ldap

package
v0.1.0-cvefix.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 18, 2022 License: Apache-2.0 Imports: 10 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	ServerAddr           = "server_addr"
	STSExpiry            = "sts_expiry"
	UsernameFormat       = "username_format"
	UsernameSearchFilter = "username_search_filter"
	UsernameSearchBaseDN = "username_search_base_dn"
	GroupSearchFilter    = "group_search_filter"
	GroupNameAttribute   = "group_name_attribute"
	GroupSearchBaseDN    = "group_search_base_dn"
	TLSSkipVerify        = "tls_skip_verify"
	ServerInsecure       = "server_insecure"
	ServerStartTLS       = "server_starttls"

	EnvServerAddr           = "MINIO_IDENTITY_LDAP_SERVER_ADDR"
	EnvSTSExpiry            = "MINIO_IDENTITY_LDAP_STS_EXPIRY"
	EnvTLSSkipVerify        = "MINIO_IDENTITY_LDAP_TLS_SKIP_VERIFY"
	EnvServerInsecure       = "MINIO_IDENTITY_LDAP_SERVER_INSECURE"
	EnvServerStartTLS       = "MINIO_IDENTITY_LDAP_SERVER_STARTTLS"
	EnvUsernameFormat       = "MINIO_IDENTITY_LDAP_USERNAME_FORMAT"
	EnvUsernameSearchFilter = "MINIO_IDENTITY_LDAP_USERNAME_SEARCH_FILTER"
	EnvUsernameSearchBaseDN = "MINIO_IDENTITY_LDAP_USERNAME_SEARCH_BASE_DN"
	EnvGroupSearchFilter    = "MINIO_IDENTITY_LDAP_GROUP_SEARCH_FILTER"
	EnvGroupNameAttribute   = "MINIO_IDENTITY_LDAP_GROUP_NAME_ATTRIBUTE"
	EnvGroupSearchBaseDN    = "MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN"
)

LDAP keys and envs.

Variables

View Source 
var (
	DefaultKVS = config.KVS{
		config.KV{
			Key:   ServerAddr,
			Value: "",
		},
		config.KV{
			Key:   UsernameFormat,
			Value: "",
		},
		config.KV{
			Key:   UsernameSearchFilter,
			Value: "",
		},
		config.KV{
			Key:   UsernameSearchBaseDN,
			Value: "",
		},
		config.KV{
			Key:   GroupSearchFilter,
			Value: "",
		},
		config.KV{
			Key:   GroupNameAttribute,
			Value: "",
		},
		config.KV{
			Key:   GroupSearchBaseDN,
			Value: "",
		},
		config.KV{
			Key:   STSExpiry,
			Value: "1h",
		},
		config.KV{
			Key:   TLSSkipVerify,
			Value: config.EnableOff,
		},
		config.KV{
			Key:   ServerInsecure,
			Value: config.EnableOff,
		},
		config.KV{
			Key:   ServerStartTLS,
			Value: config.EnableOff,
		},
	}
)

DefaultKVS - default config for LDAP config

View Source 
var (
	Help = config.HelpKVS{
		config.HelpKV{
			Key:         ServerAddr,
			Description: `AD/LDAP server address e.g. "myldapserver.com:636"`,
			Type:        "address",
		},
		config.HelpKV{
			Key:         UsernameFormat,
			Description: `";" separated list of username bind DNs e.g. "uid=%s,cn=accounts,dc=myldapserver,dc=com"`,
			Type:        "list",
		},
		config.HelpKV{
			Key:         UsernameSearchFilter,
			Description: `user search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"`,
			Type:        "string",
		},
		config.HelpKV{
			Key:         GroupSearchFilter,
			Description: `search filter for groups e.g. "(&(objectclass=groupOfNames)(memberUid=%s))"`,
			Type:        "string",
		},
		config.HelpKV{
			Key:         GroupSearchBaseDN,
			Description: `";" separated list of group search base DNs e.g. "dc=myldapserver,dc=com"`,
			Type:        "list",
		},
		config.HelpKV{
			Key:         UsernameSearchBaseDN,
			Description: `";" separated list of username search DNs`,
			Type:        "list",
			Optional:    true,
		},
		config.HelpKV{
			Key:         GroupNameAttribute,
			Description: `search attribute for group name e.g. "cn"`,
			Optional:    true,
			Type:        "string",
		},
		config.HelpKV{
			Key:         STSExpiry,
			Description: `temporary credentials validity duration in s,m,h,d. Default is "1h"`,
			Optional:    true,
			Type:        "duration",
		},
		config.HelpKV{
			Key:         TLSSkipVerify,
			Description: `trust server TLS without verification, defaults to "off" (verify)`,
			Optional:    true,
			Type:        "on|off",
		},
		config.HelpKV{
			Key:         ServerInsecure,
			Description: `allow plain text connection to AD/LDAP server, defaults to "off"`,
			Optional:    true,
			Type:        "on|off",
		},
		config.HelpKV{
			Key:         config.Comment,
			Description: config.DefaultComment,
			Optional:    true,
			Type:        "sentence",
		},
	}
)

Help template for LDAP identity feature.

Functions

func Enabled 

func Enabled(kvs config.KVS) bool

Enabled returns if jwks is enabled.

func SetIdentityLDAP 

func SetIdentityLDAP(s config.Config, ldapArgs Config)

SetIdentityLDAP - One time migration code needed, for migrating from older config to new for LDAPConfig.

Types

type Config 

type Config struct {
	Enabled bool `json:"enabled"`

	// E.g. "ldap.minio.io:636"
	ServerAddr string `json:"serverAddr"`

	// STS credentials expiry duration
	STSExpiryDuration string `json:"stsExpiryDuration"`

	// Format string for usernames
	UsernameFormat        string   `json:"usernameFormat"`
	UsernameFormats       []string `json:"-"`
	UsernameSearchFilter  string   `json:"-"`
	UsernameSearchBaseDNS []string `json:"-"`

	GroupSearchBaseDN  string   `json:"groupSearchBaseDN"`
	GroupSearchBaseDNS []string `json:"-"`
	GroupSearchFilter  string   `json:"groupSearchFilter"`
	GroupNameAttribute string   `json:"groupNameAttribute"`
	// contains filtered or unexported fields
}

Config contains AD/LDAP server connectivity information.

func Lookup 

func Lookup(kvs config.KVS, rootCAs *x509.CertPool) (l Config, err error)

Lookup - initializes LDAP config, overrides config, if any ENV values are set.

func (*Config) Bind 

func (l *Config) Bind(username, password string) ([]string, error)

Bind - binds to ldap, searches LDAP and returns list of groups.

func (*Config) Connect 

func (l *Config) Connect() (ldapConn *ldap.Conn, err error)

Connect connect to ldap server.

func (Config) GetExpiryDuration 

func (l Config) GetExpiryDuration() time.Duration

GetExpiryDuration - return parsed expiry duration.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.