUsers := template.Must(template.ParseFiles("templates/layout.html", "templates/admin_users.html"))`

LDAP modification form 2020-02-09 21:06:33 +00:00			`login := checkAdminLogin(w, r)`
User list 2020-02-09 17:28:42 +00:00			`if login == nil {`
			`return`
			`}`

			`searchRequest := ldap.NewSearchRequest(`
			`config.UserBaseDN,`
			`ldap.ScopeSingleLevel, ldap.NeverDerefAliases, 0, 0, false,`
			`fmt.Sprintf("(&(objectClass=organizationalPerson))"),`
			`[]string{config.UserNameAttr, "dn", "displayname", "givenname", "sn", "mail"},`
			`nil)`

			`sr, err := login.conn.Search(searchRequest)`
			`if err != nil {`
			`http.Error(w, err.Error(), http.StatusInternalServerError)`
			`return`
			`}`

			`data := &AdminUsersTplData{`
Uniformize templates 2020-02-09 18:56:01 +00:00			`Login: login,`
User list 2020-02-09 17:28:42 +00:00			`UserNameAttr: config.UserNameAttr,`
LDAP modification form 2020-02-09 21:06:33 +00:00			`Users: EntryList(sr.Entries),`
User list 2020-02-09 17:28:42 +00:00			`}`
LDAP modification form 2020-02-09 21:06:33 +00:00			`sort.Sort(data.Users)`
User list 2020-02-09 17:28:42 +00:00
			`templateAdminUsers.Execute(w, data)`
			`}`

LDAP modification form 2020-02-09 21:06:33 +00:00			`type AdminGroupsTplData struct {`
			`Login *LoginStatus`
			`GroupNameAttr string`
			`Groups EntryList`
User list 2020-02-09 17:28:42 +00:00			`}`

LDAP modification form 2020-02-09 21:06:33 +00:00			`func handleAdminGroups(w http.ResponseWriter, r *http.Request) {`
			`templateAdminGroups := template.Must(template.ParseFiles("templates/layout.html", "templates/admin_groups.html"))`

			`login := checkAdminLogin(w, r)`
			`if login == nil {`
			`return`
			`}`

			`searchRequest := ldap.NewSearchRequest(`
			`config.GroupBaseDN,`
			`ldap.ScopeSingleLevel, ldap.NeverDerefAliases, 0, 0, false,`
			`fmt.Sprintf("(&(objectClass=groupOfNames))"),`
			`[]string{config.GroupNameAttr, "dn", "displayname"},`
			`nil)`

			`sr, err := login.conn.Search(searchRequest)`
			`if err != nil {`
			`http.Error(w, err.Error(), http.StatusInternalServerError)`
			`return`
			`}`

			`data := &AdminGroupsTplData{`
			`Login: login,`
			`GroupNameAttr: config.GroupNameAttr,`
			`Groups: EntryList(sr.Entries),`
			`}`
			`sort.Sort(data.Groups)`

			`templateAdminGroups.Execute(w, data)`
User list 2020-02-09 17:28:42 +00:00			`}`

LDAP modification form 2020-02-09 21:06:33 +00:00			`type AdminLDAPTplData struct {`
			`DN string`
Also show groups/members when none are present for some object classes 2020-02-09 21:43:24 +00:00
			`Path []PathItem`
			`Children []Child`
			`Props map[string]*PropValues`

			`HasMembers bool`
Add/remove from groups 2020-02-09 21:32:59 +00:00			`Members []EntryName`
Also show groups/members when none are present for some object classes 2020-02-09 21:43:24 +00:00			`HasGroups bool`
Add/remove from groups 2020-02-09 21:32:59 +00:00			`Groups []EntryName`

			`Error string`
			`Success bool`
			`}`

			`type EntryName struct {`
			`DN string`
			`DisplayName string`
LDAP modification form 2020-02-09 21:06:33 +00:00			`}`

			`type Child struct {`
			`DN string`
			`Identifier string`
			`DisplayName string`
			`}`

			`type PathItem struct {`
			`DN string`
			`Identifier string`
			`Active bool`
			`}`

			`type PropValues struct {`
Also show groups/members when none are present for some object classes 2020-02-09 21:43:24 +00:00			`Name string`
LDAP modification form 2020-02-09 21:06:33 +00:00			`Values []string`
			`Editable bool`
			`}`

			`func handleAdminLDAP(w http.ResponseWriter, r *http.Request) {`
			`templateAdminLDAP := template.Must(template.ParseFiles("templates/layout.html", "templates/admin_ldap.html"))`

			`login := checkAdminLogin(w, r)`
			`if login == nil {`
			`return`
			`}`

			`dn := mux.Vars(r)["dn"]`

Add/remove from groups 2020-02-09 21:32:59 +00:00			`dError := ""`
			`dSuccess := false`
LDAP modification form 2020-02-09 21:06:33 +00:00
			`if r.Method == "POST" {`
			`r.ParseForm()`
			`action := strings.Join(r.Form["action"], "")`
			`if action == "modify" {`
			`attr := strings.Join(r.Form["attr"], "")`
			`values := strings.Split(strings.Join(r.Form["values"], ""), "\n")`
			`values_filtered := []string{}`
			`for _, v := range values {`
			`v2 := strings.TrimSpace(v)`
			`if v2 != "" {`
			`values_filtered = append(values_filtered, v2)`
			`}`
			`}`

			`if len(values_filtered) == 0 {`
Add/remove from groups 2020-02-09 21:32:59 +00:00			`dError = "Refusing to delete attribute."`
LDAP modification form 2020-02-09 21:06:33 +00:00			`} else {`
			`modify_request := ldap.NewModifyRequest(dn, nil)`
			`modify_request.Replace(attr, values_filtered)`

			`err := login.conn.Modify(modify_request)`
			`if err != nil {`
Add/remove from groups 2020-02-09 21:32:59 +00:00			`dError = err.Error()`
LDAP modification form 2020-02-09 21:06:33 +00:00			`} else {`
Add/remove from groups 2020-02-09 21:32:59 +00:00			`dSuccess = true`
LDAP modification form 2020-02-09 21:06:33 +00:00			`}`
			`}`
			`} else if action == "add" {`
			`attr := strings.Join(r.Form["attr"], "")`
			`values := strings.Split(strings.Join(r.Form["values"], ""), "\n")`
			`values_filtered := []string{}`
			`for _, v := range values {`
			`v2 := strings.TrimSpace(v)`
			`if v2 != "" {`
			`values_filtered = append(values_filtered, v2)`
			`}`
			`}`

			`modify_request := ldap.NewModifyRequest(dn, nil)`
			`modify_request.Add(attr, values_filtered)`

			`err := login.conn.Modify(modify_request)`
			`if err != nil {`
Add/remove from groups 2020-02-09 21:32:59 +00:00			`dError = err.Error()`
			`} else {`
			`dSuccess = true`
LDAP modification form 2020-02-09 21:06:33 +00:00			`}`
			`} else if action == "delete" {`
			`attr := strings.Join(r.Form["attr"], "")`

			`modify_request := ldap.NewModifyRequest(dn, nil)`
			`modify_request.Replace(attr, []string{})`

			`err := login.conn.Modify(modify_request)`
			`if err != nil {`
Add/remove from groups 2020-02-09 21:32:59 +00:00			`dError = err.Error()`
			`} else {`
			`dSuccess = true`
			`}`
			`} else if action == "delete-from-group" {`
			`group := strings.Join(r.Form["group"], "")`
			`modify_request := ldap.NewModifyRequest(group, nil)`
			`modify_request.Delete("member", []string{dn})`

			`err := login.conn.Modify(modify_request)`
			`if err != nil {`
			`dError = err.Error()`
			`} else {`
			`dSuccess = true`
			`}`
			`} else if action == "add-to-group" {`
			`group := strings.Join(r.Form["group"], "")`
			`modify_request := ldap.NewModifyRequest(group, nil)`
			`modify_request.Add("member", []string{dn})`

			`err := login.conn.Modify(modify_request)`
			`if err != nil {`
			`dError = err.Error()`
			`} else {`
			`dSuccess = true`
			`}`
			`} else if action == "delete-member" {`
			`member := strings.Join(r.Form["member"], "")`
			`modify_request := ldap.NewModifyRequest(dn, nil)`
			`modify_request.Delete("member", []string{member})`

			`err := login.conn.Modify(modify_request)`
			`if err != nil {`
			`dError = err.Error()`
			`} else {`
			`dSuccess = true`
LDAP modification form 2020-02-09 21:06:33 +00:00			`}`
			`}`
			`}`

			`// Build path`
			`path := []PathItem{`
			`PathItem{`
			`DN: config.BaseDN,`
			`Identifier: config.BaseDN,`
			`Active: dn == config.BaseDN,`
			`},`
			`}`

			`len_base_dn := len(strings.Split(config.BaseDN, ","))`
			`dn_split := strings.Split(dn, ",")`
			`dn_last_attr := strings.Split(dn_split[0], "=")[0]`
			`for i := len_base_dn + 1; i <= len(dn_split); i++ {`
			`path = append(path, PathItem{`
			`DN: strings.Join(dn_split[len(dn_split)-i:len(dn_split)], ","),`
			`Identifier: dn_split[len(dn_split)-i],`
			`Active: i == len(dn_split),`
			`})`
			`}`

			`// Get object and parse it`
			`searchRequest := ldap.NewSearchRequest(`
			`dn,`
			`ldap.ScopeBaseObject, ldap.NeverDerefAliases, 0, 0, false,`
			`fmt.Sprintf("(objectclass=*)"),`
			`[]string{},`
			`nil)`

			`sr, err := login.conn.Search(searchRequest)`
			`if err != nil {`
			`http.Error(w, err.Error(), http.StatusInternalServerError)`
			`return`
			`}`

			`if len(sr.Entries) != 1 {`
			`http.Error(w, fmt.Sprintf("%d objects found", len(sr.Entries)), http.StatusInternalServerError)`
			`return`
			`}`

			`object := sr.Entries[0]`

			`props := make(map[string]*PropValues)`
			`for _, attr := range object.Attributes {`
Also show groups/members when none are present for some object classes 2020-02-09 21:43:24 +00:00			`name_lower := strings.ToLower(attr.Name)`
			`if name_lower != dn_last_attr {`
			`if existing, ok := props[name_lower]; ok {`
LDAP modification form 2020-02-09 21:06:33 +00:00			`existing.Values = append(existing.Values, attr.Values...)`
			`} else {`
			`editable := true`
			`for _, restricted := range []string{`
			`"creatorsname", "modifiersname", "createtimestamp",`
			`"modifytimestamp", "entryuuid",`
			`} {`
			`if strings.EqualFold(attr.Name, restricted) {`
			`editable = false`
			`break`
			`}`
			`}`
Also show groups/members when none are present for some object classes 2020-02-09 21:43:24 +00:00			`props[name_lower] = &PropValues{`
			`Name: attr.Name,`
LDAP modification form 2020-02-09 21:06:33 +00:00			`Values: attr.Values,`
			`Editable: editable,`
			`}`
			`}`
			`}`
			`}`

Add/remove from groups 2020-02-09 21:32:59 +00:00			`members_dn := []string{}`
LDAP modification form 2020-02-09 21:06:33 +00:00			`if mp, ok := props["member"]; ok {`
Add/remove from groups 2020-02-09 21:32:59 +00:00			`members_dn = mp.Values`
LDAP modification form 2020-02-09 21:06:33 +00:00			`delete(props, "member")`
			`}`
Add/remove from groups 2020-02-09 21:32:59 +00:00
			`members := []EntryName{}`
			`if len(members_dn) > 0 {`
			`mapDnToName := make(map[string]string)`
			`searchRequest = ldap.NewSearchRequest(`
			`config.UserBaseDN,`
			`ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,`
			`fmt.Sprintf("(objectClass=organizationalPerson)"),`
			`[]string{"dn", "displayname"},`
			`nil)`
			`sr, err := login.conn.Search(searchRequest)`
			`if err != nil {`
			`http.Error(w, err.Error(), http.StatusInternalServerError)`
			`return`
			`}`
			`for _, ent := range sr.Entries {`
			`mapDnToName[ent.DN] = ent.GetAttributeValue("displayname")`
			`}`
			`for _, memdn := range members_dn {`
			`members = append(members, EntryName{`
			`DN: memdn,`
			`DisplayName: mapDnToName[memdn],`
			`})`
			`}`
			`}`

			`groups_dn := []string{}`
LDAP modification form 2020-02-09 21:06:33 +00:00			`if gp, ok := props["memberof"]; ok {`
Add/remove from groups 2020-02-09 21:32:59 +00:00			`groups_dn = gp.Values`
LDAP modification form 2020-02-09 21:06:33 +00:00			`delete(props, "memberof")`
			`}`

Add/remove from groups 2020-02-09 21:32:59 +00:00			`groups := []EntryName{}`
			`if len(groups_dn) > 0 {`
			`mapDnToName := make(map[string]string)`
			`searchRequest = ldap.NewSearchRequest(`
			`config.GroupBaseDN,`
			`ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,`
			`fmt.Sprintf("(objectClass=groupOfNames)"),`
			`[]string{"dn", "displayname"},`
			`nil)`
			`sr, err := login.conn.Search(searchRequest)`
			`if err != nil {`
			`http.Error(w, err.Error(), http.StatusInternalServerError)`
			`return`
			`}`
			`for _, ent := range sr.Entries {`
			`mapDnToName[ent.DN] = ent.GetAttributeValue("displayname")`
			`}`
			`for _, grpdn := range groups_dn {`
			`groups = append(groups, EntryName{`
			`DN: grpdn,`
			`DisplayName: mapDnToName[grpdn],`
			`})`
			`}`
			`}`

LDAP modification form 2020-02-09 21:06:33 +00:00			`// Get children`
			`searchRequest = ldap.NewSearchRequest(`
			`dn,`
			`ldap.ScopeSingleLevel, ldap.NeverDerefAliases, 0, 0, false,`
			`fmt.Sprintf("(objectclass=*)"),`
			`[]string{"dn", "displayname"},`
			`nil)`

			`sr, err = login.conn.Search(searchRequest)`
			`if err != nil {`
			`http.Error(w, err.Error(), http.StatusInternalServerError)`
			`return`
			`}`

			`sort.Sort(EntryList(sr.Entries))`

			`children := []Child{}`
			`for _, item := range sr.Entries {`
			`children = append(children, Child{`
			`DN: item.DN,`
			`Identifier: strings.Split(item.DN, ",")[0],`
			`DisplayName: item.GetAttributeValue("displayname"),`
			`})`
			`}`

Also show groups/members when none are present for some object classes 2020-02-09 21:43:24 +00:00			`// Checkup objectclass`
			`objectClass := []string{}`
			`if val, ok := props["objectclass"]; ok {`
			`objectClass = val.Values`
			`}`
			`hasMembers, hasGroups := false, false`
			`for _, oc := range objectClass {`
			`if strings.EqualFold(oc, "organizationalperson") \|\| strings.EqualFold(oc, "person") {`
			`hasGroups = true`
			`}`
			`if strings.EqualFold(oc, "groupOfNames") {`
			`hasMembers = true`
			`}`
			`}`

LDAP modification form 2020-02-09 21:06:33 +00:00			`templateAdminLDAP.Execute(w, &AdminLDAPTplData{`
			`DN: dn,`
Also show groups/members when none are present for some object classes 2020-02-09 21:43:24 +00:00
			`Path: path,`
			`Children: children,`
			`Props: props,`

			`HasMembers: len(members) > 0 \|\| hasMembers,`
LDAP modification form 2020-02-09 21:06:33 +00:00			`Members: members,`
Also show groups/members when none are present for some object classes 2020-02-09 21:43:24 +00:00			`HasGroups: len(groups) > 0 \|\| hasGroups,`
LDAP modification form 2020-02-09 21:06:33 +00:00			`Groups: groups,`
Also show groups/members when none are present for some object classes 2020-02-09 21:43:24 +00:00
Add/remove from groups 2020-02-09 21:32:59 +00:00			`Error: dError,`
			`Success: dSuccess,`
LDAP modification form 2020-02-09 21:06:33 +00:00			`})`
User list 2020-02-09 17:28:42 +00:00			`}`