|
|
@@ -10,14 +10,6 @@
|
|
|
|
|
|
-export([start/0]).
|
|
|
|
|
|
--define(USE_SSL, false).
|
|
|
--define(LDAP_SERVER, "atlas.northhorizon.local").
|
|
|
--define(BASE_DN, "DC=northhorizon,DC=local").
|
|
|
--define(SEARCH_USER_DN, "CN=ldapsearch,CN=Users,DC=northhorizon,DC=local").
|
|
|
--define(SEARCH_USER_PASSWORD, "Welcome1").
|
|
|
--define(USER_DN_MAP_ATTR, "userPrincipalName").
|
|
|
--define(GROUP_DN_MAP_ATTR, "name").
|
|
|
-
|
|
|
-define(TEST_USER, "test@northhorizon.local").
|
|
|
-define(TEST_USER_PASSWORD, "Welcome1").
|
|
|
|
|
|
@@ -30,65 +22,16 @@
|
|
|
|
|
|
-include_lib("eldap/include/eldap.hrl").
|
|
|
|
|
|
+-import(ldap_integration, [connect/0, authenticate/3, get_group_memberships/2]).
|
|
|
+
|
|
|
start() ->
|
|
|
%% User = string:strip(io:get_line("User: "), right, $\n),
|
|
|
%% Password = string:strip(io:get_line("Password: "), right, $\n),
|
|
|
%%
|
|
|
%% authenticate(User, Password).
|
|
|
- authenticate(?TEST_USER, ?TEST_USER_PASSWORD).
|
|
|
-
|
|
|
-
|
|
|
-authenticate(User, Password) ->
|
|
|
- LdapConnection = connect(?SEARCH_USER_DN, ?SEARCH_USER_PASSWORD),
|
|
|
- case query(LdapConnection, "person", eldap:equalityMatch(?USER_DN_MAP_ATTR, User)) of
|
|
|
- [] -> throw({ invalid_credentials });
|
|
|
- [#eldap_entry{ object_name = UserDN } | _] ->
|
|
|
- % attempt to connect as UserDN and if it doesn't throw, immediately disconnect.
|
|
|
- eldap:close(connect(UserDN, Password)),
|
|
|
-
|
|
|
- % If we're here, auth succeeded.
|
|
|
-
|
|
|
- io:format("user: ~p\n", [UserDN]),
|
|
|
- Groups = get_group_memberships(LdapConnection, UserDN),
|
|
|
- io:format("groups: ~p", [Groups])
|
|
|
- end,
|
|
|
- eldap:close(LdapConnection).
|
|
|
-
|
|
|
-connect(DN, Password) ->
|
|
|
- case eldap:open([?LDAP_SERVER], [{ssl, ?USE_SSL}]) of
|
|
|
- {error, Reason} -> throw({ ldap_connection_error, Reason });
|
|
|
- {ok, LdapConnection} ->
|
|
|
- case eldap:simple_bind(LdapConnection, DN, Password) of
|
|
|
- {error, _} ->
|
|
|
- eldap:close(LdapConnection),
|
|
|
- throw({ invalid_credentials });
|
|
|
- ok -> LdapConnection
|
|
|
- end
|
|
|
- end.
|
|
|
-
|
|
|
-query(LdapConnection, Type, Filter) ->
|
|
|
- TypedFilter = eldap:'and'([eldap:equalityMatch("objectClass", Type), Filter]),
|
|
|
- case eldap:search(LdapConnection, [{ base, ?BASE_DN }, { filter, TypedFilter }]) of
|
|
|
- {error, Reason} -> throw({search, Reason});
|
|
|
- {ok, #eldap_search_result{ entries = Result }} -> io:format("found ~p\n", [Result]), Result
|
|
|
- end.
|
|
|
-
|
|
|
-get_group_memberships(LdapConnection, UserDN) ->
|
|
|
- Memberships = get_group_memberships(LdapConnection, sets:new(), UserDN),
|
|
|
- sets:to_list(Memberships).
|
|
|
+ LdapConnection = connect(),
|
|
|
+ UserDN = authenticate(LdapConnection, ?TEST_USER, ?TEST_USER_PASSWORD),
|
|
|
+ Groups = get_group_memberships(LdapConnection, UserDN),
|
|
|
|
|
|
-get_group_memberships(LdapConnection, Memberships, DN) ->
|
|
|
- case query(LdapConnection, "group", eldap:equalityMatch("member", DN)) of
|
|
|
- [] -> Memberships;
|
|
|
- Entries ->
|
|
|
- ParentGroupDNs = [ {X#eldap_entry.object_name, get_record_value(X, ?GROUP_DN_MAP_ATTR)} || X <- Entries ],
|
|
|
- S = sets:subtract(sets:from_list(ParentGroupDNs), Memberships),
|
|
|
- case sets:size(S) of
|
|
|
- 0 -> Memberships;
|
|
|
- _ -> sets:fold(fun (N, P) -> get_group_memberships(LdapConnection, P, N) end, sets:union(Memberships, S), S)
|
|
|
- end
|
|
|
- end.
|
|
|
+ io:format("user: ~p\ngroups: ~p\n", [UserDN, Groups]).
|
|
|
|
|
|
-get_record_value(Record, Field) ->
|
|
|
- FieldAtom = string_to_atom(Field)
|
|
|
- lists:filter(fun ({FieldAtom})
|
Daniel Moore