Merge pull request #95 from mutablelogic/v5

Added LDAP plugin

Author: djthorpe

README.md

@@ -5,9 +5,10 @@ API and web applications. It is designed to be extensible and modular, allowing
 new features and functionality as needed. By default the server includes the following
 features:
 
-* Authentication of users using JWT tokens and API keys
-* Connection to PostgreSQL databases
+* Anthentication of users using Cognito, Google and LDAP
+* Authorization of users using JWT tokens and API keys
 * Task queues for running background jobs
+* Connection to PostgreSQL databases
 * Ability to manage the PostgreSQL database roles, databases, schemas and connections
 * Prometheus metrics support
 

cmd/server/main.go

@@ -18,23 +18,36 @@ import (
 
 type CLI struct {
 	ServiceCommands
-	pgmanager.DatabaseCommands
-	pgmanager.SchemaCommands
-	pgmanager.ObjectCommands
-	pgmanager.RoleCommands
-	pgmanager.ConnectionCommands
-	pgmanager.TablespaceCommands
-	pgqueue.QueueCommands
-	pgqueue.TaskCommands
-	pgqueue.TickerCommands
-	certmanager.NameCommands
-	certmanager.CertCommands
-	auth.UserCommands
-	auth.TokenCommands
-	auth.AuthCommands
-
-	// LDAP commands
-	LDAP struct{ ldap.ObjectCommands } `cmd:""`
+
+	PG struct {
+		pgmanager.DatabaseCommands
+		pgmanager.SchemaCommands
+		pgmanager.ObjectCommands
+		pgmanager.RoleCommands
+		pgmanager.ConnectionCommands
+		pgmanager.TablespaceCommands
+		pgqueue.QueueCommands
+		pgqueue.TaskCommands
+		pgqueue.TickerCommands
+	} `cmd:""`
+
+	Cert struct {
+		certmanager.NameCommands
+		certmanager.CertCommands
+	} `cmd:""`
+
+	Auth struct {
+		auth.UserCommands
+		auth.TokenCommands
+		auth.AuthCommands
+	} `cmd:""`
+
+	LDAP struct {
+		ldap.ObjectCommands
+		ldap.AuthCommands
+		ldap.UserCommands
+		ldap.GroupCommands
+	} `cmd:""`
 
 	VersionCommands
 }

cmd/server/service.go

@@ -211,6 +211,15 @@ func (cmd *ServiceRunCommand) Run(app server.Cmd) error {
 			ldap.Router = router
 		}
 
+		// HACK
+		ldap.UserSchema.RDN = "cn=users,cn=accounts"
+		ldap.UserSchema.Field = "uid"
+		ldap.UserSchema.ObjectClasses = "top,inetOrgPerson,person,posixAccount"
+
+		ldap.GroupSchema.RDN = "cn=groups,cn=accounts"
+		ldap.GroupSchema.Field = "cn"
+		ldap.GroupSchema.ObjectClasses = "top,groupOfNames,nestedGroup,posixGroup"
+
 		return nil
 	}))
 

go.mod

@@ -10,6 +10,7 @@ require (
 	github.com/golang-jwt/jwt/v5 v5.2.2
 	github.com/mutablelogic/go-client v1.0.12
 	github.com/stretchr/testify v1.10.0
+	github.com/yinyin/go-ldap-schema-parser v0.0.0-20190716182935-542aadd3dcb5
 )
 
 require (

go.sum

@@ -52,6 +52,7 @@ github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 h1:BP4M0CvQ
 github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
 github.com/go-ldap/ldap/v3 v3.4.11 h1:4k0Yxweg+a3OyBLjdYn5OKglv18JNvfDykSoI8bW0gU=
 github.com/go-ldap/ldap/v3 v3.4.11/go.mod h1:bY7t0FLK8OAVpp/vV6sSlpz3EQDGcQwc8pF0ujLgKvM=
+github.com/go-ldap/ldif v0.0.0-20180918085934-3491d58cdb60/go.mod h1:blBiFTfuR1Jrw4xZ7t3xuNObLzzBG+ce+5W/bEYwJq0=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
 github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
@@ -163,6 +164,8 @@ github.com/tklauser/go-sysconf v0.3.12 h1:0QaGUFOdQaIVdPgfITYzaTegZvdCjmYO52cSFA
 github.com/tklauser/go-sysconf v0.3.12/go.mod h1:Ho14jnntGE1fpdOqQEEaiKRpvIavV0hSfmBq8nJbHYI=
 github.com/tklauser/numcpus v0.6.1 h1:ng9scYS7az0Bk4OZLvrNXNSAO2Pxr1XXRAPyjhIx+Fk=
 github.com/tklauser/numcpus v0.6.1/go.mod h1:1XfjsgE2zo8GVw7POkMbHENHzVg3GzmoZ9fESEdAacY=
+github.com/yinyin/go-ldap-schema-parser v0.0.0-20190716182935-542aadd3dcb5 h1:siJ/5leB7JENBScgD/qG8JAGiS/2Q76qxCPK81icczU=
+github.com/yinyin/go-ldap-schema-parser v0.0.0-20190716182935-542aadd3dcb5/go.mod h1:Hb9db5nLRb/cT+dBKUrukgT3Z9mbtrpF3o2g8+sw7ic=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yusufpapurcu/wmi v1.2.3 h1:E1ctvB7uKFMOJw3fdOW32DwGE9I7t++CRUEMKvFoFiw=
@@ -238,9 +241,11 @@ google.golang.org/grpc v1.64.1 h1:LKtvyfbX3UGVPFcGqJ9ItpVWW6oN/2XqTxfAnwRRXiA=
 google.golang.org/grpc v1.64.1/go.mod h1:hiQF4LFZelK2WKaP6W0L92zGHtiQdZxk8CrSdvyjeP0=
 google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io=
 google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
+gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d/go.mod h1:cuepJuh7vyXfUyUwEgHQXw849cJrilpS5NeIjOWESAw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/ldap.v2 v2.5.1/go.mod h1:oI0cpe/D7HRtBQl8aTg+ZmzFUAvu4lsv3eLXMLGFxWk=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

pkg/httpresponse/error.go

@@ -30,6 +30,7 @@ const (
 	ErrInternalError  = Err(http.StatusInternalServerError)
 	ErrNotAuthorized  = Err(http.StatusUnauthorized)
 	ErrForbidden      = Err(http.StatusForbidden)
+	ErrGatewayError   = Err(http.StatusBadGateway)
 )
 
 ///////////////////////////////////////////////////////////////////////////////

pkg/ldap/client/auth.go

@@ -0,0 +1,46 @@
+package client
+
+import (
+	"context"
+	"net/http"
+
+	// Packages
+	client "github.com/mutablelogic/go-client"
+	schema "github.com/mutablelogic/go-server/pkg/ldap/schema"
+)
+
+///////////////////////////////////////////////////////////////////////////////
+// PUBLIC METHODS
+
+func (c *Client) Auth(ctx context.Context, dn, password string) (*schema.Object, error) {
+	req, err := client.NewJSONRequest(password)
+	if err != nil {
+		return nil, err
+	}
+
+	// Perform request
+	var response schema.Object
+	if err := c.DoWithContext(ctx, req, &response, client.OptPath("auth", dn)); err != nil {
+		return nil, err
+	}
+
+	// Return the responses
+	return &response, nil
+}
+
+func (c *Client) ChangePassword(ctx context.Context, dn, password string) (*schema.Object, error) {
+	req, err := client.NewJSONRequestEx(http.MethodPut, password, "")
+	if err != nil {
+		return nil, err
+	}
+
+	// Perform request
+	// TODO: Retrieve the new password from the response
+	var response schema.Object
+	if err := c.DoWithContext(ctx, req, &response, client.OptPath("auth", dn)); err != nil {
+		return nil, err
+	}
+
+	// Return the responses
+	return &response, nil
+}

pkg/ldap/client/group.go

@@ -0,0 +1,64 @@
+package client
+
+import (
+	"context"
+
+	// Packages
+	client "github.com/mutablelogic/go-client"
+	schema "github.com/mutablelogic/go-server/pkg/ldap/schema"
+)
+
+///////////////////////////////////////////////////////////////////////////////
+// PUBLIC METHODS
+
+func (c *Client) ListGroups(ctx context.Context, opts ...Opt) (*schema.ObjectList, error) {
+	req := client.NewRequest()
+
+	// Apply options
+	opt, err := applyOpts(opts...)
+	if err != nil {
+		return nil, err
+	}
+
+	// Perform request
+	var response schema.ObjectList
+	if err := c.DoWithContext(ctx, req, &response, client.OptPath("group"), client.OptQuery(opt.Values)); err != nil {
+		return nil, err
+	}
+
+	// Return the responses
+	return &response, nil
+}
+
+func (c *Client) CreateGroup(ctx context.Context, meta schema.Object) (*schema.Object, error) {
+	req, err := client.NewJSONRequest(meta)
+	if err != nil {
+		return nil, err
+	}
+
+	// Perform request
+	var response schema.Object
+	if err := c.DoWithContext(ctx, req, &response, client.OptPath("group")); err != nil {
+		return nil, err
+	}
+
+	// Return the responses
+	return &response, nil
+}
+
+func (c *Client) GetGroup(ctx context.Context, user string) (*schema.Object, error) {
+	var resp schema.Object
+
+	// Perform request
+	if err := c.DoWithContext(ctx, client.MethodGet, &resp, client.OptPath("group", user)); err != nil {
+		return nil, err
+	}
+
+	// Return the response
+	return &resp, nil
+}
+
+func (c *Client) DeleteGroup(ctx context.Context, user string) error {
+	// Perform request
+	return c.DoWithContext(ctx, client.MethodDelete, nil, client.OptPath("group", user))
+}

pkg/ldap/client/object.go

@@ -0,0 +1,81 @@
+package client
+
+import (
+	"context"
+	"net/http"
+
+	// Packages
+	client "github.com/mutablelogic/go-client"
+	schema "github.com/mutablelogic/go-server/pkg/ldap/schema"
+)
+
+///////////////////////////////////////////////////////////////////////////////
+// PUBLIC METHODS
+
+func (c *Client) ListObjects(ctx context.Context, opts ...Opt) (*schema.ObjectList, error) {
+	req := client.NewRequest()
+
+	// Apply options
+	opt, err := applyOpts(opts...)
+	if err != nil {
+		return nil, err
+	}
+
+	// Perform request
+	var response schema.ObjectList
+	if err := c.DoWithContext(ctx, req, &response, client.OptPath("object"), client.OptQuery(opt.Values)); err != nil {
+		return nil, err
+	}
+
+	// Return the responses
+	return &response, nil
+}
+
+func (c *Client) CreateObject(ctx context.Context, meta schema.Object) (*schema.Object, error) {
+	req, err := client.NewJSONRequest(meta)
+	if err != nil {
+		return nil, err
+	}
+
+	// Perform request
+	var response schema.Object
+	if err := c.DoWithContext(ctx, req, &response, client.OptPath("object")); err != nil {
+		return nil, err
+	}
+
+	// Return the responses
+	return &response, nil
+}
+
+func (c *Client) GetObject(ctx context.Context, dn string) (*schema.Object, error) {
+	var resp schema.Object
+
+	// Perform request
+	if err := c.DoWithContext(ctx, client.MethodGet, &resp, client.OptPath("object", dn)); err != nil {
+		return nil, err
+	}
+
+	// Return the response
+	return &resp, nil
+}
+
+func (c *Client) DeleteObject(ctx context.Context, dn string) error {
+	// Perform request
+	return c.DoWithContext(ctx, client.MethodDelete, nil, client.OptPath("object", dn))
+}
+
+func (c *Client) UpdateObject(ctx context.Context, meta schema.Object) (*schema.Object, error) {
+	req, err := client.NewJSONRequestEx(http.MethodPatch, meta, "")
+	if err != nil {
+		return nil, err
+	}
+
+	// Perform request
+	var response schema.Object
+	if err := c.DoWithContext(ctx, req, &response, client.OptPath("object", meta.DN)); err != nil {
+		return nil, err
+	}
+
+	// Return the responses
+	return &response, nil
+}

pkg/ldap/client/objects.go

@@ -53,6 +53,18 @@ func WithFilter(v *string) Opt {
 	return OptSet("filter", types.PtrString(v))
 }
 
+// Set LDAP attributes
+func WithAttr(v ...string) Opt {
+	return func(o *opt) error {
+		if len(v) == 0 {
+			o.Del("attr")
+		} else {
+			o.Values["attr"] = v
+		}
+		return nil
+	}
+}
+
 func OptSet(k, v string) Opt {
 	return func(o *opt) error {
 		if v == "" {