cc-backend/internal/auth/ldap.go

// Copyright (C) 2023 NHR@FAU, University Erlangen-Nuremberg.
// All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package auth

import (
	"errors"
	"fmt"
	"net/http"
	"os"
	"strings"
	"time"

	"github.com/ClusterCockpit/cc-backend/internal/config"
	"github.com/ClusterCockpit/cc-backend/internal/repository"
	"github.com/ClusterCockpit/cc-backend/pkg/log"
	"github.com/ClusterCockpit/cc-backend/pkg/schema"
	"github.com/go-ldap/ldap/v3"
)

type LdapAuthenticator struct {
	syncPassword string
}

var _ Authenticator = (*LdapAuthenticator)(nil)

func (la *LdapAuthenticator) Init() error {
	la.syncPassword = os.Getenv("LDAP_ADMIN_PASSWORD")
	if la.syncPassword == "" {
		log.Warn("environment variable 'LDAP_ADMIN_PASSWORD' not set (ldap sync will not work)")
	}

	if config.Keys.LdapConfig.SyncInterval != "" {
		interval, err := time.ParseDuration(config.Keys.LdapConfig.SyncInterval)
		if err != nil {
			log.Warnf("Could not parse duration for sync interval: %v",
				config.Keys.LdapConfig.SyncInterval)
			return err
		}

		if interval == 0 {
			log.Info("Sync interval is zero")
			return nil
		}

		go func() {
			ticker := time.NewTicker(interval)
			for t := range ticker.C {
				log.Printf("sync started at %s", t.Format(time.RFC3339))
				if err := la.Sync(); err != nil {
					log.Errorf("sync failed: %s", err.Error())
				}
				log.Print("sync done")
			}
		}()
	} else {
		log.Info("LDAP configuration key sync_interval invalid")
	}

	return nil
}

func (la *LdapAuthenticator) CanLogin(
	user *schema.User,
	username string,
	rw http.ResponseWriter,
	r *http.Request) (*schema.User, bool) {

	lc := config.Keys.LdapConfig

	if user != nil {
		if user.AuthSource == schema.AuthViaLDAP {
			return user, true
		}
	} else {
		if lc.SyncUserOnLogin {
			l, err := la.getLdapConnection(true)
			if err != nil {
				log.Error("LDAP connection error")
			}
			defer l.Close()

			// Search for the given username
			searchRequest := ldap.NewSearchRequest(
				lc.UserBase,
				ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
				fmt.Sprintf("(&%s(uid=%s))", lc.UserFilter, username),
				[]string{"dn", "uid", "gecos"}, nil)

			sr, err := l.Search(searchRequest)
			if err != nil {
				log.Warn(err)
				return nil, false
			}

			if len(sr.Entries) != 1 {
				log.Warn("LDAP: User does not exist or too many entries returned")
				return nil, false
			}

			entry := sr.Entries[0]
			name := entry.GetAttributeValue("gecos")
			var roles []string
			roles = append(roles, schema.GetRoleString(schema.RoleUser))
			projects := make([]string, 0)

			user = &schema.User{
				Username:   username,
				Name:       name,
				Roles:      roles,
				Projects:   projects,
				AuthType:   schema.AuthSession,
				AuthSource: schema.AuthViaLDAP,
			}

			if err := repository.GetUserRepository().AddUser(user); err != nil {
				log.Errorf("User '%s' LDAP: Insert into DB failed", username)
				return nil, false
			}

			return user, true
		}
	}

	return nil, false
}

func (la *LdapAuthenticator) Login(
	user *schema.User,
	rw http.ResponseWriter,
	r *http.Request) (*schema.User, error) {

	l, err := la.getLdapConnection(false)
	if err != nil {
		log.Warn("Error while getting ldap connection")
		return nil, err
	}
	defer l.Close()

	userDn := strings.Replace(config.Keys.LdapConfig.UserBind, "{username}", user.Username, -1)
	if err := l.Bind(userDn, r.FormValue("password")); err != nil {
		log.Errorf("AUTH/LOCAL > Authentication for user %s failed: %v",
			user.Username, err)
		return nil, fmt.Errorf("AUTH/LDAP > Authentication failed")
	}

	return user, nil
}

func (la *LdapAuthenticator) Sync() error {
	const IN_DB int = 1
	const IN_LDAP int = 2
	const IN_BOTH int = 3
	ur := repository.GetUserRepository()
	lc := config.Keys.LdapConfig

	users := map[string]int{}
	usernames, err := ur.GetLdapUsernames()
	if err != nil {
		return err
	}

	for _, username := range usernames {
		users[username] = IN_DB
	}

	l, err := la.getLdapConnection(true)
	if err != nil {
		log.Error("LDAP connection error")
		return err
	}
	defer l.Close()

	ldapResults, err := l.Search(ldap.NewSearchRequest(
		lc.UserBase,
		ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
		lc.UserFilter,
		[]string{"dn", "uid", "gecos"}, nil))
	if err != nil {
		log.Warn("LDAP search error")
		return err
	}

	newnames := map[string]string{}
	for _, entry := range ldapResults.Entries {
		username := entry.GetAttributeValue("uid")
		if username == "" {
			return errors.New("no attribute 'uid'")
		}

		_, ok := users[username]
		if !ok {
			users[username] = IN_LDAP
			newnames[username] = entry.GetAttributeValue("gecos")
		} else {
			users[username] = IN_BOTH
		}
	}

	for username, where := range users {
		if where == IN_DB && lc.SyncDelOldUsers {
			ur.DelUser(username)
			log.Debugf("sync: remove %v (does not show up in LDAP anymore)", username)
		} else if where == IN_LDAP {
			name := newnames[username]

			var roles []string
			roles = append(roles, schema.GetRoleString(schema.RoleUser))
			projects := make([]string, 0)

			user := &schema.User{
				Username:   username,
				Name:       name,
				Roles:      roles,
				Projects:   projects,
				AuthSource: schema.AuthViaLDAP,
			}

			log.Debugf("sync: add %v (name: %v, roles: [user], ldap: true)", username, name)
			if err := ur.AddUser(user); err != nil {
				log.Errorf("User '%s' LDAP: Insert into DB failed", username)
				return err
			}
		}
	}

	return nil
}

// TODO: Add a connection pool or something like
// that so that connections can be reused/cached.
func (la *LdapAuthenticator) getLdapConnection(admin bool) (*ldap.Conn, error) {

	lc := config.Keys.LdapConfig
	conn, err := ldap.DialURL(lc.Url)
	if err != nil {
		log.Warn("LDAP URL dial failed")
		return nil, err
	}

	if admin {
		if err := conn.Bind(lc.SearchDN, la.syncPassword); err != nil {
			conn.Close()
			log.Warn("LDAP connection bind failed")
			return nil, err
		}
	}

	return conn, nil
}
refactor auth module Restructure module Separate JWT auth variants Cleanup code Fixes #189 2023-08-11 10:00:23 +02:00			`// Copyright (C) 2023 NHR@FAU, University Erlangen-Nuremberg.`
Add copyright and license header. Update license year 2022-07-29 06:29:21 +02:00			`// All rights reserved.`
			`// Use of this source code is governed by a MIT-style`
			`// license that can be found in the LICENSE file.`
authentication via database and/or ldap 2021-12-08 10:03:00 +01:00			`package auth`

			`import (`
			`"errors"`
Streamline auth error handling 2023-06-15 12:00:45 +02:00			`"fmt"`
Integrate new auth interface 2022-07-07 14:08:37 +02:00			`"net/http"`
authentication via database and/or ldap 2021-12-08 10:03:00 +01:00			`"os"`
			`"strings"`
Automatically sync via LDAP at interval 2022-02-14 14:37:33 +01:00			`"time"`
authentication via database and/or ldap 2021-12-08 10:03:00 +01:00
Refactor and cleanup Auth configuration 2023-08-18 10:43:06 +02:00			`"github.com/ClusterCockpit/cc-backend/internal/config"`
Cleanup and adapt to new structure 2023-08-17 12:34:30 +02:00			`"github.com/ClusterCockpit/cc-backend/internal/repository"`
Refactor directory structure 2022-06-21 17:52:36 +02:00			`"github.com/ClusterCockpit/cc-backend/pkg/log"`
Reformat and Refactor packages. Rebuild GraphQL. 2022-09-07 12:24:45 +02:00			`"github.com/ClusterCockpit/cc-backend/pkg/schema"`
authentication via database and/or ldap 2021-12-08 10:03:00 +01:00			`"github.com/go-ldap/ldap/v3"`
			`)`

Reformat and Refactor packages. Rebuild GraphQL. 2022-09-07 12:24:45 +02:00			`type LdapAuthenticator struct {`
Integrate new auth interface 2022-07-07 14:08:37 +02:00			`syncPassword string`
			`}`

Reformat and Refactor packages. Rebuild GraphQL. 2022-09-07 12:24:45 +02:00			`var _ Authenticator = (*LdapAuthenticator)(nil)`

Refactor and cleanup Auth configuration 2023-08-18 10:43:06 +02:00			`func (la *LdapAuthenticator) Init() error {`
Integrate new auth interface 2022-07-07 14:08:37 +02:00			`la.syncPassword = os.Getenv("LDAP_ADMIN_PASSWORD")`
			`if la.syncPassword == "" {`
Rework pkg/log, add 'loglevel' and 'logdate' flags, streamline - removes some previously added manual location strings: now handled by pkg/log depending on loglevel - kept manual string locations on fmt print functions - add 'notice' and 'critical' loglevels - add 'Panic' and 'Panicf' functions to log panics - adresses issue #26 2023-01-23 18:48:06 +01:00			`log.Warn("environment variable 'LDAP_ADMIN_PASSWORD' not set (ldap sync will not work)")`
authentication via database and/or ldap 2021-12-08 10:03:00 +01:00			`}`
Automatically sync via LDAP at interval 2022-02-14 14:37:33 +01:00
Refactor and cleanup Auth configuration 2023-08-18 10:43:06 +02:00			`if config.Keys.LdapConfig.SyncInterval != "" {`
			`interval, err := time.ParseDuration(config.Keys.LdapConfig.SyncInterval)`
Automatically sync via LDAP at interval 2022-02-14 14:37:33 +01:00			`if err != nil {`
Refactor and cleanup Auth configuration 2023-08-18 10:43:06 +02:00			`log.Warnf("Could not parse duration for sync interval: %v",`
			`config.Keys.LdapConfig.SyncInterval)`
Automatically sync via LDAP at interval 2022-02-14 14:37:33 +01:00			`return err`
			`}`

			`if interval == 0 {`
Remove loglevel notice 2023-02-15 11:50:51 +01:00			`log.Info("Sync interval is zero")`
Automatically sync via LDAP at interval 2022-02-14 14:37:33 +01:00			`return nil`
			`}`

			`go func() {`
			`ticker := time.NewTicker(interval)`
			`for t := range ticker.C {`
Rework pkg/log, add 'loglevel' and 'logdate' flags, streamline - removes some previously added manual location strings: now handled by pkg/log depending on loglevel - kept manual string locations on fmt print functions - add 'notice' and 'critical' loglevels - add 'Panic' and 'Panicf' functions to log panics - adresses issue #26 2023-01-23 18:48:06 +01:00			`log.Printf("sync started at %s", t.Format(time.RFC3339))`
Integrate new auth interface 2022-07-07 14:08:37 +02:00			`if err := la.Sync(); err != nil {`
Rework pkg/log, add 'loglevel' and 'logdate' flags, streamline - removes some previously added manual location strings: now handled by pkg/log depending on loglevel - kept manual string locations on fmt print functions - add 'notice' and 'critical' loglevels - add 'Panic' and 'Panicf' functions to log panics - adresses issue #26 2023-01-23 18:48:06 +01:00			`log.Errorf("sync failed: %s", err.Error())`
Automatically sync via LDAP at interval 2022-02-14 14:37:33 +01:00			`}`
Rework pkg/log, add 'loglevel' and 'logdate' flags, streamline - removes some previously added manual location strings: now handled by pkg/log depending on loglevel - kept manual string locations on fmt print functions - add 'notice' and 'critical' loglevels - add 'Panic' and 'Panicf' functions to log panics - adresses issue #26 2023-01-23 18:48:06 +01:00			`log.Print("sync done")`
Automatically sync via LDAP at interval 2022-02-14 14:37:33 +01:00			`}`
			`}()`
Fix errors in ldap auth 2023-08-16 09:19:41 +02:00			`} else {`
Refactor and cleanup Auth configuration 2023-08-18 10:43:06 +02:00			`log.Info("LDAP configuration key sync_interval invalid")`
Automatically sync via LDAP at interval 2022-02-14 14:37:33 +01:00			`}`

authentication via database and/or ldap 2021-12-08 10:03:00 +01:00			`return nil`
			`}`

Reformat and Refactor packages. Rebuild GraphQL. 2022-09-07 12:24:45 +02:00			`func (la *LdapAuthenticator) CanLogin(`
Refactor auth module Separate parts Add user repository Add user schema 2023-08-17 10:29:00 +02:00			`user *schema.User,`
Add LDAPSyncOnLogin option Cleanup Extend docs Remove obsolete Expiration attribute 2023-08-14 12:40:21 +02:00			`username string,`
Reformat and Refactor packages. Rebuild GraphQL. 2022-09-07 12:24:45 +02:00			`rw http.ResponseWriter,`
Cleanup SyncOnLogin Handling 2023-08-17 14:02:04 +02:00			`r http.Request) (schema.User, bool) {`
Reformat and Refactor packages. Rebuild GraphQL. 2022-09-07 12:24:45 +02:00
Refactor and cleanup Auth configuration 2023-08-18 10:43:06 +02:00			`lc := config.Keys.LdapConfig`

Formatting and minor fixes 2023-08-18 08:49:25 +02:00			`if user != nil {`
			`if user.AuthSource == schema.AuthViaLDAP {`
			`return user, true`
			`}`
Add LDAPSyncOnLogin option Cleanup Extend docs Remove obsolete Expiration attribute 2023-08-14 12:40:21 +02:00			`} else {`
Refactor and cleanup Auth configuration 2023-08-18 10:43:06 +02:00			`if lc.SyncUserOnLogin {`
Add LDAPSyncOnLogin option Cleanup Extend docs Remove obsolete Expiration attribute 2023-08-14 12:40:21 +02:00			`l, err := la.getLdapConnection(true)`
			`if err != nil {`
			`log.Error("LDAP connection error")`
			`}`
Cleanup SyncOnLogin Handling 2023-08-17 14:02:04 +02:00			`defer l.Close()`
Add LDAPSyncOnLogin option Cleanup Extend docs Remove obsolete Expiration attribute 2023-08-14 12:40:21 +02:00
			`// Search for the given username`
			`searchRequest := ldap.NewSearchRequest(`
Refactor and cleanup Auth configuration 2023-08-18 10:43:06 +02:00			`lc.UserBase,`
Add LDAPSyncOnLogin option Cleanup Extend docs Remove obsolete Expiration attribute 2023-08-14 12:40:21 +02:00			`ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,`
Refactor and cleanup Auth configuration 2023-08-18 10:43:06 +02:00			`fmt.Sprintf("(&%s(uid=%s))", lc.UserFilter, username),`
Add LDAPSyncOnLogin option Cleanup Extend docs Remove obsolete Expiration attribute 2023-08-14 12:40:21 +02:00			`[]string{"dn", "uid", "gecos"}, nil)`

			`sr, err := l.Search(searchRequest)`
			`if err != nil {`
			`log.Warn(err)`
Formatting and minor fixes 2023-08-18 08:49:25 +02:00			`return nil, false`
Add LDAPSyncOnLogin option Cleanup Extend docs Remove obsolete Expiration attribute 2023-08-14 12:40:21 +02:00			`}`

			`if len(sr.Entries) != 1 {`
Formatting and minor fixes 2023-08-18 08:49:25 +02:00			`log.Warn("LDAP: User does not exist or too many entries returned")`
			`return nil, false`
Add LDAPSyncOnLogin option Cleanup Extend docs Remove obsolete Expiration attribute 2023-08-14 12:40:21 +02:00			`}`

			`entry := sr.Entries[0]`
			`name := entry.GetAttributeValue("gecos")`
Cleanup and adapt to new structure 2023-08-17 12:34:30 +02:00			`var roles []string`
			`roles = append(roles, schema.GetRoleString(schema.RoleUser))`
			`projects := make([]string, 0)`

			`user = &schema.User{`
			`Username: username,`
			`Name: name,`
			`Roles: roles,`
			`Projects: projects,`
			`AuthType: schema.AuthSession,`
			`AuthSource: schema.AuthViaLDAP,`
			`}`
Add LDAPSyncOnLogin option Cleanup Extend docs Remove obsolete Expiration attribute 2023-08-14 12:40:21 +02:00
Cleanup and adapt to new structure 2023-08-17 12:34:30 +02:00			`if err := repository.GetUserRepository().AddUser(user); err != nil {`
			`log.Errorf("User '%s' LDAP: Insert into DB failed", username)`
Cleanup SyncOnLogin Handling 2023-08-17 14:02:04 +02:00			`return nil, false`
Add LDAPSyncOnLogin option Cleanup Extend docs Remove obsolete Expiration attribute 2023-08-14 12:40:21 +02:00			`}`

Cleanup SyncOnLogin Handling 2023-08-17 14:02:04 +02:00			`return user, true`
Add LDAPSyncOnLogin option Cleanup Extend docs Remove obsolete Expiration attribute 2023-08-14 12:40:21 +02:00			`}`
			`}`

Cleanup SyncOnLogin Handling 2023-08-17 14:02:04 +02:00			`return nil, false`
authentication via database and/or ldap 2021-12-08 10:03:00 +01:00			`}`

Reformat and Refactor packages. Rebuild GraphQL. 2022-09-07 12:24:45 +02:00			`func (la *LdapAuthenticator) Login(`
Refactor auth module Separate parts Add user repository Add user schema 2023-08-17 10:29:00 +02:00			`user *schema.User,`
Reformat and Refactor packages. Rebuild GraphQL. 2022-09-07 12:24:45 +02:00			`rw http.ResponseWriter,`
Refactor auth module Separate parts Add user repository Add user schema 2023-08-17 10:29:00 +02:00			`r http.Request) (schema.User, error) {`
Reformat and Refactor packages. Rebuild GraphQL. 2022-09-07 12:24:45 +02:00
Integrate new auth interface 2022-07-07 14:08:37 +02:00			`l, err := la.getLdapConnection(false)`
authentication via database and/or ldap 2021-12-08 10:03:00 +01:00			`if err != nil {`
Adapt loglevel for logs, shorten strings, fix formats, streamline - Switched to Warn for most errors, reduces bloat, improves log control 2023-02-01 11:58:27 +01:00			`log.Warn("Error while getting ldap connection")`
Integrate new auth interface 2022-07-07 14:08:37 +02:00			`return nil, err`
authentication via database and/or ldap 2021-12-08 10:03:00 +01:00			`}`
Refactor auth/ 2022-02-14 14:22:44 +01:00			`defer l.Close()`
authentication via database and/or ldap 2021-12-08 10:03:00 +01:00
Refactor and cleanup Auth configuration 2023-08-18 10:43:06 +02:00			`userDn := strings.Replace(config.Keys.LdapConfig.UserBind, "{username}", user.Username, -1)`
Integrate new auth interface 2022-07-07 14:08:37 +02:00			`if err := l.Bind(userDn, r.FormValue("password")); err != nil {`
Formatting and minor fixes 2023-08-18 08:49:25 +02:00			`log.Errorf("AUTH/LOCAL > Authentication for user %s failed: %v",`
			`user.Username, err)`
Streamline auth error handling 2023-06-15 12:00:45 +02:00			`return nil, fmt.Errorf("AUTH/LDAP > Authentication failed")`
authentication via database and/or ldap 2021-12-08 10:03:00 +01:00			`}`

Integrate new auth interface 2022-07-07 14:08:37 +02:00			`return user, nil`
authentication via database and/or ldap 2021-12-08 10:03:00 +01:00			`}`

Reformat and Refactor packages. Rebuild GraphQL. 2022-09-07 12:24:45 +02:00			`func (la *LdapAuthenticator) Sync() error {`
authentication via database and/or ldap 2021-12-08 10:03:00 +01:00			`const IN_DB int = 1`
			`const IN_LDAP int = 2`
			`const IN_BOTH int = 3`
Cleanup and adapt to new structure 2023-08-17 12:34:30 +02:00			`ur := repository.GetUserRepository()`
Refactor and cleanup Auth configuration 2023-08-18 10:43:06 +02:00			`lc := config.Keys.LdapConfig`
authentication via database and/or ldap 2021-12-08 10:03:00 +01:00
			`users := map[string]int{}`
Cleanup and adapt to new structure 2023-08-17 12:34:30 +02:00			`usernames, err := ur.GetLdapUsernames()`
authentication via database and/or ldap 2021-12-08 10:03:00 +01:00			`if err != nil {`
			`return err`
			`}`

Cleanup and adapt to new structure 2023-08-17 12:34:30 +02:00			`for _, username := range usernames {`
authentication via database and/or ldap 2021-12-08 10:03:00 +01:00			`users[username] = IN_DB`
			`}`

Integrate new auth interface 2022-07-07 14:08:37 +02:00			`l, err := la.getLdapConnection(true)`
authentication via database and/or ldap 2021-12-08 10:03:00 +01:00			`if err != nil {`
Add log messages to error events w/o log message, primaryly error level - "log spam" to be controlled via loglevel flag on startup 2023-01-31 18:28:44 +01:00			`log.Error("LDAP connection error")`
authentication via database and/or ldap 2021-12-08 10:03:00 +01:00			`return err`
			`}`
Refactor auth/ 2022-02-14 14:22:44 +01:00			`defer l.Close()`
authentication via database and/or ldap 2021-12-08 10:03:00 +01:00
			`ldapResults, err := l.Search(ldap.NewSearchRequest(`
Refactor and cleanup Auth configuration 2023-08-18 10:43:06 +02:00			`lc.UserBase,`
Add LDAPSyncOnLogin option Cleanup Extend docs Remove obsolete Expiration attribute 2023-08-14 12:40:21 +02:00			`ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,`
Refactor and cleanup Auth configuration 2023-08-18 10:43:06 +02:00			`lc.UserFilter,`
Add LDAPSyncOnLogin option Cleanup Extend docs Remove obsolete Expiration attribute 2023-08-14 12:40:21 +02:00			`[]string{"dn", "uid", "gecos"}, nil))`
authentication via database and/or ldap 2021-12-08 10:03:00 +01:00			`if err != nil {`
Adapt loglevel for logs, shorten strings, fix formats, streamline - Switched to Warn for most errors, reduces bloat, improves log control 2023-02-01 11:58:27 +01:00			`log.Warn("LDAP search error")`
authentication via database and/or ldap 2021-12-08 10:03:00 +01:00			`return err`
			`}`

			`newnames := map[string]string{}`
			`for _, entry := range ldapResults.Entries {`
			`username := entry.GetAttributeValue("uid")`
			`if username == "" {`
			`return errors.New("no attribute 'uid'")`
			`}`

			`_, ok := users[username]`
			`if !ok {`
			`users[username] = IN_LDAP`
			`newnames[username] = entry.GetAttributeValue("gecos")`
			`} else {`
			`users[username] = IN_BOTH`
			`}`
			`}`

			`for username, where := range users {`
Refactor and cleanup Auth configuration 2023-08-18 10:43:06 +02:00			`if where == IN_DB && lc.SyncDelOldUsers {`
Cleanup and adapt to new structure 2023-08-17 12:34:30 +02:00			`ur.DelUser(username)`
Adapt loglevel for logs, shorten strings, fix formats, streamline - Switched to Warn for most errors, reduces bloat, improves log control 2023-02-01 11:58:27 +01:00			`log.Debugf("sync: remove %v (does not show up in LDAP anymore)", username)`
authentication via database and/or ldap 2021-12-08 10:03:00 +01:00			`} else if where == IN_LDAP {`
			`name := newnames[username]`
Cleanup and adapt to new structure 2023-08-17 12:34:30 +02:00
			`var roles []string`
			`roles = append(roles, schema.GetRoleString(schema.RoleUser))`
			`projects := make([]string, 0)`

			`user := &schema.User{`
			`Username: username,`
			`Name: name,`
			`Roles: roles,`
			`Projects: projects,`
			`AuthSource: schema.AuthViaLDAP,`
			`}`

Adapt loglevel for logs, shorten strings, fix formats, streamline - Switched to Warn for most errors, reduces bloat, improves log control 2023-02-01 11:58:27 +01:00			`log.Debugf("sync: add %v (name: %v, roles: [user], ldap: true)", username, name)`
Cleanup and adapt to new structure 2023-08-17 12:34:30 +02:00			`if err := ur.AddUser(user); err != nil {`
			`log.Errorf("User '%s' LDAP: Insert into DB failed", username)`
authentication via database and/or ldap 2021-12-08 10:03:00 +01:00			`return err`
			`}`
			`}`
			`}`

			`return nil`
			`}`
Integrate new auth interface 2022-07-07 14:08:37 +02:00
			`// TODO: Add a connection pool or something like`
			`// that so that connections can be reused/cached.`
Reformat and Refactor packages. Rebuild GraphQL. 2022-09-07 12:24:45 +02:00			`func (la LdapAuthenticator) getLdapConnection(admin bool) (ldap.Conn, error) {`

Refactor and cleanup Auth configuration 2023-08-18 10:43:06 +02:00			`lc := config.Keys.LdapConfig`
			`conn, err := ldap.DialURL(lc.Url)`
Integrate new auth interface 2022-07-07 14:08:37 +02:00			`if err != nil {`
Adapt loglevel for logs, shorten strings, fix formats, streamline - Switched to Warn for most errors, reduces bloat, improves log control 2023-02-01 11:58:27 +01:00			`log.Warn("LDAP URL dial failed")`
Integrate new auth interface 2022-07-07 14:08:37 +02:00			`return nil, err`
			`}`

			`if admin {`
Refactor and cleanup Auth configuration 2023-08-18 10:43:06 +02:00			`if err := conn.Bind(lc.SearchDN, la.syncPassword); err != nil {`
Integrate new auth interface 2022-07-07 14:08:37 +02:00			`conn.Close()`
Adapt loglevel for logs, shorten strings, fix formats, streamline - Switched to Warn for most errors, reduces bloat, improves log control 2023-02-01 11:58:27 +01:00			`log.Warn("LDAP connection bind failed")`
Integrate new auth interface 2022-07-07 14:08:37 +02:00			`return nil, err`
			`}`
			`}`

			`return conn, nil`
			`}`