2021-04-19 22:30:27 +00:00
|
|
|
package ldap
|
|
|
|
|
|
|
|
import (
|
2021-07-13 16:24:18 +00:00
|
|
|
"crypto/tls"
|
2021-11-05 09:37:30 +00:00
|
|
|
"net"
|
2021-05-04 19:49:15 +00:00
|
|
|
"sync"
|
|
|
|
|
2021-11-05 09:37:30 +00:00
|
|
|
"github.com/pires/go-proxyproto"
|
2021-04-19 22:30:27 +00:00
|
|
|
log "github.com/sirupsen/logrus"
|
2021-07-17 17:36:15 +00:00
|
|
|
"goauthentik.io/internal/crypto"
|
2021-06-16 10:02:02 +00:00
|
|
|
"goauthentik.io/internal/outpost/ak"
|
2021-11-05 09:37:30 +00:00
|
|
|
"goauthentik.io/internal/outpost/ldap/metrics"
|
2021-04-19 22:30:27 +00:00
|
|
|
|
2021-05-04 19:49:15 +00:00
|
|
|
"github.com/nmcclain/ldap"
|
2021-04-19 22:30:27 +00:00
|
|
|
)
|
|
|
|
|
2021-04-26 09:53:06 +00:00
|
|
|
type LDAPServer struct {
|
2021-07-13 16:24:18 +00:00
|
|
|
s *ldap.Server
|
|
|
|
log *log.Entry
|
|
|
|
ac *ak.APIController
|
2021-07-21 21:53:43 +00:00
|
|
|
cs *ak.CryptoStore
|
2021-07-13 16:24:18 +00:00
|
|
|
defaultCert *tls.Certificate
|
|
|
|
providers []*ProviderInstance
|
2021-04-19 22:30:27 +00:00
|
|
|
}
|
2021-04-25 20:07:12 +00:00
|
|
|
|
2021-04-19 22:30:27 +00:00
|
|
|
func NewServer(ac *ak.APIController) *LDAPServer {
|
|
|
|
s := ldap.NewServer()
|
|
|
|
s.EnforceLDAP = true
|
|
|
|
ls := &LDAPServer{
|
2021-04-26 09:53:06 +00:00
|
|
|
s: s,
|
2021-04-26 13:35:56 +00:00
|
|
|
log: log.WithField("logger", "authentik.outpost.ldap"),
|
2021-04-26 09:53:06 +00:00
|
|
|
ac: ac,
|
2021-07-21 21:53:43 +00:00
|
|
|
cs: ak.NewCryptoStore(ac.Client.CryptoApi),
|
2021-04-26 09:53:06 +00:00
|
|
|
providers: []*ProviderInstance{},
|
2021-04-19 22:30:27 +00:00
|
|
|
}
|
2021-07-17 17:36:15 +00:00
|
|
|
defaultCert, err := crypto.GenerateSelfSignedCert()
|
2021-07-13 16:24:18 +00:00
|
|
|
if err != nil {
|
|
|
|
log.Warning(err)
|
|
|
|
}
|
|
|
|
ls.defaultCert = &defaultCert
|
2021-04-19 22:30:27 +00:00
|
|
|
s.BindFunc("", ls)
|
|
|
|
s.SearchFunc("", ls)
|
|
|
|
return ls
|
|
|
|
}
|
2021-09-16 08:14:51 +00:00
|
|
|
|
|
|
|
func (ls *LDAPServer) Type() string {
|
|
|
|
return "ldap"
|
|
|
|
}
|
2021-11-05 09:37:30 +00:00
|
|
|
|
|
|
|
func (ls *LDAPServer) StartLDAPServer() error {
|
|
|
|
listen := "0.0.0.0:3389"
|
|
|
|
|
|
|
|
ln, err := net.Listen("tcp", listen)
|
|
|
|
if err != nil {
|
2021-12-11 21:09:18 +00:00
|
|
|
ls.log.WithField("listen", listen).WithError(err).Fatalf("listen failed")
|
2021-11-05 09:37:30 +00:00
|
|
|
}
|
|
|
|
proxyListener := &proxyproto.Listener{Listener: ln}
|
|
|
|
defer proxyListener.Close()
|
|
|
|
|
2021-12-20 20:46:01 +00:00
|
|
|
ls.log.WithField("listen", listen).Info("Starting LDAP server")
|
2021-11-05 09:37:30 +00:00
|
|
|
err = ls.s.Serve(proxyListener)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
ls.log.Printf("closing %s", ln.Addr())
|
|
|
|
return ls.s.ListenAndServe(listen)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (ls *LDAPServer) Start() error {
|
|
|
|
wg := sync.WaitGroup{}
|
|
|
|
wg.Add(3)
|
|
|
|
go func() {
|
|
|
|
defer wg.Done()
|
|
|
|
metrics.RunServer()
|
|
|
|
}()
|
|
|
|
go func() {
|
|
|
|
defer wg.Done()
|
|
|
|
err := ls.StartLDAPServer()
|
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
go func() {
|
|
|
|
defer wg.Done()
|
|
|
|
err := ls.StartLDAPTLSServer()
|
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
wg.Wait()
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (ls *LDAPServer) TimerFlowCacheExpiry() {
|
|
|
|
for _, p := range ls.providers {
|
|
|
|
ls.log.WithField("flow", p.flowSlug).Debug("Pre-heating flow cache")
|
|
|
|
p.binder.TimerFlowCacheExpiry()
|
|
|
|
}
|
|
|
|
}
|