package ldapSync /* this file contains the code for creating the ldapUsers and ldapGroups tables */ import ( "github.com/pocketbase/pocketbase" "github.com/pocketbase/pocketbase/forms" "github.com/pocketbase/pocketbase/models" "github.com/pocketbase/pocketbase/models/schema" "github.com/pocketbase/pocketbase/tools/types" ) const ldapUsersTableName string = "ldap_users" const ldapGroupsTableName string = "ldap_groups" const ldapSyncLogsTableName string = "ldap_sync_logs" // createLDAPGroupsTable creates ldapGroups table // // the function does not check if the ldapGroups table already exists // returns error func createLDAPGroupsTable(app *pocketbase.PocketBase) error { collection := &models.Collection{} form := forms.NewCollectionUpsert(app, collection) form.Name = ldapGroupsTableName form.Type = models.CollectionTypeBase form.ListRule = types.Pointer("@request.auth.id != ''") form.ViewRule = types.Pointer("@request.auth.id != ''") form.CreateRule = nil form.UpdateRule = nil form.DeleteRule = nil // add description field form.Schema.AddField(&schema.SchemaField{ Name: "description", Type: schema.FieldTypeText, Required: false, }) // add common name field form.Schema.AddField(&schema.SchemaField{ Name: "cn", Type: schema.FieldTypeText, Required: true, Presentable: true, }) // add distinguished name field form.Schema.AddField(&schema.SchemaField{ Name: "dn", Type: schema.FieldTypeText, Required: true, }) // create index on cn form.Indexes = types.JsonArray[string]{ "CREATE UNIQUE INDEX idx_ldapGroups ON " + ldapGroupsTableName + " (cn, dn)", } // validate and submit (internally it calls app.Dao().SaveCollection(collection) in a transaction) if err := form.Submit(); err != nil { return err } // find the ldapGroups collection by name collection, err := app.Dao().FindCollectionByNameOrId(ldapGroupsTableName) if err != nil { return err } // create form for collection update form = forms.NewCollectionUpsert(app, collection) // add groups field - we cant add this field in the first form because the collection (and the ID) does not exist yet form.Schema.AddField(&schema.SchemaField{ Name: "memberOf", Type: schema.FieldTypeRelation, Required: false, Options: &schema.RelationOptions{ CollectionId: collection.Id, CascadeDelete: false, }, }) // validate and submit (internally it calls app.Dao().SaveCollection(collection) in a transaction) if err := form.Submit(); err != nil { return err } // return collection id and nil error return nil } // createLDAPUsersTable creates ldapUsers table // // the function does not check if the ldapUsers table already exists // returns error func createLDAPUsersTable(app *pocketbase.PocketBase) error { // find the ldapGroups collection by name groupsCollection, err := app.Dao().FindCollectionByNameOrId(ldapGroupsTableName) if err != nil { return err } // create ldapUsers table collection := &models.Collection{} // because this is an auth collection, the system will automatically create a username field, a password field, verified field, an email field and an emailVisibility field // create form for collection creation form := forms.NewCollectionUpsert(app, collection) form.Name = ldapUsersTableName // collection name form.Type = models.CollectionTypeAuth // collection type set to auth, otherwise login will not work form.ListRule = types.Pointer("@request.auth.id != ''") // list rule (only authenticated users can list) form.ViewRule = types.Pointer("@request.auth.id != ''") // view rule (only authenticated users can view) form.CreateRule = nil // create rule (anyone can create) form.UpdateRule = nil // update rule (anyone can update) form.DeleteRule = nil // delete rule (anyone can delete) // add common name field, the collection will also have a field named "username" which is the username field. this field is added automatically by the forms.NewCollectionUpsert() function form.Schema.AddField(&schema.SchemaField{ Name: "cn", Type: schema.FieldTypeText, Required: true, Presentable: true, }) // add distinguished name field form.Schema.AddField(&schema.SchemaField{ Name: "dn", Type: schema.FieldTypeText, Required: true, }) // add surname field form.Schema.AddField(&schema.SchemaField{ Name: "sn", Type: schema.FieldTypeText, Required: true, }) // add given name field form.Schema.AddField(&schema.SchemaField{ Name: "givenName", Type: schema.FieldTypeText, Required: true, }) // add account expires field form.Schema.AddField(&schema.SchemaField{ Name: "accountExpires", Type: schema.FieldTypeDate, Required: false, }) // add groups field form.Schema.AddField(&schema.SchemaField{ Name: "memberOf", Type: schema.FieldTypeRelation, Required: false, Options: &schema.RelationOptions{ CollectionId: groupsCollection.Id, CascadeDelete: false, }, }) // create index on username form.Indexes = types.JsonArray[string]{ "CREATE UNIQUE INDEX idx_ldapUsers ON " + ldapGroupsTableName + " (cn, dn)", } return form.Submit() } // createLDAPSyncLogsTable creates ldapSyncLogs table func createLDAPSyncLogsTable(app *pocketbase.PocketBase) error { // create ldapSyncs table collection := &models.Collection{} // create form for collection creation form := forms.NewCollectionUpsert(app, collection) form.Name = ldapSyncLogsTableName // collection name form.Type = models.CollectionTypeBase // collection type set to auth, otherwise login will not work form.Schema.AddField(&schema.SchemaField{ Name: "usersFound", Type: schema.FieldTypeNumber, }) form.Schema.AddField(&schema.SchemaField{ Name: "usersSynced", Type: schema.FieldTypeNumber, }) form.Schema.AddField(&schema.SchemaField{ Name: "usersRemoved", Type: schema.FieldTypeNumber, }) form.Schema.AddField(&schema.SchemaField{ Name: "userSyncErrors", Type: schema.FieldTypeJson, }) form.Schema.AddField(&schema.SchemaField{ Name: "groupsFound", Type: schema.FieldTypeNumber, }) form.Schema.AddField(&schema.SchemaField{ Name: "groupsSynced", Type: schema.FieldTypeNumber, }) form.Schema.AddField(&schema.SchemaField{ Name: "groupsRemoved", Type: schema.FieldTypeNumber, }) form.Schema.AddField(&schema.SchemaField{ Name: "groupSyncErrors", Type: schema.FieldTypeJson, }) // create index form.Indexes = types.JsonArray[string]{ "CREATE UNIQUE INDEX idx_ldapSyncs ON " + ldapSyncLogsTableName + " (created)", } return form.Submit() }