diff --git a/README.md b/README.md index f9411b7..721bdc2 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,219 @@ -# glapi - +# glapi + Go Ldap API is an HTTP API to an LDAP backend. -Only supporting read at the moment, maybe one day it will break LDAP backends with ease and joy! +Only supporting read at the moment, maybe one day it will write, and break LDAP backends with ease and joy! + +## Usage +Start glapi with parameters on command line: +``` +glapi -ldap-host ldap://ldap.example.org -ldap-base-dn dc=example,dc=org -ldap-user cn=yo,dc=example,dc=org -ldap-pass 'here_is_the_password' +``` + +or point it to a configuration file : +``` +glapi -config glapi.env +``` + +## Configuration file +``̀` +LISTEN="127.0.0.1:8080" +LDAP_HOST="ldap://ldap.example.org" +LDAP_BASE_DN="dc=example,dc=org" +LDAP_USER="cn=yo,dc=example,dc=org" +LDAP_PASS='here_is_the_password' +DEBUG=false +``` + +## Querying API +Search LDAP entries through the whole subtree, specifying organizationalUnit, commnName, objectClass, attribute to retrieve. +Each one of these parameters can be replaced by "ALL" to act like a wildcard. +``̀` +% curl -u admin:admin http://127.0.0.1:8080/ou=domains/yo/person | jq +[ + { + "DN": "cn=yo,dc=example.org,ou=domains,dc=example,dc=org", + "Attributes": [ + { + "Name": "sn", + "Values": [ + "yo" + ], + "ByteValues": [ + "eW8=" + ] + }, + { + "Name": "cn", + "Values": [ + "yo" + ], + "ByteValues": [ + "eW8=" + ] + }, + { + "Name": "objectClass", + "Values": [ + "inetOrgPerson", + "organizationalPerson", + "person", + "top", + "inetLocalMailRecipient" + ], + "ByteValues": [ + "aW5ldE9yZ1BlcnNvbg==", + "b3JnYW5pemF0aW9uYWxQZXJzb24=", + "cGVyc29u", + "dG9w", + "aW5ldExvY2FsTWFpbFJlY2lwaWVudA==" + ] + }, + { + "Name": "mail", + "Values": [ + "yo@example.org" + ], + "ByteValues": [ + "eW9AcGxvcGl0by50aw==" + ] + }, + { + "Name": "mailLocalAddress", + "Values": [ + "root@example.org", + "postmaster@example.org", + ], + "ByteValues": [ + "cm9vdEBleGFtcGxlLm9yZw==", + "cG9zdG1hc3RlckBleGFtcGxlLm9yZw==", + ] + }, + { + "Name": "uid", + "Values": [ + "yo" + ], + "ByteValues": [ + "eW8=" + ] + } + ] + } +] +``` + +Using wildcards everywhere and ldif format, you can get a dump of ldap: +``` +% curl -u admin:admin "http://127.0.0.1:8080/ALL/ALL/ALL?format=ldif" +dn: dc=example,dc=org +objectClass: organization +objectClass: top +objectClass: dcObject +dc: example +o: example.org + +dn: cn=admin,dc=example,dc=org +objectClass: organizationalRole +objectClass: top +objectClass: simpleSecurityObject +cn: admin + +dn: cn=yo,dc=example,dc=org +objectClass: organizationalRole +objectClass: top +objectClass: simpleSecurityObject +cn: yo +userPassword: {SSHA}edited + +[...] +``` + +Get operational attributes with "*,+" in attribute : +``̀` +% curl -u admin:admin "http://127.0.0.1:8080/ALL/ALL/ALL/*,+?format=ldif" +dn: dc=example,dc=org +objectClass: organization +objectClass: top +objectClass: dcObject +dc: example +o: example.org +structuralObjectClass: organization +entryUUID: af93fd38-3139-103a-8d41-05c00494facf +creatorsName: cn=admin,dc=example,dc=org +createTimestamp: 20200523120715Z +entryCSN: 20200523120715.282611Z#000000#000#000000 +modifiersName: cn=admin,dc=example,dc=org +modifyTimestamp: 20200523120715Z +entryDN: dc=example,dc=org +subschemaSubentry: cn=Subschema +hasSubordinates: TRUE + +dn: cn=admin,dc=example,dc=org +objectClass: organizationalRole +objectClass: top +objectClass: simpleSecurityObject +cn: admin +structuralObjectClass: organizationalRole +entryUUID: af9a1556-3139-103a-8d42-05c00494facf +creatorsName: cn=admin,dc=example,dc=org +createTimestamp: 20200523120715Z +entryCSN: 20200523120715.322559Z#000000#000#000000 +modifiersName: cn=admin,dc=example,dc=org +modifyTimestamp: 20200523120715Z +entryDN: cn=admin,dc=example,dc=org +subschemaSubentry: cn=Subschema +hasSubordinates: FALSE + +[...] +`̀`` + +### Output format +Default output is in json. The following formats are supported, to be specified as a "format" query parameter: +- json (default) +- text (ini style) +- ldif +- textvalue (only attribute values are returned) +- textvalue-nodn ((only attribute values, no dn added, no linefeed between entries. To be used by Rspamd multimap module) + +``` +% curl -u admin:admin "http://127.0.0.1:8080/ou=domains/yo/person?format=text" +dn=cn=yo,dc=example.org,ou=domains,dc=example,dc=org +sn=yo +cn=yo +objectClass=inetOrgPerson +objectClass=organizationalPerson +objectClass=person +objectClass=top +objectClass=inetLocalMailRecipient +mail=yo@example.org +mailLocalAddress=root@example.org +mailLocalAddress=postmaster@example.org +uid=yo + +% curl -u admin:admin "http://127.0.0.1:8080/ou=domains/yo/person?format=ldif" +dn: cn=yo,dc=example.org,ou=domains,dc=example,dc=org +sn: yo +cn: yo +objectClass: inetOrgPerson +objectClass: organizationalPerson +objectClass: person +objectClass: top +objectClass: inetLocalMailRecipient +mail: yo@example.org +mailLocalAddress: root@example.org +mailLocalAddress=postmaster@example.org +uid: yo + +``` + +### Select attributes to get +You can specify attributes to get by adding them in 4th position : +̀``` +% curl -u admin:admin "http://127.0.0.1:8080/ou=domains/yo/person/mail?format=textvalue" +cn=yo,dc=example.org,ou=domains,dc=example,dc=org +yo@example.org + +% curl -u admin:admin "http://127.0.0.1:8080/ou=domains/yo/person/mail?format=textvalue-nodn" +yo@example.org + +```