glapi/README.md

220 lines
5.6 KiB
Markdown
Raw Normal View History

2022-10-08 18:49:08 +02:00
# glapi
2022-10-05 19:25:56 +02:00
Go Ldap API is an HTTP API to an LDAP backend.
2022-10-08 18:49:08 +02:00
Only supporting read at the moment, maybe one day it will write, and break LDAP backends with ease and joy!
## Usage
Start glapi with parameters on command line:
```
glapi -ldap-host ldap://ldap.example.org -ldap-base-dn dc=example,dc=org -ldap-user cn=yo,dc=example,dc=org -ldap-pass 'here_is_the_password'
```
or point it to a configuration file :
```
glapi -config glapi.env
```
## Configuration file
``̀`
LISTEN="127.0.0.1:8080"
LDAP_HOST="ldap://ldap.example.org"
LDAP_BASE_DN="dc=example,dc=org"
LDAP_USER="cn=yo,dc=example,dc=org"
LDAP_PASS='here_is_the_password'
DEBUG=false
```
## Querying API
Search LDAP entries through the whole subtree, specifying organizationalUnit, commnName, objectClass, attribute to retrieve.
Each one of these parameters can be replaced by "ALL" to act like a wildcard.
``̀`
% curl -u admin:admin http://127.0.0.1:8080/ou=domains/yo/person | jq
[
{
"DN": "cn=yo,dc=example.org,ou=domains,dc=example,dc=org",
"Attributes": [
{
"Name": "sn",
"Values": [
"yo"
],
"ByteValues": [
"eW8="
]
},
{
"Name": "cn",
"Values": [
"yo"
],
"ByteValues": [
"eW8="
]
},
{
"Name": "objectClass",
"Values": [
"inetOrgPerson",
"organizationalPerson",
"person",
"top",
"inetLocalMailRecipient"
],
"ByteValues": [
"aW5ldE9yZ1BlcnNvbg==",
"b3JnYW5pemF0aW9uYWxQZXJzb24=",
"cGVyc29u",
"dG9w",
"aW5ldExvY2FsTWFpbFJlY2lwaWVudA=="
]
},
{
"Name": "mail",
"Values": [
"yo@example.org"
],
"ByteValues": [
"eW9AcGxvcGl0by50aw=="
]
},
{
"Name": "mailLocalAddress",
"Values": [
"root@example.org",
"postmaster@example.org",
],
"ByteValues": [
"cm9vdEBleGFtcGxlLm9yZw==",
"cG9zdG1hc3RlckBleGFtcGxlLm9yZw==",
]
},
{
"Name": "uid",
"Values": [
"yo"
],
"ByteValues": [
"eW8="
]
}
]
}
]
```
Using wildcards everywhere and ldif format, you can get a dump of ldap:
```
% curl -u admin:admin "http://127.0.0.1:8080/ALL/ALL/ALL?format=ldif"
dn: dc=example,dc=org
objectClass: organization
objectClass: top
objectClass: dcObject
dc: example
o: example.org
dn: cn=admin,dc=example,dc=org
objectClass: organizationalRole
objectClass: top
objectClass: simpleSecurityObject
cn: admin
dn: cn=yo,dc=example,dc=org
objectClass: organizationalRole
objectClass: top
objectClass: simpleSecurityObject
cn: yo
userPassword: {SSHA}edited
[...]
```
Get operational attributes with "*,+" in attribute :
``̀`
% curl -u admin:admin "http://127.0.0.1:8080/ALL/ALL/ALL/*,+?format=ldif"
dn: dc=example,dc=org
objectClass: organization
objectClass: top
objectClass: dcObject
dc: example
o: example.org
structuralObjectClass: organization
entryUUID: af93fd38-3139-103a-8d41-05c00494facf
creatorsName: cn=admin,dc=example,dc=org
createTimestamp: 20200523120715Z
entryCSN: 20200523120715.282611Z#000000#000#000000
modifiersName: cn=admin,dc=example,dc=org
modifyTimestamp: 20200523120715Z
entryDN: dc=example,dc=org
subschemaSubentry: cn=Subschema
hasSubordinates: TRUE
dn: cn=admin,dc=example,dc=org
objectClass: organizationalRole
objectClass: top
objectClass: simpleSecurityObject
cn: admin
structuralObjectClass: organizationalRole
entryUUID: af9a1556-3139-103a-8d42-05c00494facf
creatorsName: cn=admin,dc=example,dc=org
createTimestamp: 20200523120715Z
entryCSN: 20200523120715.322559Z#000000#000#000000
modifiersName: cn=admin,dc=example,dc=org
modifyTimestamp: 20200523120715Z
entryDN: cn=admin,dc=example,dc=org
subschemaSubentry: cn=Subschema
hasSubordinates: FALSE
[...]
`̀``
### Output format
Default output is in json. The following formats are supported, to be specified as a "format" query parameter:
- json (default)
- text (ini style)
- ldif
- textvalue (only attribute values are returned)
- textvalue-nodn ((only attribute values, no dn added, no linefeed between entries. To be used by Rspamd multimap module)
```
% curl -u admin:admin "http://127.0.0.1:8080/ou=domains/yo/person?format=text"
dn=cn=yo,dc=example.org,ou=domains,dc=example,dc=org
sn=yo
cn=yo
objectClass=inetOrgPerson
objectClass=organizationalPerson
objectClass=person
objectClass=top
objectClass=inetLocalMailRecipient
mail=yo@example.org
mailLocalAddress=root@example.org
mailLocalAddress=postmaster@example.org
uid=yo
% curl -u admin:admin "http://127.0.0.1:8080/ou=domains/yo/person?format=ldif"
dn: cn=yo,dc=example.org,ou=domains,dc=example,dc=org
sn: yo
cn: yo
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
objectClass: inetLocalMailRecipient
mail: yo@example.org
mailLocalAddress: root@example.org
mailLocalAddress=postmaster@example.org
uid: yo
```
### Select attributes to get
You can specify attributes to get by adding them in 4th position :
̀```
% curl -u admin:admin "http://127.0.0.1:8080/ou=domains/yo/person/mail?format=textvalue"
cn=yo,dc=example.org,ou=domains,dc=example,dc=org
yo@example.org
% curl -u admin:admin "http://127.0.0.1:8080/ou=domains/yo/person/mail?format=textvalue-nodn"
yo@example.org
```