ipa

package module
v1.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 12, 2020 License: BSD-3-Clause Imports: 17 Imported by: 0

README 

===============================================================================
goipa - FreeIPA client library
===============================================================================

|godoc|

goipa is a `FreeIPA <http://www.freeipa.org/>`_ client library written in Go.
It interfaces with the FreeIPA JSON `api <https://git.fedorahosted.org/cgit/freeipa.git/tree/API.txt>`_ 
over HTTPS.

------------------------------------------------------------------------
Usage
------------------------------------------------------------------------

Install using go tools::

    $ go get github.com/ubccr/goipa

Example calling FreeIPA user-show::

    package main

    import (
        "fmt"

        "github.com/ubccr/goipa"
    )

    func main() {
        c := &ipa.Client{KeyTab: "/path/to/host.keytab", Host: "ipa.example.com"}

        rec, err := c.UserShow("uid")
        if err != nil {
            panic(err)
        }

        fmt.Println("%s - %s", rec.Uid, rec.UidNumber)
    }

------------------------------------------------------------------------
License
------------------------------------------------------------------------

goipa is released under a BSD style License. See the LICENSE file.




.. |godoc| image:: https://godoc.org/github.com/golang/gddo?status.svg
    :target: https://godoc.org/github.com/ubccr/goipa
    :alt: Godoc

Documentation

Overview

Package ipa is a Go client library for FreeIPA

Index

Constants

View Source 
const (
	IpaClientVersion  = "2.156"
	IpaDatetimeFormat = "20060102150405Z"
)
View Source 
const (
	AlgorithmSHA1   Algorithm = "SHA1"
	AlgorithmSHA256           = "SHA256"
	AlgorithmSHA384           = "SHA384"
	AlgorithmSHA512           = "SHA512"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type Algorithm 

type Algorithm string

OTP Token hash Algorithms supported by FreeIPA

func (*Algorithm) String 

func (a *Algorithm) String() string

func (*Algorithm) UnmarshalJSON 

func (a *Algorithm) UnmarshalJSON(b []byte) error

Unmarshal a FreeIPA string from an array of strings and convert to an Algorithm. Uses the first value in the array as the value of the string.

type Client 

type Client struct {
	Host     string
	CaCert   string
	KeyTab   string
	Insecure bool
	// contains filtered or unexported fields
}

FreeIPA Client

func (*Client) AddTOTPToken 

func (c *Client) AddTOTPToken(uid string, algo Algorithm, digits Digits, interval int) (*OTPToken, error)

Add TOTP token. Returns new OTPToken

func (*Client) ChangePassword 

func (c *Client) ChangePassword(uid, old_passwd, new_passwd, otpcode string) error

Change user password. This will run the passwd ipa command. Optionally provide an OTP if required

func (*Client) ClearSession 

func (c *Client) ClearSession()

Clears out FreeIPA session id

func (*Client) CreateDNSRecord 

func (c *Client) CreateDNSRecord(options map[string]interface{}) (*DNSRecord, error)

Create DNS Record

func (*Client) CreateDNSZone 

func (c *Client) CreateDNSZone(options map[string]interface{}) (*DNSZone, error)

Create DNS DNSZone

func (*Client) CreateGroup 

func (c *Client) CreateGroup(gid string, description string, options map[string]interface{}) (*GroupRecord, error)

func (*Client) CreateUser 

func (c *Client) CreateUser(uid string, firstName string, lastName string, options map[string]interface{}) (*UserRecord, error)

Create user

func (*Client) DNSRecordMod 

func (c *Client) DNSRecordMod(rec, zone, key string, value interface{}) error

DNSRecordMod modifies DNS record

func (*Client) DNSZoneMod 

func (c *Client) DNSZoneMod(ns string, key string, value interface{}) error

func (*Client) DeleteDNSRecord 

func (c *Client) DeleteDNSRecord(rec, zone string) error

Delete DNS Record

func (*Client) DeleteDNSZone 

func (c *Client) DeleteDNSZone(ns string) error

Delete DNS Zone

func (*Client) DeleteGroup 

func (c *Client) DeleteGroup(gid string) error

func (*Client) DeleteUser 

func (c *Client) DeleteUser(uid string) error

Delete user

func (*Client) DisableOTPToken 

func (c *Client) DisableOTPToken(tokenID string) error

Disable OTP token.

func (*Client) EnableOTPToken 

func (c *Client) EnableOTPToken(tokenID string) error

Enable OTP token.

func (*Client) FetchOTPTokens 

func (c *Client) FetchOTPTokens(uid string) ([]*OTPToken, error)

Fetch all OTP tokens.

func (*Client) GetDNSRecord 

func (c *Client) GetDNSRecord(rec string, zone string) (*DNSRecord, error)

Fetch DNS zone details by call the FreeIPA user-show method

func (*Client) GetDNSZone 

func (c *Client) GetDNSZone(ns string) (*DNSZone, error)

Fetch DNS zone details by call the FreeIPA user-show method

func (*Client) GetGroup 

func (c *Client) GetGroup(gid string) (*GroupRecord, error)

Fetch user details by calling the FreeIPA group-show method

func (*Client) GetGroupByGidNumber 

func (c *Client) GetGroupByGidNumber(gidNumber string) (*GroupRecord, error)

This doesn't work for primary groups - this appears to be a deficiency in FreeIPA as it also doesn't work from the ipa CLI

func (*Client) GetUser 

func (c *Client) GetUser(uid string) (*UserRecord, error)

Fetch user details by call the FreeIPA user-show method

func (*Client) GetUserByUidNumber 

func (c *Client) GetUserByUidNumber(uidNumber string) (*UserRecord, error)

Fetch user details by call the FreeIPA user-show method

func (*Client) GroupAddMember 

func (c *Client) GroupAddMember(gid string, memberId string, memberType string) error

func (*Client) GroupAddUser 

func (c *Client) GroupAddUser(gid string, uid string) error

func (*Client) GroupExists 

func (c *Client) GroupExists(uid string) (bool, error)

func (*Client) GroupMod 

func (c *Client) GroupMod(gid string, key string, value string) error

func (*Client) GroupRemoveMember 

func (c *Client) GroupRemoveMember(gid string, member string, memberType string) error

func (*Client) GroupRemoveMembers 

func (c *Client) GroupRemoveMembers(gid string, members []string, memberType string) error

func (*Client) GroupRemoveUser 

func (c *Client) GroupRemoveUser(gid string, uid string) error

func (*Client) GroupRemoveUsers 

func (c *Client) GroupRemoveUsers(gid string, uids []string) error

func (*Client) GroupUpdateDescription 

func (c *Client) GroupUpdateDescription(gid string, description string) error

func (*Client) GroupUpdateGid 

func (c *Client) GroupUpdateGid(oldGid string, newGid string) error

func (*Client) GroupUpdateGidNumber 

func (c *Client) GroupUpdateGidNumber(gid string, gidNumber string) error

func (*Client) Login 

func (c *Client) Login(uid, passwd string) (string, error)

Login to FreeIPA with uid/passwd and set the FreeIPA session id on the client for subsequent requests.

func (*Client) Ping 

func (c *Client) Ping() (*Response, error)

Ping FreeIPA server to check connection

func (*Client) PreserveUser 

func (c *Client) PreserveUser(uid string) error

Delete user

func (*Client) RemoveOTPToken 

func (c *Client) RemoveOTPToken(tokenID string) error

Remove OTP token

func (*Client) ResetPassword 

func (c *Client) ResetPassword(uid string) (string, error)

Reset user password and return new random password

func (*Client) SetAuthTypes 

func (c *Client) SetAuthTypes(uid string, types []string) error

Update user authentication types.

func (*Client) SetPassword 

func (c *Client) SetPassword(uid, old_passwd, new_passwd, otpcode string) error

Set user password. In FreeIPA when a password is first set or when a password is later reset it is marked as immediately expired and requires the owner to perform a password change. This function exists to allow an administrator to use mokey to send a user a link in an email and allow the user to set a new password without it being expired. This is acheived by first calling ResetPassword() then immediately calling this function.

func (*Client) SetSession 

func (c *Client) SetSession(sid string)

Set FreeIPA session id

func (*Client) UpdateSSHPubKeys 

func (c *Client) UpdateSSHPubKeys(uid string, keys []string) ([]string, error)

Update ssh public keys for user uid. Returns the fingerprints on success.

func (*Client) UserExists 

func (c *Client) UserExists(uid string) (bool, error)

func (*Client) UserMod 

func (c *Client) UserMod(uid string, key string, value string) error

func (*Client) UserSyncGroups 

func (c *Client) UserSyncGroups(uid string, desired []string) error

func (*Client) UserUpdateEmail 

func (c *Client) UserUpdateEmail(uid string, email string) error

func (*Client) UserUpdateFirstName 

func (c *Client) UserUpdateFirstName(uid string, firstName string) error

func (*Client) UserUpdateGidNumber 

func (c *Client) UserUpdateGidNumber(uid string, gidNumber string) error

func (*Client) UserUpdateLastName 

func (c *Client) UserUpdateLastName(uid string, lastName string) error

func (*Client) UserUpdateMobileNumber 

func (c *Client) UserUpdateMobileNumber(uid string, number string) error

func (*Client) UserUpdateShell 

func (c *Client) UserUpdateShell(uid string, email string) error

func (*Client) UserUpdateUid 

func (c *Client) UserUpdateUid(oldUid string, newUid string) error

func (*Client) UserUpdateUidNumber 

func (c *Client) UserUpdateUidNumber(uid string, uidNumber string) error

type DNSRecord 

type DNSRecord struct {
	Dn                         string      `json:"dn"`
	Name                       IpaDNSName  `json:"idnsname"`
	TTL                        IpaInt      `json:"dnsttl"`
	Class                      IpaString   `json:"dnsclass"`
	Record                     interface{} `json:"dnsrecords"`
	Type                       IpaString   `json:"dnstype"`
	Data                       IpaString   `json:"dnsdata"`
	ARecords                   []string    `json:"arecord"`
	APartIPAddress             IpaString   `json:"a_part_ip_address"`
	ACreateReverse             IpaBool     `json:"a_extra_create_reverse"`
	AAAARecords                []string    `json:"aaaarecord"`
	AAAAIPAddress              IpaString   `json:"aaaa_part_ip_address"`
	AAAACreateReverse          IpaBool     `json:"aaaa_extra_create_reverse"`
	A6Records                  []string    `json:"a6record"`
	A6RecordData               IpaString   `json:"a6_part_data"`
	AFSDBRecords               []string    `json:"afsdbrecord"`
	AFSDBSubtype               IpaInt      `json:"afsdb_part_subtype"`
	AFSDBHostname              IpaDNSName  `json:"afsdb_part_hostname"`
	APLRecords                 []string    `json:"aplrecord"`
	CERTRecords                []string    `json:"certrecord"`
	CERTType                   IpaInt      `json:"cert_part_type"`
	CERTKeyTag                 IpaInt      `json:"cert_part_key_tag"`
	CERTAlgorithm              IpaInt      `json:"cert_part_algorithm"`
	CERTCertOrCRL              IpaString   `json:"cert_part_certificate_or_crl"`
	CNameRecords               []string    `json:"cnamerecord"`
	CNAMEHostname              IpaDNSName  `json:"cname_part_hostname"`
	DHCIDRecords               []string    `json:"dhcidrecord"`
	DLVRecords                 []string    `json:"dlvrecord"`
	DLVKeyTag                  IpaInt      `json:"dlv_part_key_tag"`
	DLVAlgorithm               IpaInt      `json:"dlv_part_algorithm"`
	DLVDigestType              IpaInt      `json:"dlv_part_digest_type"`
	DLVDigest                  IpaString   `json:"dlv_part_digest"`
	DNAMERecords               []string    `json:"dnamerecord"`
	DNAMETarget                IpaDNSName  `json:"dname_part_target"`
	DSRecords                  []string    `json:"dsrecord"`
	DSKeyTag                   IpaInt      `json:"ds_part_key_tag"`
	DSAlgorithm                IpaInt      `json:"ds_part_algorithm"`
	DSDigestType               IpaInt      `json:"ds_part_digest_type"`
	DSDigest                   IpaString   `json:"ds_part_digest"`
	HIPRecords                 []string    `json:"hiprecord"`
	IPSECKEYRecords            []string    `json:"ipseckeyrecord"`
	KeyRecords                 []string    `json:"keyrecord"`
	KXRecords                  []string    `json:"kxrecord"`
	KXPreference               IpaInt      `json:"kx_part_preference"`
	KXExchanger                IpaDNSName  `json:"kx_part_exchanger"`
	LOCRecord                  IpaString   `json:"locrecord"`
	LOCDegLat                  IpaInt      `json:"loc_part_lat_deg"`
	LOCMinLat                  IpaInt      `json:"loc_part_lat_min"`
	LOCSecondsLat              IpaFloat    `json:"loc_part_lat_sec"`
	LOCDirectionLat            IpaString   `json:"loc_part_lat_dir"`
	LOCDegLong                 IpaInt      `json:"loc_part_lon_deg"`
	LOCMinLong                 IpaInt      `json:"loc_part_lon_min"`
	LOCSecondsLong             IpaFloat    `json:"loc_part_lon_sec"`
	LOCDirectionLong           IpaString   `json:"loc_part_lon_dir"`
	LOCAltitude                IpaFloat    `json:"loc_part_altitude"`
	LOCSize                    IpaFloat    `json:"loc_part_size"`
	LOCHorizontalPrecision     IpaFloat    `json:"loc_part_h_precision"`
	LOCVerticalPrecision       IpaFloat    `json:"loc_part_v_precision"`
	MXRecords                  []string    `json:"mxrecord"`
	MXPreference               IpaInt      `json:"mx_part_preference"`
	MXExchanger                IpaDNSName  `json:"mx_part_exchanger"`
	NAPTRRecord                IpaString   `json:"naptrrecord"`
	NAPTROrder                 IpaInt      `json:"naptr_part_order"`
	NAPTRPartPreference        IpaInt      `json:"naptr_part_preference"`
	NAPTRFlags                 IpaString   `json:"naptr_part_flags"`
	NAPTRService               IpaString   `json:"naptr_part_service"`
	NAPTRRegexp                IpaString   `json:"naptr_part_regexp"`
	NAPTRReplacement           IpaString   `json:"naptr_part_replacement"`
	NSRecords                  []string    `json:"nsrecord"`
	NSHostname                 IpaDNSName  `json:"ns_part_hostname"`
	NSECRecords                []string    `json:"nsecrecord"`
	PTRRecords                 []string    `json:"ptrrecord"`
	PTRHostname                IpaDNSName  `json:"ptr_part_hostname"`
	RRSIGRecords               []string    `json:"rrsigrecord"`
	RPRecords                  []string    `json:"rprecord"`
	SIGRecords                 []string    `json:"sigrecord"`
	SPVRecords                 []string    `json:"spfrecord"`
	SRVRecords                 []string    `json:"srvrecord"`
	SRVPriority                IpaInt      `json:"srv_part_priority"`
	SRVWeight                  IpaInt      `json:"srv_part_weight"`
	SRVPort                    IpaInt      `json:"srv_part_port"`
	SRVTarget                  IpaDNSName  `json:"srv_part_target"`
	SSHFPRecords               []string    `json:"sshfprecord"`
	SSHFPAlgorithm             IpaInt      `json:"sshfp_part_algorithm"`
	SSHFPFingerprintType       IpaInt      `json:"sshfp_part_fp_type"`
	SSHFPFingerprint           IpaString   `json:"sshfp_part_fingerprint"`
	TLSARecords                []string    `json:"tlsarecord"`
	TLSACertUsage              IpaInt      `json:"tlsa_part_cert_usage"`
	TLSASelector               IpaInt      `json:"tlsa_part_selector"`
	TLSAMatchingType           IpaInt      `json:"tlsa_part_matching_type"`
	TLSACertAssocData          IpaString   `json:"tlsa_part_cert_association_data"`
	TXTRecords                 []string    `json:"txtrecord"`
	TXTData                    IpaString   `json:"txt_part_data"`
	URIRecords                 []string    `json:"urirecord"`
	URIPriority                IpaInt      `json:"uri_part_priority"`
	URIWeight                  IpaInt      `json:"uri_part_weight"`
	URITargetUniformResourceID IpaString   `json:"uri_part_target"`
}

DNSRecord encapsulates DNS record data returned from IPA DNS Record commands

type DNSZone 

type DNSZone struct {
	Dn                       string     `json:"dn"`
	Name                     IpaDNSName `json:"idnsname"`
	NameFromIP               IpaString  `json:"name_from_ip"`
	Active                   IpaBool    `json:"idnszoneactive"`
	Forwarders               []string   `json:"idnsforwarders"`
	ForwardPolicy            IpaString  `json:"idnsforwardpolicy"`
	ManagedBy                IpaString  `json:"managedby"`
	AuthoritativeNameserver  IpaDNSName `json:"idnssoamname"`
	AdministratorEmail       IpaDNSName `json:"idnssoarname"`
	SOASerial                IpaInt     `json:"idnssoaserial"`
	SOARefresh               IpaInt     `json:"idnssoarefresh"`
	SOARetry                 IpaInt     `json:"idnssoaretry"`
	SOAExpire                IpaInt     `json:"idnssoaexpire"`
	SOAMinimum               IpaInt     `json:"idnssoaminimum"`
	TTL                      IpaInt     `json:"dnsttl"`
	DefaultTTL               IpaInt     `json:"dnsdefaultttl"`
	DNSClass                 IpaString  `json:"dnsclass"`
	BINDUpdatePolicy         IpaString  `json:"idnsupdatepolicy"`
	DynamicUpdate            IpaBool    `json:"idnsallowdynupdate"`
	AllowQuery               IpaString  `json:"idnsallowquery"`
	AllowTransfer            IpaString  `json:"idnsallowtransfer"`
	AllowPTRSync             IpaBool    `json:"idnsallowsyncptr"`
	AllowInLineDNSSECSigning IpaBool    `json:"idnssecinlinesigning"`
	NSEC3ParamRecord         IpaString  `json:"nsec3paramrecord"`
}

DNSZone encapsulates DNS DNSZone data returned from ipa DNS commands

type Digits 

type Digits int

Number of digits each OTP token code will have 

const (
	DigitsSix   Digits = 6
	DigitsEight Digits = 8
)

func (*Digits) String 

func (d *Digits) String() string

func (*Digits) UnmarshalJSON 

func (d *Digits) UnmarshalJSON(b []byte) error

Unmarshal a FreeIPA string from an array of strings and convert to Digits. Uses the first value in the array as the value of the string.

type ErrInvalidPassword 

type ErrInvalidPassword struct {
}

FreeIPA Invalid Password Error

func (*ErrInvalidPassword) Error 

func (e *ErrInvalidPassword) Error() string

type ErrPasswordPolicy 

type ErrPasswordPolicy struct {
}

FreeIPA Password Policy Error

func (*ErrPasswordPolicy) Error 

func (e *ErrPasswordPolicy) Error() string

type GroupRecord 

type GroupRecord struct {
	Dn           string    `json:"dn"`
	Description  IpaString `json:"description"`
	Gid          IpaString `json:"cn"`
	GidNumber    IpaString `json:"gidnumber"`
	MepManagedBy IpaString `json:"mepmanagedby"`
	IpaUniqueId  IpaString `json:"ipauniqueid"`
	Users        []string  `json:"member_user"`
	HbacRules    []string  `json:"memberof_hbacrule"`
}

type IpaBool 

type IpaBool bool

Custom FreeIPA bool type

func (*IpaBool) UnmarshalJSON 

func (s *IpaBool) UnmarshalJSON(b []byte) error

Unmarshal a FreeIPA DNS Name from an array of strings. Uses the first value in the array as the value of the bool.

type IpaDNSName 

type IpaDNSName string

Custom FreeIPA DNSName type

func (*IpaDNSName) String 

func (s *IpaDNSName) String() string

func (*IpaDNSName) UnmarshalJSON 

func (s *IpaDNSName) UnmarshalJSON(b []byte) error

Unmarshal a FreeIPA string from an array of strings. Uses the first value in the array as the value of the string.

type IpaDateTime 

type IpaDateTime time.Time

Custom FreeIPA datetime type

func (*IpaDateTime) Format 

func (dt *IpaDateTime) Format(layout string) string

func (*IpaDateTime) MarshalBinary 

func (dt *IpaDateTime) MarshalBinary() (data []byte, err error)

func (*IpaDateTime) String 

func (dt *IpaDateTime) String() string

func (*IpaDateTime) UnmarshalBinary 

func (dt *IpaDateTime) UnmarshalBinary(data []byte) error

func (*IpaDateTime) UnmarshalJSON 

func (dt *IpaDateTime) UnmarshalJSON(b []byte) error

Unmarshal a FreeIPA datetime. Datetimes in FreeIPA are returned using a class-hint system. Values are stored as an array with a single element indicating the type and value, for example, '[{"__datetime__": "YYYY-MM-DDTHH:MM:SSZ"]}'

type IpaError 

type IpaError struct {
	Message string
	Code    int
}

FreeIPA error

func (*IpaError) Error 

func (e *IpaError) Error() string

type IpaFloat 

type IpaFloat float64

Custom FreeIPA float64 type

func (*IpaFloat) UnmarshalJSON 

func (s *IpaFloat) UnmarshalJSON(b []byte) error

Unmarshal a FreeIPA Float from an array of strings. Uses the first value in the array as the value of the string.

type IpaInt 

type IpaInt int

Custom FreeIPA int type

func (*IpaInt) UnmarshalJSON 

func (s *IpaInt) UnmarshalJSON(b []byte) error

Unmarshal a FreeIPA Int from an array of strings. Uses the first value in the array as the value of the string.

type IpaString 

type IpaString string

Custom FreeIPA string type

func (*IpaString) String 

func (s *IpaString) String() string

func (*IpaString) UnmarshalJSON 

func (s *IpaString) UnmarshalJSON(b []byte) error

Unmarshal a FreeIPA string from an array of strings. Uses the first value in the array as the value of the string.

type LdapClient 

type LdapClient struct {
	BaseDN     string
	Connection *ldap.Conn
}

func LdapConnect 

func LdapConnect(host string, baseDn string, username string, password string) (*LdapClient, error)

func (*LdapClient) Close 

func (c *LdapClient) Close()

func (*LdapClient) DNSRecordExists 

func (c *LdapClient) DNSRecordExists(rec, zone string) (bool, error)

DNSRecordExists check if DNS record with specified zone exist

func (*LdapClient) DNSZoneExists 

func (c *LdapClient) DNSZoneExists(ns string) (bool, error)

func (*LdapClient) GetDNSRecord 

func (c *LdapClient) GetDNSRecord(rec, zone string) (*string, error)

GetDNSRecord gets record ID for specified zone

func (*LdapClient) GetDNSZone 

func (c *LdapClient) GetDNSZone(ns string) (*string, error)

func (*LdapClient) GetGroupForUUID 

func (c *LdapClient) GetGroupForUUID(uuid string) (*string, error)

func (*LdapClient) GetUserForUUID 

func (c *LdapClient) GetUserForUUID(uuid string) (*string, error)

func (*LdapClient) GroupExistsForUUID 

func (c *LdapClient) GroupExistsForUUID(uuid string) (bool, error)

func (*LdapClient) Search 

func (c *LdapClient) Search(childDn string, filter string, attributes []string) (*ldap.SearchResult, error)

func (*LdapClient) UserExistsForUUID 

func (c *LdapClient) UserExistsForUUID(uuid string) (bool, error)

type OTPToken 

type OTPToken struct {
	DN        string    `json:"dn"`
	Algorithm Algorithm `json:"ipatokenotpalgorithm"`
	Digits    Digits    `json:"ipatokenotpdigits"`
	Owner     IpaString `json:"ipatokenowner"`
	TimeStep  IpaString `json:"ipatokentotptimestep"`
	UUID      IpaString `json:"ipatokenuniqueid"`
	ManagedBy IpaString `json:"managedby_user"`
	Disabled  IpaString `json:"ipatokendisabled"`
	Type      string    `json:"type"`
	URI       string    `json:"uri"`
}

OTPToken encapsulates FreeIPA otptokens

func (*OTPToken) Enabled 

func (t *OTPToken) Enabled() bool

type Response 

type Response struct {
	Error     *IpaError `json:"error"`
	Id        string    `json:"id"`
	Principal string    `json:"principal"`
	Version   string    `json:"version"`
	Result    *Result   `json:"result"`
}

Response returned from a FreeIPA JSON rpc call

type Result 

type Result struct {
	Summary string          `json:"summary"`
	Value   interface{}     `json:"value"`
	Data    json.RawMessage `json:"result"`
}

Result returned from a FreeIPA JSON rpc call

type UserRecord 

type UserRecord struct {
	Dn               string      `json:"dn"`
	First            IpaString   `json:"givenname"`
	Last             IpaString   `json:"sn"`
	DisplayName      IpaString   `json:"displayname"`
	Principal        IpaString   `json:"krbprincipalname"`
	Uid              IpaString   `json:"uid"`
	UidNumber        IpaString   `json:"uidnumber"`
	GidNumber        IpaString   `json:"gidnumber"`
	Groups           []string    `json:"memberof_group"`
	SSHPubKeys       []string    `json:"ipasshpubkey"`
	SSHPubKeyFps     []string    `json:"sshpubkeyfp"`
	AuthTypes        []string    `json:"ipauserauthtype"`
	HasKeytab        bool        `json:"has_keytab"`
	HasPassword      bool        `json:"has_password"`
	Locked           bool        `json:"nsaccountlock"`
	HomeDir          IpaString   `json:"homedirectory"`
	Email            IpaString   `json:"mail"`
	Mobile           IpaString   `json:"mobile"`
	Shell            IpaString   `json:"loginshell"`
	SudoRules        []string    `json:"memberofindirect_sudorule"`
	HbacRules        []string    `json:"memberofindirect_hbacrule"`
	LastPasswdChange IpaDateTime `json:"krblastpwdchange"`
	PasswdExpire     IpaDateTime `json:"krbpasswordexpiration"`
	PrincipalExpire  IpaDateTime `json:"krbprincipalexpiration"`
	LastLoginSuccess IpaDateTime `json:"krblastsuccessfulauth"`
	LastLoginFail    IpaDateTime `json:"krblastfailedauth"`
	Randompassword   string      `json:"randompassword"`
	IpaUniqueId      IpaString   `json:"ipauniqueid"`
}

UserRecord encapsulates user data returned from ipa user commands

func (*UserRecord) HasGroup 

func (u *UserRecord) HasGroup(group string) bool

Returns true if the User is in group

func (*UserRecord) OTPOnly 

func (u *UserRecord) OTPOnly() bool

Returns true if OTP is the only authentication type enabled

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.