251 lines
6.9 KiB
Go
251 lines
6.9 KiB
Go
package ldapSync
|
|
|
|
/*
|
|
this file contains the code for creating the ldapUsers and ldapGroups tables
|
|
*/
|
|
|
|
import (
|
|
"github.com/pocketbase/pocketbase"
|
|
"github.com/pocketbase/pocketbase/forms"
|
|
"github.com/pocketbase/pocketbase/models"
|
|
"github.com/pocketbase/pocketbase/models/schema"
|
|
"github.com/pocketbase/pocketbase/tools/types"
|
|
)
|
|
|
|
const ldapUsersTableName string = "ldap_users"
|
|
const ldapGroupsTableName string = "ldap_groups"
|
|
const ldapSyncLogsTableName string = "ldap_sync_logs"
|
|
|
|
// createLDAPGroupsTable creates ldapGroups table
|
|
//
|
|
// the function does not check if the ldapGroups table already exists
|
|
// returns error
|
|
func createLDAPGroupsTable(app *pocketbase.PocketBase) error {
|
|
|
|
collection := &models.Collection{}
|
|
|
|
form := forms.NewCollectionUpsert(app, collection)
|
|
form.Name = ldapGroupsTableName
|
|
form.Type = models.CollectionTypeBase
|
|
form.ListRule = types.Pointer("@request.auth.id != ''")
|
|
form.ViewRule = types.Pointer("@request.auth.id != ''")
|
|
form.CreateRule = nil
|
|
form.UpdateRule = nil
|
|
form.DeleteRule = nil
|
|
|
|
// add group ID field
|
|
form.Schema.AddField(&schema.SchemaField{
|
|
Name: "gidNumber",
|
|
Type: schema.FieldTypeText,
|
|
Required: true,
|
|
})
|
|
|
|
// add description field
|
|
form.Schema.AddField(&schema.SchemaField{
|
|
Name: "description",
|
|
Type: schema.FieldTypeText,
|
|
Required: false,
|
|
})
|
|
|
|
// add common name field
|
|
form.Schema.AddField(&schema.SchemaField{
|
|
Name: "cn",
|
|
Type: schema.FieldTypeText,
|
|
Required: true,
|
|
Presentable: true,
|
|
})
|
|
|
|
// add distinguished name field
|
|
form.Schema.AddField(&schema.SchemaField{
|
|
Name: "dn",
|
|
Type: schema.FieldTypeText,
|
|
Required: true,
|
|
})
|
|
|
|
// create index on cn
|
|
form.Indexes = types.JsonArray[string]{
|
|
"CREATE UNIQUE INDEX idx_ldapGroups ON " + ldapGroupsTableName + " (cn, gidNumber, dn)",
|
|
}
|
|
|
|
// validate and submit (internally it calls app.Dao().SaveCollection(collection) in a transaction)
|
|
if err := form.Submit(); err != nil {
|
|
return err
|
|
}
|
|
|
|
// find the ldapGroups collection by name
|
|
collection, err := app.Dao().FindCollectionByNameOrId(ldapGroupsTableName)
|
|
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
// create form for collection update
|
|
form = forms.NewCollectionUpsert(app, collection)
|
|
|
|
// add groups field - we cant add this field in the first form because the collection (and the ID) does not exist yet
|
|
form.Schema.AddField(&schema.SchemaField{
|
|
Name: "memberOf",
|
|
Type: schema.FieldTypeRelation,
|
|
Required: false,
|
|
Options: &schema.RelationOptions{
|
|
CollectionId: collection.Id,
|
|
CascadeDelete: false,
|
|
},
|
|
})
|
|
|
|
// validate and submit (internally it calls app.Dao().SaveCollection(collection) in a transaction)
|
|
if err := form.Submit(); err != nil {
|
|
return err
|
|
}
|
|
|
|
// return collection id and nil error
|
|
return nil
|
|
}
|
|
|
|
// createLDAPUsersTable creates ldapUsers table
|
|
//
|
|
// the function does not check if the ldapUsers table already exists
|
|
// returns error
|
|
func createLDAPUsersTable(app *pocketbase.PocketBase) error {
|
|
|
|
// find the ldapGroups collection by name
|
|
groupsCollection, err := app.Dao().FindCollectionByNameOrId(ldapGroupsTableName)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
// create ldapUsers table
|
|
collection := &models.Collection{}
|
|
|
|
// because this is an auth collection, the system will automatically create a username field, a password field, verified field, an email field and an emailVisibility field
|
|
|
|
// create form for collection creation
|
|
form := forms.NewCollectionUpsert(app, collection)
|
|
form.Name = ldapUsersTableName // collection name
|
|
form.Type = models.CollectionTypeAuth // collection type set to auth, otherwise login will not work
|
|
form.ListRule = types.Pointer("@request.auth.id != ''") // list rule (only authenticated users can list)
|
|
form.ViewRule = types.Pointer("@request.auth.id != ''") // view rule (only authenticated users can view)
|
|
form.CreateRule = nil // create rule (anyone can create)
|
|
form.UpdateRule = nil // update rule (anyone can update)
|
|
form.DeleteRule = nil // delete rule (anyone can delete)
|
|
|
|
// add common name field, the collection will also have a field named "username" which is the username field. this field is added automatically by the forms.NewCollectionUpsert() function
|
|
form.Schema.AddField(&schema.SchemaField{
|
|
Name: "cn",
|
|
Type: schema.FieldTypeText,
|
|
Required: true,
|
|
Presentable: true,
|
|
})
|
|
|
|
// add distinguished name field
|
|
form.Schema.AddField(&schema.SchemaField{
|
|
Name: "dn",
|
|
Type: schema.FieldTypeText,
|
|
Required: true,
|
|
})
|
|
|
|
// add uidNumber field
|
|
form.Schema.AddField(&schema.SchemaField{
|
|
Name: "uidNumber",
|
|
Type: schema.FieldTypeText,
|
|
Required: true,
|
|
})
|
|
|
|
// add surname field
|
|
form.Schema.AddField(&schema.SchemaField{
|
|
Name: "sn",
|
|
Type: schema.FieldTypeText,
|
|
Required: true,
|
|
})
|
|
|
|
// add given name field
|
|
form.Schema.AddField(&schema.SchemaField{
|
|
Name: "givenName",
|
|
Type: schema.FieldTypeText,
|
|
Required: true,
|
|
})
|
|
|
|
// add account expires field
|
|
form.Schema.AddField(&schema.SchemaField{
|
|
Name: "accountExpires",
|
|
Type: schema.FieldTypeDate,
|
|
Required: false,
|
|
})
|
|
|
|
// add groups field
|
|
form.Schema.AddField(&schema.SchemaField{
|
|
Name: "memberOf",
|
|
Type: schema.FieldTypeRelation,
|
|
Required: false,
|
|
Options: &schema.RelationOptions{
|
|
CollectionId: groupsCollection.Id,
|
|
CascadeDelete: false,
|
|
},
|
|
})
|
|
|
|
// create index on username
|
|
form.Indexes = types.JsonArray[string]{
|
|
"CREATE UNIQUE INDEX idx_ldapUsers ON " + ldapGroupsTableName + " (cn, uidNumber, dn)",
|
|
}
|
|
|
|
return form.Submit()
|
|
}
|
|
|
|
// createLDAPSyncLogsTable creates ldapSyncLogs table
|
|
func createLDAPSyncLogsTable(app *pocketbase.PocketBase) error {
|
|
// create ldapSyncs table
|
|
collection := &models.Collection{}
|
|
|
|
// create form for collection creation
|
|
form := forms.NewCollectionUpsert(app, collection)
|
|
form.Name = ldapSyncLogsTableName // collection name
|
|
form.Type = models.CollectionTypeBase // collection type set to auth, otherwise login will not work
|
|
|
|
form.Schema.AddField(&schema.SchemaField{
|
|
Name: "usersFound",
|
|
Type: schema.FieldTypeNumber,
|
|
})
|
|
|
|
form.Schema.AddField(&schema.SchemaField{
|
|
Name: "usersSynced",
|
|
Type: schema.FieldTypeNumber,
|
|
})
|
|
|
|
form.Schema.AddField(&schema.SchemaField{
|
|
Name: "usersRemoved",
|
|
Type: schema.FieldTypeNumber,
|
|
})
|
|
|
|
form.Schema.AddField(&schema.SchemaField{
|
|
Name: "userSyncErrors",
|
|
Type: schema.FieldTypeJson,
|
|
})
|
|
|
|
form.Schema.AddField(&schema.SchemaField{
|
|
Name: "groupsFound",
|
|
Type: schema.FieldTypeNumber,
|
|
})
|
|
|
|
form.Schema.AddField(&schema.SchemaField{
|
|
Name: "groupsSynced",
|
|
Type: schema.FieldTypeNumber,
|
|
})
|
|
|
|
form.Schema.AddField(&schema.SchemaField{
|
|
Name: "groupsRemoved",
|
|
Type: schema.FieldTypeNumber,
|
|
})
|
|
|
|
form.Schema.AddField(&schema.SchemaField{
|
|
Name: "groupSyncErrors",
|
|
Type: schema.FieldTypeJson,
|
|
})
|
|
|
|
// create index
|
|
form.Indexes = types.JsonArray[string]{
|
|
"CREATE UNIQUE INDEX idx_ldapSyncs ON " + ldapSyncLogsTableName + " (created)",
|
|
}
|
|
|
|
return form.Submit()
|
|
}
|