Documentation ¶
Index ¶
- Constants
- Variables
- type AttributeMap
- type Config
- type IConnection
- type IMultiLDAP
- type IServer
- type MultiLDAP
- type Server
- func (server *Server) AdminBind() error
- func (server *Server) Bind() error
- func (server *Server) Close()
- func (server *Server) Dial() error
- func (server *Server) Login(query *types.LoginData) (*models.User, error)
- func (server *Server) UserBind(username, password string) error
- func (server *Server) Users(logins []string) ([]*models.User, error)
- type ServerConfig
- type ServerStatus
Constants ¶
const UsersMaxRequest = 500
UsersMaxRequest is a max amount of users we can request via Users(). Since many LDAP servers has limitations on how much items can we return in one request
Variables ¶
var ( // ErrInvalidCredentials is returned if username and password do not match ErrInvalidCredentials = errors.New("invalid username or password") // ErrCouldNotFindUser is returned when username hasn't been found (not username+password) ErrCouldNotFindUser = errors.New("can't find user in LDAP") )
var ErrDidNotFindUser = errors.New("did not find a user")
ErrDidNotFindUser if request for user is unsuccessful
var ErrNoLDAPServers = errors.New("no LDAP servers are configured")
ErrNoLDAPServers is returned when there is no LDAP servers specified
Functions ¶
This section is empty.
Types ¶
type AttributeMap ¶
type AttributeMap struct { Username string `json:"username"` Name string `json:"name"` // Surname string `json:"surname"` Email string `json:"email"` MemberOf string `json:"member_of"` }
AttributeMap is a struct representation for LDAP "attributes" setting
type Config ¶
type Config struct {
Servers []*ServerConfig `json:"servers"`
}
Config holds list of connections to LDAP
type IConnection ¶
type IConnection interface { Bind(username, password string) error UnauthenticatedBind(username string) error Add(*goldap.AddRequest) error Del(*goldap.DelRequest) error Search(*goldap.SearchRequest) (*goldap.SearchResult, error) StartTLS(*tls.Config) error Close() }
LDAP 连接服务端接口interface
type IMultiLDAP ¶
type IMultiLDAP interface { Ping() ([]*ServerStatus, error) Login(query *types.LoginData) ( *models.User, error, ) Users(logins []string) ( []*models.User, error, ) User(login string) ( *models.User, ServerConfig, error, ) }
IMultiLDAP is interface for MultiLDAP
func NewMultiLDAP ¶
func NewMultiLDAP(configs []*ServerConfig) IMultiLDAP
New creates the new LDAP auth
type IServer ¶
type IServer interface { Login(data *types.LoginData) (*models.User, error) Users([]string) ([]*models.User, error) Bind() error UserBind(string, string) error Dial() error Close() }
IServer LDAP 服务端认证接口interface
func NewLDAPServer ¶
func NewLDAPServer(config *ServerConfig) IServer
New creates the new LDAP connection
type MultiLDAP ¶
type MultiLDAP struct {
// contains filtered or unexported fields
}
MultiLDAP is basic struct of LDAP authorization
func (*MultiLDAP) Ping ¶
func (multiples *MultiLDAP) Ping() ([]*ServerStatus, error)
Ping dials each of the LDAP servers and returns their status. If the server is unavailable, it also returns the error.
type Server ¶
type Server struct { Config *ServerConfig Connection IConnection }
Server is basic struct of LDAP authorization
func (*Server) AdminBind ¶
AdminBind binds "admin" user with LDAP Dial() sets the connection with the server for this Struct. Therefore, we require a call to Dial() before being able to execute this function.
func (*Server) Bind ¶
Bind authenticates the connection with the LDAP server - with the username and password setup in the config - or, anonymously
Dial() sets the connection with the server for this Struct. Therefore, we require a call to Dial() before being able to execute this function.
func (*Server) Close ¶
func (server *Server) Close()
Close closes the LDAP connection Dial() sets the connection with the server for this Struct. Therefore, we require a call to Dial() before being able to execute this function.
func (*Server) Login ¶
Login the user. There are several cases - 1. "admin" user Bind the "admin" user (defined in Grafana config file) which has the search privileges in LDAP server, then we search the targeted user through that bind, then the second perform the bind via passed login/password. 2. Single bind // If all the users meant to be used with Grafana have the ability to search in LDAP server then we bind with LDAP server with targeted login/password and then search for the said user in order to retrieve all the information about them 3. Unauthenticated bind For some LDAP configurations it is allowed to search the user without login/password binding with LDAP server, in such case we will perform "unauthenticated bind", then search for the targeted user and then perform the bind with passed login/password.
Dial() sets the connection with the server for this Struct. Therefore, we require a call to Dial() before being able to execute this function.
type ServerConfig ¶
type ServerConfig struct { Host string `json:"host"` Port int `json:"port"` UseSSL bool `json:"use_ssl"` StartTLS bool `json:"start_tls"` SkipVerifySSL bool `json:"ssl_skip_verify"` RootCACert string `json:"root_ca_cert"` ClientCert string `json:"client_cert"` ClientKey string `json:"client_key"` BindDN string `json:"bind_dn"` BindPassword string `json:"bind_password"` Attr AttributeMap `json:"attributes"` SearchFilter string `json:"search_filter"` SearchBaseDNs []string `json:"search_base_dns"` GroupSearchFilter string `json:"group_search_filter"` GroupSearchFilterUserAttribute string `json:"group_search_filter_user_attribute"` GroupSearchBaseDNs []string `json:"group_search_base_dns"` }
ServerConfig holds connection data to LDAP