Documentation
¶
Index ¶
- Constants
- Variables
- func Enabled(kvs config.KVS) bool
- func SetIdentityLDAP(s config.Config, ldapArgs LegacyConfig)
- type Config
- func (l *Config) Bind(username, password string) (string, []string, error)
- func (l *Config) Clone() Config
- func (l *Config) DoesGroupDNExist(groupDN string) (bool, error)
- func (l *Config) DoesUsernameExist(username string) (string, error)
- func (l *Config) Enabled() bool
- func (l *Config) GetConfigInfo(s config.Config, cfgName string) ([]madmin.IDPCfgInfo, error)
- func (l *Config) GetConfigList(s config.Config) ([]madmin.IDPListItem, error)
- func (l Config) GetExpiryDuration(dsecs string) (time.Duration, error)
- func (l *Config) GetNonEligibleUserDistNames(userDistNames []string) ([]string, error)
- func (l Config) IsLDAPGroupDN(user string) bool
- func (l Config) IsLDAPUserDN(user string) bool
- func (l *Config) LookupGroupMemberships(userDistNames []string, userDNToUsernameMap map[string]string) (map[string]set.StringSet, error)
- func (l *Config) LookupUserDN(username string) (string, []string, error)
- type LegacyConfig
Constants ¶
View Source
const ( ServerAddr = "server_addr" SRVRecordName = "srv_record_name" LookupBindDN = "lookup_bind_dn" LookupBindPassword = "lookup_bind_password" UserDNSearchBaseDN = "user_dn_search_base_dn" UserDNSearchFilter = "user_dn_search_filter" GroupSearchFilter = "group_search_filter" GroupSearchBaseDN = "group_search_base_dn" TLSSkipVerify = "tls_skip_verify" ServerInsecure = "server_insecure" ServerStartTLS = "server_starttls" EnvServerAddr = "MINIO_IDENTITY_LDAP_SERVER_ADDR" EnvSRVRecordName = "MINIO_IDENTITY_LDAP_SRV_RECORD_NAME" EnvTLSSkipVerify = "MINIO_IDENTITY_LDAP_TLS_SKIP_VERIFY" EnvServerInsecure = "MINIO_IDENTITY_LDAP_SERVER_INSECURE" EnvServerStartTLS = "MINIO_IDENTITY_LDAP_SERVER_STARTTLS" EnvUsernameFormat = "MINIO_IDENTITY_LDAP_USERNAME_FORMAT" EnvUserDNSearchBaseDN = "MINIO_IDENTITY_LDAP_USER_DN_SEARCH_BASE_DN" EnvUserDNSearchFilter = "MINIO_IDENTITY_LDAP_USER_DN_SEARCH_FILTER" EnvGroupSearchFilter = "MINIO_IDENTITY_LDAP_GROUP_SEARCH_FILTER" EnvGroupSearchBaseDN = "MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN" EnvLookupBindDN = "MINIO_IDENTITY_LDAP_LOOKUP_BIND_DN" EnvLookupBindPassword = "MINIO_IDENTITY_LDAP_LOOKUP_BIND_PASSWORD" )
LDAP keys and envs.
Variables ¶
View Source
var ( DefaultKVS = config.KVS{ config.KV{ Key: config.Enable, Value: "", }, config.KV{ Key: ServerAddr, Value: "", }, config.KV{ Key: SRVRecordName, Value: "", }, config.KV{ Key: UserDNSearchBaseDN, Value: "", }, config.KV{ Key: UserDNSearchFilter, Value: "", }, config.KV{ Key: GroupSearchFilter, Value: "", }, config.KV{ Key: GroupSearchBaseDN, Value: "", }, config.KV{ Key: TLSSkipVerify, Value: config.EnableOff, }, config.KV{ Key: ServerInsecure, Value: config.EnableOff, }, config.KV{ Key: ServerStartTLS, Value: config.EnableOff, }, config.KV{ Key: LookupBindDN, Value: "", }, config.KV{ Key: LookupBindPassword, Value: "", }, } )
DefaultKVS - default config for LDAP config
View Source
var ErrProviderConfigNotFound = errors.New("provider configuration not found")
ErrProviderConfigNotFound - represents a non-existing provider error.
View Source
var ( Help = config.HelpKVS{ config.HelpKV{ Key: ServerAddr, Description: `AD/LDAP server address e.g. "myldap.com" or "myldapserver.com:636"` + defaultHelpPostfix(ServerAddr), Type: "address", Sensitive: true, }, config.HelpKV{ Key: SRVRecordName, Description: `DNS SRV record name for LDAP service, if given, must be one of "ldap", "ldaps" or "on"` + defaultHelpPostfix(SRVRecordName), Optional: true, Type: "string", Sensitive: false, }, config.HelpKV{ Key: LookupBindDN, Description: `DN for LDAP read-only service account used to perform DN and group lookups` + defaultHelpPostfix(LookupBindDN), Optional: true, Type: "string", Sensitive: true, }, config.HelpKV{ Key: LookupBindPassword, Description: `Password for LDAP read-only service account used to perform DN and group lookups` + defaultHelpPostfix(LookupBindPassword), Optional: true, Type: "string", Sensitive: true, Secret: true, }, config.HelpKV{ Key: UserDNSearchBaseDN, Description: `";" separated list of user search base DNs e.g. "dc=myldapserver,dc=com"` + defaultHelpPostfix(UserDNSearchBaseDN), Optional: true, Type: "list", }, config.HelpKV{ Key: UserDNSearchFilter, Description: `Search filter to lookup user DN` + defaultHelpPostfix(UserDNSearchFilter), Optional: true, Type: "string", }, config.HelpKV{ Key: GroupSearchFilter, Description: `search filter for groups e.g. "(&(objectclass=groupOfNames)(memberUid=%s))"` + defaultHelpPostfix(GroupSearchFilter), Optional: true, Type: "string", }, config.HelpKV{ Key: GroupSearchBaseDN, Description: `";" separated list of group search base DNs e.g. "dc=myldapserver,dc=com"` + defaultHelpPostfix(GroupSearchBaseDN), Optional: true, Type: "list", }, config.HelpKV{ Key: TLSSkipVerify, Description: `trust server TLS without verification` + defaultHelpPostfix(TLSSkipVerify), Optional: true, Type: "on|off", }, config.HelpKV{ Key: ServerInsecure, Description: `allow plain text connection to AD/LDAP server` + defaultHelpPostfix(ServerInsecure), Optional: true, Type: "on|off", }, config.HelpKV{ Key: ServerStartTLS, Description: `use StartTLS connection to AD/LDAP server` + defaultHelpPostfix(ServerStartTLS), Optional: true, Type: "on|off", }, config.HelpKV{ Key: config.Comment, Description: config.DefaultComment, Optional: true, Type: "sentence", }, } )
Help template for LDAP identity feature.
Functions ¶
func SetIdentityLDAP ¶
func SetIdentityLDAP(s config.Config, ldapArgs LegacyConfig)
SetIdentityLDAP - One time migration code needed, for migrating from older config to new for LDAPConfig.
Types ¶
type Config ¶
Config contains AD/LDAP server connectivity information.
func (*Config) Bind ¶
Bind - binds to ldap, searches LDAP and returns the distinguished name of the user and the list of groups.
func (*Config) DoesGroupDNExist ¶
DoesGroupDNExist checks if the given group DN exists in the LDAP directory.
func (*Config) DoesUsernameExist ¶
DoesUsernameExist checks if the given username exists in the LDAP directory. The given username could be just the short "login" username or the full DN. When the username is found, the full DN is returned, otherwise the returned string is empty. If the user is not found, err = nil, otherwise, err != nil.
func (*Config) GetConfigInfo ¶
GetConfigInfo - returns config details for an LDAP configuration.
func (*Config) GetConfigList ¶
GetConfigList - returns a list of LDAP configurations.
func (Config) GetExpiryDuration ¶
GetExpiryDuration - return parsed expiry duration.
func (*Config) GetNonEligibleUserDistNames ¶
GetNonEligibleUserDistNames - find user accounts (DNs) that are no longer present in the LDAP server or do not meet filter criteria anymore
func (Config) IsLDAPGroupDN ¶
IsLDAPGroupDN determines if the given string could be a group DN from LDAP.
func (Config) IsLDAPUserDN ¶
IsLDAPUserDN determines if the given string could be a user DN from LDAP.
type LegacyConfig ¶
type LegacyConfig struct {
Enabled bool `json:"enabled"`
// E.g. "ldap.minio.io:636"
ServerAddr string `json:"serverAddr"`
// User DN search parameters
UserDNSearchBaseDistName string `json:"userDNSearchBaseDN"`
UserDNSearchBaseDistNames []string `json:"-"` // Generated field
UserDNSearchFilter string `json:"userDNSearchFilter"`
// Group search parameters
GroupSearchBaseDistName string `json:"groupSearchBaseDN"`
GroupSearchBaseDistNames []string `json:"-"` // Generated field
GroupSearchFilter string `json:"groupSearchFilter"`
// Lookup bind LDAP service account
LookupBindDN string `json:"lookupBindDN"`
LookupBindPassword string `json:"lookupBindPassword"`
}
LegacyConfig contains AD/LDAP server connectivity information from old config V33.
Source Files
Click to show internal directories.
Click to hide internal directories.