mirror of
https://github.com/documize/community.git
synced 2025-07-19 05:09:42 +02:00
Process mulitple groups in LDAP/AD group filter
This commit is contained in:
sauls8t
parent
e490407260
commit
7df0fbcb2b
4 changed files with 121 additions and 108 deletions
|
|
@ -21,6 +21,12 @@ import (
|
|||
ld "gopkg.in/ldap.v2"
|
||||
)
|
||||
|
||||
// Works against AD server in Azure confgiured using:
|
||||
//
|
||||
// https://auth0.com/docs/connector/test-dc
|
||||
//
|
||||
// Ensure VM network settings open up ports 389 and 636.
|
||||
|
||||
func TestADServer_UserList(t *testing.T) {
|
||||
c := lm.LDAPConfig{}
|
||||
c.ServerHost = "40.117.188.17"
|
||||
|
|
@ -110,7 +116,7 @@ func TestADServer_Groups(t *testing.T) {
|
|||
c.BindDN = "CN=ad-admin,CN=Users,DC=mycompany,DC=local"
|
||||
c.BindPassword = "8B5tNRLvbk8K"
|
||||
c.UserFilter = ""
|
||||
c.GroupFilter = "(cn=Accounting)"
|
||||
c.GroupFilter = "(|(cn=Accounting)(cn=IT))"
|
||||
|
||||
address := fmt.Sprintf("%s:%d", c.ServerHost, c.ServerPort)
|
||||
t.Log("Connecting to AD server", address)
|
||||
|
|
@ -173,13 +179,14 @@ func TestADServer_Groups(t *testing.T) {
|
|||
return
|
||||
}
|
||||
|
||||
// Get list of group members
|
||||
rawMembers := sr.Entries[0].GetAttributeValues("member")
|
||||
fmt.Printf("%s", sr.Entries[0].DN)
|
||||
// Get list of group members for each group found.
|
||||
for _, group := range sr.Entries {
|
||||
rawMembers := group.GetAttributeValues("member")
|
||||
fmt.Printf("%s", group.DN)
|
||||
|
||||
if len(rawMembers) == 0 {
|
||||
t.Error("Error: group member attribute returned no users")
|
||||
return
|
||||
t.Log("Error: group member attribute returned no users")
|
||||
continue
|
||||
}
|
||||
|
||||
t.Logf("AD group contains %d members", len(rawMembers))
|
||||
|
|
@ -201,8 +208,8 @@ func TestADServer_Groups(t *testing.T) {
|
|||
)
|
||||
ue, err := l.Search(usr)
|
||||
if err != nil {
|
||||
t.Error("Error: unable to execute directory search for group member: ", err.Error())
|
||||
return
|
||||
t.Log("Error: unable to execute directory search for group member: ", err.Error())
|
||||
continue
|
||||
}
|
||||
|
||||
if len(ue.Entries) > 0 {
|
||||
|
|
@ -218,6 +225,7 @@ func TestADServer_Groups(t *testing.T) {
|
|||
t.Log("group member search failed:", filter)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func TestADServer_Authenticate(t *testing.T) {
|
||||
|
|
|
|||
|
|
@ -117,7 +117,7 @@ func TestLocalLDAPServer_UsersInGroup(t *testing.T) {
|
|||
c.BindDN = "cn=admin,dc=planetexpress,dc=com"
|
||||
c.BindPassword = "GoodNewsEveryone"
|
||||
c.UserFilter = ""
|
||||
c.GroupFilter = "(&(objectClass=group)(cn=ship_crew))"
|
||||
c.GroupFilter = "(&(objectClass=group)(|(cn=ship_crew)(cn=admin_staff)))"
|
||||
|
||||
address := fmt.Sprintf("%s:%d", c.ServerHost, c.ServerPort)
|
||||
|
||||
|
|
@ -182,12 +182,12 @@ func TestLocalLDAPServer_UsersInGroup(t *testing.T) {
|
|||
return
|
||||
}
|
||||
|
||||
// Get list of group members
|
||||
rawMembers := sr.Entries[0].GetAttributeValues("member")
|
||||
|
||||
// Get list of group members per group found.
|
||||
for _, group := range sr.Entries {
|
||||
rawMembers := group.GetAttributeValues("member")
|
||||
if len(rawMembers) == 0 {
|
||||
t.Error("Error: group member attribute returned no users")
|
||||
return
|
||||
t.Log("Error: group member attribute returned no users")
|
||||
continue
|
||||
}
|
||||
|
||||
t.Logf("LDAP group contains %d members", len(rawMembers))
|
||||
|
|
@ -209,8 +209,8 @@ func TestLocalLDAPServer_UsersInGroup(t *testing.T) {
|
|||
)
|
||||
ue, err := l.Search(usr)
|
||||
if err != nil {
|
||||
t.Error("Error: unable to execute directory search for group member: ", err.Error())
|
||||
return
|
||||
t.Log("Error: unable to execute directory search for group member: ", err.Error())
|
||||
continue
|
||||
}
|
||||
|
||||
if len(ue.Entries) > 0 {
|
||||
|
|
@ -221,6 +221,7 @@ func TestLocalLDAPServer_UsersInGroup(t *testing.T) {
|
|||
t.Log("group member search failed:", filter)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
func TestLocalLDAP_Authenticate(t *testing.T) {
|
||||
c := lm.LDAPConfig{}
|
||||
|
|
|
|||
|
|
@ -112,7 +112,7 @@ func TestPublicLDAPServer_Groups(t *testing.T) {
|
|||
c.BindDN = "cn=read-only-admin,dc=example,dc=com"
|
||||
c.BindPassword = "password"
|
||||
c.UserFilter = ""
|
||||
c.GroupFilter = "(ou=Chemists)"
|
||||
c.GroupFilter = "(|(ou=mathematicians)(ou=chemists))"
|
||||
|
||||
address := fmt.Sprintf("%s:%d", c.ServerHost, c.ServerPort)
|
||||
t.Log("Connecting to LDAP server", address)
|
||||
|
|
@ -145,7 +145,7 @@ func TestPublicLDAPServer_Groups(t *testing.T) {
|
|||
attrs := []string{}
|
||||
if len(c.GroupFilter) > 0 {
|
||||
filter = c.GroupFilter
|
||||
attrs = []string{"dn", "cn"}
|
||||
attrs = []string{"dn", "cn", "uniqueMember"}
|
||||
} else if len(c.UserFilter) > 0 {
|
||||
filter = c.UserFilter
|
||||
attrs = []string{"dn", "cn", "givenName", "sn", "mail", "uid"}
|
||||
|
|
@ -175,13 +175,14 @@ func TestPublicLDAPServer_Groups(t *testing.T) {
|
|||
return
|
||||
}
|
||||
|
||||
// Get list of group members
|
||||
rawMembers := sr.Entries[0].GetAttributeValues("uniqueMember")
|
||||
fmt.Printf("%s", sr.Entries[0].DN)
|
||||
// Get list of group members per group found.
|
||||
for _, group := range sr.Entries {
|
||||
t.Log("Found group", group.DN)
|
||||
|
||||
rawMembers := group.GetAttributeValues("uniqueMember")
|
||||
if len(rawMembers) == 0 {
|
||||
t.Error("Error: group member attribute returned no users")
|
||||
return
|
||||
t.Log("Error: group member attribute returned no users")
|
||||
continue
|
||||
}
|
||||
|
||||
t.Logf("LDAP group contains %d members", len(rawMembers))
|
||||
|
|
@ -203,8 +204,8 @@ func TestPublicLDAPServer_Groups(t *testing.T) {
|
|||
)
|
||||
ue, err := l.Search(usr)
|
||||
if err != nil {
|
||||
t.Error("Error: unable to execute directory search for group member: ", err.Error())
|
||||
return
|
||||
t.Log("Error: unable to execute directory search for group member: ", err.Error())
|
||||
continue
|
||||
}
|
||||
|
||||
if len(ue.Entries) > 0 {
|
||||
|
|
@ -215,6 +216,7 @@ func TestPublicLDAPServer_Groups(t *testing.T) {
|
|||
t.Log("group member search failed:", filter)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func TestPublicLDAP_Authenticate(t *testing.T) {
|
||||
|
|
|
|||
|
|
@ -11,9 +11,6 @@
|
|||
|
||||
package auth
|
||||
|
||||
// LDAPConfig that specifies LDAP server connection details and query filters.
|
||||
//
|
||||
//
|
||||
// Example for Active Directory -- filter users that belong to SomeGroupName:
|
||||
// (&(objectCategory=Person)(sAMAccountName=*)(memberOf=cn=SomeGroupName,ou=users,dc=example,dc=com))
|
||||
//
|
||||
|
|
@ -26,6 +23,11 @@ package auth
|
|||
// Example of group filter that returns users belonging to either Developers or Administrators group:
|
||||
// (&(objectCategory=Group)(|(cn=developers)(cn=administrators)))
|
||||
//
|
||||
// Sources of filter names:
|
||||
// https://docs.oracle.com/cd/E26217_01/E26214/html/ldap-filters-attrs-users.html
|
||||
// https://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters.aspx
|
||||
|
||||
// LDAPConfig that specifies LDAP server connection details and query filters.
|
||||
type LDAPConfig struct {
|
||||
ServerHost string `json:"serverHost"`
|
||||
ServerPort int `json:"serverPort"`
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue