diff options
-rw-r--r-- | gobottin.hcl.example | 4 | ||||
-rw-r--r-- | ldapserver/client.go | 10 | ||||
-rw-r--r-- | ldapserver/logger.go | 1 | ||||
-rw-r--r-- | main.go | 6 | ||||
-rw-r--r-- | read.go | 3 |
5 files changed, 15 insertions, 9 deletions
diff --git a/gobottin.hcl.example b/gobottin.hcl.example index 6132f68..ac42b06 100644 --- a/gobottin.hcl.example +++ b/gobottin.hcl.example @@ -12,10 +12,10 @@ job "directory" { task "server" { driver = "docker" config { - image = "lxpz/gobottin_amd64:5" + image = "lxpz/gobottin_amd64:12" readonly_rootfs = true port_map { - ldap_port = 1389 + ldap_port = 389 } volumes = [ "secrets/config.json:/config.json" diff --git a/ldapserver/client.go b/ldapserver/client.go index 085041f..681aa76 100644 --- a/ldapserver/client.go +++ b/ldapserver/client.go @@ -134,8 +134,9 @@ func (c *client) serve() { Logger.Printf("Error reading Message : %s\n\t%x", err.Error(), messagePacket.bytes) continue } - if DEBUG { - Logger.Printf("<<< %d - %s - hex=%x", c.Numero, message.ProtocolOpName(), messagePacket) + if TRACE { + //Logger.Printf("<<< %d - %s - hex=%x", c.Numero, message.ProtocolOpName(), messagePacket) + Logger.Printf("<<< %d - %#v", c.Numero, message) } // TODO: Use a implementation to limit runnuning request by client @@ -211,8 +212,9 @@ func (c *client) close() { func (c *client) writeMessage(m *ldap.LDAPMessage) { data, _ := m.Write() - if DEBUG { - Logger.Printf(">>> %d - %s - hex=%x", c.Numero, m.ProtocolOpName(), data.Bytes()) + if TRACE { + //Logger.Printf(">>> %d - %s - hex=%x", c.Numero, m.ProtocolOpName(), data.Bytes()) + Logger.Printf(">>> %d - %#v", c.Numero, m) } c.bw.Write(data.Bytes()) c.bw.Flush() diff --git a/ldapserver/logger.go b/ldapserver/logger.go index 70352e3..9f145cf 100644 --- a/ldapserver/logger.go +++ b/ldapserver/logger.go @@ -9,6 +9,7 @@ import ( var Logger logger const DEBUG = false +const TRACE = false // Logger represents log.Logger functions from the standard library type logger interface { @@ -413,7 +413,7 @@ func (server *Server) handleBind(s ldap.UserState, w ldap.ResponseWriter, m *lda func (server *Server) handleBindInternal(state *State, r *message.BindRequest) (int, error) { // Check permissions if !server.config.Acl.Check(&state.login, "bind", string(r.Name()), []string{}) { - return ldap.LDAPResultInsufficientAccessRights, nil + return ldap.LDAPResultInsufficientAccessRights, fmt.Errorf("Insufficient access rights for %#v", state.login) } // Try to retrieve password and check for match @@ -422,7 +422,7 @@ func (server *Server) handleBindInternal(state *State, r *message.BindRequest) ( return ldap.LDAPResultOperationsError, err } if passwd == nil { - return ldap.LDAPResultNoSuchObject, nil + return ldap.LDAPResultNoSuchObject, fmt.Errorf("%s has no password", string(r.Name())) } for _, hash := range passwd { @@ -439,5 +439,5 @@ func (server *Server) handleBindInternal(state *State, r *message.BindRequest) ( return ldap.LDAPResultSuccess, nil } } - return ldap.LDAPResultInvalidCredentials, nil + return ldap.LDAPResultInvalidCredentials, fmt.Errorf("No password match") } @@ -73,6 +73,9 @@ func (server *Server) handleSearch(s ldap.UserState, w ldap.ResponseWriter, m *l if err != nil { res.SetDiagnosticMessage(err.Error()) } + if code != ldap.LDAPResultSuccess { + server.logger.Printf("Failed to do search %#v (%s)", r, err) + } w.Write(message.SearchResultDone(res)) } |