-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.go
111 lines (98 loc) · 3.18 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
package main
import (
"os"
"os/signal"
"strings"
"syscall"
"github.com/hashicorp/go-hclog"
"github.com/netauth/ldap/internal/ldap"
"github.com/netauth/netauth/pkg/netauth"
log "github.com/sirupsen/logrus"
"github.com/spf13/viper"
)
func init() {
viper.SetDefault("ldap.bind", "localhost:389")
viper.SetDefault("ldap.tls", false)
viper.SetDefault("ldap.key", "/var/lib/netauth/keys/ldap.key")
viper.SetDefault("ldap.cert", "/var/lib/netauth/keys/ldap.cert")
viper.SetDefault("ldap.allow_anon", false)
}
func main() {
var appLogger hclog.Logger
llevel := os.Getenv("NETAUTH_LOGLEVEL")
if llevel != "" {
appLogger = hclog.New(&hclog.LoggerOptions{
Name: "ldap-proxy",
Level: hclog.LevelFromString(llevel),
})
} else {
appLogger = hclog.NewNullLogger()
}
// Take over the built in logger and set it up for Trace level
// priority. The only thing that logs at this priority are
// protocol messages from the underlying ldap server mux.
log.SetFormatter(&log.TextFormatter{
DisableTimestamp: true,
})
log.SetOutput(appLogger.Named("ldap.protocol").
StandardWriter(
&hclog.StandardLoggerOptions{
ForceLevel: hclog.Trace,
},
),
)
viper.SetConfigName("config")
viper.AddConfigPath("/etc/netauth/")
viper.AddConfigPath("$HOME/.netauth/")
viper.AddConfigPath(".")
viper.SetEnvKeyReplacer(strings.NewReplacer(".", "_"))
viper.SetEnvPrefix("NETAUTH")
viper.AutomaticEnv()
if err := viper.ReadInConfig(); err != nil {
appLogger.Error("Error loading config", "error", err)
os.Exit(5)
}
nacl, err := netauth.NewWithLog(appLogger.Named("netauth"))
if err != nil {
appLogger.Error("Error initializing client", "error", err)
os.Exit(2)
}
ls := ldap.New(
ldap.WithLogger(appLogger),
ldap.WithNetAuth(nacl),
ldap.WithAnonBind(viper.GetBool("ldap.allow_anon")),
)
ls.SetDomain(viper.GetString("ldap.domain"))
if !viper.GetBool("ldap.tls") {
if !strings.HasPrefix(viper.GetString("ldap.bind"), "localhost") {
appLogger.Warn("===================================================================")
appLogger.Warn(" WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING ")
appLogger.Warn("===================================================================")
appLogger.Warn("")
appLogger.Warn("You are launching this server in plaintext mode! This is allowable")
appLogger.Warn("advisable when bound to localhost, and the bind configuration has")
appLogger.Warn("been detected as not being bound to localhost.")
appLogger.Warn("")
appLogger.Warn("===================================================================")
appLogger.Warn(" WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING ")
appLogger.Warn("===================================================================")
}
err = ls.Serve(viper.GetString("ldap.bind"))
} else {
err = ls.ServeTLS(
viper.GetString("ldap.bind"),
viper.GetString("ldap.key"),
viper.GetString("ldap.cert"),
)
}
if err != nil {
appLogger.Error("Error serving", "error", err)
return
}
// Sit here and wait for a signal to shutdown.
ch := make(chan os.Signal, 5)
signal.Notify(ch, syscall.SIGINT, syscall.SIGTERM)
<-ch
ls.Stop()
appLogger.Info("Goodbye!")
}