Untitled

from flask import Flask, request
import dash
from dash import html, Input, Output
import ldap3

# --- CREDS LOADER ---
def _get_ldap_creds():
    filepath = "/home/acmpcon/.ldap.creds"
    creds = {}
    current_section = None

    with open(filepath, 'r') as f:
        for line in f:
            line = line.strip()

            if not line:
                continue

            if line.startswith('#'):
                current_section = line.strip()
                creds[current_section] = {}
                continue

            key, value = line.split(None, 1)
            creds[current_section][key] = value

    return creds


LDAP_CREDS = _get_ldap_creds()

# --- APP ---
server = Flask(__name__)
app = dash.Dash(
    __name__,
    server=server,
    requests_pathname_prefix="/test/"
)

app.layout = html.Div([
    html.H1("Kerberos + LDAP Multi-Domain Test"),
    html.Button("Reload", id="btn"),
    html.Pre(id="info", style={"whiteSpace": "pre-wrap"})
])


# --- LDAP QUERY (MULTI DOMAIN) ---
def query_all_domains(username):
    results = []

    for domain, cfg in LDAP_CREDS.items():
        try:
            server = ldap3.Server(cfg["Host"])
            conn = ldap3.Connection(
                server,
                user=cfg["User"],
                password=cfg["Pass"],
                auto_bind=True
            )

            search_filter = f"(|(sAMAccountName={username})(userPrincipalName={username}))"

            conn.search(
                cfg["DB"],
                search_filter,
                attributes=["givenName", "sn", "memberOf"]
            )

            if not conn.entries:
                results.append(f"{domain}: NOT FOUND")
                continue

            entry = conn.entries[0]

            firstname = entry.givenName.value if entry.givenName else "-"
            lastname = entry.sn.value if entry.sn else "-"
            groups = entry.memberOf.values if "memberOf" in entry else []

            results.append(f"""
{domain}:
Firstname: {firstname}
Lastname: {lastname}

Groups:
{chr(10).join(groups)}
""")

        except Exception as e:
            results.append(f"{domain}: ERROR -> {e}")

    return "\n".join(results)


# --- CALLBACK ---
@app.callback(
    Output("info", "children"),
    Input("btn", "n_clicks")
)
def show_info(n):

    output = []

    # --- USER ---
    raw_user = request.headers.get("X-Remote-User", "NO USER")

    output.append("=== USER ===")
    output.append(f"RAW: {raw_user}")

    user = raw_user
    if "\\" in user:
        user = user.split("\\")[1]
    if "@" in user:
        user = user.split("@")[0]

    output.append(f"NORMALIZED: {user}")

    # --- LDAP MULTI ---
    output.append("\n=== LDAP (ALL DOMAINS) ===")
    output.append(query_all_domains(user))

    # --- HEADERS ---
    output.append("\n=== HEADERS ===")
    for k, v in request.headers.items():
        output.append(f"{k}: {v}")

    # --- ENV ---
    output.append("\n=== ENV (FILTERED) ===")
    for k, v in request.environ.items():
        if any(x in k for x in ["REMOTE", "AUTH", "GSS", "USER"]):
            output.append(f"{k}: {v}")

    return "\n".join(output)


# --- START ---
if __name__ == "__main__":
    app.run(host="0.0.0.0", port=9099, debug=True)