From 4409f8e2ffa276a8780ee6ee5fbff0f93429b274 Mon Sep 17 00:00:00 2001
From: Nathan Coad <nathan@thecoads.com>
Date: Thu, 4 Jan 2024 21:04:23 +1100
Subject: [PATCH] try retrieving groups of user

---
 README.md      |  2 +-
 models/ldap.go | 41 +++++++++++++++++++++++++----------------
 test.env       |  2 +-
 3 files changed, 27 insertions(+), 18 deletions(-)

diff --git a/README.md b/README.md
index ad03048..0da62b1 100644
--- a/README.md
+++ b/README.md
@@ -30,7 +30,7 @@ Written by Nathan Coad (nathan.coad@dell.com)
 | BIND_IP | Specify the local IP address to bind to. | 127.0.0.1 | Primary IPv4 address |
 | BIND_PORT | Specify the TCP/IP port to bind to. | 443 | 8443 |
 | LDAP_BIND_ADDRESS | If LDAP integration is needed, specify the LDAP Bind address. Only LDAPS on port 636 is supported. Do not specify port 636 in the bind address | dc.example.com | No default specified |
-| LDAP_BASE_DN | If LDAP integration is needed, specify the base DN to use when binding to AD | "OU=Users,DC=example,DC=com" | No default specified |
+| LDAP_BASE_DN | If LDAP integration is needed, specify the base DN to use when binding to AD | "CN=Users,DC=example,DC=com" | No default specified |
 | LDAP_TRUST_CERT_FILE | If LDAP integration is needed, specify filepath to PEM format public certificate of Certificate Authority signing LDAPS communications | caroot.pem | No default specified, must define this value |
 | TLS_KEY_FILE | Specify the filename of the TLS certificate private key (must be unencrypted) in PEM format | key.pem | privkey.pem |
 | TLS_CERT_FILE | Specify the filename of the TLS certificate file in PEM format | cert.pem | cert.pem |
diff --git a/models/ldap.go b/models/ldap.go
index 3c6f097..914d4d2 100644
--- a/models/ldap.go
+++ b/models/ldap.go
@@ -213,25 +213,34 @@ func VerifyLdapCreds(username string, password string) bool {
 		log.Printf("VerifyLdapCreds successfully bound to LDAP\n")
 	}
 
-	log.Printf("Attempting LDAP search request from base DN '%s'\n", LdapBaseDn)
-	searchReq := ldap.NewSearchRequest(
-		LdapBaseDn,
-		ldap.ScopeWholeSubtree, // you can also use ldap.ScopeWholeSubtree
-		ldap.NeverDerefAliases,
-		0,
-		0,
-		false,
-		"(objectClass=*)",
-		[]string{},
-		nil,
-	)
-	result, err := ldaps.Search(searchReq)
+	/*
+		log.Printf("Attempting LDAP search request from base DN '%s'\n", LdapBaseDn)
+		searchReq := ldap.NewSearchRequest(
+			LdapBaseDn,
+			ldap.ScopeWholeSubtree, // you can also use ldap.ScopeWholeSubtree
+			ldap.NeverDerefAliases,
+			0,
+			0,
+			false,
+			"(objectClass=*)",
+			[]string{},
+			nil,
+		)
+		result, err := ldaps.Search(searchReq)
+		if err != nil {
+			log.Printf("VerifyLdapCreds search error : '%s'\n", err)
+			return false
+		}
+
+		log.Printf("result: %v\n", result)
+	*/
+
+	groups, err := GetGroupsOfUser(username, LdapBaseDn, ldaps)
 	if err != nil {
-		log.Printf("VerifyLdapCreds search error : '%s'\n", err)
+		log.Printf("VerifyLdapCreds group search error : '%s'\n", err)
 		return false
 	}
-
-	log.Printf("result: %v\n", result)
+	fmt.Printf("groups: %v\n", groups)
 
 	return true
 }
diff --git a/test.env b/test.env
index 03e6c61..d2d57b2 100644
--- a/test.env
+++ b/test.env
@@ -5,7 +5,7 @@ TOKEN_HOUR_LIFESPAN=168
 BIND_IP=
 BIND_PORT=8443
 LDAP_BIND_ADDRESS=adcp12.cdc.home
-LDAP_BASE_DN=OU=Users,DC=cdc,DC=home
+LDAP_BASE_DN=CN=Users,DC=cdc,DC=home
 LDAP_TRUST_CERT_FILE=
 TLS_KEY_FILE=key.pem
 TLS_CERT_FILE=cert.pem
\ No newline at end of file