github.com/Tyktechnologies/tyk@v2.9.5+incompatible/gateway/ldap_auth_handler.go (about) 1 package gateway 2 3 import ( 4 "errors" 5 "strings" 6 7 "github.com/mavricknz/ldap" 8 ) 9 10 // LDAPStorageHandler implements storage.Handler, this is a read-only implementation to access keys from an LDAP service 11 type LDAPStorageHandler struct { 12 LDAPServer string 13 LDAPPort uint16 14 BaseDN string 15 Attributes []string 16 SessionAttributeName string 17 SearchString string 18 store *ldap.LDAPConnection 19 } 20 21 func (l *LDAPStorageHandler) LoadConfFromMeta(meta map[string]interface{}) { 22 l.LDAPServer = meta["ldap_server"].(string) 23 l.LDAPPort = uint16(meta["ldap_port"].(float64)) 24 l.BaseDN = meta["base_dn"].(string) 25 26 attrArray := []string{} 27 28 for _, attr := range meta["attributes"].([]interface{}) { 29 val := attr.(string) 30 attrArray = append(attrArray, val) 31 } 32 33 l.Attributes = attrArray 34 l.SessionAttributeName = meta["session_attribute_name"].(string) 35 l.SearchString = meta["search_string"].(string) 36 37 } 38 39 func (l *LDAPStorageHandler) Connect() bool { 40 conn := ldap.NewLDAPConnection(l.LDAPServer, l.LDAPPort) 41 if err := conn.Connect(); err != nil { 42 log.Error("LDAP server connection failed: ", err) 43 return false 44 } 45 log.Info("LDAP: Connection established") 46 l.store = conn 47 return true 48 } 49 50 func (l *LDAPStorageHandler) GetKey(filter string) (string, error) { 51 log.Debug("Searching for filter: ", filter) 52 53 useFilter := strings.Replace(l.SearchString, "TYKKEYID", filter, 1) 54 log.Warning("Search filter is: ", useFilter) 55 56 search_request := ldap.NewSearchRequest( 57 l.BaseDN, 58 ldap.ScopeWholeSubtree, ldap.DerefAlways, 0, 0, false, 59 useFilter, 60 l.Attributes, 61 nil) 62 63 sr, err := l.store.Search(search_request) 64 if err != nil { 65 log.Debug("LDAP Key search failed: ", err) 66 return "", err 67 } 68 69 if len(sr.Entries) == 0 { 70 return "", nil 71 } 72 73 log.Debug("Found Key: ", sr.Entries[0]) 74 75 entry := sr.Entries[0] 76 77 if entry.Attributes == nil { 78 log.Error("LDAP: No attributes found to check for session state. Failing") 79 return "", errors.New("Attributes for entry are empty") 80 } 81 82 for _, attr := range entry.Attributes { 83 if attr.Name == l.SessionAttributeName { 84 log.Debug("Found session data: ", attr.Values[0]) 85 return attr.Values[0], nil 86 } 87 } 88 89 return "", nil 90 } 91 92 func (r *LDAPStorageHandler) GetMultiKey(keyNames []string) ([]string, error) { 93 log.Warning("Not implementated") 94 95 return nil, nil 96 } 97 98 func (l *LDAPStorageHandler) GetRawKey(filter string) (string, error) { 99 log.Warning("Not implementated") 100 101 return "", nil 102 } 103 104 func (l *LDAPStorageHandler) SetExp(cn string, exp int64) error { 105 log.Warning("Not implementated") 106 return nil 107 } 108 109 func (l *LDAPStorageHandler) GetExp(cn string) (int64, error) { 110 log.Warning("Not implementated") 111 return 0, nil 112 } 113 114 func (l *LDAPStorageHandler) GetKeys(filter string) []string { 115 log.Warning("Not implementated") 116 s := []string{} 117 118 return s 119 } 120 func (l *LDAPStorageHandler) GetKeysAndValues() map[string]string { 121 log.Warning("Not implementated") 122 123 s := map[string]string{} 124 return s 125 } 126 func (l *LDAPStorageHandler) GetKeysAndValuesWithFilter(filter string) map[string]string { 127 log.Warning("Not implementated") 128 s := map[string]string{} 129 return s 130 } 131 132 func (l *LDAPStorageHandler) SetKey(cn, session string, timeout int64) error { 133 l.notifyReadOnly() 134 return nil 135 } 136 137 func (l *LDAPStorageHandler) SetRawKey(cn, session string, timeout int64) error { 138 l.notifyReadOnly() 139 return nil 140 } 141 142 func (l *LDAPStorageHandler) DeleteKey(cn string) bool { 143 return l.notifyReadOnly() 144 } 145 146 func (r *LDAPStorageHandler) DeleteAllKeys() bool { 147 log.Warning("Not implementated") 148 return false 149 } 150 151 func (l *LDAPStorageHandler) DeleteRawKey(cn string) bool { 152 return l.notifyReadOnly() 153 } 154 155 func (l *LDAPStorageHandler) DeleteKeys(keys []string) bool { 156 return l.notifyReadOnly() 157 } 158 159 func (l *LDAPStorageHandler) Decrement(keyName string) { 160 l.notifyReadOnly() 161 } 162 163 func (l *LDAPStorageHandler) IncrememntWithExpire(keyName string, timeout int64) int64 { 164 l.notifyReadOnly() 165 return 999 166 } 167 168 func (l *LDAPStorageHandler) notifyReadOnly() bool { 169 log.Warning("LDAP storage is READ ONLY") 170 return false 171 } 172 173 func (l *LDAPStorageHandler) SetRollingWindow(keyName string, per int64, val string, pipeline bool) (int, []interface{}) { 174 log.Warning("Not Implemented!") 175 return 0, nil 176 } 177 178 func (l *LDAPStorageHandler) GetRollingWindow(keyName string, per int64, pipeline bool) (int, []interface{}) { 179 log.Warning("Not Implemented!") 180 return 0, nil 181 } 182 183 func (l LDAPStorageHandler) GetSet(keyName string) (map[string]string, error) { 184 log.Error("Not implemented") 185 return nil, nil 186 } 187 188 func (l LDAPStorageHandler) AddToSet(keyName, value string) { 189 log.Error("Not implemented") 190 } 191 192 func (l LDAPStorageHandler) AppendToSet(keyName, value string) { 193 log.Error("Not implemented") 194 } 195 196 func (r *LDAPStorageHandler) AppendToSetPipelined(key string, values []string) { 197 log.Error("Not implemented") 198 } 199 200 func (l LDAPStorageHandler) RemoveFromSet(keyName, value string) { 201 log.Error("Not implemented") 202 } 203 204 func (l LDAPStorageHandler) GetAndDeleteSet(keyName string) []interface{} { 205 log.Error("Not implemented") 206 return nil 207 } 208 209 func (l LDAPStorageHandler) DeleteScanMatch(pattern string) bool { 210 log.Error("Not implemented") 211 return false 212 } 213 214 func (l LDAPStorageHandler) GetKeyPrefix() string { 215 log.Error("Not implemented") 216 return "" 217 } 218 219 func (l LDAPStorageHandler) AddToSortedSet(keyName, value string, score float64) { 220 log.Error("Not implemented") 221 } 222 223 func (l LDAPStorageHandler) GetSortedSetRange(keyName, scoreFrom, scoreTo string) ([]string, []float64, error) { 224 log.Error("Not implemented") 225 return nil, nil, nil 226 } 227 228 func (l LDAPStorageHandler) RemoveSortedSetRange(keyName, scoreFrom, scoreTo string) error { 229 log.Error("Not implemented") 230 return nil 231 } 232 233 func (l LDAPStorageHandler) RemoveFromList(keyName, value string) error { 234 log.Error("Not implemented") 235 return nil 236 } 237 238 func (l *LDAPStorageHandler) GetListRange(keyName string, from, to int64) ([]string, error) { 239 log.Error("Not implemented") 240 return nil, nil 241 } 242 243 func (l LDAPStorageHandler) Exists(keyName string) (bool, error) { 244 log.Error("Not implemented") 245 return false, nil 246 }