domains

package
v0.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 7, 2023 License: MIT Imports: 1 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Client 

type Client struct {
	// contains filtered or unexported fields
}

func New 

func New(c HTTPClient) *Client

func (*Client) Create 

func (c *Client) Create(ctx context.Context, req *CreateRequest) (*CreateResponse, error)

Create Add an authentication server.

func (*Client) Delete 

func (c *Client) Delete(ctx context.Context, req *DeleteRequest) (*DeleteResponse, error)

Delete Delete an authentication server.

func (*Client) Find 

func (c *Client) Find(ctx context.Context, req *FindRequest) error

Find Get auth server configuration.

func (*Client) Index 

func (c *Client) Index(ctx context.Context) (*IndexResponse, error)

Index Authentication domain index.

func (*Client) Sync 

func (c *Client) Sync(ctx context.Context, req *SyncRequest) (*SyncResponse, error)

Sync Syncs users and/or groups from the configured LDAP to user.cfg. NOTE: Synced groups will have the name 'name-$realm', so make sure those groups do not exist to prevent overwriting.

func (*Client) Update 

func (c *Client) Update(ctx context.Context, req *UpdateRequest) (*UpdateResponse, error)

Update Update authentication server settings.

type CreateRequest 

type CreateRequest struct {
	Realm string `url:"realm",json:"realm"` // Authentication domain ID
	Type  string `url:"type",json:"type"`   // Realm type.

	// The following parameters are optional
	AcrValues           *string `url:"acr-values,omitempty",json:"acr-values,omitempty"`                       // Specifies the Authentication Context Class Reference values that theAuthorization Server is being requested to use for the Auth Request.
	Autocreate          *bool   `url:"autocreate,omitempty",json:"autocreate,omitempty"`                       // Automatically create users if they do not exist.
	BaseDn              *string `url:"base_dn,omitempty",json:"base_dn,omitempty"`                             // LDAP base domain name
	BindDn              *string `url:"bind_dn,omitempty",json:"bind_dn,omitempty"`                             // LDAP bind domain name
	Capath              *string `url:"capath,omitempty",json:"capath,omitempty"`                               // Path to the CA certificate store
	CaseSensitive       *bool   `url:"case-sensitive,omitempty",json:"case-sensitive,omitempty"`               // username is case-sensitive
	Cert                *string `url:"cert,omitempty",json:"cert,omitempty"`                                   // Path to the client certificate
	Certkey             *string `url:"certkey,omitempty",json:"certkey,omitempty"`                             // Path to the client certificate key
	ClientId            *string `url:"client-id,omitempty",json:"client-id,omitempty"`                         // OpenID Client ID
	ClientKey           *string `url:"client-key,omitempty",json:"client-key,omitempty"`                       // OpenID Client Key
	Comment             *string `url:"comment,omitempty",json:"comment,omitempty"`                             // Description.
	Default             *bool   `url:"default,omitempty",json:"default,omitempty"`                             // Use this as default realm
	Domain              *string `url:"domain,omitempty",json:"domain,omitempty"`                               // AD domain name
	Filter              *string `url:"filter,omitempty",json:"filter,omitempty"`                               // LDAP filter for user sync.
	GroupClasses        *string `url:"group_classes,omitempty",json:"group_classes,omitempty"`                 // The objectclasses for groups.
	GroupDn             *string `url:"group_dn,omitempty",json:"group_dn,omitempty"`                           // LDAP base domain name for group sync. If not set, the base_dn will be used.
	GroupFilter         *string `url:"group_filter,omitempty",json:"group_filter,omitempty"`                   // LDAP filter for group sync.
	GroupNameAttr       *string `url:"group_name_attr,omitempty",json:"group_name_attr,omitempty"`             // LDAP attribute representing a groups name. If not set or found, the first value of the DN will be used as name.
	IssuerUrl           *string `url:"issuer-url,omitempty",json:"issuer-url,omitempty"`                       // OpenID Issuer Url
	Mode                *string `url:"mode,omitempty",json:"mode,omitempty"`                                   // LDAP protocol mode.
	Password            *string `url:"password,omitempty",json:"password,omitempty"`                           // LDAP bind password. Will be stored in '/etc/pve/priv/realm/<REALM>.pw'.
	Port                *int    `url:"port,omitempty",json:"port,omitempty"`                                   // Server port.
	Prompt              *string `url:"prompt,omitempty",json:"prompt,omitempty"`                               // Specifies whether the Authorization Server prompts the End-User for reauthentication and consent.
	Scopes              *string `url:"scopes,omitempty",json:"scopes,omitempty"`                               // Specifies the scopes (user details) that should be authorized and returned, for example 'email' or 'profile'.
	Secure              *bool   `url:"secure,omitempty",json:"secure,omitempty"`                               // Use secure LDAPS protocol. DEPRECATED: use 'mode' instead.
	Server1             *string `url:"server1,omitempty",json:"server1,omitempty"`                             // Server IP address (or DNS name)
	Server2             *string `url:"server2,omitempty",json:"server2,omitempty"`                             // Fallback Server IP address (or DNS name)
	Sslversion          *string `url:"sslversion,omitempty",json:"sslversion,omitempty"`                       // LDAPS TLS/SSL version. It's not recommended to use version older than 1.2!
	SyncAttributes      *string `url:"sync_attributes,omitempty",json:"sync_attributes,omitempty"`             // Comma separated list of key=value pairs for specifying which LDAP attributes map to which PVE user field. For example, to map the LDAP attribute 'mail' to PVEs 'email', write  'email=mail'. By default, each PVE user field is represented  by an LDAP attribute of the same name.
	SyncDefaultsOptions *string `url:"sync-defaults-options,omitempty",json:"sync-defaults-options,omitempty"` // The default options for behavior of synchronizations.
	Tfa                 *string `url:"tfa,omitempty",json:"tfa,omitempty"`                                     // Use Two-factor authentication.
	UserAttr            *string `url:"user_attr,omitempty",json:"user_attr,omitempty"`                         // LDAP user attribute name
	UserClasses         *string `url:"user_classes,omitempty",json:"user_classes,omitempty"`                   // The objectclasses for users.
	UsernameClaim       *string `url:"username-claim,omitempty",json:"username-claim,omitempty"`               // OpenID claim used to generate the unique username.
	Verify              *bool   `url:"verify,omitempty",json:"verify,omitempty"`                               // Verify the server's SSL certificate
}

type CreateResponse 

type CreateResponse map[string]interface{}

type DeleteRequest 

type DeleteRequest struct {
	Realm string `url:"realm",json:"realm"` // Authentication domain ID

}

type DeleteResponse 

type DeleteResponse map[string]interface{}

type FindRequest 

type FindRequest struct {
	Realm string `url:"realm",json:"realm"` // Authentication domain ID

}

type HTTPClient 

type HTTPClient interface {
	Do(context.Context, string, string, interface{}, interface{}) error
}

type IndexResponse 

type IndexResponse []*struct {
	Realm string `url:"realm",json:"realm"`
	Type  string `url:"type",json:"type"`

	// The following parameters are optional
	Comment *string `url:"comment,omitempty",json:"comment,omitempty"` // A comment. The GUI use this text when you select a domain (Realm) on the login window.
	Tfa     *string `url:"tfa,omitempty",json:"tfa,omitempty"`         // Two-factor authentication provider.
}

type SyncRequest 

type SyncRequest struct {
	Realm string `url:"realm",json:"realm"` // Authentication domain ID

	// The following parameters are optional
	DryRun         *bool   `url:"dry-run,omitempty",json:"dry-run,omitempty"`                 // If set, does not write anything.
	EnableNew      *bool   `url:"enable-new,omitempty",json:"enable-new,omitempty"`           // Enable newly synced users immediately.
	Full           *bool   `url:"full,omitempty",json:"full,omitempty"`                       // DEPRECATED: use 'remove-vanished' instead. If set, uses the LDAP Directory as source of truth, deleting users or groups not returned from the sync and removing all locally modified properties of synced users. If not set, only syncs information which is present in the synced data, and does not delete or modify anything else.
	Purge          *bool   `url:"purge,omitempty",json:"purge,omitempty"`                     // DEPRECATED: use 'remove-vanished' instead. Remove ACLs for users or groups which were removed from the config during a sync.
	RemoveVanished *string `url:"remove-vanished,omitempty",json:"remove-vanished,omitempty"` // A semicolon-seperated list of things to remove when they or the user vanishes during a sync. The following values are possible: 'entry' removes the user/group when not returned from the sync. 'properties' removes the set properties on existing user/group that do not appear in the source (even custom ones). 'acl' removes acls when the user/group is not returned from the sync.
	Scope          *string `url:"scope,omitempty",json:"scope,omitempty"`                     // Select what to sync.
}

type SyncResponse 

type SyncResponse string

type UpdateRequest 

type UpdateRequest struct {
	Realm string `url:"realm",json:"realm"` // Authentication domain ID

	// The following parameters are optional
	AcrValues           *string `url:"acr-values,omitempty",json:"acr-values,omitempty"`                       // Specifies the Authentication Context Class Reference values that theAuthorization Server is being requested to use for the Auth Request.
	Autocreate          *bool   `url:"autocreate,omitempty",json:"autocreate,omitempty"`                       // Automatically create users if they do not exist.
	BaseDn              *string `url:"base_dn,omitempty",json:"base_dn,omitempty"`                             // LDAP base domain name
	BindDn              *string `url:"bind_dn,omitempty",json:"bind_dn,omitempty"`                             // LDAP bind domain name
	Capath              *string `url:"capath,omitempty",json:"capath,omitempty"`                               // Path to the CA certificate store
	CaseSensitive       *bool   `url:"case-sensitive,omitempty",json:"case-sensitive,omitempty"`               // username is case-sensitive
	Cert                *string `url:"cert,omitempty",json:"cert,omitempty"`                                   // Path to the client certificate
	Certkey             *string `url:"certkey,omitempty",json:"certkey,omitempty"`                             // Path to the client certificate key
	ClientId            *string `url:"client-id,omitempty",json:"client-id,omitempty"`                         // OpenID Client ID
	ClientKey           *string `url:"client-key,omitempty",json:"client-key,omitempty"`                       // OpenID Client Key
	Comment             *string `url:"comment,omitempty",json:"comment,omitempty"`                             // Description.
	Default             *bool   `url:"default,omitempty",json:"default,omitempty"`                             // Use this as default realm
	Delete              *string `url:"delete,omitempty",json:"delete,omitempty"`                               // A list of settings you want to delete.
	Digest              *string `url:"digest,omitempty",json:"digest,omitempty"`                               // Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.
	Domain              *string `url:"domain,omitempty",json:"domain,omitempty"`                               // AD domain name
	Filter              *string `url:"filter,omitempty",json:"filter,omitempty"`                               // LDAP filter for user sync.
	GroupClasses        *string `url:"group_classes,omitempty",json:"group_classes,omitempty"`                 // The objectclasses for groups.
	GroupDn             *string `url:"group_dn,omitempty",json:"group_dn,omitempty"`                           // LDAP base domain name for group sync. If not set, the base_dn will be used.
	GroupFilter         *string `url:"group_filter,omitempty",json:"group_filter,omitempty"`                   // LDAP filter for group sync.
	GroupNameAttr       *string `url:"group_name_attr,omitempty",json:"group_name_attr,omitempty"`             // LDAP attribute representing a groups name. If not set or found, the first value of the DN will be used as name.
	IssuerUrl           *string `url:"issuer-url,omitempty",json:"issuer-url,omitempty"`                       // OpenID Issuer Url
	Mode                *string `url:"mode,omitempty",json:"mode,omitempty"`                                   // LDAP protocol mode.
	Password            *string `url:"password,omitempty",json:"password,omitempty"`                           // LDAP bind password. Will be stored in '/etc/pve/priv/realm/<REALM>.pw'.
	Port                *int    `url:"port,omitempty",json:"port,omitempty"`                                   // Server port.
	Prompt              *string `url:"prompt,omitempty",json:"prompt,omitempty"`                               // Specifies whether the Authorization Server prompts the End-User for reauthentication and consent.
	Scopes              *string `url:"scopes,omitempty",json:"scopes,omitempty"`                               // Specifies the scopes (user details) that should be authorized and returned, for example 'email' or 'profile'.
	Secure              *bool   `url:"secure,omitempty",json:"secure,omitempty"`                               // Use secure LDAPS protocol. DEPRECATED: use 'mode' instead.
	Server1             *string `url:"server1,omitempty",json:"server1,omitempty"`                             // Server IP address (or DNS name)
	Server2             *string `url:"server2,omitempty",json:"server2,omitempty"`                             // Fallback Server IP address (or DNS name)
	Sslversion          *string `url:"sslversion,omitempty",json:"sslversion,omitempty"`                       // LDAPS TLS/SSL version. It's not recommended to use version older than 1.2!
	SyncAttributes      *string `url:"sync_attributes,omitempty",json:"sync_attributes,omitempty"`             // Comma separated list of key=value pairs for specifying which LDAP attributes map to which PVE user field. For example, to map the LDAP attribute 'mail' to PVEs 'email', write  'email=mail'. By default, each PVE user field is represented  by an LDAP attribute of the same name.
	SyncDefaultsOptions *string `url:"sync-defaults-options,omitempty",json:"sync-defaults-options,omitempty"` // The default options for behavior of synchronizations.
	Tfa                 *string `url:"tfa,omitempty",json:"tfa,omitempty"`                                     // Use Two-factor authentication.
	UserAttr            *string `url:"user_attr,omitempty",json:"user_attr,omitempty"`                         // LDAP user attribute name
	UserClasses         *string `url:"user_classes,omitempty",json:"user_classes,omitempty"`                   // The objectclasses for users.
	Verify              *bool   `url:"verify,omitempty",json:"verify,omitempty"`                               // Verify the server's SSL certificate
}

type UpdateResponse 

type UpdateResponse map[string]interface{}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.