Documentation ¶
Overview ¶
Package ldap contains identity providers that validate against ldap servers.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewIdentityProvider ¶
func NewIdentityProvider(p Params) (idp.IdentityProvider, error)
NewIdentityProvider creates a new LDAP identity provider.
Types ¶
type Params ¶
type Params struct { // Name is the name that will be given to the identity provider. Name string `yaml:"name"` // Description is the description that will be used with the // identity provider. If this is not set then Name will be used. Description string `yaml:"description"` // Icon contains the URL or path of an icon. Icon string `yaml:"icon"` // Domain is the domain with which all identities created by this // identity provider will be tagged (not including the @ separator). Domain string `yaml:"domain"` // URL contains an LDAP URL indicating the server to connect to. URL string `yaml:"url"` // CACertificate contains a PEM encoded CA certificate to verify // the ldap connection against. CACertificate string `yaml:"ca-cert"` // DN contains the distinguished name that is used to bind to the // LDAP server to perform searches. If this is empty then the IDP // will bind anonymously and Password will be ignored. DN string `yaml:"dn"` // Password contains the password to use to when binding to the // LDAP server as DN. Password string `yaml:"password"` // RequireMFA indicates if this provider requires the use of MFA RequireMFA bool `yaml:"require-mfa"` // UserQueryFilter defines the filter for searching users. UserQueryFilter string `yaml:"user-query-filter"` // UserQueryAttrs defines how user attributes are mapped to attributes in // the LDAP entry. UserQueryAttrs UserQueryAttrs `yaml:"user-query-attrs"` // GroupQueryFilter defines the template for the LDAP filter to search for // the groups that a user belongs to. The .User value is defined to hold // the user id being searched for - e.g. // (&(objectClass=groupOfNames)(member={{.User}})) GroupQueryFilter string `yaml:"group-query-filter"` // Hidden is set if the IDP should be hidden from interactive // prompts. Hidden bool `yaml:"hidden"` }
type UserQueryAttrs ¶
type UserQueryAttrs struct { // ID defines the attribute used to identify a user. ID string `yaml:"id"` // UserQueryEmailAttr defines the attribute for a user e-mail. Email string `yaml:"email"` // UserQueryDisplayNameAttr defines the attribute for a user display name. // If not specified, "displayName" is used. DisplayName string `yaml:"display-name"` }
UserQueryAttrs defines how user attributes are mapped to attributes in the LDAP entry.
Click to show internal directories.
Click to hide internal directories.