glauth: Reenable configuring backends

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>

glauth/changelog/unreleased/reenable-configuring-backends.md

@@ -0,0 +1,5 @@
+Enhancement: Reenable configuring backends
+
+We reintroduced the `backend-datastore` config option to choose between the `ldap`, `owncloud` (with graphapi) and `accounts` (the default) datastores. 
+
+https://github.com/owncloud/ocis/pull/600

glauth/pkg/command/server.go

@@ -40,6 +40,8 @@ func Server(cfg *config.Config) *cli.Command {
 				cfg.HTTP.Root = strings.TrimSuffix(cfg.HTTP.Root, "/")
 			}
 
+			cfg.Backend.Servers = c.StringSlice("backend-server")
+
 			return ParseConfig(c, cfg)
 		},
 		Action: func(c *cli.Context) error {
@@ -150,11 +152,14 @@ func Server(cfg *config.Config) *cli.Command {
 						Key:     cfg.Ldaps.Key,
 					},
 					Backend: glauthcfg.Backend{
+						Datastore:   cfg.Backend.Datastore,
 						BaseDN:      cfg.Backend.BaseDN,
 						Insecure:    cfg.Backend.Insecure,
 						NameFormat:  cfg.Backend.NameFormat,
 						GroupFormat: cfg.Backend.GroupFormat,
+						Servers:     cfg.Backend.Servers,
 						SSHKeyAttr:  cfg.Backend.SSHKeyAttr,
+						UseGraphAPI: cfg.Backend.UseGraphAPI,
 					},
 				}
 

glauth/pkg/config/config.go

@@ -46,11 +46,14 @@ type Ldaps struct {
 
 // Backend defined the available backend configuration.
 type Backend struct {
+	Datastore   string
 	BaseDN      string
 	Insecure    bool
 	NameFormat  string
 	GroupFormat string
+	Servers     []string
 	SSHKeyAttr  string
+	UseGraphAPI bool
 }
 
 // Config combines all available configuration parts.

glauth/pkg/flagset/flagset.go

@@ -159,7 +159,14 @@ func ServerWithConfig(cfg *config.Config) []cli.Flag {
 			EnvVars:     []string{"GLAUTH_LDAPS_KEY"},
 			Destination: &cfg.Ldaps.Key,
 		},
-
+		&cli.StringFlag{
+			Name:  "backend-datastore",
+			Value: "accounts",
+			// TODO bring back config / flat file support
+			Usage:       "datastore to use as the backend. one of accounts, ldap or owncloud",
+			EnvVars:     []string{"GLAUTH_BACKEND_DATASTORE"},
+			Destination: &cfg.Backend.Datastore,
+		},
 		&cli.StringFlag{
 			Name:        "backend-basedn",
 			Value:       "dc=example,dc=org",
@@ -188,12 +195,25 @@ func ServerWithConfig(cfg *config.Config) []cli.Flag {
 			EnvVars:     []string{"GLAUTH_BACKEND_GROUP_FORMAT"},
 			Destination: &cfg.Backend.GroupFormat,
 		},
+		&cli.StringSliceFlag{
+			Name:    "backend-server",
+			Value:   cli.NewStringSlice("https://demo.owncloud.com"),
+			Usage:   `--backend-servers http://internal1.example.com [--backend-servers http://internal2.example.com]`,
+			EnvVars: []string{"GLAUTH_BACKEND_SERVERS"},
+		},
 		&cli.StringFlag{
 			Name:        "backend-ssh-key-attr",
 			Value:       "sshPublicKey",
 			Usage:       "ssh key attribute for entries to expose",
 			EnvVars:     []string{"GLAUTH_BACKEND_SSH_KEY_ATTR"},
 			Destination: &cfg.Backend.SSHKeyAttr,
 		},
+		&cli.BoolFlag{
+			Name:        "backend-use-graphapi",
+			Value:       true,
+			Usage:       "use Graph API, only for owncloud datastore",
+			EnvVars:     []string{"GLAUTH_BACKEND_USE_GRAPHAPI"},
+			Destination: &cfg.Backend.UseGraphAPI,
+		},
 	}
 }

glauth/pkg/server/glauth/handler.go

@@ -448,7 +448,7 @@ func (h ocisHandler) Close(boundDN string, conn net.Conn) error {
 	return nil
 }
 
-// NewOCISHandler implements a glauth backend with ocis-accounts as tdhe datasource
+// NewOCISHandler implements a glauth backend with ocis-accounts as the datasource
 func NewOCISHandler(opts ...Option) handler.Handler {
 	options := newOptions(opts...)
 

glauth/pkg/server/glauth/server.go

@@ -2,9 +2,11 @@ package glauth
 
 import (
 	"errors"
+	"fmt"
 
 	"github.com/GeertJohan/yubigo"
 	"github.com/glauth/glauth/pkg/config"
+	"github.com/glauth/glauth/pkg/handler"
 	"github.com/go-logr/logr"
 	"github.com/nmcclain/ldap"
 	"github.com/owncloud/ocis/glauth/pkg/mlogr"
@@ -18,7 +20,8 @@ type LdapSvc struct {
 	l        *ldap.Server
 }
 
-// Server initializes the debug service and server.
+// Server initializes the ldap server.
+// It is a fork github.com/glauth/pkg/server because it would introduce a go-micro dependency upstream.
 func Server(opts ...Option) (*LdapSvc, error) {
 	options := newOptions(opts...)
 
@@ -40,15 +43,41 @@ func Server(opts ...Option) (*LdapSvc, error) {
 	// configure the backend
 	s.l = ldap.NewServer()
 	s.l.EnforceLDAP = true
-	h := NewOCISHandler(
-		AccountsService(options.AccountsService),
-		GroupsService(options.GroupsService),
-		Logger(options.Logger),
-		Config(s.c),
-	)
-	s.l.BindFunc("", h)
-	s.l.SearchFunc("", h)
-	s.l.CloseFunc("", h)
+	var h handler.Handler
+	switch s.c.Backend.Datastore {
+	/* TODO bring back file config
+	case "config":
+		h = handler.NewConfigHandler(
+			handler.Logger(s.log),
+			handler.Config(s.c),
+			handler.YubiAuth(s.yubiAuth),
+		)
+	*/
+	case "ldap":
+		h = handler.NewLdapHandler(
+			handler.Logger(s.log),
+			handler.Config(s.c),
+		)
+	case "owncloud":
+		h = handler.NewOwnCloudHandler(
+			handler.Logger(s.log),
+			handler.Config(s.c),
+		)
+	case "accounts":
+		h = NewOCISHandler(
+			AccountsService(options.AccountsService),
+			GroupsService(options.GroupsService),
+			Logger(options.Logger),
+			Config(s.c),
+		)
+	default:
+		return nil, fmt.Errorf("unsupported backend %s - must be 'ldap', 'owncloud' or 'accounts'", s.c.Backend.Datastore)
+		//return nil, fmt.Errorf("unsupported backend %s - must be 'config', 'homed', 'ldap', 'owncloud' or 'accounts'", s.c.Backend.Datastore)
+	}
+	s.log.V(3).Info("Using backend", "datastore", s.c.Backend.Datastore)
+	s.l.BindFunc(s.c.Backend.BaseDN, h)
+	s.l.SearchFunc(s.c.Backend.BaseDN, h)
+	s.l.CloseFunc(s.c.Backend.BaseDN, h)
 
 	return &s, nil
 }