glapi/README.md
2022-10-08 18:55:00 +02:00

5.6 KiB

glapi

Go Ldap API is an HTTP API to an LDAP backend.
Only supporting read at the moment, maybe one day it will write, and break LDAP backends with ease and joy!

## Usage
Start glapi with parameters on command line:

glapi -ldap-host ldap://ldap.example.org -ldap-base-dn dc=example,dc=org -ldap-user cn=yo,dc=example,dc=org -ldap-pass 'here_is_the_password'

or point it to a configuration file :

glapi -config glapi.env

## Configuration file
``̀` LISTEN="127.0.0.1:8080" LDAP_HOST="ldap://ldap.example.org" LDAP_BASE_DN="dc=example,dc=org" LDAP_USER="cn=yo,dc=example,dc=org" LDAP_PASS='here_is_the_password' DEBUG=false


## Querying API  
Search LDAP entries through the whole subtree, specifying organizationalUnit, commnName, objectClass, attribute to retrieve.
Each one of these parameters can be replaced by "ALL" to act like a wildcard.
``̀`
% curl -u admin:admin http://127.0.0.1:8080/ou=domains/yo/person | jq      
[
  {
    "DN": "cn=yo,dc=example.org,ou=domains,dc=example,dc=org",
    "Attributes": [
      {
        "Name": "sn",
        "Values": [
          "yo"
        ],
        "ByteValues": [
          "eW8="
        ]
      },
      {
        "Name": "cn",
        "Values": [
          "yo"
        ],
        "ByteValues": [
          "eW8="
        ]
      },
      {
        "Name": "objectClass",
        "Values": [
          "inetOrgPerson",
          "organizationalPerson",
          "person",
          "top",
          "inetLocalMailRecipient"
        ],
        "ByteValues": [
          "aW5ldE9yZ1BlcnNvbg==",
          "b3JnYW5pemF0aW9uYWxQZXJzb24=",
          "cGVyc29u",
          "dG9w",
          "aW5ldExvY2FsTWFpbFJlY2lwaWVudA=="
        ]
      },
      {
        "Name": "mail",
        "Values": [
          "yo@example.org"
        ],
        "ByteValues": [
          "eW9AcGxvcGl0by50aw=="
        ]
      },
      {
        "Name": "mailLocalAddress",
        "Values": [
          "root@example.org",
          "postmaster@example.org",
        ],
        "ByteValues": [
          "cm9vdEBleGFtcGxlLm9yZw==",
          "cG9zdG1hc3RlckBleGFtcGxlLm9yZw==",
        ]
      },
      {
        "Name": "uid",
        "Values": [
          "yo"
        ],
        "ByteValues": [
          "eW8="
        ]
      }
    ]
  }
]

Using wildcards everywhere and ldif format, you can get a dump of ldap:

% curl -u admin:admin "http://127.0.0.1:8080/ALL/ALL/ALL?format=ldif"
dn: dc=example,dc=org
objectClass: organization
objectClass: top
objectClass: dcObject
dc: example
o: example.org

dn: cn=admin,dc=example,dc=org
objectClass: organizationalRole
objectClass: top
objectClass: simpleSecurityObject
cn: admin

dn: cn=yo,dc=example,dc=org
objectClass: organizationalRole
objectClass: top
objectClass: simpleSecurityObject
cn: yo
userPassword: {SSHA}edited

[...]

Get operational attributes with ",+" in attribute : ``̀` % curl -u admin:admin "http://127.0.0.1:8080/ALL/ALL/ALL/,+?format=ldif"
dn: dc=example,dc=org objectClass: organization objectClass: top objectClass: dcObject dc: example o: example.org structuralObjectClass: organization entryUUID: af93fd38-3139-103a-8d41-05c00494facf creatorsName: cn=admin,dc=example,dc=org createTimestamp: 20200523120715Z entryCSN: 20200523120715.282611Z#000000#000#000000 modifiersName: cn=admin,dc=example,dc=org modifyTimestamp: 20200523120715Z entryDN: dc=example,dc=org subschemaSubentry: cn=Subschema hasSubordinates: TRUE

dn: cn=admin,dc=example,dc=org objectClass: organizationalRole objectClass: top objectClass: simpleSecurityObject cn: admin structuralObjectClass: organizationalRole entryUUID: af9a1556-3139-103a-8d42-05c00494facf creatorsName: cn=admin,dc=example,dc=org createTimestamp: 20200523120715Z entryCSN: 20200523120715.322559Z#000000#000#000000 modifiersName: cn=admin,dc=example,dc=org modifyTimestamp: 20200523120715Z entryDN: cn=admin,dc=example,dc=org subschemaSubentry: cn=Subschema hasSubordinates: FALSE

[...] `̀``

### Output format
Default output is in json. The following formats are supported, to be specified as a "format" query parameter:

  • json (default)
  • text (ini style)
  • ldif
  • textvalue (only attribute values are returned)
  • textvalue-nodn ((only attribute values, no dn added, no linefeed between entries. To be used by Rspamd multimap module)
% curl -u admin:admin "http://127.0.0.1:8080/ou=domains/yo/person?format=text"
dn=cn=yo,dc=example.org,ou=domains,dc=example,dc=org
sn=yo
cn=yo
objectClass=inetOrgPerson
objectClass=organizationalPerson
objectClass=person
objectClass=top
objectClass=inetLocalMailRecipient
mail=yo@example.org
mailLocalAddress=root@example.org
mailLocalAddress=postmaster@example.org
uid=yo

% curl -u admin:admin "http://127.0.0.1:8080/ou=domains/yo/person?format=ldif"
dn: cn=yo,dc=example.org,ou=domains,dc=example,dc=org
sn: yo
cn: yo
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
objectClass: inetLocalMailRecipient
mail: yo@example.org
mailLocalAddress: root@example.org
mailLocalAddress=postmaster@example.org
uid: yo

### Select attributes to get
You can specify attributes to get by adding them in 4th position :
̀``` % curl -u admin:admin "http://127.0.0.1:8080/ou=domains/yo/person/mail?format=textvalue" cn=yo,dc=example.org,ou=domains,dc=example,dc=org yo@example.org

% curl -u admin:admin "http://127.0.0.1:8080/ou=domains/yo/person/mail?format=textvalue-nodn" yo@example.org