ldaputil

package
v0.12.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 11, 2024 License: MPL-2.0 Imports: 22 Imported by: 14

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ConfigFields 

func ConfigFields() map[string]*framework.FieldSchema

ConfigFields returns all the config fields that can potentially be used by the LDAP client. Not all fields will be used by every integration.

func ConvertConfig added in v0.10.1 

func ConvertConfig(cfg *ConfigEntry) *capldap.ClientConfig

func EscapeLDAPValue 

func EscapeLDAPValue(input string) string

EscapeLDAPValue is exported because a plugin uses it outside this package. EscapeLDAPValue will properly escape the input string as an ldap value rfc4514 states the following must be escaped: - leading space or hash - trailing space - special characters '"', '+', ',', ';', '<', '>', '\\' - hex

Types

type Client 

type Client struct {
	Logger hclog.Logger
	LDAP   LDAP
}

func (*Client) DialLDAP 

func (c *Client) DialLDAP(cfg *ConfigEntry) (Connection, error)

func (*Client) GetLdapGroups 

func (c *Client) GetLdapGroups(cfg *ConfigEntry, conn Connection, userDN string, username string) ([]string, error)

* getLdapGroups queries LDAP and returns a slice describing the set of groups the authenticated user is a member of. * * If cfg.UseTokenGroups is true then the search is performed directly on the userDN. * The values of those attributes are converted to string SIDs, and then looked up to get ldap.Entry objects. * Otherwise, the search query is constructed according to cfg.GroupFilter, and run in context of cfg.GroupDN. * Groups will be resolved from the query results by following the attribute defined in cfg.GroupAttr. * * cfg.GroupFilter is a go template and is compiled with the following context: [UserDN, Username] * UserDN - The DN of the authenticated user * Username - The Username of the authenticated user * * Example: * cfg.GroupFilter = "(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))" * cfg.GroupDN = "OU=Groups,DC=myorg,DC=com" * cfg.GroupAttr = "cn" * * NOTE - If cfg.GroupFilter is empty, no query is performed and an empty result slice is returned. *

func (*Client) GetUserAliasAttributeValue added in v0.3.0 

func (c *Client) GetUserAliasAttributeValue(cfg *ConfigEntry, conn Connection, username string) (string, error)

* Returns the value to be used for the entity alias of this user * This is handled in one of several ways: * * 1. If DiscoverDN is set, the user will be searched for using userdn (base search path) * and userattr (the attribute that maps to the provided username) or user search filter. * The bind will either be anonymous or use binddn and bindpassword if they were provided. * 2. If upndomain is set, the alias attribte is constructed as 'username@upndomain'. *

func (*Client) GetUserBindDN 

func (c *Client) GetUserBindDN(cfg *ConfigEntry, conn Connection, username string) (string, error)

* Discover and return the bind string for the user attempting to authenticate, as well as the * value to use for the identity alias. * This is handled in one of several ways: * * 1. If DiscoverDN is set, the user object will be searched for using userdn (base search path) * and userattr (the attribute that maps to the provided username) or user search filter. * The bind will either be anonymous or use binddn and bindpassword if they were provided. * 2. If upndomain is set, the user dn and alias attribte are constructed as 'username@upndomain'. * See https://msdn.microsoft.com/en-us/library/cc223499.aspx *

func (*Client) GetUserDN 

func (c *Client) GetUserDN(cfg *ConfigEntry, conn Connection, bindDN, username string) (string, error)

* Returns the DN of the object representing the authenticated user.

func (*Client) RenderUserSearchFilter added in v0.3.0 

func (c *Client) RenderUserSearchFilter(cfg *ConfigEntry, username string) (string, error)

type ConfigEntry 

type ConfigEntry struct {
	Url                      string `json:"url"`
	UserDN                   string `json:"userdn"`
	AnonymousGroupSearch     bool   `json:"anonymous_group_search"`
	GroupDN                  string `json:"groupdn"`
	GroupFilter              string `json:"groupfilter"`
	GroupAttr                string `json:"groupattr"`
	UPNDomain                string `json:"upndomain"`
	UsernameAsAlias          bool   `json:"username_as_alias"`
	UserFilter               string `json:"userfilter"`
	UserAttr                 string `json:"userattr"`
	Certificate              string `json:"certificate"`
	InsecureTLS              bool   `json:"insecure_tls"`
	StartTLS                 bool   `json:"starttls"`
	BindDN                   string `json:"binddn"`
	BindPassword             string `json:"bindpass"`
	DenyNullBind             bool   `json:"deny_null_bind"`
	DiscoverDN               bool   `json:"discoverdn"`
	TLSMinVersion            string `json:"tls_min_version"`
	TLSMaxVersion            string `json:"tls_max_version"`
	UseTokenGroups           bool   `json:"use_token_groups"`
	UsePre111GroupCNBehavior *bool  `json:"use_pre111_group_cn_behavior"`
	RequestTimeout           int    `json:"request_timeout"`
	ConnectionTimeout        int    `json:"connection_timeout"` // deprecated: use RequestTimeout
	DerefAliases             string `json:"dereference_aliases"`
	MaximumPageSize          int    `json:"max_page_size"`

	// These json tags deviate from snake case because there was a past issue
	// where the tag was being ignored, causing it to be jsonified as "CaseSensitiveNames", etc.
	// To continue reading in users' previously stored values,
	// we chose to carry that forward.
	CaseSensitiveNames *bool  `json:"CaseSensitiveNames,omitempty"`
	ClientTLSCert      string `json:"ClientTLSCert"`
	ClientTLSKey       string `json:"ClientTLSKey"`
}

func NewConfigEntry 

func NewConfigEntry(existing *ConfigEntry, d *framework.FieldData) (*ConfigEntry, error)

* Creates and initializes a ConfigEntry object with its default values, * as specified by the passed schema.

func (*ConfigEntry) Map 

func (c *ConfigEntry) Map() map[string]interface{}

func (*ConfigEntry) PasswordlessMap 

func (c *ConfigEntry) PasswordlessMap() map[string]interface{}

func (*ConfigEntry) Validate 

func (c *ConfigEntry) Validate() error

type Connection 

type Connection interface {
	Bind(username, password string) error
	Close() error
	Add(addRequest *ldap.AddRequest) error
	Modify(modifyRequest *ldap.ModifyRequest) error
	Del(delRequest *ldap.DelRequest) error
	Search(searchRequest *ldap.SearchRequest) (*ldap.SearchResult, error)
	StartTLS(config *tls.Config) error
	SetTimeout(timeout time.Duration)
	UnauthenticatedBind(username string) error
}

Connection provides the functionality of an LDAP connection, but through an interface.

type LDAP 

type LDAP interface {
	DialURL(addr string, opts ...ldap.DialOpt) (Connection, error)
}

LDAP provides ldap functionality, but through an interface rather than statically. This allows faking it for tests.

func NewLDAP 

func NewLDAP() LDAP

type PagingConnection added in v0.6.1 

type PagingConnection interface {
	Connection
	SearchWithPaging(searchRequest *ldap.SearchRequest, pagingSize uint32) (*ldap.SearchResult, error)
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.