Commit graph

55 commits

Author SHA1 Message Date
Simon Beck
f05e41c9aa Improve password hash handling
This adds support for more hash algorithms. Also a stored password will
be updated to SSHA512 upon a successful bind. It will also automatically
hash a cleartext password if the `userpassword` field is modified with
a cleartext one.

Hashes supported:
* SSHA
* SSHA256
* SSHA512
2022-02-10 20:51:01 +01:00
2707dd77c5
Use vendored goldap 2021-09-16 13:46:18 +02:00
MrArmonius
9a8c19ec0f Bottin's Test V2.0 with Framework Testing
V2 the test end-to-end,
Tests made similar to V1.0,

Add the possibility to pararellize the tests,
Create an environnement for easy integration of news test,
2021-07-19 18:57:40 +02:00
MrArmonius
a98556d5c1 Test End-to-end V1.0, testing Bottin's behavior
Tests wrote in golang without framework Testing on the Bottin's behavior

Tests made:
- crated random Users and Group - LDAP ADD
- check the match between Consul's data and Test's data- LDAP
  Search
- modify attributes and check them -
  LDAP Modify
2021-07-19 18:56:47 +02:00
99d8955ab3 Refactor & add case normalization logic to putAttributes 2021-03-09 19:00:45 +01:00
1a20a64eff Refactoring 2021-03-09 18:30:59 +01:00
dc3fd4df65 Use consul's stale reads by default 2021-03-09 18:24:30 +01:00
e4b5c67be0 Style changes 2020-11-13 12:55:32 +01:00
825aa77089 Hopefully, fix most case-sensitivity issues
- DNs are always used in canonical form: lowercase, no spaces. This is
  how they are internally handled and stored in paths and fields such as
  member and memberof
- Attribute names now can have any combination of lower/uppercase and
  stuff should work
- When modifying an attribute with a name that hase a different
  lower/upper combination than the previously stored value, keep the
  previous attribute name
- Trim spaces from values and do not store empty values
2020-02-15 12:07:31 +01:00
afcad41e85 Use lowercase attributes objectclass and structuralobjectclass 2020-02-14 21:26:43 +01:00
fd6a555216 Ensure objects have an objectclass property 2020-02-14 21:23:01 +01:00
13d8cf028a Add a function to resync member/memberOf values over the database 2020-02-13 14:41:49 +01:00
6f893138a3 Make getAttribute return an empty array instead of nil when key not found 2020-02-13 14:41:49 +01:00
8ca2d39971 Optimize some kv.List requests to not list all children 2020-02-12 15:14:58 +01:00
e52a1f74a3 Handle search attribute * 2020-02-11 23:20:33 +01:00
8e819b7d5c Modify initial administrator account to include displayname attribute 2020-02-10 11:37:39 +01:00
f32c272db2 Merge branch 'gomod' of Deuxfleurs/bottin into master 2020-02-02 15:01:35 +01:00
a6faceb559
Import upstream lor00x/goldap reposity 2020-02-02 14:47:16 +01:00
3644fdfe61
Rename go module to bottin 2020-02-02 14:32:37 +01:00
0c801e02d5 Remove spaces between dn components, use warnings when necessary 2020-02-02 13:53:29 +01:00
e9e7a4cb4b Update README with accurate info on how to build Bottin 2020-02-02 12:34:52 +01:00
0274ab0038
Implements go modules
Following errors compiling with go 1.13
See https://blog.golang.org/migrating-to-go-modules for details.
2020-02-02 12:10:02 +01:00
da2c37bb95 Better logging 2020-02-01 15:05:44 +01:00
c3bfcdf9a1 Fix password comparison 2020-02-01 11:32:50 +01:00
2f9ad411c7 Fix missing newline after TLS warning 2020-02-01 11:00:09 +01:00
7962e7b262 Rebrand to Bottin (with Superboum's benediction) 2020-01-31 22:15:40 +01:00
e1f5c31402 More logs 2020-01-28 00:52:30 +01:00
3edaad9317 Use better randomness 2020-01-27 17:01:32 +01:00
e7ded9d6b5 Fix slice bounds 2020-01-27 16:39:08 +01:00
dce432426e Allow for both TLS and non-TLS connections 2020-01-27 16:32:39 +01:00
66c6479770 Implement TLS mechanisms correctly, I hope 2020-01-27 16:08:35 +01:00
8a605f44b0 Don't do stupid things like use a dn as a pattern
Also add metadata fields in objects created on initialization
2020-01-26 23:12:00 +01:00
f8c726dcda Fix missing procedure for delete membership & "better" failure handling
After an object has been updated, membership information must be
propagated to other object. Such operations may fail when calling consul
but if they do we don't return fail immediatly returning an error code
any more.  Instead we just print all the errors to our logs and try to
process the remaining updates.
2020-01-26 22:22:38 +01:00
b27eb45239 Split off read and write functions in separate files 2020-01-26 22:08:27 +01:00
97f5effe55 More serious schema enforcement 2020-01-26 21:22:51 +01:00
8e4537d2ef Fixes 2020-01-26 21:03:18 +01:00
94eafa2a9b Less logs but better logs 2020-01-26 19:47:38 +01:00
c1f0247586 Externalize config 2020-01-26 19:27:17 +01:00
611d182907 Add anyread to admins in example acl because don't be ridiculous 2020-01-26 18:59:28 +01:00
82402749e6 First ACL implementation 2020-01-26 18:42:04 +01:00
2ad9bce75c Apply gofmt & minor refactoring 2020-01-26 17:45:04 +01:00
a7ccdad378 Fix handling of empty set of values as absence of the key 2020-01-20 09:11:30 +01:00
3b793c90a0 Add TODO list 2020-01-19 22:30:51 +01:00
c7534dd06b Forbid "/" in DN 2020-01-19 22:27:54 +01:00
7e4079b3d8 Implement Modify 2020-01-19 22:21:05 +01:00
f9cb0552be Handle LDAP Compare and Delete requests 2020-01-19 21:48:14 +01:00
3decb94271 Basic code cleanup 2020-01-19 21:26:44 +01:00
19854a1ef4 Use correct return code for unimplemented filters 2020-01-19 19:51:01 +01:00
5ae18daff7 Better DN suffix validation 2020-01-19 19:19:34 +01:00
b238a6eb0e Implement add with group membership 2020-01-19 19:10:38 +01:00