82 lines
2.4 KiB
Go
82 lines
2.4 KiB
Go
//go:build standalone
|
|
|
|
package checker
|
|
|
|
import (
|
|
"errors"
|
|
"net/http"
|
|
"strconv"
|
|
"strings"
|
|
|
|
sdk "git.happydns.org/checker-sdk-go/checker"
|
|
)
|
|
|
|
// RenderForm implements server.Interactive. It exposes the same option
|
|
// set as /evaluate, minus the AutoFill hint on `domain` (the human is the
|
|
// one filling it in) and with a sensible default timeout.
|
|
func (p *ldapProvider) RenderForm() []sdk.CheckerOptionField {
|
|
return []sdk.CheckerOptionField{
|
|
{
|
|
Id: "domain",
|
|
Type: "string",
|
|
Label: "Domain",
|
|
Placeholder: "example.com",
|
|
Required: true,
|
|
},
|
|
{
|
|
Id: "timeout",
|
|
Type: "number",
|
|
Label: "Per-endpoint timeout (seconds)",
|
|
Default: 10,
|
|
},
|
|
{
|
|
Id: "bind_dn",
|
|
Type: "string",
|
|
Label: "Bind DN",
|
|
Placeholder: "cn=reader,dc=example,dc=com",
|
|
Description: "Optional. When set (with bind_password), the checker performs an authenticated bind over TLS and reports whether the directory accepts the provided credentials.",
|
|
},
|
|
{
|
|
Id: "bind_password",
|
|
Type: "string",
|
|
Label: "Bind password",
|
|
Secret: true,
|
|
Description: "Optional. Only used when bind_dn is set. The password is not persisted in the observation payload.",
|
|
},
|
|
{
|
|
Id: "base_dn",
|
|
Type: "string",
|
|
Label: "Base DN (read test)",
|
|
Placeholder: "dc=example,dc=com",
|
|
Description: "Optional. When set, the checker runs a baseObject search on this DN after a successful bind to verify the account has read access.",
|
|
},
|
|
}
|
|
}
|
|
|
|
// ParseForm implements server.Interactive. Collect handles its own SRV
|
|
// and A/AAAA lookups, so the form only needs to forward the user-supplied
|
|
// values -- no extra host-side resolution is required here.
|
|
func (p *ldapProvider) ParseForm(r *http.Request) (sdk.CheckerOptions, error) {
|
|
domain := strings.TrimSpace(r.FormValue("domain"))
|
|
if domain == "" {
|
|
return nil, errors.New("domain is required")
|
|
}
|
|
opts := sdk.CheckerOptions{"domain": domain}
|
|
if v := strings.TrimSpace(r.FormValue("timeout")); v != "" {
|
|
f, err := strconv.ParseFloat(v, 64)
|
|
if err != nil {
|
|
return nil, errors.New("timeout must be a number")
|
|
}
|
|
opts["timeout"] = f
|
|
}
|
|
if v := strings.TrimSpace(r.FormValue("bind_dn")); v != "" {
|
|
opts["bind_dn"] = v
|
|
}
|
|
if v := r.FormValue("bind_password"); v != "" {
|
|
opts["bind_password"] = v
|
|
}
|
|
if v := strings.TrimSpace(r.FormValue("base_dn")); v != "" {
|
|
opts["base_dn"] = v
|
|
}
|
|
return opts, nil
|
|
}
|