cpp-cyber
diff --git a/‎cmd/api/main.go‎
Lines changed: 2 additions & 1 deletion b/‎cmd/api/main.go‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎internal/auth/auth.go‎
Lines changed: 67 additions & 5 deletions b/‎internal/auth/auth.go‎
Lines changed: 67 additions & 5 deletions
@@ -29,7 +29,8 @@ func init() {
 }
 
 func main() {
-	gin.SetMode(gin.ReleaseMode)
+	// TODO: Set gin mode based on environment (development/production)
+	// gin.SetMode(gin.ReleaseMode)
 
 	// Load and parse configuration from environment variables
 	var config Config
 
@@ -2,6 +2,7 @@ package auth
 
 import (
 	"fmt"
+	"log"
 
 	ldapv3 "github.com/go-ldap/ldap/v3"
 )
@@ -38,51 +39,71 @@ type LDAPService struct {
 
 // NewLDAPService creates a new LDAP authentication service
 func NewLDAPService() (*LDAPService, error) {
+	log.Println("[DEBUG] NewLDAPService: Starting LDAP service initialization")
+
 	config, err := LoadConfig()
 	if err != nil {
+		log.Printf("[ERROR] NewLDAPService: Failed to load LDAP configuration: %v", err)
 		return nil, fmt.Errorf("failed to load LDAP configuration: %w", err)
 	}
+	log.Printf("[DEBUG] NewLDAPService: LDAP configuration loaded successfully - URL: %s, BindUser: %s", config.URL, config.BindUser)
 
 	client := NewClient(config)
 	if err := client.Connect(); err != nil {
+		log.Printf("[ERROR] NewLDAPService: Failed to connect to LDAP: %v", err)
 		return nil, fmt.Errorf("failed to connect to LDAP: %w", err)
 	}
+	log.Println("[DEBUG] NewLDAPService: LDAP client connected successfully")
 
+	log.Println("[INFO] NewLDAPService: LDAP service initialized successfully")
 	return &LDAPService{
 		client: client,
 	}, nil
 }
 
 // Authenticate performs user authentication against LDAP
 func (s *LDAPService) Authenticate(username, password string) (bool, error) {
+	log.Printf("[DEBUG] Authenticate: Starting authentication for user: %s", username)
+
 	userDN, err := s.GetUserDN(username)
 	if err != nil {
+		log.Printf("[ERROR] Authenticate: Failed to get user DN for %s: %v", username, err)
 		return false, fmt.Errorf("failed to get user DN: %v", err)
 	}
+	log.Printf("[DEBUG] Authenticate: Retrieved user DN for %s: %s", username, userDN)
 
 	// Bind as user to verify password
+	log.Printf("[DEBUG] Authenticate: Attempting to bind as user: %s", username)
 	err = s.client.Bind(userDN, password)
 	if err != nil {
+		log.Printf("[WARN] Authenticate: Authentication failed for user %s: %v", username, err)
 		return false, nil // Invalid credentials, not an error
 	}
+	log.Printf("[DEBUG] Authenticate: User bind successful for: %s", username)
 
 	// Rebind as service account for further operations
 	config := s.client.Config()
 	if config.BindUser != "" {
+		log.Printf("[DEBUG] Authenticate: Rebinding as service account: %s", config.BindUser)
 		err = s.client.Bind(config.BindUser, config.BindPassword)
 		if err != nil {
+			log.Printf("[ERROR] Authenticate: Failed to rebind as service account: %v", err)
 			return false, fmt.Errorf("failed to rebind as service account: %v", err)
 		}
+		log.Println("[DEBUG] Authenticate: Service account rebind successful")
 	}
 
+	log.Printf("[INFO] Authenticate: Authentication successful for user: %s", username)
 	return true, nil
 }
 
 // IsAdmin checks if a user is a member of the admin group
 func (s *LDAPService) IsAdmin(username string) (bool, error) {
+	log.Printf("[DEBUG] IsAdmin: Checking admin status for user: %s", username)
 	config := s.client.Config()
 
 	// Search for admin group
+	log.Printf("[DEBUG] IsAdmin: Searching for admin group: %s", config.AdminGroupDN)
 	adminGroupReq := ldapv3.NewSearchRequest(
 		config.AdminGroupDN,
 		ldapv3.ScopeWholeSubtree, ldapv3.NeverDerefAliases, 0, 0, false,
@@ -92,6 +113,7 @@ func (s *LDAPService) IsAdmin(username string) (bool, error) {
 	)
 
 	// Search for user DN
+	log.Printf("[DEBUG] IsAdmin: Searching for user DN for: %s", username)
 	userDNReq := ldapv3.NewSearchRequest(
 		config.BaseDN,
 		ldapv3.ScopeWholeSubtree, ldapv3.NeverDerefAliases, 0, 0, false,
@@ -102,53 +124,93 @@ func (s *LDAPService) IsAdmin(username string) (bool, error) {
 
 	adminGroupEntry, err := s.client.SearchEntry(adminGroupReq)
 	if err != nil {
+		log.Printf("[ERROR] IsAdmin: Failed to search admin group: %v", err)
 		return false, fmt.Errorf("failed to search admin group: %v", err)
 	}
 
 	userEntry, err := s.client.SearchEntry(userDNReq)
 	if err != nil {
+		log.Printf("[ERROR] IsAdmin: Failed to search user %s: %v", username, err)
 		return false, fmt.Errorf("failed to search user: %v", err)
 	}
 
 	if adminGroupEntry == nil {
+		log.Printf("[ERROR] IsAdmin: Admin group not found: %s", config.AdminGroupDN)
 		return false, fmt.Errorf("admin group not found")
 	}
 
 	if userEntry == nil {
+		log.Printf("[ERROR] IsAdmin: User not found: %s", username)
 		return false, fmt.Errorf("user not found")
 	}
 
+	log.Printf("[DEBUG] IsAdmin: User DN found: %s", userEntry.DN)
+	adminMembers := adminGroupEntry.GetAttributeValues("member")
+	log.Printf("[DEBUG] IsAdmin: Admin group has %d members", len(adminMembers))
+
 	// Check if user DN is in admin group members
-	for _, member := range adminGroupEntry.GetAttributeValues("member") {
+	for _, member := range adminMembers {
 		if member == userEntry.DN {
+			log.Printf("[INFO] IsAdmin: User %s is an admin", username)
 			return true, nil
 		}
 	}
 
+	log.Printf("[DEBUG] IsAdmin: User %s is not an admin", username)
 	return false, nil
 }
 
 // Close closes the LDAP connection
 func (s *LDAPService) Close() error {
-	return s.client.Disconnect()
+	log.Println("[DEBUG] Close: Closing LDAP connection")
+	err := s.client.Disconnect()
+	if err != nil {
+		log.Printf("[ERROR] Close: Failed to close LDAP connection: %v", err)
+	} else {
+		log.Println("[INFO] Close: LDAP connection closed successfully")
+	}
+	return err
 }
 
 // HealthCheck verifies that the LDAP connection is working
 func (s *LDAPService) HealthCheck() error {
-	return s.client.HealthCheck()
+	log.Println("[DEBUG] HealthCheck: Performing LDAP health check")
+	err := s.client.HealthCheck()
+	if err != nil {
+		log.Printf("[ERROR] HealthCheck: LDAP health check failed: %v", err)
+	} else {
+		log.Println("[DEBUG] HealthCheck: LDAP health check passed")
+	}
+	return err
 }
 
 // Reconnect attempts to reconnect to the LDAP server
 func (s *LDAPService) Reconnect() error {
-	return s.client.Connect()
+	log.Println("[DEBUG] Reconnect: Attempting to reconnect to LDAP server")
+	err := s.client.Connect()
+	if err != nil {
+		log.Printf("[ERROR] Reconnect: Failed to reconnect to LDAP server: %v", err)
+	} else {
+		log.Println("[INFO] Reconnect: Successfully reconnected to LDAP server")
+	}
+	return err
 }
 
 // SetPassword sets the password for a user using User struct
 func (s *LDAPService) SetPassword(user User, password string) error {
+	log.Printf("[DEBUG] SetPassword: Setting password for user: %s", user.Name)
 	userDN, err := s.GetUserDN(user.Name)
 	if err != nil {
+		log.Printf("[ERROR] SetPassword: Failed to get user DN for %s: %v", user.Name, err)
 		return fmt.Errorf("failed to get user DN: %v", err)
 	}
+	log.Printf("[DEBUG] SetPassword: Retrieved user DN: %s", userDN)
 
-	return s.SetUserPassword(userDN, password)
+	err = s.SetUserPassword(userDN, password)
+	if err != nil {
+		log.Printf("[ERROR] SetPassword: Failed to set password for user %s: %v", user.Name, err)
+	} else {
+		log.Printf("[INFO] SetPassword: Password set successfully for user: %s", user.Name)
+	}
+	return err
 }
Original file line number	Diff line number	Diff line change
`@@ -29,7 +29,8 @@ func init() {`
`29`	`29`	`}`
`30`	`30`
`31`	`31`	`func main() {`
`32`		`- gin.SetMode(gin.ReleaseMode)`
	`32`	`+ // TODO: Set gin mode based on environment (development/production)`
	`33`	`+ // gin.SetMode(gin.ReleaseMode)`
`33`	`34`
`34`	`35`	`// Load and parse configuration from environment variables`
`35`	`36`	`var config Config`