diff --git a/cmd/group/addMember.go b/cmd/group/addMember.go new file mode 100644 index 0000000..bec68f4 --- /dev/null +++ b/cmd/group/addMember.go @@ -0,0 +1,100 @@ +package group + +import ( + "errors" + "fmt" + "log" + "os" + "strings" + + "github.com/spf13/cobra" + "github.com/spf13/viper" + ldap "gopkg.in/ldap.v2" + + util "git.metaunix.net/metaunix.net/muldap/lib/util" +) + +func init() { + // define group add subcommand flags + groupAddCmd.Flags().StringP("base_ou", "o", "", "LDAP OU to search for the group entry under") + groupAddCmd.Flags().StringP("id_attribute", "a", "cn", "LDAP DN attribute for groups") + groupAddCmd.Flags().StringVarP(&flagGroupName, "group_name", "n", "", "Name for the group") + groupAddCmd.Flags().StringVarP(&flagGroupType, "group_type", "t", "unix", "Type of the group") + groupAddCmd.Flags().StringVarP(&flagGroupMembers, "group_members", "m", "", "Members to add to the group (comma-separated list)") + // bind config file values to group add flags + viper.BindPFlag("group.base_ou", groupAddCmd.Flags().Lookup("base_ou")) + viper.BindPFlag("group.id_attr", groupAddCmd.Flags().Lookup("id_attribute")) +} + +// define group add subcommand +var groupAddMemberCmd = &cobra.Command{ + Use: "addMember", + Short: "Add a member to an LDAP group", + Long: `Adds an LDAP user as a member of an LDAP group.`, + Run: func(cmd *cobra.Command, args []string) { + // check the type given + if !util.ContainsString(validTypes, flagGroupType) { + log.Fatal(errors.New(fmt.Sprintf("%s is not a valid group type; valid types are: %v", flagGroupType, validTypes))) + os.Exit(1) + } + + // check if users were supplied + if flagGroupMembers == "" { + log.Fatal(errors.New(fmt.Sprintf("You didn't supply any members to add to the group!"))) + os.Exit(1) + } + + // create new LDAP connection + l, err := ldap.Dial("tcp", fmt.Sprintf("%s:%d", viper.GetString("host"), viper.GetInt("port"))) + if err != nil { + log.Fatal(err) + } + defer l.Close() + + // bind as the admin dn + err = l.Bind(viper.GetString("bind_dn"), viper.GetString("bind_pw")) + if err != nil { + log.Fatal(err) + } + + // set up group attributes + groupDn := fmt.Sprintf("%s=%s,%s", viper.GetString("group.id_attr"), flagGroupName, viper.GetString("group.base_ou")) + // create new LDAP modify request + groupMod := ldap.NewModifyRequest(groupDn) + + // split list of group members + groupMembers := strings.Split(flagGroupMembers, ",") + + // add attributes based on group type + if flagGroupType == "unix" { + // add new member attribute + groupMod.Add("memberUid", groupMembers) + } else if flagGroupType == "app" { + // loop through app group members to create their full DNs + for i, member := range groupMembers { + groupMembers[i] = fmt.Sprintf("%s=%s,%s", viper.GetString("user.uid_attr"), member, viper.GetString("user.base_ou")) + } + // add new member attribute + groupMod.Add("member", groupMembers) + } + + // perform the add operation + err = l.Modify(groupMod) + if err != nil { + log.Fatal(err) + } + + // create and send a modify request for each user to update modification times for replication + if flagGroupMembers != "" && flagGroupType == "app" { + groupMembers := strings.Split(flagGroupMembers, ",") + for _, member := range groupMembers { + userMod := ldap.NewModifyRequest(fmt.Sprintf("%s=%s,%s", viper.GetString("user.uid_attr"), member, viper.GetString("user.base_ou"))) + userMod.Replace(viper.GetString("user.uid_attr"), []string{member}) + err = l.Modify(userMod) + if err != nil { + log.Fatal(err) + } + } + } + }, +} diff --git a/cmd/group/group.go b/cmd/group/group.go index a3f357c..27a2f3d 100644 --- a/cmd/group/group.go +++ b/cmd/group/group.go @@ -18,7 +18,7 @@ var ( func init() { // register group subcommands - GroupCmd.AddCommand(groupAddCmd, groupDeleteCmd) + GroupCmd.AddCommand(groupAddCmd, groupDeleteCmd, groupAddMemberCmd) } // define group command @@ -27,6 +27,6 @@ var GroupCmd = &cobra.Command{ Short: "Manage LDAP group resources", Long: `Perform various LDAP operations on group resources.`, Run: func(cmd *cobra.Command, args []string) { - fmt.Println("Metaunix.net LDAP tool, group command. Available subcommands are: add, delete") + fmt.Println("Metaunix.net LDAP tool, group command. Available subcommands are: add, delete, addMember") }, }