rewrite API, talk to ldap

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>

docs/getting-started.md

@@ -31,12 +31,6 @@ If you prefer to configure the service with environment variables you can see th
 
 #### Server
 
-OCIS_ACCOUNTS_MANAGER
-: Enable sending traces, defaults to `filesystem`
-
-OCIS_ACCOUNTS_MOUNT_PATH
-: Mounting point for the accounts service when running on the filesystem as manager.
-
 OCIS_ACCOUNTS_NAME
 : Name of the accounts service. It will be part of the namespace.
 

go.mod

@@ -10,14 +10,14 @@ require (
 	github.com/joho/godotenv v1.3.0
 	github.com/micro/cli/v2 v2.1.2
 	github.com/micro/go-micro/v2 v2.6.0
-	github.com/micro/micro/v2 v2.0.1-0.20200210100719-f38a1d8d5348
 	github.com/oklog/run v1.1.0
 	github.com/owncloud/ocis-pkg/v2 v2.2.1
 	github.com/owncloud/ocis-settings v0.0.0-20200522101320-46ea31026363
 	github.com/restic/calens v0.2.0
+	github.com/rs/zerolog v1.17.2
 	github.com/spf13/viper v1.6.3
-	google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84
-	google.golang.org/protobuf v1.22.0
+	google.golang.org/genproto v0.0.0-20200420144010-e5e8543f8aeb
+	gopkg.in/ldap.v2 v2.5.1
 	honnef.co/go/tools v0.0.1-2020.1.0.20200427215036-cd1ad299aeab // indirect
 )
 

pkg/command/root.go

@@ -1,21 +1,19 @@
 package command
 
 import (
-	"github.com/owncloud/ocis-accounts/pkg/flagset"
 	"os"
 	"os/user"
 	"path"
 	"strings"
 
+	"github.com/owncloud/ocis-accounts/pkg/flagset"
+
 	"github.com/joho/godotenv"
 	"github.com/micro/cli/v2"
 	"github.com/owncloud/ocis-accounts/pkg/config"
 	"github.com/owncloud/ocis-accounts/pkg/version"
 	"github.com/owncloud/ocis-pkg/v2/log"
 	"github.com/spf13/viper"
-
-	// init store manager
-	_ "github.com/owncloud/ocis-accounts/pkg/store"
 )
 
 var (

pkg/command/server.go

@@ -3,9 +3,10 @@ package command
 import (
 	"context"
 	"fmt"
-	"github.com/owncloud/ocis-accounts/pkg/flagset"
 	"syscall"
 
+	"github.com/owncloud/ocis-accounts/pkg/flagset"
+
 	"github.com/micro/cli/v2"
 	"github.com/oklog/run"
 	"github.com/owncloud/ocis-accounts/pkg/config"
@@ -23,7 +24,7 @@ func Server(cfg *config.Config) *cli.Command {
 	return &cli.Command{
 		Name:        "server",
 		Usage:       "Start ocis accounts service",
-		Description: "an accounts backend manager (driver) needs to be specified. By default the service uses the filesystem as storage",
+		Description: "uses an LDAP server as the storage backend",
 		Flags:       flagset.ServerWithConfig(cfg),
 		Before: func(c *cli.Context) error {
 			logger = oclog.NewLogger(

pkg/config/config.go

@@ -1,6 +1,29 @@
 // Package config should be moved to internal
 package config
 
+// LDAP defines the available ldap configuration.
+type LDAP struct {
+	Hostname     string
+	Port         int
+	BaseDN       string
+	UserFilter   string
+	GroupFilter  string
+	BindDN       string
+	BindPassword string
+	IDP          string
+	Schema       LDAPSchema
+}
+
+// LDAPSchema defines the available ldap schema configuration.
+type LDAPSchema struct {
+	AccountID   string
+	Identities  string
+	Username    string
+	DisplayName string
+	Mail        string
+	Groups      string
+}
+
 // Server configures a server.
 type Server struct {
 	Name      string
@@ -17,10 +40,9 @@ type Log struct {
 
 // Config merges all Account config parameters.
 type Config struct {
-	MountPath string
-	Manager   string
-	Server    Server
-	Log       Log
+	LDAP   LDAP
+	Server Server
+	Log    Log
 }
 
 // New returns a new config.

pkg/flagset/flagset.go

@@ -1,7 +1,9 @@
 package flagset
 
-import "github.com/micro/cli/v2"
-import "github.com/owncloud/ocis-accounts/pkg/config"
+import (
+	"github.com/micro/cli/v2"
+	"github.com/owncloud/ocis-accounts/pkg/config"
+)
 
 // RootWithConfig applies cfg to the root flagset
 func RootWithConfig(cfg *config.Config) []cli.Flag {
@@ -33,20 +35,6 @@ func RootWithConfig(cfg *config.Config) []cli.Flag {
 // ServerWithConfig applies cfg to the root flagset
 func ServerWithConfig(cfg *config.Config) []cli.Flag {
 	return []cli.Flag{
-		&cli.StringFlag{
-			Name:        "manager",
-			DefaultText: "filesystem",
-			Usage:       "accounts backend manager",
-			Value:       "filesystem",
-			EnvVars:     []string{"ACCOUNTS_MANAGER"},
-			Destination: &cfg.Manager,
-		},
-		&cli.StringFlag{
-			Name:        "mount-path",
-			Usage:       "mounting point (necessary when manager=filesystem)",
-			EnvVars:     []string{"ACCOUNTS_MOUNT_PATH"},
-			Destination: &cfg.MountPath,
-		},
 		&cli.StringFlag{
 			Name:        "name",
 			Value:       "accounts",
@@ -58,8 +46,8 @@ func ServerWithConfig(cfg *config.Config) []cli.Flag {
 		&cli.StringFlag{
 			Name:        "namespace",
 			Aliases:     []string{"ns"},
-			Value:       "com.owncloud",
-			DefaultText: "com.owncloud",
+			Value:       "com.owncloud.api",
+			DefaultText: "com.owncloud.api",
 			Usage:       "namespace",
 			EnvVars:     []string{"ACCOUNTS_NAMESPACE"},
 			Destination: &cfg.Server.Namespace,
@@ -73,5 +61,99 @@ func ServerWithConfig(cfg *config.Config) []cli.Flag {
 			EnvVars:     []string{"ACCOUNTS_ADDRESS"},
 			Destination: &cfg.Server.Address,
 		},
+		// LDAP
+
+		&cli.StringFlag{
+			Name:        "ldap-hostname",
+			Value:       "localhost",
+			Usage:       "LDAP hostname",
+			EnvVars:     []string{"ACCOUNTS_LDAP_HOSTNAME"},
+			Destination: &cfg.LDAP.Hostname,
+		},
+		&cli.IntFlag{
+			Name:        "ldap-port",
+			Value:       9126,
+			Usage:       "LDAP port",
+			EnvVars:     []string{"ACCOUNTS_LDAP_PORT"},
+			Destination: &cfg.LDAP.Port,
+		},
+		&cli.StringFlag{
+			Name:        "ldap-base-dn",
+			Value:       "dc=example,dc=org",
+			Usage:       "LDAP basedn",
+			EnvVars:     []string{"ACCOUNTS_LDAP_BASE_DN"},
+			Destination: &cfg.LDAP.BaseDN,
+		},
+		&cli.StringFlag{
+			Name:        "ldap-userfilter",
+			Value:       "(&(objectclass=posixAccount)(cn=%s))",
+			Usage:       "LDAP userfilter",
+			EnvVars:     []string{"ACCOUNTS_LDAP_USERFILTER"},
+			Destination: &cfg.LDAP.UserFilter,
+		},
+		&cli.StringFlag{
+			Name:        "ldap-groupfilter",
+			Value:       "(&(objectclass=posixGroup)(cn=%s))",
+			Usage:       "LDAP groupfilter",
+			EnvVars:     []string{"ACCOUNTS_LDAP_GROUPFILTER"},
+			Destination: &cfg.LDAP.GroupFilter,
+		},
+		&cli.StringFlag{
+			Name:        "ldap-bind-dn",
+			Value:       "cn=reva,ou=sysusers,dc=example,dc=org",
+			Usage:       "LDAP bind dn",
+			EnvVars:     []string{"ACCOUNTS_LDAP_BIND_DN"},
+			Destination: &cfg.LDAP.BindDN,
+		},
+		&cli.StringFlag{
+			Name:        "ldap-bind-password",
+			Value:       "reva",
+			Usage:       "LDAP bind password",
+			EnvVars:     []string{"ACCOUNTS_LDAP_BIND_PASSWORD"},
+			Destination: &cfg.LDAP.BindPassword,
+		},
+		&cli.StringFlag{
+			Name:        "ldap-idp",
+			Value:       "https://localhost:9200",
+			Usage:       "Identity provider to use for users",
+			EnvVars:     []string{"ACCOUNTS_LDAP_IDP"},
+			Destination: &cfg.LDAP.IDP,
+		},
+		// ldap dn is always the dn
+		&cli.StringFlag{
+			Name:        "ldap-schema-account-id",
+			Value:       "ownclouduuid", // TODO write down LDAP schema & register OID
+			Usage:       "LDAP schema account id",
+			EnvVars:     []string{"ACCOUNTS_LDAP_SCHEMA_ACCOUNT_ID"},
+			Destination: &cfg.LDAP.Schema.AccountID,
+		},
+		&cli.StringFlag{
+			Name:        "ldap-schema-username",
+			Value:       "uid",
+			Usage:       "LDAP schema username",
+			EnvVars:     []string{"ACCOUNTS_LDAP_SCHEMA_USERNAME"},
+			Destination: &cfg.LDAP.Schema.Username,
+		},
+		&cli.StringFlag{
+			Name:        "ldap-schema-displayName",
+			Value:       "sn",
+			Usage:       "LDAP schema displayName",
+			EnvVars:     []string{"ACCOUNTS_LDAP_SCHEMA_DISPLAYNAME"},
+			Destination: &cfg.LDAP.Schema.DisplayName,
+		},
+		&cli.StringFlag{
+			Name:        "ldap-schema-mail",
+			Value:       "mail",
+			Usage:       "LDAP schema mail",
+			EnvVars:     []string{"ACCOUNTS_LDAP_SCHEMA_MAIL"},
+			Destination: &cfg.LDAP.Schema.Mail,
+		},
+		&cli.StringFlag{
+			Name:        "ldap-schema-cn",
+			Value:       "memberof",
+			Usage:       "LDAP schema cn",
+			EnvVars:     []string{"ACCOUNTS_LDAP_SCHEMA_GROUPS"},
+			Destination: &cfg.LDAP.Schema.Groups,
+		},
 	}
 }