From 1e413e671f73bfb0a20ed5ce0293ba9eab9b3f36 Mon Sep 17 00:00:00 2001 From: Stavros Date: Sat, 5 Jul 2025 02:20:12 +0300 Subject: [PATCH] feat: add ldap support --- cmd/root.go | 31 ++++++++++++- go.mod | 3 ++ go.sum | 22 +++++++++ internal/auth/auth.go | 84 +++++++++++++++++++++++++++++++++-- internal/handlers/handlers.go | 64 +++++++++++++------------- internal/hooks/hooks.go | 62 ++++++++++++++++++-------- internal/ldap/ldap.go | 74 ++++++++++++++++++++++++++++++ internal/types/config.go | 12 +++++ internal/types/types.go | 6 +++ 9 files changed, 302 insertions(+), 56 deletions(-) create mode 100644 internal/ldap/ldap.go diff --git a/cmd/root.go b/cmd/root.go index 4b9ca0d..3d79aa4 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -13,6 +13,7 @@ import ( "tinyauth/internal/docker" "tinyauth/internal/handlers" "tinyauth/internal/hooks" + "tinyauth/internal/ldap" "tinyauth/internal/providers" "tinyauth/internal/server" "tinyauth/internal/types" @@ -143,8 +144,28 @@ var rootCmd = &cobra.Command{ docker, err := docker.NewDocker() HandleError(err, "Failed to initialize docker") + // Create LDAP service if configured + var ldapService *ldap.LDAP + + if config.LdapAddress != "" { + log.Info().Msg("Using LDAP for authentication") + + ldapConfig := types.LdapConfig{ + Address: config.LdapAddress, + BindUser: config.LdapBindUser, + BindPassword: config.LdapBindPassword, + BaseDN: config.LdapBaseDN, + } + + // Create LDAP service + ldapService, err = ldap.NewLDAP(ldapConfig) + HandleError(err, "Failed to create LDAP service") + } else { + log.Info().Msg("LDAP not configured, using local users or OAuth") + } + // Create auth service - auth := auth.NewAuth(authConfig, docker) + auth := auth.NewAuth(authConfig, docker, ldapService) // Create OAuth providers service providers := providers.NewProviders(oauthConfig) @@ -221,6 +242,10 @@ func init() { rootCmd.Flags().String("app-title", "Tinyauth", "Title of the app.") rootCmd.Flags().String("forgot-password-message", "You can reset your password by changing the `USERS` environment variable.", "Message to show on the forgot password page.") rootCmd.Flags().String("background-image", "/background.jpg", "Background image URL for the login page.") + rootCmd.Flags().String("ldap-address", "", "LDAP server address (e.g. ldap://localhost:389).") + rootCmd.Flags().String("ldap-bind-user", "", "LDAP bind user.") + rootCmd.Flags().String("ldap-bind-password", "", "LDAP bind password.") + rootCmd.Flags().String("ldap-base-dn", "", "LDAP base DN (e.g. dc=example,dc=com).") // Bind flags to environment viper.BindEnv("port", "PORT") @@ -256,6 +281,10 @@ func init() { viper.BindEnv("login-max-retries", "LOGIN_MAX_RETRIES") viper.BindEnv("forgot-password-message", "FORGOT_PASSWORD_MESSAGE") viper.BindEnv("background-image", "BACKGROUND_IMAGE") + viper.BindEnv("ldap-address", "LDAP_ADDRESS") + viper.BindEnv("ldap-bind-user", "LDAP_BIND_USER") + viper.BindEnv("ldap-bind-password", "LDAP_BIND_PASSWORD") + viper.BindEnv("ldap-base-dn", "LDAP_BASE_DN") // Bind flags to viper viper.BindPFlags(rootCmd.Flags()) diff --git a/go.mod b/go.mod index af69a2e..46555a3 100644 --- a/go.mod +++ b/go.mod @@ -16,11 +16,13 @@ require ( ) require ( + github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect github.com/charmbracelet/colorprofile v0.2.3-0.20250311203215-f60798e515dc // indirect github.com/charmbracelet/x/cellbuf v0.0.13 // indirect github.com/containerd/errdefs v1.0.0 // indirect github.com/containerd/errdefs/pkg v0.3.0 // indirect github.com/containerd/log v0.1.0 // indirect + github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 // indirect github.com/go-viper/mapstructure/v2 v2.3.0 // indirect github.com/moby/sys/atomicwriter v0.1.0 // indirect github.com/moby/term v0.5.2 // indirect @@ -60,6 +62,7 @@ require ( github.com/fsnotify/fsnotify v1.8.0 // indirect github.com/gabriel-vasile/mimetype v1.4.8 // indirect github.com/gin-contrib/sse v1.0.0 // indirect + github.com/go-ldap/ldap/v3 v3.4.11 github.com/go-logr/logr v1.4.2 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-playground/locales v0.14.1 // indirect diff --git a/go.sum b/go.sum index 0a10222..12c561a 100644 --- a/go.sum +++ b/go.sum @@ -1,9 +1,13 @@ github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEKWjV8V+WSxDXJ4NFATAsZjh8iIbsQIg= github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= +github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8= +github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU= github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ= github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE= github.com/Microsoft/go-winio v0.4.14 h1:+hMXMk01us9KgxGb7ftKQt2Xpf5hH/yky+TDA+qxleU= github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA= +github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa h1:LHTHcTQiSGT7VVbI0o4wBRNQIgn917usHWOd6VAffYI= +github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4= github.com/atotto/clipboard v0.1.4 h1:EH0zSVneZPSuFR11BlR9YppQTVDbh5+16AmcJi4g1z4= github.com/atotto/clipboard v0.1.4/go.mod h1:ZY9tmq7sm5xIbd9bOK4onWV4S6X0u6GY7Vn0Yu86PYI= github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k= @@ -90,6 +94,10 @@ github.com/gin-contrib/sse v1.0.0 h1:y3bT1mUWUxDpW4JLQg/HnTqV4rozuW4tC9eFKTxYI9E github.com/gin-contrib/sse v1.0.0/go.mod h1:zNuFdwarAygJBht0NTKiSi3jRf6RbqeILZ9Sp6Slhe0= github.com/gin-gonic/gin v1.10.1 h1:T0ujvqyCSqRopADpgPgiTT63DUQVSfojyME59Ei63pQ= github.com/gin-gonic/gin v1.10.1/go.mod h1:4PMNQiOhvDRa013RKVbsiNwoyezlm2rm0uX/T7kzp5Y= +github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 h1:BP4M0CvQ4S3TGls2FvczZtj5Re/2ZzkV9VwqPHH/3Bo= +github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0= +github.com/go-ldap/ldap/v3 v3.4.11 h1:4k0Yxweg+a3OyBLjdYn5OKglv18JNvfDykSoI8bW0gU= +github.com/go-ldap/ldap/v3 v3.4.11/go.mod h1:bY7t0FLK8OAVpp/vV6sSlpz3EQDGcQwc8pF0ujLgKvM= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= @@ -126,8 +134,22 @@ github.com/gorilla/sessions v1.4.0 h1:kpIYOp/oi6MG/p5PgxApU8srsSw9tuFbt46Lt7auzq github.com/gorilla/sessions v1.4.0/go.mod h1:FLWm50oby91+hl7p/wRxDth9bWSuk0qVL2emc7lT5ik= github.com/grpc-ecosystem/grpc-gateway/v2 v2.25.1 h1:VNqngBF40hVlDloBruUehVYC3ArSgIyScOAyMRqBxRg= github.com/grpc-ecosystem/grpc-gateway/v2 v2.25.1/go.mod h1:RBRO7fro65R6tjKzYgLAFo0t1QEXY1Dp+i/bvpRiqiQ= +github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8= +github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= +github.com/jcmturner/aescts/v2 v2.0.0 h1:9YKLH6ey7H4eDBXW8khjYslgyqG2xZikXP0EQFKrle8= +github.com/jcmturner/aescts/v2 v2.0.0/go.mod h1:AiaICIRyfYg35RUkr8yESTqvSy7csK90qZ5xfvvsoNs= +github.com/jcmturner/dnsutils/v2 v2.0.0 h1:lltnkeZGL0wILNvrNiVCR6Ro5PGU/SeBvVO/8c/iPbo= +github.com/jcmturner/dnsutils/v2 v2.0.0/go.mod h1:b0TnjGOvI/n42bZa+hmXL+kFJZsFT7G4t3HTlQ184QM= +github.com/jcmturner/gofork v1.7.6 h1:QH0l3hzAU1tfT3rZCnW5zXl+orbkNMMRGJfdJjHVETg= +github.com/jcmturner/gofork v1.7.6/go.mod h1:1622LH6i/EZqLloHfE7IeZ0uEJwMSUyQ/nDd82IeqRo= +github.com/jcmturner/goidentity/v6 v6.0.1 h1:VKnZd2oEIMorCTsFBnJWbExfNN7yZr3EhJAxwOkZg6o= +github.com/jcmturner/goidentity/v6 v6.0.1/go.mod h1:X1YW3bgtvwAXju7V3LCIMpY0Gbxyjn/mY9zx4tFonSg= +github.com/jcmturner/gokrb5/v8 v8.4.4 h1:x1Sv4HaTpepFkXbt2IkL29DXRf8sOfZXo8eRKh687T8= +github.com/jcmturner/gokrb5/v8 v8.4.4/go.mod h1:1btQEpgT6k+unzCwX1KdWMEwPPkkgBtP+F6aCACiMrs= +github.com/jcmturner/rpc/v2 v2.0.3 h1:7FXXj8Ti1IaVFpSAziCZWNzbNuZmnvw/i6CqLNdWfZY= +github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= diff --git a/internal/auth/auth.go b/internal/auth/auth.go index 441bbb8..8f0fccf 100644 --- a/internal/auth/auth.go +++ b/internal/auth/auth.go @@ -7,6 +7,7 @@ import ( "sync" "time" "tinyauth/internal/docker" + "tinyauth/internal/ldap" "tinyauth/internal/types" "tinyauth/internal/utils" @@ -22,9 +23,10 @@ type Auth struct { LoginAttempts map[string]*types.LoginAttempt LoginMutex sync.RWMutex Store *sessions.CookieStore + LDAP *ldap.LDAP } -func NewAuth(config types.AuthConfig, docker *docker.Docker) *Auth { +func NewAuth(config types.AuthConfig, docker *docker.Docker, ldap *ldap.LDAP) *Auth { // Create cookie store store := sessions.NewCookieStore([]byte(config.HMACSecret), []byte(config.EncryptionSecret)) @@ -42,6 +44,7 @@ func NewAuth(config types.AuthConfig, docker *docker.Docker) *Auth { Docker: docker, LoginAttempts: make(map[string]*types.LoginAttempt), Store: store, + LDAP: ldap, } } @@ -68,14 +71,87 @@ func (auth *Auth) GetSession(c *gin.Context) (*sessions.Session, error) { return session, nil } -func (auth *Auth) GetUser(username string) *types.User { +func (auth *Auth) GetUser(username string) types.UserSearch { // Loop through users and return the user if the username matches + log.Debug().Str("username", username).Msg("Searching for user") + for _, user := range auth.Config.Users { if user.Username == username { - return &user + return types.UserSearch{ + Username: user.Username, + Type: "local", + } } } - return nil + + // If no user found, check LDAP + if auth.LDAP != nil { + log.Debug().Str("username", username).Msg("Checking LDAP for user") + + userDN, err := auth.LDAP.Search(username) + if err != nil { + log.Warn().Err(err).Str("username", username).Msg("Failed to find user in LDAP") + return types.UserSearch{} + } + + // If user found in LDAP, return a user with the DN as username + return types.UserSearch{ + Username: userDN, + Type: "ldap", + } + } + + return types.UserSearch{} +} + +func (auth *Auth) VerifyUser(search types.UserSearch, password string) bool { + // Authenticate the user based on the type + switch search.Type { + case "local": + // Get local user + user := auth.GetLocalUser(search.Username) + + // Check if password is correct + return auth.CheckPassword(user, password) + case "ldap": + // If LDAP is configured, bind to the LDAP server with the user DN and password + if auth.LDAP != nil { + log.Debug().Str("username", search.Username).Msg("Binding to LDAP for user authentication") + + // Bind to the LDAP server + err := auth.LDAP.Bind(search.Username, password) + if err != nil { + log.Warn().Err(err).Str("username", search.Username).Msg("Failed to bind to LDAP") + return false + } + + // If bind is successful, rebind with the LDAP bind user + auth.LDAP.Bind(auth.LDAP.Config.BindUser, auth.LDAP.Config.BindPassword) + log.Debug().Str("username", search.Username).Msg("LDAP authentication successful") + + // Return true if the bind was successful + return true + } + } + + // If no user found or authentication failed, return false + log.Warn().Str("username", search.Username).Msg("User authentication failed") + return false +} + +func (auth *Auth) GetLocalUser(username string) types.User { + // Loop through users and return the user if the username matches + log.Debug().Str("username", username).Msg("Searching for local user") + + for _, user := range auth.Config.Users { + if user.Username == username { + return user + } + } + + // If no user found, return an empty user + log.Warn().Str("username", username).Msg("Local user not found") + return types.User{} } func (auth *Auth) CheckPassword(user types.User, password string) bool { diff --git a/internal/handlers/handlers.go b/internal/handlers/handlers.go index a2a4ca7..d2228de 100644 --- a/internal/handlers/handlers.go +++ b/internal/handlers/handlers.go @@ -363,10 +363,12 @@ func (h *Handlers) LoginHandler(c *gin.Context) { } // Get user based on username - user := h.Auth.GetUser(login.Username) + userSearch := h.Auth.GetUser(login.Username) + + log.Debug().Interface("userSearch", userSearch).Msg("Searching for user") // User does not exist - if user == nil { + if userSearch.Type == "" { log.Debug().Str("username", login.Username).Msg("User not found") // Record failed login attempt h.Auth.RecordLoginAttempt(rateIdentifier, false) @@ -380,7 +382,7 @@ func (h *Handlers) LoginHandler(c *gin.Context) { log.Debug().Msg("Got user") // Check if password is correct - if !h.Auth.CheckPassword(*user, login.Password) { + if !h.Auth.VerifyUser(userSearch, login.Password) { log.Debug().Str("username", login.Username).Msg("Password incorrect") // Record failed login attempt h.Auth.RecordLoginAttempt(rateIdentifier, false) @@ -396,28 +398,34 @@ func (h *Handlers) LoginHandler(c *gin.Context) { // Record successful login attempt (will reset failed attempt counter) h.Auth.RecordLoginAttempt(rateIdentifier, true) - // Check if user has totp enabled - if user.TotpSecret != "" { - log.Debug().Msg("Totp enabled") + // Check if user is using TOTP + if userSearch.Type == "local" { + // Get local user + localUser := h.Auth.GetLocalUser(login.Username) - // Set totp pending cookie - h.Auth.CreateSessionCookie(c, &types.SessionCookie{ - Username: login.Username, - Name: utils.Capitalize(login.Username), - Email: fmt.Sprintf("%s@%s", strings.ToLower(login.Username), h.Config.Domain), - Provider: "username", - TotpPending: true, - }) + // Check if TOTP is enabled + if localUser.TotpSecret != "" { + log.Debug().Msg("Totp enabled") - // Return totp required - c.JSON(200, gin.H{ - "status": 200, - "message": "Waiting for totp", - "totpPending": true, - }) + // Set totp pending cookie + h.Auth.CreateSessionCookie(c, &types.SessionCookie{ + Username: login.Username, + Name: utils.Capitalize(login.Username), + Email: fmt.Sprintf("%s@%s", strings.ToLower(login.Username), h.Config.Domain), + Provider: "username", + TotpPending: true, + }) - // Stop further processing - return + // Return totp required + c.JSON(200, gin.H{ + "status": 200, + "message": "Waiting for totp", + "totpPending": true, + }) + + // Stop further processing + return + } } // Create session cookie with username as provider @@ -469,17 +477,7 @@ func (h *Handlers) TotpHandler(c *gin.Context) { } // Get user - user := h.Auth.GetUser(userContext.Username) - - // Check if user exists - if user == nil { - log.Debug().Msg("User not found") - c.JSON(401, gin.H{ - "status": 401, - "message": "Unauthorized", - }) - return - } + user := h.Auth.GetLocalUser(userContext.Username) // Check if totp is correct ok := totp.Validate(totpReq.Code, user.TotpSecret) diff --git a/internal/hooks/hooks.go b/internal/hooks/hooks.go index 04d78e6..a264fe2 100644 --- a/internal/hooks/hooks.go +++ b/internal/hooks/hooks.go @@ -36,29 +36,48 @@ func (hooks *Hooks) UseUserContext(c *gin.Context) types.UserContext { log.Debug().Msg("Got basic auth") // Get user - user := hooks.Auth.GetUser(basic.Username) + userSearch := hooks.Auth.GetUser(basic.Username) - // Check we have a user - if user == nil { + if userSearch.Type == "" { log.Error().Str("username", basic.Username).Msg("User does not exist") // Return empty context return types.UserContext{} } - // Check if the user has a correct password - if hooks.Auth.CheckPassword(*user, basic.Password) { - // Return user context since we are logged in with basic auth + // Verify the user + if !hooks.Auth.VerifyUser(userSearch, basic.Password) { + log.Error().Str("username", basic.Username).Msg("Password incorrect") + + // Return empty context + return types.UserContext{} + } + + // Get the user type + if userSearch.Type == "ldap" { + log.Debug().Msg("User is LDAP") + return types.UserContext{ Username: basic.Username, Name: utils.Capitalize(basic.Username), Email: fmt.Sprintf("%s@%s", strings.ToLower(basic.Username), hooks.Config.Domain), IsLoggedIn: true, Provider: "basic", - TotpEnabled: user.TotpSecret != "", + TotpEnabled: false, } } + user := hooks.Auth.GetLocalUser(basic.Username) + + return types.UserContext{ + Username: basic.Username, + Name: utils.Capitalize(basic.Username), + Email: fmt.Sprintf("%s@%s", strings.ToLower(basic.Username), hooks.Config.Domain), + IsLoggedIn: true, + Provider: "basic", + TotpEnabled: user.TotpSecret != "", + } + } // Check cookie error after basic auth @@ -85,18 +104,25 @@ func (hooks *Hooks) UseUserContext(c *gin.Context) types.UserContext { if cookie.Provider == "username" { log.Debug().Msg("Provider is username") - // Check if user exists - if hooks.Auth.GetUser(cookie.Username) != nil { - log.Debug().Msg("User exists") + // Get user + userSearch := hooks.Auth.GetUser(cookie.Username) - // It exists so we are logged in - return types.UserContext{ - Username: cookie.Username, - Name: cookie.Name, - Email: cookie.Email, - IsLoggedIn: true, - Provider: "username", - } + if userSearch.Type == "" { + log.Error().Str("username", cookie.Username).Msg("User does not exist") + + // Return empty context + return types.UserContext{} + } + + log.Debug().Str("type", userSearch.Type).Msg("User exists") + + // It exists so we are logged in + return types.UserContext{ + Username: cookie.Username, + Name: cookie.Name, + Email: cookie.Email, + IsLoggedIn: true, + Provider: "username", } } diff --git a/internal/ldap/ldap.go b/internal/ldap/ldap.go new file mode 100644 index 0000000..7a83390 --- /dev/null +++ b/internal/ldap/ldap.go @@ -0,0 +1,74 @@ +package ldap + +import ( + "fmt" + "tinyauth/internal/types" + + ldapgo "github.com/go-ldap/ldap/v3" +) + +type LDAP struct { + Config types.LdapConfig + Conn *ldapgo.Conn + BaseDN string +} + +func NewLDAP(config types.LdapConfig) (*LDAP, error) { + // Connect to the LDAP server + conn, err := ldapgo.DialURL(config.Address) + if err != nil { + return nil, err + } + + // Try to connect using TLS + // conn.StartTLS(&tls.Config{ + // InsecureSkipVerify: true, + // }) + + // Bind to the LDAP server with the provided credentials + err = conn.Bind(config.BindUser, config.BindPassword) + if err != nil { + return nil, err + } + + return &LDAP{ + Config: config, + Conn: conn, + BaseDN: config.BaseDN, + }, nil +} + +func (l *LDAP) Search(username string) (string, error) { + // Create a search request to find the user by username + searchRequest := ldapgo.NewSearchRequest( + l.BaseDN, + ldapgo.ScopeWholeSubtree, ldapgo.NeverDerefAliases, 0, 0, false, + fmt.Sprintf("(uid=%s)", username), + []string{"dn"}, + nil, + ) + + // Perform the search + searchResult, err := l.Conn.Search(searchRequest) + if err != nil { + return "", err + } + + if len(searchResult.Entries) != 1 { + return "", fmt.Errorf("user not found or multiple entries found for username: %s", username) + } + + // User found, return the distinguished name (DN) + userDN := searchResult.Entries[0].DN + + return userDN, nil +} + +func (l *LDAP) Bind(userDN string, password string) error { + // Bind to the LDAP server with the user's DN and password + err := l.Conn.Bind(userDN, password) + if err != nil { + return err + } + return nil +} diff --git a/internal/types/config.go b/internal/types/config.go index 91b8cf7..7186e36 100644 --- a/internal/types/config.go +++ b/internal/types/config.go @@ -36,6 +36,10 @@ type Config struct { LoginMaxRetries int `mapstructure:"login-max-retries"` FogotPasswordMessage string `mapstructure:"forgot-password-message" validate:"required"` BackgroundImage string `mapstructure:"background-image" validate:"required"` + LdapAddress string `mapstructure:"ldap-address"` + LdapBindUser string `mapstructure:"ldap-bind-user"` + LdapBindPassword string `mapstructure:"ldap-bind-password"` + LdapBaseDN string `mapstructure:"ldap-base-dn"` } // Server configuration @@ -122,3 +126,11 @@ type Labels struct { OAuth OAuthLabels IP IPLabels } + +// Ldap config is a struct that contains the configuration for the LDAP service +type LdapConfig struct { + Address string + BindUser string + BindPassword string + BaseDN string +} diff --git a/internal/types/types.go b/internal/types/types.go index 467b27a..2c40ae5 100644 --- a/internal/types/types.go +++ b/internal/types/types.go @@ -12,6 +12,12 @@ type User struct { TotpSecret string } +// UserSearch is the response of the get user +type UserSearch struct { + Username string + Type string // "local", "ldap" or empty +} + // Users is a list of users type Users []User