Documentation ¶
Index ¶
- Constants
- func DetermineLDAPFilter(filter string) (string, error)
- func DetermineLDAPHost(hostport string, scheme Scheme) (string, error)
- func GetAttributeValue(entry *ldap.Entry, attributes []string) string
- func GetRawAttributeValue(entry *ldap.Entry, attributes []string) string
- func IsEntryNotFoundError(err error) bool
- func IsNoSuchObjectError(err error) bool
- func IsQueryOutOfBoundsError(err error) bool
- func NewEntryNotFoundError(baseDN, filter string) error
- func NewLDAPClientConfig(URL, bindDN, bindPassword, CA string, insecure bool) (ldapclient.Config, error)
- func NewNoSuchObjectError(baseDN string) error
- func NewQueryOutOfBoundsError(queryDN, baseDN string) error
- func QueryForEntries(clientConfig ldapclient.Config, query *ldap.SearchRequest) ([]*ldap.Entry, error)
- func QueryForUniqueEntry(clientConfig ldapclient.Config, query *ldap.SearchRequest) (*ldap.Entry, error)
- func SplitLDAPQuery(query string) (attributes, scope, filter, extensions string, err error)
- type DefaultLDAPUserIdentityFactory
- type DerefAliases
- type LDAPQuery
- type LDAPQueryOnAttribute
- type LDAPURL
- type LDAPUserAttributeDefiner
- func (d *LDAPUserAttributeDefiner) AllAttributes() sets.String
- func (d *LDAPUserAttributeDefiner) Email(user *ldap.Entry) string
- func (d *LDAPUserAttributeDefiner) ID(user *ldap.Entry) string
- func (d *LDAPUserAttributeDefiner) Name(user *ldap.Entry) string
- func (d *LDAPUserAttributeDefiner) PreferredUsername(user *ldap.Entry) string
- type LDAPUserIdentityFactory
- type Scheme
- type Scope
Constants ¶
const ( // LDAPHostLabel is the Label value that stores the host of the LDAP server // TODO: we don't store port here because labels don't allow for colons. We might want to add this back // with a different separator LDAPHostLabel string = "openshift.io/ldap.host" // LDAPURLAnnotation is the Annotation value that stores the host:port of the LDAP server LDAPURLAnnotation string = "openshift.io/ldap.url" // LDAPUIDAnnotation is the Annotation value that stores the corresponding LDAP group UID for the Group LDAPUIDAnnotation string = "openshift.io/ldap.uid" // LDAPSyncTime is the Annotation value that stores the last time this Group was synced with LDAP LDAPSyncTimeAnnotation string = "openshift.io/ldap.sync-time" )
These constants contain values for annotations and labels affixed to Groups by the LDAP sync job
const ( DerefAliasesNever = ldap.NeverDerefAliases DerefAliasesSearching = ldap.DerefInSearching DerefAliasesFinding = ldap.DerefFindingBaseObj DerefAliasesAlways = ldap.DerefAlways )
Variables ¶
This section is empty.
Functions ¶
func DetermineLDAPFilter ¶
DetermineLDAPFilter determines the LDAP search filter. Filter is a valid LDAP filter Default to "(objectClass=*)" per RFC
func DetermineLDAPHost ¶
DetermineLDAPHost determines the host and port for the LDAP connection. The default host is localhost; the default port for scheme "ldap" is 389, for "ldaps" is 686
func GetAttributeValue ¶
GetAttributeValue finds the first attribute of those given that the LDAP entry has, and returns it. GetAttributeValue is able to query the DN as well as Attributes of the LDAP entry. If no value is found, the empty string is returned.
func GetRawAttributeValue ¶
func IsEntryNotFoundError ¶
func IsNoSuchObjectError ¶
IsNoSuchObjectError determines if the error is a NoSuchObjectError or if it is the upstream version of the error If this returns true, you are *not* safe to cast the error to a NoSuchObjectError
func IsQueryOutOfBoundsError ¶
func NewEntryNotFoundError ¶
func NewLDAPClientConfig ¶
func NewLDAPClientConfig(URL, bindDN, bindPassword, CA string, insecure bool) (ldapclient.Config, error)
NewLDAPClientConfig returns a new LDAP client config
func NewNoSuchObjectError ¶
func QueryForEntries ¶
func QueryForEntries(clientConfig ldapclient.Config, query *ldap.SearchRequest) ([]*ldap.Entry, error)
QueryForEntries queries for LDAP with the given searchRequest
func QueryForUniqueEntry ¶
func QueryForUniqueEntry(clientConfig ldapclient.Config, query *ldap.SearchRequest) (*ldap.Entry, error)
QueryForUniqueEntry queries for an LDAP entry with the given searchRequest. The query is expected to return one unqiue result. If this is not the case, errors are raised
func SplitLDAPQuery ¶
SplitLDAPQuery splits the query in the URL into the substituent parts. All sections are optional. Query syntax is attribute?scope?filter?extensions
Types ¶
type DefaultLDAPUserIdentityFactory ¶
type DefaultLDAPUserIdentityFactory struct { ProviderName string Definer LDAPUserAttributeDefiner }
DefaultLDAPUserIdentityFactory creates Identities for LDAP user entries using an LDAPUserAttributeDefiner
func (*DefaultLDAPUserIdentityFactory) IdentityFor ¶
func (f *DefaultLDAPUserIdentityFactory) IdentityFor(user *ldap.Entry) (identity authapi.UserIdentityInfo, err error)
type DerefAliases ¶
type DerefAliases int
DerefAliases is a valid LDAP alias dereference parameter
func DetermineDerefAliasesBehavior ¶
func DetermineDerefAliasesBehavior(derefAliasesString string) (DerefAliases, error)
type LDAPQuery ¶
type LDAPQuery struct { // The DN of the branch of the directory where all searches should start from BaseDN string // The (optional) scope of the search. Defaults to the entire subtree if not set Scope Scope // The (optional) behavior of the search with regards to alisases. Defaults to always // dereferencing if not set DerefAliases DerefAliases // TimeLimit holds the limit of time in seconds that any request to the server can remain outstanding // before the wait for a response is given up. If this is 0, no client-side limit is imposed TimeLimit int // Filter is a valid LDAP search filter that retrieves all relevant entries from the LDAP server with the base DN Filter string // PageSize is the maximum preferred page size, measured in LDAP entries. A page size of 0 means no paging will be done. PageSize int }
LDAPQuery encodes an LDAP query
func NewLDAPQuery ¶
NewLDAPQuery converts a user-provided LDAPQuery into a version we can use
func (*LDAPQuery) NewSearchRequest ¶
NewSearchRequest creates a new search request for the LDAP query and optionally includes more attributes
type LDAPQueryOnAttribute ¶
type LDAPQueryOnAttribute struct { // Query retrieves entries from an LDAP server LDAPQuery // QueryAttribute is the attribute for a specific filter that, when conjoined with the common filter, // retrieves the specific LDAP entry from the LDAP server. (e.g. "cn", when formatted with "aGroupName" // and conjoined with "objectClass=groupOfNames", becomes (&(objectClass=groupOfNames)(cn=aGroupName))") QueryAttribute string }
LDAPQueryOnAttribute encodes an LDAP query that conjoins two filters to extract a specific LDAP entry This query is not self-sufficient and needs the value of the QueryAttribute to construct the final filter
func NewLDAPQueryOnAttribute ¶
func NewLDAPQueryOnAttribute(config config.LDAPQuery, attribute string) (LDAPQueryOnAttribute, error)
NewLDAPQueryOnAttribute converts a user-provided LDAPQuery into a version we can use by parsing the input and combining it with a set of name attributes
func (*LDAPQueryOnAttribute) NewSearchRequest ¶
func (o *LDAPQueryOnAttribute) NewSearchRequest(attributeValue string, attributes []string) (*ldap.SearchRequest, error)
NewSearchRequest creates a new search request from the identifying query by internalizing the value of the attribute to be filtered as well as any attributes that need to be recovered
type LDAPURL ¶
type LDAPURL struct { // Scheme is ldap or ldaps Scheme Scheme // Host is the host:port of the LDAP server Host string // The DN of the branch of the directory where all searches should start from BaseDN string // The attribute to search for QueryAttribute string // The scope of the search. Can be ldap.ScopeWholeSubtree, ldap.ScopeSingleLevel, or ldap.ScopeBaseObject Scope Scope // A valid LDAP search filter (e.g. "(objectClass=*)") Filter string }
LDAPURL holds a parsed RFC 2255 URL
type LDAPUserAttributeDefiner ¶
type LDAPUserAttributeDefiner struct {
// contains filtered or unexported fields
}
LDAPUserAttributeDefiner defines the values corresponding to OpenShift Identities in LDAP entries by using a deterministic mapping of LDAP entry attributes to OpenShift Identity fields
func NewLDAPUserAttributeDefiner ¶
func NewLDAPUserAttributeDefiner(attributeMapping osinv1.LDAPAttributeMapping) LDAPUserAttributeDefiner
func (*LDAPUserAttributeDefiner) AllAttributes ¶
func (d *LDAPUserAttributeDefiner) AllAttributes() sets.String
AllAttributes gets all attributes listed in the LDAPUserAttributeDefiner
func (*LDAPUserAttributeDefiner) Email ¶
func (d *LDAPUserAttributeDefiner) Email(user *ldap.Entry) string
Email extracts the email value from an LDAP user entry
func (*LDAPUserAttributeDefiner) ID ¶
func (d *LDAPUserAttributeDefiner) ID(user *ldap.Entry) string
ID extracts the ID value from an LDAP user entry
func (*LDAPUserAttributeDefiner) Name ¶
func (d *LDAPUserAttributeDefiner) Name(user *ldap.Entry) string
Name extracts the name value from an LDAP user entry
func (*LDAPUserAttributeDefiner) PreferredUsername ¶
func (d *LDAPUserAttributeDefiner) PreferredUsername(user *ldap.Entry) string
PreferredUsername extracts the preferred username value from an LDAP user entry
type LDAPUserIdentityFactory ¶
type LDAPUserIdentityFactory interface {
IdentityFor(user *ldap.Entry) (identity authapi.UserIdentityInfo, err error)
}
LDAPUserIdentityFactory creates Identites for LDAP user entries.
type Scheme ¶
type Scheme string
Scheme is a valid ldap scheme
func DetermineLDAPScheme ¶
DetermineLDAPScheme determines the LDAP connection scheme. Scheme is one of "ldap" or "ldaps" Default to "ldap"
type Scope ¶
type Scope int
Scope is a valid LDAP search scope
func DetermineLDAPScope ¶
DetermineLDAPScope determines the LDAP search scope. Scope is one of "sub", "one", or "base" Default to "sub" to match mod_auth_ldap