use dotenv::dotenv; use ldap3::{LdapConn, Mod}; use skynet_ldap_backend::{get_config, Config}; use std::env; #[async_std::main] async fn main() -> tide::Result<()> { let config = get_config(); update_users(&config).await?; update_admin(&config).await?; update_committee(&config).await?; Ok(()) } async fn update_users(config: &Config) -> tide::Result<()> { let mut users_tmp = vec![ // default user to ensure group is never empty String::from("compsoc"), ]; // add lifetime folks if let Ok(x) = env::var("USERS_LIFETIME") { for user in x.split(',').collect::>() { users_tmp.push(user.to_string()); } } /* pull in data from wolves (csv or api (hopefully api) pull entire ldap data for every valid user in wolves match to ldap add to users */ // sorting makes it easier/faster users_tmp.sort(); if let Ok(x) = env::var("USERS_BANNED") { for user in x.split(',').collect::>() { // find its position while let Ok(index) = users_tmp.binary_search(&user.to_string()) { // in case it just so happens to be there multiple times users_tmp.remove(index); } } } // easier to work with Strings above but easier to work with &str below let users: Vec<&str> = users_tmp.iter().map(|s| &**s).collect(); update_group(config, "skynet-users", &users, true).await?; Ok(()) } fn uid_to_dn(uid: &str) -> String { format!("uid={},ou=users,dc=skynet,dc=ie", uid) } async fn update_admin(config: &Config) -> tide::Result<()> { dotenv().ok(); // read from teh env if let Ok(x) = env::var("USERS_ADMIN") { let users = x.split(',').collect::>(); update_group(config, "skynet-admins", &users, true).await?; // admins automatically get added as users update_group(config, "skynet-users", &users, false).await?; } Ok(()) } async fn update_committee(config: &Config) -> tide::Result<()> { dotenv().ok(); // read from teh env if let Ok(x) = env::var("USERS_COMMITTEE") { let users = x.split(',').collect::>(); update_group(config, "skynet-committee", &users, true).await?; // admins automatically get added as users update_group(config, "skynet-users", &users, false).await?; } Ok(()) } async fn update_group(config: &Config, group: &str, users: &[&str], replace: bool) -> tide::Result<()> { if users.is_empty() { return Ok(()); } let mut ldap = LdapConn::new(&config.ldap_host)?; // use the admin account ldap.simple_bind(&config.ldap_admin, &config.ldap_admin_pw)?.success()?; let dn = format!("cn={},ou=groups,dc=skynet,dc=ie", group); let members = users.iter().map(|uid| uid_to_dn(uid)).collect(); let mods = if replace { vec![Mod::Replace("member".to_string(), members)] } else { vec![Mod::Add("member".to_string(), members)] }; if let Err(x) = ldap.modify(&dn, mods) { println!("{:?}", x); } let dn_linux = format!("cn={}-linux,ou=groups,dc=skynet,dc=ie", group); let members_linux = users.iter().map(|uid| uid.to_string()).collect(); let mods = if replace { vec![Mod::Replace("memberUid".to_string(), members_linux)] } else { vec![Mod::Add("memberUid".to_string(), members_linux)] }; if let Err(x) = ldap.modify(&dn_linux, mods) { println!("{:?}", x); }; // tidy up ldap.unbind()?; Ok(()) }