Docker/documize
Docker/documize
1
0
Fork 0
mirror of https://github.com/documize/community.git synced 2025-07-19 21:29:42 +02:00
Code Releases Activity

Process mulitple groups in LDAP/AD group filter

Browse source
This commit is contained in:
sauls8t 2018-08-30 11:37:05 +01:00
parent e490407260
commit 7df0fbcb2b
4 changed files with 121 additions and 108 deletions
Download patch file Download diff file Expand all files Collapse all files

24
domain/auth/ldap/ad_test.go
View file

@ -21,6 +21,12 @@ import (
ld "gopkg.in/ldap.v2" ld "gopkg.in/ldap.v2"
) )
// Works against AD server in Azure confgiured using:
//
// https://auth0.com/docs/connector/test-dc
//
// Ensure VM network settings open up ports 389 and 636.
func TestADServer_UserList(t *testing.T) { func TestADServer_UserList(t *testing.T) {
c := lm.LDAPConfig{} c := lm.LDAPConfig{}
c.ServerHost = "40.117.188.17" c.ServerHost = "40.117.188.17"
@ -110,7 +116,7 @@ func TestADServer_Groups(t *testing.T) {
c.BindDN = "CN=ad-admin,CN=Users,DC=mycompany,DC=local" c.BindDN = "CN=ad-admin,CN=Users,DC=mycompany,DC=local"
c.BindPassword = "8B5tNRLvbk8K" c.BindPassword = "8B5tNRLvbk8K"
c.UserFilter = "" c.UserFilter = ""
c.GroupFilter = "(cn=Accounting)" c.GroupFilter = "(|(cn=Accounting)(cn=IT))"
address := fmt.Sprintf("%s:%d", c.ServerHost, c.ServerPort) address := fmt.Sprintf("%s:%d", c.ServerHost, c.ServerPort)
t.Log("Connecting to AD server", address) t.Log("Connecting to AD server", address)
@ -173,13 +179,14 @@ func TestADServer_Groups(t *testing.T) {
return return
} }
// Get list of group members // Get list of group members for each group found.
rawMembers := sr.Entries[0].GetAttributeValues("member") for _, group := range sr.Entries {
fmt.Printf("%s", sr.Entries[0].DN) rawMembers := group.GetAttributeValues("member")
fmt.Printf("%s", group.DN)
if len(rawMembers) == 0 { if len(rawMembers) == 0 {
t.Error("Error: group member attribute returned no users") t.Log("Error: group member attribute returned no users")
return continue
} }
t.Logf("AD group contains %d members", len(rawMembers)) t.Logf("AD group contains %d members", len(rawMembers))
@ -201,8 +208,8 @@ func TestADServer_Groups(t *testing.T) {
) )
ue, err := l.Search(usr) ue, err := l.Search(usr)
if err != nil { if err != nil {
t.Error("Error: unable to execute directory search for group member: ", err.Error()) t.Log("Error: unable to execute directory search for group member: ", err.Error())
return continue
} }
if len(ue.Entries) > 0 { if len(ue.Entries) > 0 {
@ -218,6 +225,7 @@ func TestADServer_Groups(t *testing.T) {
t.Log("group member search failed:", filter) t.Log("group member search failed:", filter)
} }
} }
}
} }
func TestADServer_Authenticate(t *testing.T) { func TestADServer_Authenticate(t *testing.T) {

17
domain/auth/ldap/local_test.go
View file

@ -117,7 +117,7 @@ func TestLocalLDAPServer_UsersInGroup(t *testing.T) {
c.BindDN = "cn=admin,dc=planetexpress,dc=com" c.BindDN = "cn=admin,dc=planetexpress,dc=com"
c.BindPassword = "GoodNewsEveryone" c.BindPassword = "GoodNewsEveryone"
c.UserFilter = "" c.UserFilter = ""
c.GroupFilter = "(&(objectClass=group)(cn=ship_crew))" c.GroupFilter = "(&(objectClass=group)(|(cn=ship_crew)(cn=admin_staff)))"
address := fmt.Sprintf("%s:%d", c.ServerHost, c.ServerPort) address := fmt.Sprintf("%s:%d", c.ServerHost, c.ServerPort)
@ -182,12 +182,12 @@ func TestLocalLDAPServer_UsersInGroup(t *testing.T) {
return return
} }
// Get list of group members // Get list of group members per group found.
rawMembers := sr.Entries[0].GetAttributeValues("member") for _, group := range sr.Entries {
rawMembers := group.GetAttributeValues("member")
if len(rawMembers) == 0 { if len(rawMembers) == 0 {
t.Error("Error: group member attribute returned no users") t.Log("Error: group member attribute returned no users")
return continue
} }
t.Logf("LDAP group contains %d members", len(rawMembers)) t.Logf("LDAP group contains %d members", len(rawMembers))
@ -209,8 +209,8 @@ func TestLocalLDAPServer_UsersInGroup(t *testing.T) {
) )
ue, err := l.Search(usr) ue, err := l.Search(usr)
if err != nil { if err != nil {
t.Error("Error: unable to execute directory search for group member: ", err.Error()) t.Log("Error: unable to execute directory search for group member: ", err.Error())
return continue
} }
if len(ue.Entries) > 0 { if len(ue.Entries) > 0 {
@ -221,6 +221,7 @@ func TestLocalLDAPServer_UsersInGroup(t *testing.T) {
t.Log("group member search failed:", filter) t.Log("group member search failed:", filter)
} }
} }
}
} }
func TestLocalLDAP_Authenticate(t *testing.T) { func TestLocalLDAP_Authenticate(t *testing.T) {
c := lm.LDAPConfig{} c := lm.LDAPConfig{}

20
domain/auth/ldap/public_test.go
View file

@ -112,7 +112,7 @@ func TestPublicLDAPServer_Groups(t *testing.T) {
c.BindDN = "cn=read-only-admin,dc=example,dc=com" c.BindDN = "cn=read-only-admin,dc=example,dc=com"
c.BindPassword = "password" c.BindPassword = "password"
c.UserFilter = "" c.UserFilter = ""
c.GroupFilter = "(ou=Chemists)" c.GroupFilter = "(|(ou=mathematicians)(ou=chemists))"
address := fmt.Sprintf("%s:%d", c.ServerHost, c.ServerPort) address := fmt.Sprintf("%s:%d", c.ServerHost, c.ServerPort)
t.Log("Connecting to LDAP server", address) t.Log("Connecting to LDAP server", address)
@ -145,7 +145,7 @@ func TestPublicLDAPServer_Groups(t *testing.T) {
attrs := []string{} attrs := []string{}
if len(c.GroupFilter) > 0 { if len(c.GroupFilter) > 0 {
filter = c.GroupFilter filter = c.GroupFilter
attrs = []string{"dn", "cn"} attrs = []string{"dn", "cn", "uniqueMember"}
} else if len(c.UserFilter) > 0 { } else if len(c.UserFilter) > 0 {
filter = c.UserFilter filter = c.UserFilter
attrs = []string{"dn", "cn", "givenName", "sn", "mail", "uid"} attrs = []string{"dn", "cn", "givenName", "sn", "mail", "uid"}
@ -175,13 +175,14 @@ func TestPublicLDAPServer_Groups(t *testing.T) {
return return
} }
// Get list of group members // Get list of group members per group found.
rawMembers := sr.Entries[0].GetAttributeValues("uniqueMember") for _, group := range sr.Entries {
fmt.Printf("%s", sr.Entries[0].DN) t.Log("Found group", group.DN)
rawMembers := group.GetAttributeValues("uniqueMember")
if len(rawMembers) == 0 { if len(rawMembers) == 0 {
t.Error("Error: group member attribute returned no users") t.Log("Error: group member attribute returned no users")
return continue
} }
t.Logf("LDAP group contains %d members", len(rawMembers)) t.Logf("LDAP group contains %d members", len(rawMembers))
@ -203,8 +204,8 @@ func TestPublicLDAPServer_Groups(t *testing.T) {
) )
ue, err := l.Search(usr) ue, err := l.Search(usr)
if err != nil { if err != nil {
t.Error("Error: unable to execute directory search for group member: ", err.Error()) t.Log("Error: unable to execute directory search for group member: ", err.Error())
return continue
} }
if len(ue.Entries) > 0 { if len(ue.Entries) > 0 {
@ -215,6 +216,7 @@ func TestPublicLDAPServer_Groups(t *testing.T) {
t.Log("group member search failed:", filter) t.Log("group member search failed:", filter)
} }
} }
}
} }
func TestPublicLDAP_Authenticate(t *testing.T) { func TestPublicLDAP_Authenticate(t *testing.T) {

8
model/auth/ldap.go
View file

@ -11,9 +11,6 @@
package auth package auth
// LDAPConfig that specifies LDAP server connection details and query filters.
//
//
// Example for Active Directory -- filter users that belong to SomeGroupName: // Example for Active Directory -- filter users that belong to SomeGroupName:
// (&(objectCategory=Person)(sAMAccountName=*)(memberOf=cn=SomeGroupName,ou=users,dc=example,dc=com)) // (&(objectCategory=Person)(sAMAccountName=*)(memberOf=cn=SomeGroupName,ou=users,dc=example,dc=com))
// //
@ -26,6 +23,11 @@ package auth
// Example of group filter that returns users belonging to either Developers or Administrators group: // Example of group filter that returns users belonging to either Developers or Administrators group:
// (&(objectCategory=Group)(|(cn=developers)(cn=administrators))) // (&(objectCategory=Group)(|(cn=developers)(cn=administrators)))
// //
// Sources of filter names:
// https://docs.oracle.com/cd/E26217_01/E26214/html/ldap-filters-attrs-users.html
// https://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters.aspx
// LDAPConfig that specifies LDAP server connection details and query filters.
type LDAPConfig struct { type LDAPConfig struct {
ServerHost string `json:"serverHost"` ServerHost string `json:"serverHost"`
ServerPort int `json:"serverPort"` ServerPort int `json:"serverPort"`