ldap

package
v2.0.17 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 15, 2024 License: AGPL-3.0 Imports: 9 Imported by: 2

Documentation

Overview

Package ldap defines the LDAP configuration object and methods used by the MinIO server.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func LookupDN added in v2.0.15 

func LookupDN(conn *ldap.Conn, dn string) (string, error)

LookupDN looks up the DN and returns the normalized DN. It only performs a base object search to check if the DN exists. If the DN does not exist on the server, it returns an empty string and a nil error.

func NormalizeDN added in v2.0.14 

func NormalizeDN(dn string) (string, error)

NormalizeDN normalizes the DN. The ldap library here mainly lowercases the attribute type names in the DN.

Types

type BaseDNInfo added in v2.0.15 

type BaseDNInfo struct {
	// User provided base DN.
	Original string
	// DN string returned by the LDAP server. This value is used as the
	// canonical form of the DN.
	ServerDN string
	// Parsed DN (from `ServerDN` value, not `Original`).
	Parsed *ldap.DN
}

BaseDNInfo contains information about a base DN.

type Config 

type Config struct {
	Enabled bool

	// E.g. "ldap.minio.io:636"
	ServerAddr     string
	SRVRecordName  string
	TLSSkipVerify  bool // allows skipping TLS verification
	ServerInsecure bool // allows plain text connection to LDAP server
	ServerStartTLS bool // allows using StartTLS connection to LDAP server
	RootCAs        *x509.CertPool

	// Lookup bind LDAP service account
	LookupBindDN       string
	LookupBindPassword string

	// User DN search parameters
	UserDNSearchBaseDistName string
	// this is a computed value from UserDNSearchBaseDistName
	UserDNSearchBaseDistNames []BaseDNInfo
	UserDNSearchFilter        string

	// Group search parameters
	GroupSearchBaseDistName string
	// this is a computed value from GroupSearchBaseDistName
	GroupSearchBaseDistNames []BaseDNInfo
	GroupSearchFilter        string
}

Config contains configuration to connect to an LDAP server.

func (*Config) Clone 

func (l *Config) Clone() (cloned Config)

Clone creates a copy of the config.

func (*Config) Connect 

func (l *Config) Connect() (ldapConn *ldap.Conn, err error)

Connect connect to ldap server.

func (*Config) LookupBind 

func (l *Config) LookupBind(conn *ldap.Conn) error

LookupBind connects to LDAP server using the bind user credentials.

func (*Config) LookupUserDN 

func (l *Config) LookupUserDN(conn *ldap.Conn, username string) (string, error)

LookupUserDN searches for the DN of the user given their username. conn is assumed to be using the lookup bind service account.

It is required that the search result in at most one result.

If the user does not exist, an error is returned that starts with: 

"User DN not found for:"

func (*Config) SearchForUserGroups 

func (l *Config) SearchForUserGroups(conn *ldap.Conn, username, bindDN string) ([]string, error)

SearchForUserGroups finds the groups of the user.

func (*Config) Validate 

func (l *Config) Validate() Validation

Validate validates the LDAP configuration. It can be called with any subset of configuration parameters provided by the user - it will return information on what needs to be done to fix the problem if any.

This function updates the UserDNSearchBaseDistNames and GroupSearchBaseDistNames fields of the Config - however this an idempotent operation. This is done to support configuration validation in Console/mc and for tests.

func (*Config) ValidateLookup 

func (l *Config) ValidateLookup(testUsername string) (*UserLookupResult, Validation)

ValidateLookup takes a test username and performs user and group lookup (if configured) and returns the result. It is to validate the LDAP configuration. The lookup is performed without requiring the password for the test user - and so can be used to test any LDAP user intending to use MinIO.

type Result 

type Result string

Result - type for high-level names for the validation status of the config. 

const (
	ConfigOk                       Result = "Config OK"
	ConnectivityError              Result = "LDAP Server Connection Error"
	ConnectionParamMisconfigured   Result = "LDAP Server Connection Parameters Misconfigured"
	LookupBindError                Result = "LDAP Lookup Bind Error"
	UserSearchParamsMisconfigured  Result = "User Search Parameters Misconfigured"
	GroupSearchParamsMisconfigured Result = "Group Search Parameters Misconfigured"
	UserDNLookupError              Result = "User DN Lookup Error"
	GroupMembershipsLookupError    Result = "Group Memberships Lookup Error"
)

Constant values for Result type.

type UserLookupResult 

type UserLookupResult struct {
	DN                 string
	GroupDNMemberships []string
}

UserLookupResult returns the DN found for the test user and their group memberships.

type Validation 

type Validation struct {
	Result     Result
	Detail     string
	Suggestion string
	ErrCause   error
}

Validation returns feedback on the configuration. The `Suggestion` field needs to be "printed" for friendly display (it can contain escaped newlines `\n`).

func (Validation) Error 

func (v Validation) Error() string

Error instance for Validation.

func (Validation) FormatError 

func (v Validation) FormatError() string

FormatError returns detailed validation error information.

func (Validation) IsOk 

func (v Validation) IsOk() bool

IsOk - returns if the validation succeeded.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.