standalone - ubuntu 18.04 - ldap error and config issue?

[loquanet]

GO: go version go1.20.2 linux/amd64

Ran: go run main.go -config config.yml ./wg-portal-amd64

Goal:

1. Use AD as user authenticated wireguard.
2. portal to download user configs for vpn, found theres no "tie/corelation" between a specific user and a peer in the wg0.conf of wireguard. I only see if a user is connected then as admin user in wg-portal I can download the config.
3. How does a wg-portal non-admin user get a wireguard peer config to be assigned/associated with that user?
4. How exactly does your go app make each peer in wg0.conf to know what each user config is when theres no allowed attributes or user=exampleuser or id=exampleuser, is invalid and will break wireguard wg0.conf!?

Error: failed to bind user: LDAP Result Code 49 "Invalid Credentials": 80090308: (The credentials are confirmed correct username and password perfectly)

Issue:

1. Useless, edited the configuration.go but the app main.go didn't even read the configuration.go file.
2. Workaround, I had to create a config.yml and place in the same directory as main.go and figure out how to run the app since your documentation is only docker based and no standalone documentation. Also doesn't include on how to run the app on boot as a service or included as needed.

Questions:

1. What is the exact example of a binduser correct syntax to login to AD server? Is the below correct? The below is nuts and isn't a username. Why isn't the configuration.go being used by your app? LdapErr:cfg.LDAP.BindUser = "company\\ldap_wireguard"
2. In config.yml, what does manageIPAddresses: true, actually manage the wg0 interface IP?
3. Why isn't the configuration.go being applied, seems ignored? Why would I need both config.yml and configuration.go if they overlap config. When I don't include go run main.go config.yml I get an error that no config.yml is found.
4. the wg-portal doesn't show users/tunnels/user-configs at all. Only shows when they are currently connected?

configuration.go: cfg.LDAP.URL = "ldap://hla-dc2-hv.hlp.local:389" cfg.LDAP.BaseDN = "DC=HLP,DC=LOCAL" cfg.LDAP.StartTLS = true //cfg.LDAP.BindUser = "company\\ldap_wireguard" cfg.LDAP.BindUser = "admin@hlp.local" cfg.LDAP.BindPass = "theuserpassword" cfg.LDAP.EmailAttribute = "mail" cfg.LDAP.FirstNameAttribute = "givenName" cfg.LDAP.LastNameAttribute = "sn" cfg.LDAP.PhoneAttribute = "telephoneNumber" cfg.LDAP.GroupMemberAttribute = "memberOf" cfg.LDAP.AdminLdapGroup = "CN=wgadmins,OU=Security Groups,OU=Mybusiness,DC=hlp,DC=LOCAL" cfg.LDAP.LoginFilter = "(&(objectClass=organizationalPerson)(mail={{login_identifier}})(!userAccountControl:1.2.840.113556.1.4.803:=2))" cfg.LDAP.SyncFilter = "(&(objectClass=organizationalPerson)(!userAccountControl:1.2.840.113556.1.4.803:=2)(mail=*))" cfg.LDAP.SyncGroupFilter = ""

config.yml core: listeningAddress: :8123 externalUrl: https://wg.hlp.local adminUser: admin@wg.local adminPass: admin editableKeys: true createDefaultPeer: false ldapEnabled: false mailFrom: WireGuard VPN noreply@hlplanning.com ldap: url: ldap://192.168.6.211:389 dn: DC=hlp,DC=local startTLS: false certcheck: false user: admin@hlp.local pass: therealpasswordexample adminGroup: CN=wgadmins,OU=Security Groups,OU=Mybusiness,DC=hlplanning,DC=LOCAL database: typ: sqlite database: data/wg_portal.db email: host: smtp.gmail.com port: 587 tls: true user: test@gmail.com pass: topsecret wg: devices:

• wg0 defaultDevice: wg0 configDirectory: /etc/wireguard manageIPAddresses: true

[philippderdiedas]

Regarding your questions, where does it say that it uses a configuration.go? You should either use environment variables or a config.yml (or specify another file using CONFIG_FILE env. variable)

The LDAP bind user can be and the form of user@domain or an LDAP bind dn like CN=User Name,CN=Users,DC=dom,DC=ai,DC=n.

You also supplied the wrong value ldapEnabled: false, it should be true.

[philippderdiedas]

It is also worth mentioning that you can vertically scroll in the readme (because GitHub sucks) and then see the description column under configuration options

[philippderdiedas]

and a systemd unit file is linked here. You could remove the line EnvironmentFile and replace it with Environment="CONFIG_FILE=/path/to/config".

If you setup your wireguard interface using a wg-quick service you can replace After=... with After=wg-quick@wg0.service assuming wg0 is your desired interface.