Implement password change request.

.gitignore

@@ -1 +1,2 @@
 ldapmin
+config.json

config-example.json

@@ -0,0 +1,7 @@
+{
+  "ldap": {
+    "url": "ldap://ldap.example.com",
+    "starttls": true,
+    "userformat": "cn=%s,ou=users,dc=example,dc=com"
+  }
+}

config.go

@@ -1,18 +1,52 @@
 package main
 
-import "github.com/spf13/pflag"
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"os"
+
+	"github.com/spf13/pflag"
+)
 
 type config struct {
-	ListenAddr string
+	ListenAddr string     `json:"listenAddr"`
+	Ldap       ldapConfig `json:"ldap"`
+}
+
+type ldapConfig struct {
+	URL        string `json:"url"`
+	StartTLS   bool   `json:"starttls"`
+	UserFormat string `json:"userformat"`
 }
 
 func parseConfig() (config, error) {
-	c := config{
-		ListenAddr: ":8080",
-	}
+	configFile := "config.json"
 
-	pflag.StringVarP(&c.ListenAddr, "listen-addr", "l", c.ListenAddr, "Network address to listen on.")
+	pflag.StringVarP(&configFile, "config", "c", configFile, "Path to configuration file.")
 	pflag.Parse()
 
+	var c config
+	file, err := os.Open(configFile)
+	if err != nil {
+		return c, fmt.Errorf("can not open configuration file: %s", err)
+	}
+
+	if err := json.NewDecoder(file).Decode(&c); err != nil {
+		return c, fmt.Errorf("can not parse configuration: %s", err)
+	}
+
+	if c.ListenAddr == "" {
+		c.ListenAddr = ":8080"
+	}
+
+	if c.Ldap.URL == "" {
+		return c, errors.New("ldap.url can not be empty")
+	}
+
+	if c.Ldap.UserFormat == "" {
+		return c, errors.New("ldap.userformat can not be empty")
+	}
+
 	return c, nil
 }

go.mod

@@ -7,4 +7,6 @@ require (
 	github.com/inconshreveable/mousetrap v1.0.0 // indirect
 	github.com/sirupsen/logrus v1.2.0
 	github.com/spf13/pflag v1.0.3
+	gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d // indirect
+	gopkg.in/ldap.v3 v3.0.0-20181126164332-5c2c0f997205
 )

go.sum

@@ -182,6 +182,7 @@ github.com/gobuffalo/x v0.0.0-20181003152136-452098b06085/go.mod h1:WevpGD+5YOre
 github.com/gobuffalo/x v0.0.0-20181007152206-913e47c59ca7/go.mod h1:9rDPXaB3kXdKWzMc4odGQQdG2e2DIEmANy5aSJ9yesY=
 github.com/gofrs/uuid v3.1.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
 github.com/golang/protobuf v1.1.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.2.0 h1:P3YflyNX/ehuJFLhxviNdFxQPkGK5cDcApsge1SqnvM=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/gorilla/context v1.1.1 h1:AWwleXJkX/nhcU9bZSnZoi3h/qGYqQAGhq6zZe/aQW8=
 github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
@@ -363,12 +364,16 @@ golang.org/x/tools v0.0.0-20181212172921-837e80568c09/go.mod h1:n7NCudcB/nEzxVGm
 google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U=
 gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc/go.mod h1:m7x9LTH6d71AHyAX77c9yqWCCa3UKHcVEj9y7hAtKDk=
+gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d h1:TxyelI5cVkbREznMhfzycHdkp5cLA7DpE+GKjSslYhM=
+gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d/go.mod h1:cuepJuh7vyXfUyUwEgHQXw849cJrilpS5NeIjOWESAw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
 gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo=
 gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df/go.mod h1:LRQQ+SO6ZHR7tOkpBDuZnXENFzX8qRjMDMyPD6BRkCw=
+gopkg.in/ldap.v3 v3.0.0-20181126164332-5c2c0f997205 h1:a3+w42N8T8PbRnx/bVRl+1jCJVYzC8hZbPqAz5cTJ10=
+gopkg.in/ldap.v3 v3.0.0-20181126164332-5c2c0f997205/go.mod h1:oxD7NyBuxchC+SgJDE1Q5Od05eGt29SDQVBmV+HYbzw=
 gopkg.in/mail.v2 v2.0.0-20180731213649-a0242b2233b4/go.mod h1:htwXN1Qh09vZJ1NVKxQqHPBaCBbzKhp5GzuJEA4VJWw=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=

ldap.go

@@ -1,11 +1,62 @@
 package main
 
-type ldapConnection struct{}
+import (
+	"crypto/tls"
+	"fmt"
+	"net/url"
 
-func newLDAP(cfg config) (*ldapConnection, error) {
-	return &ldapConnection{}, nil
+	ldap "gopkg.in/ldap.v3"
+)
+
+type ldapConnection struct {
+	cfg ldapConfig
+}
+
+func newLDAP(cfg ldapConfig) (*ldapConnection, error) {
+	return &ldapConnection{
+		cfg: cfg,
+	}, nil
 }
 
 func (l *ldapConnection) ChangePassword(username, password, newPassword string) (bool, error) {
-	return false, nil
+	userDN := fmt.Sprintf(l.cfg.UserFormat, username)
+
+	c, err := ldap.DialURL(l.cfg.URL)
+	if err != nil {
+		return false, fmt.Errorf("can not connect to LDAP: %s", err)
+	}
+
+	if l.cfg.StartTLS {
+		serverURL, err := url.Parse(l.cfg.URL)
+		if err != nil {
+			return false, fmt.Errorf("can not parse server URL: %s", err)
+		}
+
+		tlsConfig := &tls.Config{
+			ServerName: serverURL.Host,
+		}
+		if err := c.StartTLS(tlsConfig); err != nil {
+			return false, fmt.Errorf("can not enable startTLS: %s", err)
+		}
+	}
+
+	if err := c.Bind(userDN, password); err != nil {
+		if ldapErr, ok := err.(*ldap.Error); ok && ldapErr.ResultCode == 49 {
+			return false, nil
+		}
+
+		return false, fmt.Errorf("can not bind: %s", err)
+	}
+
+	passwordReq := &ldap.PasswordModifyRequest{
+		UserIdentity: userDN,
+		OldPassword:  password,
+		NewPassword:  newPassword,
+	}
+
+	if _, err := c.PasswordModify(passwordReq); err != nil {
+		return false, fmt.Errorf("can not modify password: %s", err)
+	}
+
+	return true, nil
 }

main.go

@@ -18,10 +18,10 @@ var (
 func main() {
 	cfg, err := parseConfig()
 	if err != nil {
-		log.Fatal(err)
+		log.Fatalf("Configuration error: %s", err)
 	}
 
-	ldap, err := newLDAP(cfg)
+	ldap, err := newLDAP(cfg.Ldap)
 	if err != nil {
 		log.Fatalf("Error initializing LDAP connection: %s", err)
 	}