guichet/admin.go

1102 lines
29 KiB
Go
Raw Normal View History

2020-02-09 17:28:42 +00:00
package main
import (
2020-02-09 18:56:01 +00:00
"fmt"
2023-07-21 13:20:50 +00:00
"log"
2020-02-09 17:28:42 +00:00
"net/http"
2020-02-09 22:04:37 +00:00
"regexp"
2020-02-09 17:28:42 +00:00
"sort"
2020-02-09 22:04:37 +00:00
"strings"
2023-07-20 09:20:46 +00:00
2020-02-09 17:28:42 +00:00
"github.com/go-ldap/ldap/v3"
2020-02-09 21:06:33 +00:00
"github.com/gorilla/mux"
2020-02-09 17:28:42 +00:00
)
func checkAdminLogin(w http.ResponseWriter, r *http.Request) *LoginStatus {
login := checkLogin(w, r)
if login == nil {
return nil
}
2020-02-11 23:13:24 +00:00
if !login.CanAdmin {
http.Error(w, "Not authorized to perform administrative operations.", http.StatusUnauthorized)
2020-02-09 17:28:42 +00:00
return nil
}
return login
}
2020-02-09 21:06:33 +00:00
type EntryList []*ldap.Entry
func (d EntryList) Len() int {
return len(d)
}
func (d EntryList) Swap(i, j int) {
d[i], d[j] = d[j], d[i]
}
func (d EntryList) Less(i, j int) bool {
return d[i].DN < d[j].DN
}
2020-02-09 17:28:42 +00:00
type AdminUsersTplData struct {
2020-02-09 18:56:01 +00:00
Login *LoginStatus
2020-02-09 17:28:42 +00:00
UserNameAttr string
2020-02-10 08:44:18 +00:00
UserBaseDN string
2020-02-09 21:06:33 +00:00
Users EntryList
2020-02-09 17:28:42 +00:00
}
2023-07-21 04:51:56 +00:00
func handleAdminActivateUsers(w http.ResponseWriter, r *http.Request) {
templateAdminActivateUsers := getTemplate("admin_activate.html")
login := checkAdminLogin(w, r)
if login == nil {
return
}
2023-07-21 05:24:42 +00:00
2023-07-21 04:51:56 +00:00
searchRequest := ldap.NewSearchRequest(
config.InvitationBaseDN,
2023-07-21 13:28:30 +00:00
ldap.ScopeSingleLevel,
ldap.NeverDerefAliases,
0,
0,
false,
2023-07-21 04:51:56 +00:00
fmt.Sprintf("(&(objectClass=organizationalPerson))"),
2023-07-21 13:28:30 +00:00
[]string{"cn", "displayName", "givenName", "sn", "mail", "uid"},
2023-07-21 04:51:56 +00:00
nil)
sr, err := login.conn.Search(searchRequest)
if err != nil {
2023-07-21 13:28:30 +00:00
log.Printf(fmt.Sprintf("65: %v %v", err, searchRequest))
log.Printf(fmt.Sprintf("65: %v %v", login, login.conn))
2023-07-21 04:51:56 +00:00
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
data := &AdminUsersTplData{
Login: login,
UserNameAttr: config.UserNameAttr,
UserBaseDN: config.UserBaseDN,
Users: EntryList(sr.Entries),
}
templateAdminActivateUsers.Execute(w, data)
2023-07-21 05:24:42 +00:00
}
func handleAdminActivateUser(w http.ResponseWriter, r *http.Request) {
cn := mux.Vars(r)["cn"]
login := checkAdminLogin(w, r)
if login == nil {
return
}
modifyRequest := *ldap.NewModifyDNRequest("cn="+cn+","+config.InvitationBaseDN, "cn="+cn, true, config.UserBaseDN)
err := login.conn.ModifyDN(&modifyRequest)
if err != nil {
return
}
2023-07-21 06:33:13 +00:00
http.Redirect(w, r, "/admin/activate", http.StatusFound)
2023-07-21 04:51:56 +00:00
}
2023-07-21 05:38:12 +00:00
func handleAdminUnactivateUser(w http.ResponseWriter, r *http.Request) {
cn := mux.Vars(r)["cn"]
login := checkAdminLogin(w, r)
if login == nil {
return
}
modifyRequest := *ldap.NewModifyDNRequest("cn="+cn+","+config.UserBaseDN, "cn="+cn, true, config.InvitationBaseDN)
err := login.conn.ModifyDN(&modifyRequest)
if err != nil {
return
}
2023-07-21 06:33:13 +00:00
http.Redirect(w, r, "/admin/users", http.StatusFound)
2023-07-21 05:38:12 +00:00
}
2020-02-09 17:28:42 +00:00
func handleAdminUsers(w http.ResponseWriter, r *http.Request) {
2022-12-01 22:05:59 +00:00
templateAdminUsers := getTemplate("admin_users.html")
2020-02-09 17:28:42 +00:00
2020-02-09 21:06:33 +00:00
login := checkAdminLogin(w, r)
2020-02-09 17:28:42 +00:00
if login == nil {
return
}
searchRequest := ldap.NewSearchRequest(
config.UserBaseDN,
ldap.ScopeSingleLevel, ldap.NeverDerefAliases, 0, 0, false,
fmt.Sprintf("(&(objectClass=organizationalPerson))"),
2023-07-20 08:22:41 +00:00
[]string{config.UserNameAttr, "dn", "displayName", "givenName", "sn", "mail", "uid", "cn"},
2020-02-09 17:28:42 +00:00
nil)
sr, err := login.conn.Search(searchRequest)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
data := &AdminUsersTplData{
2020-02-09 18:56:01 +00:00
Login: login,
2020-02-09 17:28:42 +00:00
UserNameAttr: config.UserNameAttr,
2020-02-10 14:26:02 +00:00
UserBaseDN: config.UserBaseDN,
2020-02-09 21:06:33 +00:00
Users: EntryList(sr.Entries),
2020-02-09 17:28:42 +00:00
}
2020-02-09 21:06:33 +00:00
sort.Sort(data.Users)
2020-02-09 17:28:42 +00:00
2023-07-20 10:22:09 +00:00
// addNewUser(NewUser{
// DN: "cn=newuser@lesgv.com,ou=newusers,dc=resdigita,dc=org",
// CN: "newuser@lesgv.com",
// GivenName: "New",
// SN: "User",
// DisplayName: "New User",
// Mail: "newuser@lesgv.com",
// }, config, login)
2023-07-20 09:20:46 +00:00
2020-02-09 17:28:42 +00:00
templateAdminUsers.Execute(w, data)
}
2020-02-09 21:06:33 +00:00
type AdminGroupsTplData struct {
2020-02-09 22:04:37 +00:00
Login *LoginStatus
2020-02-09 21:06:33 +00:00
GroupNameAttr string
2020-02-10 08:44:18 +00:00
GroupBaseDN string
2020-02-09 21:06:33 +00:00
Groups EntryList
2020-02-09 17:28:42 +00:00
}
2020-02-09 21:06:33 +00:00
func handleAdminGroups(w http.ResponseWriter, r *http.Request) {
2022-12-01 22:05:59 +00:00
templateAdminGroups := getTemplate("admin_groups.html")
2020-02-09 21:06:33 +00:00
login := checkAdminLogin(w, r)
if login == nil {
return
}
searchRequest := ldap.NewSearchRequest(
config.GroupBaseDN,
ldap.ScopeSingleLevel, ldap.NeverDerefAliases, 0, 0, false,
fmt.Sprintf("(&(objectClass=groupOfNames))"),
[]string{config.GroupNameAttr, "dn", "description"},
2020-02-09 21:06:33 +00:00
nil)
sr, err := login.conn.Search(searchRequest)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
data := &AdminGroupsTplData{
2020-02-09 22:04:37 +00:00
Login: login,
2020-02-09 21:06:33 +00:00
GroupNameAttr: config.GroupNameAttr,
2020-02-10 14:26:02 +00:00
GroupBaseDN: config.GroupBaseDN,
2020-02-09 21:06:33 +00:00
Groups: EntryList(sr.Entries),
}
sort.Sort(data.Groups)
templateAdminGroups.Execute(w, data)
2020-02-09 17:28:42 +00:00
}
type AdminMailingTplData struct {
Login *LoginStatus
MailingNameAttr string
MailingBaseDN string
MailingLists EntryList
}
func handleAdminMailing(w http.ResponseWriter, r *http.Request) {
templateAdminMailing := getTemplate("admin_mailing.html")
login := checkAdminLogin(w, r)
if login == nil {
return
}
searchRequest := ldap.NewSearchRequest(
config.MailingBaseDN,
ldap.ScopeSingleLevel, ldap.NeverDerefAliases, 0, 0, false,
fmt.Sprintf("(&(objectClass=groupOfNames))"),
[]string{config.MailingNameAttr, "dn", "description"},
nil)
sr, err := login.conn.Search(searchRequest)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
data := &AdminMailingTplData{
Login: login,
MailingNameAttr: config.MailingNameAttr,
MailingBaseDN: config.MailingBaseDN,
MailingLists: EntryList(sr.Entries),
}
sort.Sort(data.MailingLists)
templateAdminMailing.Execute(w, data)
}
type AdminMailingListTplData struct {
Login *LoginStatus
MailingNameAttr string
MailingBaseDN string
MailingList *ldap.Entry
Members EntryList
PossibleNewMembers EntryList
AllowGuest bool
Error string
Success bool
}
func handleAdminMailingList(w http.ResponseWriter, r *http.Request) {
templateAdminMailingList := getTemplate("admin_mailing_list.html")
login := checkAdminLogin(w, r)
if login == nil {
return
}
id := mux.Vars(r)["id"]
dn := fmt.Sprintf("%s=%s,%s", config.MailingNameAttr, id, config.MailingBaseDN)
// handle modifications
dError := ""
dSuccess := false
if r.Method == "POST" {
r.ParseForm()
action := strings.Join(r.Form["action"], "")
if action == "add-member" {
member := strings.Join(r.Form["member"], "")
modify_request := ldap.NewModifyRequest(dn, nil)
modify_request.Add("member", []string{member})
err := login.conn.Modify(modify_request)
2023-07-20 09:20:46 +00:00
// log.Printf(fmt.Sprintf("198: %v",modify_request))
if err != nil {
dError = err.Error()
} else {
dSuccess = true
}
} else if action == "add-external" {
mail := strings.Join(r.Form["mail"], "")
2023-07-17 08:19:01 +00:00
sn := strings.Join(r.Form["sn"], "")
givenname := strings.Join(r.Form["givenname"], "")
member := strings.Join(r.Form["member"], "")
displayname := strings.Join(r.Form["displayname"], "")
searchRequest := ldap.NewSearchRequest(
config.UserBaseDN,
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
fmt.Sprintf("(&(objectClass=organizationalPerson)(mail=%s))", mail),
[]string{"dn", "displayname", "mail"},
nil)
sr, err := login.conn.Search(searchRequest)
if err != nil {
dError = err.Error()
} else {
if len(sr.Entries) == 0 {
if config.MailingGuestsBaseDN != "" {
guestDn := fmt.Sprintf("%s=%s,%s", config.UserNameAttr, mail, config.MailingGuestsBaseDN)
req := ldap.NewAddRequest(guestDn, nil)
2023-07-17 08:19:01 +00:00
//req.Attribute("objectclass", []string{"inetOrgPerson", "organizationalPerson", "person", "top"})
req.Attribute("objectclass", []string{"inetOrgPerson"})
2023-07-20 09:20:46 +00:00
req.Attribute("mail", []string{fmt.Sprintf("%s", mail)})
2023-07-17 08:19:01 +00:00
if givenname != "" {
req.Attribute("givenname", []string{givenname})
}
if member != "" {
req.Attribute("member", []string{member})
}
if displayname != "" {
req.Attribute("displayname", []string{displayname})
}
2023-07-17 08:19:01 +00:00
if sn != "" {
req.Attribute("sn", []string{sn})
}
2023-07-20 09:20:46 +00:00
// log.Printf(fmt.Sprintf("226: %v",req))
err := login.conn.Add(req)
if err != nil {
dError = err.Error()
} else {
modify_request := ldap.NewModifyRequest(dn, nil)
modify_request.Add("member", []string{guestDn})
err := login.conn.Modify(modify_request)
2023-07-20 09:20:46 +00:00
// log.Printf(fmt.Sprintf("249: %v",modify_request))
if err != nil {
dError = err.Error()
} else {
dSuccess = true
}
}
} else {
dError = "Adding guest users not supported, the user must already have an LDAP account."
}
} else if len(sr.Entries) == 1 {
modify_request := ldap.NewModifyRequest(dn, nil)
modify_request.Add("member", []string{sr.Entries[0].DN})
err := login.conn.Modify(modify_request)
2023-07-20 09:20:46 +00:00
// log.Printf(fmt.Sprintf("264: %v",modify_request))
if err != nil {
dError = err.Error()
} else {
dSuccess = true
}
} else {
dError = fmt.Sprintf("Multiple users exist with email address %s", mail)
}
}
} else if action == "delete-member" {
member := strings.Join(r.Form["member"], "")
modify_request := ldap.NewModifyRequest(dn, nil)
modify_request.Delete("member", []string{member})
err := login.conn.Modify(modify_request)
2023-07-20 09:20:46 +00:00
// log.Printf(fmt.Sprintf("280: %v",modify_request))
if err != nil {
dError = err.Error()
} else {
dSuccess = true
}
}
}
// Retrieve mailing list
searchRequest := ldap.NewSearchRequest(
dn,
ldap.ScopeBaseObject, ldap.NeverDerefAliases, 0, 0, false,
fmt.Sprintf("(objectclass=groupOfNames)"),
[]string{"dn", config.MailingNameAttr, "member", "description"},
nil)
sr, err := login.conn.Search(searchRequest)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
if len(sr.Entries) != 1 {
http.Error(w, fmt.Sprintf("Object not found: %s", dn), http.StatusNotFound)
return
}
ml := sr.Entries[0]
memberDns := make(map[string]bool)
for _, attr := range ml.Attributes {
if attr.Name == "member" {
for _, v := range attr.Values {
memberDns[v] = true
}
}
}
// Retrieve list of current and possible new members
members := []*ldap.Entry{}
possibleNewMembers := []*ldap.Entry{}
searchRequest = ldap.NewSearchRequest(
config.UserBaseDN,
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
fmt.Sprintf("(objectClass=organizationalPerson)"),
[]string{"dn", "displayname", "mail"},
nil)
sr, err = login.conn.Search(searchRequest)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
for _, ent := range sr.Entries {
if _, ok := memberDns[ent.DN]; ok {
members = append(members, ent)
} else {
possibleNewMembers = append(possibleNewMembers, ent)
}
}
data := &AdminMailingListTplData{
Login: login,
MailingNameAttr: config.MailingNameAttr,
MailingBaseDN: config.MailingBaseDN,
MailingList: ml,
Members: members,
PossibleNewMembers: possibleNewMembers,
AllowGuest: config.MailingGuestsBaseDN != "",
Error: dError,
Success: dSuccess,
}
sort.Sort(data.Members)
sort.Sort(data.PossibleNewMembers)
templateAdminMailingList.Execute(w, data)
}
// ===================================================
// LDAP EXPLORER
// ===================================================
2020-02-09 21:06:33 +00:00
type AdminLDAPTplData struct {
DN string
Path []PathItem
ChildrenOU []Child
ChildrenOther []Child
CanAddChild bool
Props map[string]*PropValues
CanDelete bool
2021-08-16 10:53:35 +00:00
HasMembers bool
Members []EntryName
PossibleNewMembers []EntryName
HasGroups bool
Groups []EntryName
PossibleNewGroups []EntryName
2020-02-09 21:32:59 +00:00
ListMemGro map[string]string
2020-02-09 22:04:37 +00:00
Error string
2020-02-09 21:32:59 +00:00
Success bool
}
type EntryName struct {
DN string
Name string
2020-02-09 21:06:33 +00:00
}
type Child struct {
DN string
Identifier string
Name string
2020-02-09 21:06:33 +00:00
}
type PathItem struct {
2020-02-09 22:04:37 +00:00
DN string
2020-02-09 21:06:33 +00:00
Identifier string
2020-02-09 22:04:37 +00:00
Active bool
2020-02-09 21:06:33 +00:00
}
type PropValues struct {
2020-02-10 14:26:02 +00:00
Name string
Values []string
Editable bool
2020-02-10 08:54:33 +00:00
Deletable bool
2020-02-09 21:06:33 +00:00
}
func handleAdminLDAP(w http.ResponseWriter, r *http.Request) {
2022-12-01 22:05:59 +00:00
templateAdminLDAP := getTemplate("admin_ldap.html")
2020-02-09 21:06:33 +00:00
login := checkAdminLogin(w, r)
if login == nil {
return
}
dn := mux.Vars(r)["dn"]
2020-02-09 21:32:59 +00:00
dError := ""
dSuccess := false
2020-02-09 21:06:33 +00:00
2020-02-09 22:20:44 +00:00
// Build path
path := []PathItem{
PathItem{
DN: config.BaseDN,
Identifier: config.BaseDN,
Active: dn == config.BaseDN,
},
}
2023-07-17 15:23:03 +00:00
// log.Printf(fmt.Sprintf("434: %v",path))
2020-02-09 22:20:44 +00:00
len_base_dn := len(strings.Split(config.BaseDN, ","))
dn_split := strings.Split(dn, ",")
dn_last_attr := strings.Split(dn_split[0], "=")[0]
for i := len_base_dn + 1; i <= len(dn_split); i++ {
path = append(path, PathItem{
DN: strings.Join(dn_split[len(dn_split)-i:len(dn_split)], ","),
Identifier: dn_split[len(dn_split)-i],
Active: i == len(dn_split),
})
}
2023-07-17 15:23:03 +00:00
// log.Printf(fmt.Sprintf("446: %v",path))
2020-02-09 22:20:44 +00:00
// Handle modification operation
2020-02-09 21:06:33 +00:00
if r.Method == "POST" {
r.ParseForm()
action := strings.Join(r.Form["action"], "")
if action == "modify" {
attr := strings.Join(r.Form["attr"], "")
values := strings.Split(strings.Join(r.Form["values"], ""), "\n")
values_filtered := []string{}
for _, v := range values {
v2 := strings.TrimSpace(v)
if v2 != "" {
values_filtered = append(values_filtered, v2)
}
}
if len(values_filtered) == 0 {
2020-02-09 21:32:59 +00:00
dError = "Refusing to delete attribute."
2020-02-09 21:06:33 +00:00
} else {
modify_request := ldap.NewModifyRequest(dn, nil)
modify_request.Replace(attr, values_filtered)
err := login.conn.Modify(modify_request)
2023-07-20 09:20:46 +00:00
// log.Printf(fmt.Sprintf("468: %v",modify_request))
2020-02-09 21:06:33 +00:00
if err != nil {
2020-02-09 21:32:59 +00:00
dError = err.Error()
2020-02-09 21:06:33 +00:00
} else {
2020-02-09 21:32:59 +00:00
dSuccess = true
2020-02-09 21:06:33 +00:00
}
}
} else if action == "add" {
attr := strings.Join(r.Form["attr"], "")
values := strings.Split(strings.Join(r.Form["values"], ""), "\n")
values_filtered := []string{}
for _, v := range values {
v2 := strings.TrimSpace(v)
if v2 != "" {
values_filtered = append(values_filtered, v2)
}
}
modify_request := ldap.NewModifyRequest(dn, nil)
modify_request.Add(attr, values_filtered)
err := login.conn.Modify(modify_request)
2023-07-20 09:20:46 +00:00
// log.Printf(fmt.Sprintf("490: %v",modify_request))
2020-02-09 21:06:33 +00:00
if err != nil {
2020-02-09 21:32:59 +00:00
dError = err.Error()
} else {
dSuccess = true
2020-02-09 21:06:33 +00:00
}
} else if action == "delete" {
attr := strings.Join(r.Form["attr"], "")
modify_request := ldap.NewModifyRequest(dn, nil)
modify_request.Replace(attr, []string{})
err := login.conn.Modify(modify_request)
2023-07-20 09:20:46 +00:00
// log.Printf(fmt.Sprintf("503: %v",modify_request))
2020-02-09 21:06:33 +00:00
if err != nil {
2020-02-09 21:32:59 +00:00
dError = err.Error()
} else {
dSuccess = true
}
} else if action == "delete-from-group" {
group := strings.Join(r.Form["group"], "")
modify_request := ldap.NewModifyRequest(group, nil)
modify_request.Delete("member", []string{dn})
err := login.conn.Modify(modify_request)
2023-07-20 09:20:46 +00:00
// log.Printf(fmt.Sprintf("515: %v",modify_request))
2020-02-09 21:32:59 +00:00
if err != nil {
dError = err.Error()
} else {
dSuccess = true
}
} else if action == "add-to-group" {
group := strings.Join(r.Form["group"], "")
modify_request := ldap.NewModifyRequest(group, nil)
modify_request.Add("member", []string{dn})
err := login.conn.Modify(modify_request)
2023-07-20 09:20:46 +00:00
// log.Printf(fmt.Sprintf("527: %v",modify_request))
2020-02-09 21:32:59 +00:00
if err != nil {
dError = err.Error()
} else {
dSuccess = true
}
} else if action == "delete-member" {
member := strings.Join(r.Form["member"], "")
modify_request := ldap.NewModifyRequest(dn, nil)
modify_request.Delete("member", []string{member})
err := login.conn.Modify(modify_request)
2023-07-20 09:20:46 +00:00
// log.Printf(fmt.Sprintf("539: %v",modify_request))
2020-02-09 21:32:59 +00:00
if err != nil {
dError = err.Error()
} else {
dSuccess = true
2020-02-09 21:06:33 +00:00
}
2020-02-09 22:20:44 +00:00
} else if action == "delete-object" {
del_request := ldap.NewDelRequest(dn, nil)
err := login.conn.Del(del_request)
if err != nil {
dError = err.Error()
} else {
2020-02-10 14:26:02 +00:00
http.Redirect(w, r, "/admin/ldap/"+strings.Join(dn_split[1:], ","), http.StatusFound)
2020-02-09 22:20:44 +00:00
return
}
2020-02-09 21:06:33 +00:00
}
}
// Get object and parse it
searchRequest := ldap.NewSearchRequest(
dn,
ldap.ScopeBaseObject, ldap.NeverDerefAliases, 0, 0, false,
fmt.Sprintf("(objectclass=*)"),
[]string{},
nil)
sr, err := login.conn.Search(searchRequest)
2023-07-17 15:23:03 +00:00
// log.Printf(fmt.Sprintf("569: %v",searchRequest))
2020-02-09 21:06:33 +00:00
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
if len(sr.Entries) != 1 {
2020-02-10 14:26:02 +00:00
http.Error(w, fmt.Sprintf("Object not found: %s", dn), http.StatusNotFound)
2020-02-09 21:06:33 +00:00
return
}
object := sr.Entries[0]
2021-08-16 10:53:35 +00:00
// Read object properties and prepare appropriate form fields
2020-02-09 21:06:33 +00:00
props := make(map[string]*PropValues)
for _, attr := range object.Attributes {
name_lower := strings.ToLower(attr.Name)
if name_lower != dn_last_attr {
if existing, ok := props[name_lower]; ok {
2020-02-09 21:06:33 +00:00
existing.Values = append(existing.Values, attr.Values...)
} else {
editable := true
for _, restricted := range []string{
"creatorsname", "modifiersname", "createtimestamp",
"modifytimestamp", "entryuuid",
} {
if strings.EqualFold(attr.Name, restricted) {
editable = false
break
}
}
2020-02-10 08:54:33 +00:00
deletable := true
for _, restricted := range []string{"objectclass", "structuralobjectclass"} {
2020-02-10 08:54:33 +00:00
if strings.EqualFold(attr.Name, restricted) {
deletable = false
break
}
}
props[name_lower] = &PropValues{
2020-02-10 14:26:02 +00:00
Name: attr.Name,
Values: attr.Values,
Editable: editable,
2020-02-10 08:54:33 +00:00
Deletable: deletable,
2020-02-09 21:06:33 +00:00
}
}
}
}
2021-08-16 10:53:35 +00:00
// Check objectclass to determine object type
objectClass := []string{}
if val, ok := props["objectclass"]; ok {
objectClass = val.Values
}
hasMembers, hasGroups, isOrganization := false, false, false
for _, oc := range objectClass {
if strings.EqualFold(oc, "organizationalPerson") || strings.EqualFold(oc, "person") || strings.EqualFold(oc, "inetOrgPerson") {
2021-08-16 10:53:35 +00:00
hasGroups = true
}
if strings.EqualFold(oc, "groupOfNames") {
hasMembers = true
}
if strings.EqualFold(oc, "organization") {
isOrganization = true
}
}
// Parse member list and prepare form section
2020-02-09 21:32:59 +00:00
members_dn := []string{}
2020-02-09 21:06:33 +00:00
if mp, ok := props["member"]; ok {
2020-02-09 21:32:59 +00:00
members_dn = mp.Values
2020-02-09 21:06:33 +00:00
delete(props, "member")
}
2020-02-09 21:32:59 +00:00
members := []EntryName{}
2021-08-16 10:53:35 +00:00
possibleNewMembers := []EntryName{}
if len(members_dn) > 0 || hasMembers {
// Lookup all existing users in the server
// to know the DN -> display name correspondance
searchRequest = ldap.NewSearchRequest(
config.UserBaseDN,
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
fmt.Sprintf("(objectClass=organizationalPerson)"),
[]string{"dn", "displayname", "description"},
nil)
sr, err = login.conn.Search(searchRequest)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
userMap := make(map[string]string)
for _, ent := range sr.Entries {
userMap[ent.DN] = ent.GetAttributeValue("displayname")
if userMap[ent.DN] == "" {
userMap[ent.DN] = ent.GetAttributeValue("description")
}
}
// Select members with their name and remove them from map
for _, memdn := range members_dn {
members = append(members, EntryName{
DN: memdn,
Name: userMap[memdn],
})
delete(userMap, memdn)
}
// Create list of members that can be added
for dn, name := range userMap {
entry := EntryName{
DN: dn,
Name: name,
}
if entry.Name == "" {
entry.Name = entry.DN
}
possibleNewMembers = append(possibleNewMembers, entry)
2020-02-09 21:32:59 +00:00
}
}
2020-02-09 21:32:59 +00:00
// // Parse group list and prepare form section
// groups_dn := []string{}
// if gp, ok := props["memberof"]; ok {
// groups_dn = gp.Values
// delete(props, "memberof")
// }
2020-02-09 21:06:33 +00:00
2020-02-09 21:32:59 +00:00
groups := []EntryName{}
2021-08-16 10:53:35 +00:00
possibleNewGroups := []EntryName{}
searchRequest = ldap.NewSearchRequest(
config.GroupBaseDN,
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
2023-07-20 09:20:46 +00:00
fmt.Sprintf("(&(objectClass=groupOfNames)(member=%s))", dn),
[]string{"dn", "displayName", "cn", "description"},
nil)
2023-07-17 15:23:03 +00:00
// log.Printf(fmt.Sprintf("708: %v",searchRequest))
sr, err = login.conn.Search(searchRequest)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
2023-07-17 15:23:03 +00:00
// log.Printf(fmt.Sprintf("714: %v",sr.Entries))
for _, ent := range sr.Entries {
groups = append(groups, EntryName{
DN: ent.DN,
Name: ent.GetAttributeValue("cn"),
})
2020-02-09 21:32:59 +00:00
}
searchRequest = ldap.NewSearchRequest(
config.GroupBaseDN,
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
2023-07-20 09:20:46 +00:00
fmt.Sprintf("(&(objectClass=groupOfNames)(!(member=%s)))", dn),
[]string{"dn", "displayName", "cn", "description"},
nil)
2023-07-17 15:23:03 +00:00
// log.Printf(fmt.Sprintf("724: %v",searchRequest))
sr, err = login.conn.Search(searchRequest)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
2023-07-17 15:23:03 +00:00
// log.Printf(fmt.Sprintf("714: %v",sr.Entries))
for _, ent := range sr.Entries {
possibleNewGroups = append(possibleNewGroups, EntryName{
DN: ent.DN,
Name: ent.GetAttributeValue("cn"),
})
}
2023-07-20 09:20:46 +00:00
// possibleNewGroup.DN = ent.GetAttributeValue("dn")
// possibleNewGroup.Name = ent.GetAttributeValue("cn")
// // log.Printf(fmt.Sprintf("725: %v %v",dn, ent.GetAttributeValue("member")))
// for _, member := range ent .GetAttributeValue("member") {
// // // log.Printf(fmt.Sprintf("725: %v %v",dn, member))
// if ent.GetAttributeValue("member") == dn {
// groups = append(groups,possibleNewGroup,)
// possibleNewGroup.DN = ""
// possibleNewGroup.Name = ""
// }
// // }
// if possibleNewGroup.DN != "" {
// possibleNewGroups = append(possibleNewGroups,possibleNewGroup,)
// possibleNewGroup = EntryName{}
// }
// groupMap[.DN] = ent.GetAttributeValue("displayName")
// if groupMap[.DN] == "" {
// groupMap[.DN] = ent.GetAttributeValue("cn")
// }
// if groupMap[.DN] == "" {
// groupMap[.DN] = ent.GetAttributeValue("description")
// }
// }
// // Calculate list of current groups
// // log.Printf(fmt.Sprintf("%v",groups_dn))
// for _, grpdn := range groups_dn {
// // log.Printf(fmt.Sprintf("%v",grpdn))
// groups = append(groups, EntryName{
// DN: grpdn,
// Name: groupMap[grpdn],
// })
// delete(groupMap, grpdn)
// }
// // Calculate list of possible new groups
// for dn, name := range groupMap {
// entry := EntryName{
// DN: dn,
// Name: name,
// }
// if entry.Name == "" {
// entry.Name = entry.DN
// }
// possibleNewGroups = append(possibleNewGroups, entry)
// }
// }
2020-02-09 21:32:59 +00:00
2020-02-09 21:06:33 +00:00
// Get children
searchRequest = ldap.NewSearchRequest(
dn,
ldap.ScopeSingleLevel, ldap.NeverDerefAliases, 0, 0, false,
fmt.Sprintf("(objectclass=*)"),
[]string{"dn", "displayname", "description"},
2020-02-09 21:06:33 +00:00
nil)
sr, err = login.conn.Search(searchRequest)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
sort.Sort(EntryList(sr.Entries))
2023-02-08 10:58:46 +00:00
childrenOU := []Child{}
childrenOther := []Child{}
2020-02-09 21:06:33 +00:00
for _, item := range sr.Entries {
name := item.GetAttributeValue("displayname")
if name == "" {
name = item.GetAttributeValue("description")
}
2023-02-08 10:58:46 +00:00
child := Child{
DN: item.DN,
Identifier: strings.Split(item.DN, ",")[0],
Name: name,
2023-02-08 10:58:46 +00:00
}
if strings.HasPrefix(item.DN, "ou=") {
childrenOU = append(childrenOU, child)
} else {
childrenOther = append(childrenOther, child)
}
2020-02-09 21:06:33 +00:00
}
2021-08-16 10:53:35 +00:00
// Run template, finally!
2020-02-09 21:06:33 +00:00
templateAdminLDAP.Execute(w, &AdminLDAPTplData{
DN: dn,
Path: path,
2023-02-08 10:58:46 +00:00
ChildrenOU: childrenOU,
ChildrenOther: childrenOther,
Props: props,
CanAddChild: dn_last_attr == "ou" || isOrganization,
CanDelete: dn != config.BaseDN && len(childrenOU) == 0 && len(childrenOther) == 0,
2021-08-16 10:53:35 +00:00
HasMembers: len(members) > 0 || hasMembers,
Members: members,
PossibleNewMembers: possibleNewMembers,
HasGroups: len(groups) > 0 || hasGroups,
Groups: groups,
PossibleNewGroups: possibleNewGroups,
2020-02-09 22:04:37 +00:00
Error: dError,
2020-02-09 21:32:59 +00:00
Success: dSuccess,
2020-02-09 21:06:33 +00:00
})
2020-02-09 17:28:42 +00:00
}
2020-02-09 22:04:27 +00:00
type CreateData struct {
SuperDN string
Path []PathItem
Template string
2020-02-09 22:04:27 +00:00
2020-02-09 22:04:37 +00:00
IdType string
IdValue string
DisplayName string
2023-07-17 08:19:01 +00:00
GivenName string
Member string
2023-07-17 10:15:13 +00:00
Mail string
Description string
2020-02-09 22:04:27 +00:00
StructuralObjectClass string
2020-02-09 22:04:37 +00:00
ObjectClass string
2023-07-17 08:19:01 +00:00
SN string
2020-02-09 22:04:27 +00:00
Error string
}
func handleAdminCreate(w http.ResponseWriter, r *http.Request) {
2022-12-01 22:05:59 +00:00
templateAdminCreate := getTemplate("admin_create.html")
2020-02-09 22:04:27 +00:00
login := checkAdminLogin(w, r)
if login == nil {
return
}
template := mux.Vars(r)["template"]
super_dn := mux.Vars(r)["super_dn"]
2020-02-10 14:26:02 +00:00
// Check that base DN exists
searchRequest := ldap.NewSearchRequest(
super_dn,
ldap.ScopeBaseObject, ldap.NeverDerefAliases, 0, 0, false,
fmt.Sprintf("(objectclass=*)"),
[]string{},
nil)
sr, err := login.conn.Search(searchRequest)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
if len(sr.Entries) != 1 {
http.Error(w, fmt.Sprintf("Parent object %s does not exist", super_dn), http.StatusNotFound)
return
}
2020-02-09 22:13:33 +00:00
// Build path
path := []PathItem{
PathItem{
DN: config.BaseDN,
Identifier: config.BaseDN,
},
}
len_base_dn := len(strings.Split(config.BaseDN, ","))
dn_split := strings.Split(super_dn, ",")
for i := len_base_dn + 1; i <= len(dn_split); i++ {
path = append(path, PathItem{
DN: strings.Join(dn_split[len(dn_split)-i:len(dn_split)], ","),
Identifier: dn_split[len(dn_split)-i],
})
}
// Handle data
2020-02-09 22:04:27 +00:00
data := &CreateData{
SuperDN: super_dn,
2020-02-10 14:26:02 +00:00
Path: path,
2020-02-09 22:04:27 +00:00
}
data.Template = template
2020-02-09 22:04:27 +00:00
if template == "user" {
data.IdType = config.UserNameAttr
data.StructuralObjectClass = "inetOrgPerson"
data.ObjectClass = "inetOrgPerson\norganizationalPerson\nperson\ntop"
} else if template == "group" || template == "ml" {
2020-02-09 22:04:27 +00:00
data.IdType = config.UserNameAttr
data.StructuralObjectClass = "groupOfNames"
data.ObjectClass = "groupOfNames\ntop"
2023-07-20 09:20:46 +00:00
data.Member = "cn=sogo@resdigita.org,ou=users,dc=resdigita,dc=org"
2020-02-10 14:26:02 +00:00
} else if template == "ou" {
data.IdType = "ou"
data.StructuralObjectClass = "organizationalUnit"
data.ObjectClass = "organizationalUnit\ntop"
2020-02-09 22:13:33 +00:00
} else {
data.IdType = "cn"
data.ObjectClass = "top"
data.Template = ""
2020-02-09 22:04:27 +00:00
}
if r.Method == "POST" {
r.ParseForm()
if data.Template == "" {
2020-02-10 14:26:02 +00:00
data.IdType = strings.TrimSpace(strings.Join(r.Form["idtype"], ""))
data.StructuralObjectClass = strings.TrimSpace(strings.Join(r.Form["soc"], ""))
2020-02-10 08:48:55 +00:00
data.ObjectClass = strings.Join(r.Form["oc"], "")
}
2020-02-10 14:26:02 +00:00
data.IdValue = strings.TrimSpace(strings.Join(r.Form["idvalue"], ""))
data.DisplayName = strings.TrimSpace(strings.Join(r.Form["displayname"], ""))
2023-07-17 08:19:01 +00:00
data.GivenName = strings.TrimSpace(strings.Join(r.Form["givenname"], ""))
data.Mail = strings.TrimSpace(strings.Join(r.Form["mail"], ""))
data.Member = strings.TrimSpace(strings.Join(r.Form["member"], ""))
data.Description = strings.TrimSpace(strings.Join(r.Form["description"], ""))
2023-07-17 08:19:01 +00:00
data.SN = strings.TrimSpace(strings.Join(r.Form["sn"], ""))
2020-02-09 22:04:27 +00:00
object_class := []string{}
for _, oc := range strings.Split(data.ObjectClass, "\n") {
x := strings.TrimSpace(oc)
if x != "" {
object_class = append(object_class, x)
}
}
if len(object_class) == 0 {
data.Error = "No object class specified"
} else if match, err := regexp.MatchString("^[a-z]+$", data.IdType); err != nil || !match {
data.Error = "Invalid identifier type"
} else if len(data.IdValue) == 0 {
data.Error = "No identifier specified"
} else {
2023-07-20 10:27:35 +00:00
newUser := NewUser{
2023-07-20 10:25:22 +00:00
DN: data.IdType + "=" + data.IdValue + "," + super_dn,
2023-07-20 10:22:09 +00:00
}
// dn := data.IdType + "=" + data.IdValue + "," + super_dn
// req := ldap.NewAddRequest(dn, nil)
// req.Attribute("objectclass", object_class)
2023-07-17 08:19:01 +00:00
// req.Attribute("mail", []string{data.IdValue})
2023-07-20 09:20:46 +00:00
/*
if data.StructuralObjectClass != "" {
req.Attribute("structuralobjectclass", []string{data.StructuralObjectClass})
}
*/
2023-07-17 08:19:01 +00:00
if data.Mail != "" {
2023-07-20 10:22:09 +00:00
newUser.Mail = data.Mail
// req.Attribute("mail", []string{data.Mail})
}
2023-07-20 10:25:22 +00:00
if data.IdType == "cn" {
newUser.CN = data.IdValue
} else if data.IdType == "mail" {
newUser.Mail = data.IdValue
} else if data.IdType == "uid" {
newUser.UID = data.IdValue
2023-07-20 10:22:09 +00:00
}
if data.DisplayName != "" {
newUser.DisplayName = data.DisplayName
// req.Attribute("displayname", []string{data.DisplayName})
2023-07-17 08:19:01 +00:00
}
2023-07-20 10:22:09 +00:00
if data.GivenName != "" {
newUser.GivenName = data.GivenName
// req.Attribute("givenname", []string{data.GivenName})
2023-07-17 08:19:01 +00:00
}
2023-07-20 10:22:09 +00:00
// if data.Member != "" {
// req.Attribute("member", []string{data.Member})
// }
2023-07-17 08:19:01 +00:00
if data.SN != "" {
2023-07-20 10:22:09 +00:00
newUser.SN = data.SN
// req.Attribute("sn", []string{data.SN})
2023-07-17 08:19:01 +00:00
}
if data.Description != "" {
2023-07-20 10:22:09 +00:00
newUser.Description = data.Description
// req.Attribute("description", []string{data.Description})
}
2023-07-20 10:22:09 +00:00
2023-07-21 07:53:06 +00:00
addNewUser(newUser, config, login.conn)
2023-07-20 10:22:09 +00:00
// err := login.conn.Add(req)
// // log.Printf(fmt.Sprintf("899: %v",err))
// // log.Printf(fmt.Sprintf("899: %v",req))
// // log.Printf(fmt.Sprintf("899: %v",data))
// if err != nil {
// data.Error = err.Error()
// } else {
2023-07-20 10:25:22 +00:00
if template == "ml" {
http.Redirect(w, r, "/admin/mailing/"+data.IdValue, http.StatusFound)
} else {
2023-07-20 10:28:51 +00:00
http.Redirect(w, r, "/admin/ldap/"+newUser.DN, http.StatusFound)
2023-07-20 10:25:22 +00:00
}
2023-07-20 10:22:09 +00:00
// }
2023-07-20 10:25:22 +00:00
}
2020-02-09 22:04:27 +00:00
}
templateAdminCreate.Execute(w, data)
}