nathan/smt
1
0
Fork 0
Code Issues 4 Pull Requests Packages Projects Releases 2 Wiki Activity

update
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Nathan Coad
2024-01-04 12:59:01 +11:00
parent ea70e073ec
commit 023fdc22a6
4 changed files with 13 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.drone.yml
View File

@@ -22,6 +22,7 @@ steps:
pull: true
settings:
backend: "filesystem"
debug: true
restore: true
cache_key: "volume"
archive_format: "gzip"
@@ -46,6 +47,7 @@ steps:
pull: true
settings:
backend: "filesystem"
debug: true
rebuild: true
cache_key: "volume"
archive_format: "gzip"

2
README.md
View File

@@ -29,7 +29,7 @@ Written by Nathan Coad (nathan.coad@dell.com)
| LOG_FILE | Specify the name/path of file to write log messages to | /var/log/smt.log | ./smt.log
| BIND_IP | Specify the local IP address to bind to. | 127.0.0.1 | Primary IPv4 address |
| BIND_PORT | Specify the TCP/IP port to bind to. | 443 | 8443 |
| LDAP_BIND_ADDRESS | If LDAP integration is needed, specify the LDAP Bind address. Only LDAPS on port 636 is supported. Do not specify port 636 in the bind address | ldaps://dc.example.com | No default specified |
| LDAP_BIND_ADDRESS | If LDAP integration is needed, specify the LDAP Bind address. Only LDAPS on port 636 is supported. Do not specify port 636 in the bind address | dc.example.com | No default specified |
| LDAP_BASE_DN | If LDAP integration is needed, specify the base DN to use when binding to AD | "OU=Users,DC=example,DC=com" | No default specified |
| LDAP_TRUST_CERT_FILE | If LDAP integration is needed, specify filepath to PEM format public certificate of Certificate Authority signing LDAPS communications | caroot.pem | No default specified, must define this value |
| TLS_KEY_FILE | Specify the filename of the TLS certificate private key (must be unencrypted) in PEM format | key.pem | privkey.pem |

10
models/ldap.go
View File

@@ -123,8 +123,14 @@ func VerifyLdapCreds(username string, password string) bool {
// try to bind to AD
err = ldaps.Bind(username, password)
if err != nil {
log.Printf("VerifyLdapCreds error binding to LDAP with supplied credentials : '%s'\n", err)
return false
if ldapErr, ok := err.(*ldap.Error); ok && ldapErr.ResultCode == ldap.LDAPResultInvalidCredentials {
log.Printf("VerifyLdapCreds user credentials are incorrect\n")
return false
} else {
log.Printf("VerifyLdapCreds error binding to LDAP with supplied credentials : '%s'\n", err)
return false
}
} else {
log.Printf("VerifyLdapCreds successfully bound to LDAP\n")
}

4
test.env
View File

@@ -4,8 +4,8 @@ INITIAL_PASSWORD=Password123
TOKEN_HOUR_LIFESPAN=168
BIND_IP=
BIND_PORT=8443
LDAP_BIND_ADDRESS=ldaps://dc.lab.local
LDAP_BASE_DN=OU=Users,DC=lab,DC=local
LDAP_BIND_ADDRESS=adcp12.cdc.home
LDAP_BASE_DN=OU=Users,DC=cdc,DC=home
LDAP_TRUST_CERT_FILE=
TLS_KEY_FILE=key.pem
TLS_CERT_FILE=cert.pem