2022-10-08 18:49:08 +02:00
|
|
|
|
# glapi
|
|
|
|
|
|
2022-10-05 19:25:56 +02:00
|
|
|
|
Go Ldap API is an HTTP API to an LDAP backend.
|
2022-10-08 18:49:08 +02:00
|
|
|
|
Only supporting read at the moment, maybe one day it will write, and break LDAP backends with ease and joy!
|
|
|
|
|
|
|
|
|
|
## Usage
|
|
|
|
|
Start glapi with parameters on command line:
|
|
|
|
|
```
|
|
|
|
|
glapi -ldap-host ldap://ldap.example.org -ldap-base-dn dc=example,dc=org -ldap-user cn=yo,dc=example,dc=org -ldap-pass 'here_is_the_password'
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
or point it to a configuration file :
|
|
|
|
|
```
|
|
|
|
|
glapi -config glapi.env
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
## Configuration file
|
|
|
|
|
``̀`
|
|
|
|
|
LISTEN="127.0.0.1:8080"
|
|
|
|
|
LDAP_HOST="ldap://ldap.example.org"
|
|
|
|
|
LDAP_BASE_DN="dc=example,dc=org"
|
|
|
|
|
LDAP_USER="cn=yo,dc=example,dc=org"
|
|
|
|
|
LDAP_PASS='here_is_the_password'
|
|
|
|
|
DEBUG=false
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
## Querying API
|
|
|
|
|
Search LDAP entries through the whole subtree, specifying organizationalUnit, commnName, objectClass, attribute to retrieve.
|
|
|
|
|
Each one of these parameters can be replaced by "ALL" to act like a wildcard.
|
|
|
|
|
``̀`
|
|
|
|
|
% curl -u admin:admin http://127.0.0.1:8080/ou=domains/yo/person | jq
|
|
|
|
|
[
|
|
|
|
|
{
|
|
|
|
|
"DN": "cn=yo,dc=example.org,ou=domains,dc=example,dc=org",
|
|
|
|
|
"Attributes": [
|
|
|
|
|
{
|
|
|
|
|
"Name": "sn",
|
|
|
|
|
"Values": [
|
|
|
|
|
"yo"
|
|
|
|
|
],
|
|
|
|
|
"ByteValues": [
|
|
|
|
|
"eW8="
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"Name": "cn",
|
|
|
|
|
"Values": [
|
|
|
|
|
"yo"
|
|
|
|
|
],
|
|
|
|
|
"ByteValues": [
|
|
|
|
|
"eW8="
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"Name": "objectClass",
|
|
|
|
|
"Values": [
|
|
|
|
|
"inetOrgPerson",
|
|
|
|
|
"organizationalPerson",
|
|
|
|
|
"person",
|
|
|
|
|
"top",
|
|
|
|
|
"inetLocalMailRecipient"
|
|
|
|
|
],
|
|
|
|
|
"ByteValues": [
|
|
|
|
|
"aW5ldE9yZ1BlcnNvbg==",
|
|
|
|
|
"b3JnYW5pemF0aW9uYWxQZXJzb24=",
|
|
|
|
|
"cGVyc29u",
|
|
|
|
|
"dG9w",
|
|
|
|
|
"aW5ldExvY2FsTWFpbFJlY2lwaWVudA=="
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"Name": "mail",
|
|
|
|
|
"Values": [
|
|
|
|
|
"yo@example.org"
|
|
|
|
|
],
|
|
|
|
|
"ByteValues": [
|
|
|
|
|
"eW9AcGxvcGl0by50aw=="
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"Name": "mailLocalAddress",
|
|
|
|
|
"Values": [
|
|
|
|
|
"root@example.org",
|
|
|
|
|
"postmaster@example.org",
|
|
|
|
|
],
|
|
|
|
|
"ByteValues": [
|
|
|
|
|
"cm9vdEBleGFtcGxlLm9yZw==",
|
|
|
|
|
"cG9zdG1hc3RlckBleGFtcGxlLm9yZw==",
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"Name": "uid",
|
|
|
|
|
"Values": [
|
|
|
|
|
"yo"
|
|
|
|
|
],
|
|
|
|
|
"ByteValues": [
|
|
|
|
|
"eW8="
|
|
|
|
|
]
|
|
|
|
|
}
|
|
|
|
|
]
|
|
|
|
|
}
|
|
|
|
|
]
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
Using wildcards everywhere and ldif format, you can get a dump of ldap:
|
|
|
|
|
```
|
|
|
|
|
% curl -u admin:admin "http://127.0.0.1:8080/ALL/ALL/ALL?format=ldif"
|
|
|
|
|
dn: dc=example,dc=org
|
|
|
|
|
objectClass: organization
|
|
|
|
|
objectClass: top
|
|
|
|
|
objectClass: dcObject
|
|
|
|
|
dc: example
|
|
|
|
|
o: example.org
|
|
|
|
|
|
|
|
|
|
dn: cn=admin,dc=example,dc=org
|
|
|
|
|
objectClass: organizationalRole
|
|
|
|
|
objectClass: top
|
|
|
|
|
objectClass: simpleSecurityObject
|
|
|
|
|
cn: admin
|
|
|
|
|
|
|
|
|
|
dn: cn=yo,dc=example,dc=org
|
|
|
|
|
objectClass: organizationalRole
|
|
|
|
|
objectClass: top
|
|
|
|
|
objectClass: simpleSecurityObject
|
|
|
|
|
cn: yo
|
|
|
|
|
userPassword: {SSHA}edited
|
|
|
|
|
|
|
|
|
|
[...]
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
Get operational attributes with "*,+" in attribute :
|
|
|
|
|
``̀`
|
|
|
|
|
% curl -u admin:admin "http://127.0.0.1:8080/ALL/ALL/ALL/*,+?format=ldif"
|
|
|
|
|
dn: dc=example,dc=org
|
|
|
|
|
objectClass: organization
|
|
|
|
|
objectClass: top
|
|
|
|
|
objectClass: dcObject
|
|
|
|
|
dc: example
|
|
|
|
|
o: example.org
|
|
|
|
|
structuralObjectClass: organization
|
|
|
|
|
entryUUID: af93fd38-3139-103a-8d41-05c00494facf
|
|
|
|
|
creatorsName: cn=admin,dc=example,dc=org
|
|
|
|
|
createTimestamp: 20200523120715Z
|
|
|
|
|
entryCSN: 20200523120715.282611Z#000000#000#000000
|
|
|
|
|
modifiersName: cn=admin,dc=example,dc=org
|
|
|
|
|
modifyTimestamp: 20200523120715Z
|
|
|
|
|
entryDN: dc=example,dc=org
|
|
|
|
|
subschemaSubentry: cn=Subschema
|
|
|
|
|
hasSubordinates: TRUE
|
|
|
|
|
|
|
|
|
|
dn: cn=admin,dc=example,dc=org
|
|
|
|
|
objectClass: organizationalRole
|
|
|
|
|
objectClass: top
|
|
|
|
|
objectClass: simpleSecurityObject
|
|
|
|
|
cn: admin
|
|
|
|
|
structuralObjectClass: organizationalRole
|
|
|
|
|
entryUUID: af9a1556-3139-103a-8d42-05c00494facf
|
|
|
|
|
creatorsName: cn=admin,dc=example,dc=org
|
|
|
|
|
createTimestamp: 20200523120715Z
|
|
|
|
|
entryCSN: 20200523120715.322559Z#000000#000#000000
|
|
|
|
|
modifiersName: cn=admin,dc=example,dc=org
|
|
|
|
|
modifyTimestamp: 20200523120715Z
|
|
|
|
|
entryDN: cn=admin,dc=example,dc=org
|
|
|
|
|
subschemaSubentry: cn=Subschema
|
|
|
|
|
hasSubordinates: FALSE
|
|
|
|
|
|
|
|
|
|
[...]
|
|
|
|
|
`̀``
|
|
|
|
|
|
|
|
|
|
### Output format
|
|
|
|
|
Default output is in json. The following formats are supported, to be specified as a "format" query parameter:
|
|
|
|
|
- json (default)
|
|
|
|
|
- text (ini style)
|
|
|
|
|
- ldif
|
|
|
|
|
- textvalue (only attribute values are returned)
|
|
|
|
|
- textvalue-nodn ((only attribute values, no dn added, no linefeed between entries. To be used by Rspamd multimap module)
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
% curl -u admin:admin "http://127.0.0.1:8080/ou=domains/yo/person?format=text"
|
|
|
|
|
dn=cn=yo,dc=example.org,ou=domains,dc=example,dc=org
|
|
|
|
|
sn=yo
|
|
|
|
|
cn=yo
|
|
|
|
|
objectClass=inetOrgPerson
|
|
|
|
|
objectClass=organizationalPerson
|
|
|
|
|
objectClass=person
|
|
|
|
|
objectClass=top
|
|
|
|
|
objectClass=inetLocalMailRecipient
|
|
|
|
|
mail=yo@example.org
|
|
|
|
|
mailLocalAddress=root@example.org
|
|
|
|
|
mailLocalAddress=postmaster@example.org
|
|
|
|
|
uid=yo
|
|
|
|
|
|
|
|
|
|
% curl -u admin:admin "http://127.0.0.1:8080/ou=domains/yo/person?format=ldif"
|
|
|
|
|
dn: cn=yo,dc=example.org,ou=domains,dc=example,dc=org
|
|
|
|
|
sn: yo
|
|
|
|
|
cn: yo
|
|
|
|
|
objectClass: inetOrgPerson
|
|
|
|
|
objectClass: organizationalPerson
|
|
|
|
|
objectClass: person
|
|
|
|
|
objectClass: top
|
|
|
|
|
objectClass: inetLocalMailRecipient
|
|
|
|
|
mail: yo@example.org
|
|
|
|
|
mailLocalAddress: root@example.org
|
|
|
|
|
mailLocalAddress=postmaster@example.org
|
|
|
|
|
uid: yo
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
### Select attributes to get
|
|
|
|
|
You can specify attributes to get by adding them in 4th position :
|
|
|
|
|
̀```
|
|
|
|
|
% curl -u admin:admin "http://127.0.0.1:8080/ou=domains/yo/person/mail?format=textvalue"
|
|
|
|
|
cn=yo,dc=example.org,ou=domains,dc=example,dc=org
|
|
|
|
|
yo@example.org
|
|
|
|
|
|
|
|
|
|
% curl -u admin:admin "http://127.0.0.1:8080/ou=domains/yo/person/mail?format=textvalue-nodn"
|
|
|
|
|
yo@example.org
|
|
|
|
|
|
|
|
|
|
```
|