Commit graph

15 commits

Author SHA1 Message Date
50233827b6 Quiet mode flag
The -q command line flag disables stderr output. However it causes file
logging to change format.
2021-02-11 23:37:13 +01:00
e8a72dede3 Add log file hook to logger rather than globally 2021-02-11 23:34:00 +01:00
30cae773cf Logging to a file
Command line argument -log-file will add a logging hook that writes to a
file in addition to the standard error stream.
2021-02-11 23:30:36 +01:00
31cb613822 Added traces to privilege computations and Graylog API calls 2021-02-11 23:05:48 +01:00
c84f52b012 Cache for LDAP username lookups
It is unnecessary to request the same user's username attribute more
than once.
2021-02-11 22:46:29 +01:00
84fc80bf0a CLI - Minor refactoring for aesthetical reasons 2021-02-11 22:31:00 +01:00
4722223603 Refactored into multiple files
* The main program, command line argument parsing and logging
  initialization remains in main.go
* Configuration structure and loader are in config.go
* LDAP connection and querying is in ldap.go
* Anything that has to do with Graylog, including the privilege mapping,
  is in graylog.go
2021-02-11 20:44:07 +01:00
dcd3f920c9 Improved logging
* Added dependency on logrus.
* Command line flags are parsed in order to obtain the name of the
  configuration file, the log level and the instance identifier.
* Logging in various places : configuration loader, API, data access.
  Privilege computations and subsequent actions do not write proper logs
  yet.
2021-02-10 23:58:14 +01:00
e065dab3a2 ToDo list update 2021-02-09 23:19:01 +01:00
5c014aa951 Read username from referenced LDAP record
* The `username_attribute` configuration value was added to the `ldap`
  section. When this value is set, the program will not try to extract the
  username from DNs; instead, it will look them up and extract the
  username from the referenced record, using the specified attribute.

* The program will no longer exit in error when a group listed in the
  mapping doesn't exist.
2021-02-09 23:15:24 +01:00
9bec0ad14e Changed order of LDAP-related functions
It makes more sense to have the function that establishes the connection
before the rest.
2021-02-09 19:04:15 +01:00
842a4be87e TLS controls for the LDAP connection
The LDAP connection now supports using a custom CA certificate chain or
skipping all TLS certificate checks.
2021-02-08 23:23:16 +01:00
12634b9ffa Removed unnecessary dependency
I initially intended to use @bitfield's script more than I did, but it
seems silly to include it just to read a file.
2021-02-08 22:24:25 +01:00
627ab475b7 Documentation and license 2021-02-07 18:42:17 +01:00
91be691ea4 Initial version
This is a Go program which can synchronize Graylog 4 roles and access
privileges to dashboards and streams from a LDAP directory, based on a
YAML configuration file that maps LDAP groups to Graylog privileges.

The code is rather ugly, some features are half-baked (LDAP TLS
support, impossible to disable HTTP TLS checks, bad error handling...)
and some documentation needs to be added but it's a start.
2021-02-07 15:05:35 +01:00