Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
jobily
Nightingale
提交
c2d74a99
N
Nightingale
项目概览
jobily
/
Nightingale
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
N
Nightingale
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
未验证
提交
c2d74a99
编写于
3月 23, 2020
作者:
U
ulricqin
提交者:
GitHub
3月 23, 2020
浏览文件
操作
浏览文件
下载
差异文件
Merge pull request #11 from freedomkk-qfeng/master
优化 LDAP 认证部分的支持
上级
eb03ccc2
a5be6683
变更
4
隐藏空白更改
内联
并排
Showing
4 changed file
with
144 addition
and
72 deletion
+144
-72
etc/monapi.yml
etc/monapi.yml
+8
-0
src/model/ldap.go
src/model/ldap.go
+85
-0
src/model/user.go
src/model/user.go
+33
-64
src/modules/monapi/config/yaml.go
src/modules/monapi/config/yaml.go
+18
-8
未找到文件。
etc/monapi.yml
浏览文件 @
c2d74a99
...
@@ -14,11 +14,19 @@ ldap:
...
@@ -14,11 +14,19 @@ ldap:
host
:
"
ldap.example.org"
host
:
"
ldap.example.org"
port
:
389
port
:
389
baseDn
:
"
dc=example,dc=org"
baseDn
:
"
dc=example,dc=org"
# AD: manange@example.org
bindUser
:
"
cn=manager,dc=example,dc=org"
bindUser
:
"
cn=manager,dc=example,dc=org"
bindPass
:
"
*******"
bindPass
:
"
*******"
# openldap: (&(uid=%s))
# openldap: (&(uid=%s))
# AD: (&(sAMAccountName=%s))
# AD: (&(sAMAccountName=%s))
authFilter
:
"
(&(uid=%s))"
authFilter
:
"
(&(uid=%s))"
attributes
:
dispname
:
"
cn"
email
:
"
mail"
phone
:
"
mobile"
im
:
"
"
coverAttributes
:
false
autoRegist
:
false
tls
:
false
tls
:
false
startTLS
:
false
startTLS
:
false
...
...
src/model/ldap.go
0 → 100644
浏览文件 @
c2d74a99
package
model
import
(
"crypto/tls"
"fmt"
"github.com/didi/nightingale/src/modules/monapi/config"
"gopkg.in/ldap.v3"
)
func
genLdapAttributeSearchList
()
[]
string
{
ldapAttributes
:=
[]
string
{}
attrs
:=
config
.
Get
()
.
LDAP
.
Attributes
if
attrs
.
Dispname
!=
""
{
ldapAttributes
=
append
(
ldapAttributes
,
attrs
.
Dispname
)
}
if
attrs
.
Email
!=
""
{
ldapAttributes
=
append
(
ldapAttributes
,
attrs
.
Email
)
}
if
attrs
.
Phone
!=
""
{
ldapAttributes
=
append
(
ldapAttributes
,
attrs
.
Phone
)
}
if
attrs
.
Im
!=
""
{
ldapAttributes
=
append
(
ldapAttributes
,
attrs
.
Im
)
}
return
ldapAttributes
}
func
ldapReq
(
user
,
pass
string
)
(
*
ldap
.
SearchResult
,
error
)
{
var
conn
*
ldap
.
Conn
var
err
error
lc
:=
config
.
Get
()
.
LDAP
addr
:=
fmt
.
Sprintf
(
"%s:%d"
,
lc
.
Host
,
lc
.
Port
)
if
lc
.
TLS
{
conn
,
err
=
ldap
.
DialTLS
(
"tcp"
,
addr
,
&
tls
.
Config
{
InsecureSkipVerify
:
true
})
}
else
{
conn
,
err
=
ldap
.
Dial
(
"tcp"
,
addr
)
}
if
err
!=
nil
{
return
nil
,
fmt
.
Errorf
(
"cannot dial ldap: %v"
,
err
)
}
defer
conn
.
Close
()
if
!
lc
.
TLS
&&
lc
.
StartTLS
{
if
err
:=
conn
.
StartTLS
(
&
tls
.
Config
{
InsecureSkipVerify
:
true
});
err
!=
nil
{
return
nil
,
fmt
.
Errorf
(
"ldap.conn startTLS fail: %v"
,
err
)
}
}
//if bindUser is empty, anonymousSearch mode
if
lc
.
BindUser
!=
""
{
//BindSearch mode
if
err
:=
conn
.
Bind
(
lc
.
BindUser
,
lc
.
BindPass
);
err
!=
nil
{
return
nil
,
fmt
.
Errorf
(
"bind ldap fail: %v, use %s"
,
err
,
lc
.
BindUser
)
}
}
searchRequest
:=
ldap
.
NewSearchRequest
(
lc
.
BaseDn
,
// The base dn to search
ldap
.
ScopeWholeSubtree
,
ldap
.
NeverDerefAliases
,
0
,
0
,
false
,
fmt
.
Sprintf
(
lc
.
AuthFilter
,
user
),
// The filter to apply
genLdapAttributeSearchList
(),
// A list attributes to retrieve
nil
,
)
sr
,
err
:=
conn
.
Search
(
searchRequest
)
if
err
!=
nil
{
return
nil
,
fmt
.
Errorf
(
"ldap search fail: %v"
,
err
)
}
if
len
(
sr
.
Entries
)
==
0
{
return
nil
,
fmt
.
Errorf
(
"cannot find such user: %v"
,
user
)
}
if
len
(
sr
.
Entries
)
>
1
{
return
nil
,
fmt
.
Errorf
(
"multi users is search, query user: %v"
,
user
)
}
if
err
:=
conn
.
Bind
(
sr
.
Entries
[
0
]
.
DN
,
pass
);
err
!=
nil
{
return
nil
,
fmt
.
Errorf
(
"password error"
)
}
return
sr
,
nil
}
src/model/user.go
浏览文件 @
c2d74a99
package
model
package
model
import
(
import
(
"crypto/tls"
"fmt"
"fmt"
"log"
"log"
"strings"
"strings"
...
@@ -118,6 +117,23 @@ func (u *User) CanModifyTeam(t *Team) (bool, error) {
...
@@ -118,6 +117,23 @@ func (u *User) CanModifyTeam(t *Team) (bool, error) {
return
cnt
>
0
,
err
return
cnt
>
0
,
err
}
}
func
(
u
*
User
)
CopyLdapAttr
(
sr
*
ldap
.
SearchResult
)
{
attrs
:=
config
.
Get
()
.
LDAP
.
Attributes
if
attrs
.
Dispname
!=
""
{
u
.
Dispname
=
sr
.
Entries
[
0
]
.
GetAttributeValue
(
attrs
.
Dispname
)
}
if
attrs
.
Email
!=
""
{
u
.
Email
=
sr
.
Entries
[
0
]
.
GetAttributeValue
(
attrs
.
Email
)
}
if
attrs
.
Phone
!=
""
{
u
.
Phone
=
sr
.
Entries
[
0
]
.
GetAttributeValue
(
attrs
.
Phone
)
}
if
attrs
.
Im
!=
""
{
u
.
Im
=
sr
.
Entries
[
0
]
.
GetAttributeValue
(
attrs
.
Im
)
}
return
}
func
InitRoot
()
{
func
InitRoot
()
{
var
u
User
var
u
User
has
,
err
:=
DB
[
"uic"
]
.
Where
(
"username=?"
,
"root"
)
.
Get
(
&
u
)
has
,
err
:=
DB
[
"uic"
]
.
Where
(
"username=?"
,
"root"
)
.
Get
(
&
u
)
...
@@ -147,78 +163,31 @@ func InitRoot() {
...
@@ -147,78 +163,31 @@ func InitRoot() {
}
}
func
LdapLogin
(
user
,
pass
string
)
error
{
func
LdapLogin
(
user
,
pass
string
)
error
{
var
conn
*
ldap
.
Conn
sr
,
err
:=
ldapReq
(
user
,
pass
)
var
err
error
lc
:=
config
.
Get
()
.
LDAP
addr
:=
fmt
.
Sprintf
(
"%s:%d"
,
lc
.
Host
,
lc
.
Port
)
if
lc
.
TLS
{
conn
,
err
=
ldap
.
DialTLS
(
"tcp"
,
addr
,
&
tls
.
Config
{
InsecureSkipVerify
:
true
})
}
else
{
conn
,
err
=
ldap
.
Dial
(
"tcp"
,
addr
)
}
if
err
!=
nil
{
return
fmt
.
Errorf
(
"cannot dial ldap: %v"
,
err
)
}
defer
conn
.
Close
()
if
!
lc
.
TLS
&&
lc
.
StartTLS
{
err
=
conn
.
StartTLS
(
&
tls
.
Config
{
InsecureSkipVerify
:
true
})
if
err
!=
nil
{
return
fmt
.
Errorf
(
"ldap.conn startTLS fail: %v"
,
err
)
}
}
err
=
conn
.
Bind
(
lc
.
BindUser
,
lc
.
BindPass
)
if
err
!=
nil
{
return
fmt
.
Errorf
(
"bind ldap fail: %v, use %s"
,
err
,
lc
.
BindUser
)
}
searchRequest
:=
ldap
.
NewSearchRequest
(
lc
.
BaseDn
,
// The base dn to search
ldap
.
ScopeWholeSubtree
,
ldap
.
NeverDerefAliases
,
0
,
0
,
false
,
fmt
.
Sprintf
(
lc
.
AuthFilter
,
user
),
// The filter to apply
[]
string
{},
// A list attributes to retrieve
nil
,
)
sr
,
err
:=
conn
.
Search
(
searchRequest
)
if
err
!=
nil
{
return
fmt
.
Errorf
(
"ldap search fail: %v"
,
err
)
}
if
len
(
sr
.
Entries
)
==
0
{
return
fmt
.
Errorf
(
"cannot find such user: %v"
,
user
)
}
if
len
(
sr
.
Entries
)
>
1
{
return
fmt
.
Errorf
(
"multi users is search, query user: %v"
,
user
)
}
err
=
conn
.
Bind
(
sr
.
Entries
[
0
]
.
DN
,
pass
)
if
err
!=
nil
{
if
err
!=
nil
{
return
fmt
.
Errorf
(
"password error"
)
return
err
}
}
cnt
,
err
:=
DB
[
"uic"
]
.
Where
(
"username=?"
,
user
)
.
Count
(
new
(
User
))
var
u
User
has
,
err
:=
DB
[
"uic"
]
.
Where
(
"username=?"
,
user
)
.
Get
(
&
u
)
if
err
!=
nil
{
if
err
!=
nil
{
return
err
return
err
}
}
u
.
CopyLdapAttr
(
sr
)
if
cnt
>
0
{
if
has
{
return
nil
if
config
.
Get
()
.
LDAP
.
CoverAttributes
{
_
,
err
:=
DB
[
"uic"
]
.
Where
(
"id=?"
,
u
.
Id
)
.
Update
(
u
)
return
err
}
else
{
return
nil
}
}
}
if
!
config
.
Get
()
.
LDAP
.
AutoRegist
{
u
:=
&
User
{
return
fmt
.
Errorf
(
"user has not be created, may be you should enable auto regist: %v"
,
user
)
Username
:
user
,
Password
:
"******"
,
Dispname
:
""
,
Email
:
""
,
}
}
u
.
Username
=
user
u
.
Password
=
"******"
_
,
err
=
DB
[
"uic"
]
.
Insert
(
u
)
_
,
err
=
DB
[
"uic"
]
.
Insert
(
u
)
return
err
return
err
}
}
...
...
src/modules/monapi/config/yaml.go
浏览文件 @
c2d74a99
...
@@ -64,14 +64,24 @@ type httpSection struct {
...
@@ -64,14 +64,24 @@ type httpSection struct {
}
}
type
ldapSection
struct
{
type
ldapSection
struct
{
Host
string
`yaml:"host"`
Host
string
`yaml:"host"`
Port
int
`yaml:"port"`
Port
int
`yaml:"port"`
BaseDn
string
`yaml:"baseDn"`
BaseDn
string
`yaml:"baseDn"`
BindUser
string
`yaml:"bindUser"`
BindUser
string
`yaml:"bindUser"`
BindPass
string
`yaml:"bindPass"`
BindPass
string
`yaml:"bindPass"`
AuthFilter
string
`yaml:"authFilter"`
AuthFilter
string
`yaml:"authFilter"`
TLS
bool
`yaml:"tls"`
Attributes
ldapAttributes
`yaml:"attributes"`
StartTLS
bool
`yaml:"startTLS"`
CoverAttributes
bool
`yaml:"coverAttributes"`
AutoRegist
bool
`yaml:"autoRegist"`
TLS
bool
`yaml:"tls"`
StartTLS
bool
`yaml:"startTLS"`
}
type
ldapAttributes
struct
{
Dispname
string
`yaml:"dispname"`
Phone
string
`yaml:"phone"`
Email
string
`yaml:"email"`
Im
string
`yaml:"im"`
}
}
var
(
var
(
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录