Completed authentication and tested inside docker-compose

Author: PythonHacker24

api/routes/routes.go

@@ -4,11 +4,20 @@ import (
 	"net/http"
 
 	"github.com/PythonHacker24/linux-acl-management-backend/api/middleware"
+	"github.com/PythonHacker24/linux-acl-management-backend/internal/auth"
 	"github.com/PythonHacker24/linux-acl-management-backend/internal/health"
 )
 
+/* all routes for all features are registered here */
 func RegisterRoutes(mux *http.ServeMux) {
+
+	/* for monitoring the state of overall server and laclm backend */
 	mux.Handle("GET /health", http.HandlerFunc(
 		middleware.LoggingMiddleware(health.HealthHandler),
 	))
+
+	/* for logging into the backend and creating a session */
+	mux.Handle("POST /login", http.HandlerFunc(
+		middleware.LoggingMiddleware(auth.LoginHandler),
+	))
 }

config.yaml

@@ -34,11 +34,11 @@ filesystem_servers:
 # authentication information
 authentication:
   ldap:
-    tls: true 
-    address: "ldaps://openldap"  # Use the service name from docker-compose
+    tls: false
+    address: "ldap://openldap:389"  # Use the service name from docker-compose
     admin_dn: ${LACLM_LDAP_ADMIN_DN}
     admin_password: ${LACLM_LDAP_ADMIN_PASSWORD}
-    search_base: "ou=users,dc=example,dc=com"
+    search_base: "cn=Princeton Plainsboro Hospital,dc=myorg,dc=local"
 
 backend_security:
   jwt_secret_token: ${JWT_SECRET_TOKEN}

internal/auth/ldap.go

@@ -1,7 +1,6 @@
 package auth 
 
 import (
-	"os"
 	"crypto/tls"
 	"fmt"
 
@@ -29,7 +28,7 @@ func AuthenticateUser(username, password, searchbase string) bool {
 		l, err = ldap.DialURL(ldapAddress, ldap.DialWithTLSConfig(&tls.Config{
 
 			/* true if using self-signed certs (not recommended) */
-			InsecureSkipVerify: false,
+			InsecureSkipVerify: true,
 		}))
 	} else {
 		l, err = ldap.DialURL(ldapAddress)
@@ -43,12 +42,10 @@ func AuthenticateUser(username, password, searchbase string) bool {
 	}
 	defer l.Close()
 
-	/* securely fetch LDAP credentials from the environment */
-	adminDN := os.Getenv("LDAP_ADMIN_DN")
-	adminPassword := os.Getenv("LDAP_ADMIN_PASSWORD")
-
 	/* authenticating with the ldap server with admin */
-	err = l.Bind(adminDN, adminPassword)
+	err = l.Bind(config.BackendConfig.Authentication.LDAPConfig.AdminDN, 
+		config.BackendConfig.Authentication.LDAPConfig.AdminPassword,
+	)
 	if err != nil {
 		zap.L().Error("Admin authentication failed",
 			zap.Error(err),
@@ -62,7 +59,8 @@ func AuthenticateUser(username, password, searchbase string) bool {
 		ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
 
 		/* Searching by username */
-		fmt.Sprintf("(uid=%s)", username),
+		/* for uid -> fmt.Sprintf("(uid=%s)", username), */
+		fmt.Sprintf("(cn=%s)", username),
 
 		/* We only need the DN */
 		[]string{"dn"},