Documentation ¶
Overview ¶
Package ipa is a Go client library for FreeIPA
Index ¶
- Constants
- type Algorithm
- type Client
- func (c *Client) AddTOTPToken(uid string, algo Algorithm, digits Digits, interval int) (*OTPToken, error)
- func (c *Client) ChangePassword(uid, old_passwd, new_passwd, otpcode string) error
- func (c *Client) ClearSession()
- func (c *Client) CreateDNSRecord(options map[string]interface{}) (*DNSRecord, error)
- func (c *Client) CreateDNSZone(options map[string]interface{}) (*DNSZone, error)
- func (c *Client) CreateGroup(gid string, description string, options map[string]interface{}) (*GroupRecord, error)
- func (c *Client) CreateUser(uid string, firstName string, lastName string, options map[string]interface{}) (*UserRecord, error)
- func (c *Client) DNSRecordMod(rec, zone, key string, value interface{}) error
- func (c *Client) DNSZoneMod(ns string, key string, value interface{}) error
- func (c *Client) DeleteDNSRecord(rec, zone string) error
- func (c *Client) DeleteDNSZone(ns string) error
- func (c *Client) DeleteGroup(gid string) error
- func (c *Client) DeleteUser(uid string) error
- func (c *Client) DisableOTPToken(tokenID string) error
- func (c *Client) EnableOTPToken(tokenID string) error
- func (c *Client) FetchOTPTokens(uid string) ([]*OTPToken, error)
- func (c *Client) GetDNSRecord(rec string, zone string) (*DNSRecord, error)
- func (c *Client) GetDNSZone(ns string) (*DNSZone, error)
- func (c *Client) GetGroup(gid string) (*GroupRecord, error)
- func (c *Client) GetGroupByGidNumber(gidNumber string) (*GroupRecord, error)
- func (c *Client) GetUser(uid string) (*UserRecord, error)
- func (c *Client) GetUserByUidNumber(uidNumber string) (*UserRecord, error)
- func (c *Client) GroupAddMember(gid string, memberId string, memberType string) error
- func (c *Client) GroupAddUser(gid string, uid string) error
- func (c *Client) GroupExists(uid string) (bool, error)
- func (c *Client) GroupMod(gid string, key string, value string) error
- func (c *Client) GroupRemoveMember(gid string, member string, memberType string) error
- func (c *Client) GroupRemoveMembers(gid string, members []string, memberType string) error
- func (c *Client) GroupRemoveUser(gid string, uid string) error
- func (c *Client) GroupRemoveUsers(gid string, uids []string) error
- func (c *Client) GroupUpdateDescription(gid string, description string) error
- func (c *Client) GroupUpdateGid(oldGid string, newGid string) error
- func (c *Client) GroupUpdateGidNumber(gid string, gidNumber string) error
- func (c *Client) Login(uid, passwd string) (string, error)
- func (c *Client) Ping() (*Response, error)
- func (c *Client) PreserveUser(uid string) error
- func (c *Client) RemoveOTPToken(tokenID string) error
- func (c *Client) ResetPassword(uid string) (string, error)
- func (c *Client) SetAuthTypes(uid string, types []string) error
- func (c *Client) SetPassword(uid, old_passwd, new_passwd, otpcode string) error
- func (c *Client) SetSession(sid string)
- func (c *Client) UpdateSSHPubKeys(uid string, keys []string) ([]string, error)
- func (c *Client) UserExists(uid string) (bool, error)
- func (c *Client) UserMod(uid string, key string, value string) error
- func (c *Client) UserSyncGroups(uid string, desired []string) error
- func (c *Client) UserUpdateEmail(uid string, email string) error
- func (c *Client) UserUpdateFirstName(uid string, firstName string) error
- func (c *Client) UserUpdateGidNumber(uid string, gidNumber string) error
- func (c *Client) UserUpdateLastName(uid string, lastName string) error
- func (c *Client) UserUpdateMobileNumber(uid string, number string) error
- func (c *Client) UserUpdateShell(uid string, email string) error
- func (c *Client) UserUpdateUid(oldUid string, newUid string) error
- func (c *Client) UserUpdateUidNumber(uid string, uidNumber string) error
- type DNSRecord
- type DNSZone
- type Digits
- type ErrInvalidPassword
- type ErrPasswordPolicy
- type GroupRecord
- type IpaBool
- type IpaDNSName
- type IpaDateTime
- type IpaError
- type IpaFloat
- type IpaInt
- type IpaString
- type LdapClient
- func (c *LdapClient) Close()
- func (c *LdapClient) DNSRecordExists(rec, zone string) (bool, error)
- func (c *LdapClient) DNSZoneExists(ns string) (bool, error)
- func (c *LdapClient) GetDNSRecord(rec, zone string) (*string, error)
- func (c *LdapClient) GetDNSZone(ns string) (*string, error)
- func (c *LdapClient) GetGroupForUUID(uuid string) (*string, error)
- func (c *LdapClient) GetUserForUUID(uuid string) (*string, error)
- func (c *LdapClient) GroupExistsForUUID(uuid string) (bool, error)
- func (c *LdapClient) Search(childDn string, filter string, attributes []string) (*ldap.SearchResult, error)
- func (c *LdapClient) UserExistsForUUID(uuid string) (bool, error)
- type OTPToken
- type Response
- type Result
- type UserRecord
Constants ¶
const ( IpaClientVersion = "2.156" IpaDatetimeFormat = "20060102150405Z" )
const ( AlgorithmSHA1 Algorithm = "SHA1" AlgorithmSHA256 = "SHA256" AlgorithmSHA384 = "SHA384" AlgorithmSHA512 = "SHA512" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Algorithm ¶
type Algorithm string
OTP Token hash Algorithms supported by FreeIPA
func (*Algorithm) UnmarshalJSON ¶
Unmarshal a FreeIPA string from an array of strings and convert to an Algorithm. Uses the first value in the array as the value of the string.
type Client ¶
type Client struct { Host string CaCert string KeyTab string Insecure bool // contains filtered or unexported fields }
FreeIPA Client
func (*Client) AddTOTPToken ¶
func (c *Client) AddTOTPToken(uid string, algo Algorithm, digits Digits, interval int) (*OTPToken, error)
Add TOTP token. Returns new OTPToken
func (*Client) ChangePassword ¶
Change user password. This will run the passwd ipa command. Optionally provide an OTP if required
func (*Client) CreateDNSRecord ¶
Create DNS Record
func (*Client) CreateDNSZone ¶
Create DNS DNSZone
func (*Client) CreateGroup ¶
func (*Client) CreateUser ¶
func (c *Client) CreateUser(uid string, firstName string, lastName string, options map[string]interface{}) (*UserRecord, error)
Create user
func (*Client) DNSRecordMod ¶
DNSRecordMod modifies DNS record
func (*Client) DNSZoneMod ¶
func (*Client) DeleteDNSRecord ¶
Delete DNS Record
func (*Client) DeleteGroup ¶
func (*Client) DisableOTPToken ¶
Disable OTP token.
func (*Client) EnableOTPToken ¶
Enable OTP token.
func (*Client) FetchOTPTokens ¶
Fetch all OTP tokens.
func (*Client) GetDNSRecord ¶
Fetch DNS zone details by call the FreeIPA user-show method
func (*Client) GetDNSZone ¶
Fetch DNS zone details by call the FreeIPA user-show method
func (*Client) GetGroup ¶
func (c *Client) GetGroup(gid string) (*GroupRecord, error)
Fetch user details by calling the FreeIPA group-show method
func (*Client) GetGroupByGidNumber ¶
func (c *Client) GetGroupByGidNumber(gidNumber string) (*GroupRecord, error)
This doesn't work for primary groups - this appears to be a deficiency in FreeIPA as it also doesn't work from the ipa CLI
func (*Client) GetUser ¶
func (c *Client) GetUser(uid string) (*UserRecord, error)
Fetch user details by call the FreeIPA user-show method
func (*Client) GetUserByUidNumber ¶
func (c *Client) GetUserByUidNumber(uidNumber string) (*UserRecord, error)
Fetch user details by call the FreeIPA user-show method
func (*Client) GroupAddMember ¶
func (*Client) GroupRemoveMember ¶
func (*Client) GroupRemoveMembers ¶
func (*Client) GroupRemoveUsers ¶
func (*Client) GroupUpdateDescription ¶
func (*Client) GroupUpdateGidNumber ¶
func (*Client) Login ¶
Login to FreeIPA with uid/passwd and set the FreeIPA session id on the client for subsequent requests.
func (*Client) RemoveOTPToken ¶
Remove OTP token
func (*Client) ResetPassword ¶
Reset user password and return new random password
func (*Client) SetAuthTypes ¶
Update user authentication types.
func (*Client) SetPassword ¶
Set user password. In FreeIPA when a password is first set or when a password is later reset it is marked as immediately expired and requires the owner to perform a password change. This function exists to allow an administrator to use mokey to send a user a link in an email and allow the user to set a new password without it being expired. This is acheived by first calling ResetPassword() then immediately calling this function.
func (*Client) UpdateSSHPubKeys ¶
Update ssh public keys for user uid. Returns the fingerprints on success.
func (*Client) UserUpdateFirstName ¶
func (*Client) UserUpdateGidNumber ¶
func (*Client) UserUpdateLastName ¶
func (*Client) UserUpdateMobileNumber ¶
type DNSRecord ¶
type DNSRecord struct { Dn string `json:"dn"` Name IpaDNSName `json:"idnsname"` TTL IpaInt `json:"dnsttl"` Class IpaString `json:"dnsclass"` Record interface{} `json:"dnsrecords"` Type IpaString `json:"dnstype"` Data IpaString `json:"dnsdata"` ARecords []string `json:"arecord"` APartIPAddress IpaString `json:"a_part_ip_address"` ACreateReverse IpaBool `json:"a_extra_create_reverse"` AAAARecords []string `json:"aaaarecord"` AAAAIPAddress IpaString `json:"aaaa_part_ip_address"` AAAACreateReverse IpaBool `json:"aaaa_extra_create_reverse"` A6Records []string `json:"a6record"` A6RecordData IpaString `json:"a6_part_data"` AFSDBRecords []string `json:"afsdbrecord"` AFSDBSubtype IpaInt `json:"afsdb_part_subtype"` AFSDBHostname IpaDNSName `json:"afsdb_part_hostname"` APLRecords []string `json:"aplrecord"` CERTRecords []string `json:"certrecord"` CERTType IpaInt `json:"cert_part_type"` CERTKeyTag IpaInt `json:"cert_part_key_tag"` CERTAlgorithm IpaInt `json:"cert_part_algorithm"` CERTCertOrCRL IpaString `json:"cert_part_certificate_or_crl"` CNameRecords []string `json:"cnamerecord"` CNAMEHostname IpaDNSName `json:"cname_part_hostname"` DHCIDRecords []string `json:"dhcidrecord"` DLVRecords []string `json:"dlvrecord"` DLVKeyTag IpaInt `json:"dlv_part_key_tag"` DLVAlgorithm IpaInt `json:"dlv_part_algorithm"` DLVDigestType IpaInt `json:"dlv_part_digest_type"` DLVDigest IpaString `json:"dlv_part_digest"` DNAMERecords []string `json:"dnamerecord"` DNAMETarget IpaDNSName `json:"dname_part_target"` DSRecords []string `json:"dsrecord"` DSKeyTag IpaInt `json:"ds_part_key_tag"` DSAlgorithm IpaInt `json:"ds_part_algorithm"` DSDigestType IpaInt `json:"ds_part_digest_type"` DSDigest IpaString `json:"ds_part_digest"` HIPRecords []string `json:"hiprecord"` IPSECKEYRecords []string `json:"ipseckeyrecord"` KeyRecords []string `json:"keyrecord"` KXRecords []string `json:"kxrecord"` KXPreference IpaInt `json:"kx_part_preference"` KXExchanger IpaDNSName `json:"kx_part_exchanger"` LOCRecord IpaString `json:"locrecord"` LOCDegLat IpaInt `json:"loc_part_lat_deg"` LOCMinLat IpaInt `json:"loc_part_lat_min"` LOCSecondsLat IpaFloat `json:"loc_part_lat_sec"` LOCDirectionLat IpaString `json:"loc_part_lat_dir"` LOCDegLong IpaInt `json:"loc_part_lon_deg"` LOCMinLong IpaInt `json:"loc_part_lon_min"` LOCSecondsLong IpaFloat `json:"loc_part_lon_sec"` LOCDirectionLong IpaString `json:"loc_part_lon_dir"` LOCAltitude IpaFloat `json:"loc_part_altitude"` LOCSize IpaFloat `json:"loc_part_size"` LOCHorizontalPrecision IpaFloat `json:"loc_part_h_precision"` LOCVerticalPrecision IpaFloat `json:"loc_part_v_precision"` MXRecords []string `json:"mxrecord"` MXPreference IpaInt `json:"mx_part_preference"` MXExchanger IpaDNSName `json:"mx_part_exchanger"` NAPTRRecord IpaString `json:"naptrrecord"` NAPTROrder IpaInt `json:"naptr_part_order"` NAPTRPartPreference IpaInt `json:"naptr_part_preference"` NAPTRFlags IpaString `json:"naptr_part_flags"` NAPTRService IpaString `json:"naptr_part_service"` NAPTRRegexp IpaString `json:"naptr_part_regexp"` NAPTRReplacement IpaString `json:"naptr_part_replacement"` NSRecords []string `json:"nsrecord"` NSHostname IpaDNSName `json:"ns_part_hostname"` NSECRecords []string `json:"nsecrecord"` PTRRecords []string `json:"ptrrecord"` PTRHostname IpaDNSName `json:"ptr_part_hostname"` RRSIGRecords []string `json:"rrsigrecord"` RPRecords []string `json:"rprecord"` SIGRecords []string `json:"sigrecord"` SPVRecords []string `json:"spfrecord"` SRVRecords []string `json:"srvrecord"` SRVPriority IpaInt `json:"srv_part_priority"` SRVWeight IpaInt `json:"srv_part_weight"` SRVPort IpaInt `json:"srv_part_port"` SRVTarget IpaDNSName `json:"srv_part_target"` SSHFPRecords []string `json:"sshfprecord"` SSHFPAlgorithm IpaInt `json:"sshfp_part_algorithm"` SSHFPFingerprintType IpaInt `json:"sshfp_part_fp_type"` SSHFPFingerprint IpaString `json:"sshfp_part_fingerprint"` TLSARecords []string `json:"tlsarecord"` TLSACertUsage IpaInt `json:"tlsa_part_cert_usage"` TLSASelector IpaInt `json:"tlsa_part_selector"` TLSAMatchingType IpaInt `json:"tlsa_part_matching_type"` TLSACertAssocData IpaString `json:"tlsa_part_cert_association_data"` TXTRecords []string `json:"txtrecord"` TXTData IpaString `json:"txt_part_data"` URIRecords []string `json:"urirecord"` URIPriority IpaInt `json:"uri_part_priority"` URIWeight IpaInt `json:"uri_part_weight"` URITargetUniformResourceID IpaString `json:"uri_part_target"` }
DNSRecord encapsulates DNS record data returned from IPA DNS Record commands
type DNSZone ¶
type DNSZone struct { Dn string `json:"dn"` Name IpaDNSName `json:"idnsname"` NameFromIP IpaString `json:"name_from_ip"` Active IpaBool `json:"idnszoneactive"` Forwarders []string `json:"idnsforwarders"` ForwardPolicy IpaString `json:"idnsforwardpolicy"` ManagedBy IpaString `json:"managedby"` AuthoritativeNameserver IpaDNSName `json:"idnssoamname"` AdministratorEmail IpaDNSName `json:"idnssoarname"` SOASerial IpaInt `json:"idnssoaserial"` SOARefresh IpaInt `json:"idnssoarefresh"` SOARetry IpaInt `json:"idnssoaretry"` SOAExpire IpaInt `json:"idnssoaexpire"` SOAMinimum IpaInt `json:"idnssoaminimum"` TTL IpaInt `json:"dnsttl"` DefaultTTL IpaInt `json:"dnsdefaultttl"` DNSClass IpaString `json:"dnsclass"` BINDUpdatePolicy IpaString `json:"idnsupdatepolicy"` DynamicUpdate IpaBool `json:"idnsallowdynupdate"` AllowQuery IpaString `json:"idnsallowquery"` AllowTransfer IpaString `json:"idnsallowtransfer"` AllowPTRSync IpaBool `json:"idnsallowsyncptr"` AllowInLineDNSSECSigning IpaBool `json:"idnssecinlinesigning"` NSEC3ParamRecord IpaString `json:"nsec3paramrecord"` }
DNSZone encapsulates DNS DNSZone data returned from ipa DNS commands
type Digits ¶
type Digits int
Number of digits each OTP token code will have
func (*Digits) UnmarshalJSON ¶
Unmarshal a FreeIPA string from an array of strings and convert to Digits. Uses the first value in the array as the value of the string.
type ErrInvalidPassword ¶
type ErrInvalidPassword struct { }
FreeIPA Invalid Password Error
func (*ErrInvalidPassword) Error ¶
func (e *ErrInvalidPassword) Error() string
type ErrPasswordPolicy ¶
type ErrPasswordPolicy struct { }
FreeIPA Password Policy Error
func (*ErrPasswordPolicy) Error ¶
func (e *ErrPasswordPolicy) Error() string
type GroupRecord ¶
type GroupRecord struct { Dn string `json:"dn"` Description IpaString `json:"description"` Gid IpaString `json:"cn"` GidNumber IpaString `json:"gidnumber"` MepManagedBy IpaString `json:"mepmanagedby"` IpaUniqueId IpaString `json:"ipauniqueid"` Users []string `json:"member_user"` HbacRules []string `json:"memberof_hbacrule"` }
type IpaBool ¶
type IpaBool bool
Custom FreeIPA bool type
func (*IpaBool) UnmarshalJSON ¶
Unmarshal a FreeIPA DNS Name from an array of strings. Uses the first value in the array as the value of the bool.
type IpaDNSName ¶
type IpaDNSName string
Custom FreeIPA DNSName type
func (*IpaDNSName) String ¶
func (s *IpaDNSName) String() string
func (*IpaDNSName) UnmarshalJSON ¶
func (s *IpaDNSName) UnmarshalJSON(b []byte) error
Unmarshal a FreeIPA string from an array of strings. Uses the first value in the array as the value of the string.
type IpaDateTime ¶
Custom FreeIPA datetime type
func (*IpaDateTime) Format ¶
func (dt *IpaDateTime) Format(layout string) string
func (*IpaDateTime) MarshalBinary ¶
func (dt *IpaDateTime) MarshalBinary() (data []byte, err error)
func (*IpaDateTime) String ¶
func (dt *IpaDateTime) String() string
func (*IpaDateTime) UnmarshalBinary ¶
func (dt *IpaDateTime) UnmarshalBinary(data []byte) error
func (*IpaDateTime) UnmarshalJSON ¶
func (dt *IpaDateTime) UnmarshalJSON(b []byte) error
Unmarshal a FreeIPA datetime. Datetimes in FreeIPA are returned using a class-hint system. Values are stored as an array with a single element indicating the type and value, for example, '[{"__datetime__": "YYYY-MM-DDTHH:MM:SSZ"]}'
type IpaFloat ¶
type IpaFloat float64
Custom FreeIPA float64 type
func (*IpaFloat) UnmarshalJSON ¶
Unmarshal a FreeIPA Float from an array of strings. Uses the first value in the array as the value of the string.
type IpaInt ¶
type IpaInt int
Custom FreeIPA int type
func (*IpaInt) UnmarshalJSON ¶
Unmarshal a FreeIPA Int from an array of strings. Uses the first value in the array as the value of the string.
type IpaString ¶
type IpaString string
Custom FreeIPA string type
func (*IpaString) UnmarshalJSON ¶
Unmarshal a FreeIPA string from an array of strings. Uses the first value in the array as the value of the string.
type LdapClient ¶
type LdapClient struct { BaseDN string Connection *ldap.Conn }
func LdapConnect ¶
func (*LdapClient) Close ¶
func (c *LdapClient) Close()
func (*LdapClient) DNSRecordExists ¶
func (c *LdapClient) DNSRecordExists(rec, zone string) (bool, error)
DNSRecordExists check if DNS record with specified zone exist
func (*LdapClient) DNSZoneExists ¶
func (c *LdapClient) DNSZoneExists(ns string) (bool, error)
func (*LdapClient) GetDNSRecord ¶
func (c *LdapClient) GetDNSRecord(rec, zone string) (*string, error)
GetDNSRecord gets record ID for specified zone
func (*LdapClient) GetDNSZone ¶
func (c *LdapClient) GetDNSZone(ns string) (*string, error)
func (*LdapClient) GetGroupForUUID ¶
func (c *LdapClient) GetGroupForUUID(uuid string) (*string, error)
func (*LdapClient) GetUserForUUID ¶
func (c *LdapClient) GetUserForUUID(uuid string) (*string, error)
func (*LdapClient) GroupExistsForUUID ¶
func (c *LdapClient) GroupExistsForUUID(uuid string) (bool, error)
func (*LdapClient) Search ¶
func (c *LdapClient) Search(childDn string, filter string, attributes []string) (*ldap.SearchResult, error)
func (*LdapClient) UserExistsForUUID ¶
func (c *LdapClient) UserExistsForUUID(uuid string) (bool, error)
type OTPToken ¶
type OTPToken struct { DN string `json:"dn"` Algorithm Algorithm `json:"ipatokenotpalgorithm"` Digits Digits `json:"ipatokenotpdigits"` Owner IpaString `json:"ipatokenowner"` TimeStep IpaString `json:"ipatokentotptimestep"` UUID IpaString `json:"ipatokenuniqueid"` ManagedBy IpaString `json:"managedby_user"` Disabled IpaString `json:"ipatokendisabled"` Type string `json:"type"` URI string `json:"uri"` }
OTPToken encapsulates FreeIPA otptokens
type Response ¶
type Response struct { Error *IpaError `json:"error"` Id string `json:"id"` Principal string `json:"principal"` Version string `json:"version"` Result *Result `json:"result"` }
Response returned from a FreeIPA JSON rpc call
type Result ¶
type Result struct { Summary string `json:"summary"` Value interface{} `json:"value"` Data json.RawMessage `json:"result"` }
Result returned from a FreeIPA JSON rpc call
type UserRecord ¶
type UserRecord struct { Dn string `json:"dn"` First IpaString `json:"givenname"` Last IpaString `json:"sn"` DisplayName IpaString `json:"displayname"` Principal IpaString `json:"krbprincipalname"` Uid IpaString `json:"uid"` UidNumber IpaString `json:"uidnumber"` GidNumber IpaString `json:"gidnumber"` Groups []string `json:"memberof_group"` SSHPubKeys []string `json:"ipasshpubkey"` SSHPubKeyFps []string `json:"sshpubkeyfp"` AuthTypes []string `json:"ipauserauthtype"` HasKeytab bool `json:"has_keytab"` HasPassword bool `json:"has_password"` Locked bool `json:"nsaccountlock"` HomeDir IpaString `json:"homedirectory"` Email IpaString `json:"mail"` Mobile IpaString `json:"mobile"` Shell IpaString `json:"loginshell"` SudoRules []string `json:"memberofindirect_sudorule"` HbacRules []string `json:"memberofindirect_hbacrule"` LastPasswdChange IpaDateTime `json:"krblastpwdchange"` PasswdExpire IpaDateTime `json:"krbpasswordexpiration"` PrincipalExpire IpaDateTime `json:"krbprincipalexpiration"` LastLoginSuccess IpaDateTime `json:"krblastsuccessfulauth"` LastLoginFail IpaDateTime `json:"krblastfailedauth"` Randompassword string `json:"randompassword"` IpaUniqueId IpaString `json:"ipauniqueid"` }
UserRecord encapsulates user data returned from ipa user commands
func (*UserRecord) HasGroup ¶
func (u *UserRecord) HasGroup(group string) bool
Returns true if the User is in group
func (*UserRecord) OTPOnly ¶
func (u *UserRecord) OTPOnly() bool
Returns true if OTP is the only authentication type enabled