ldap

package
v0.13.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 9, 2023 License: MPL-2.0 Imports: 40 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	OperationalStateField     = "OperationalState"
	VersionField              = "Version"
	IsPrimaryAuthMethodField  = "IsPrimaryAuthMethod"
	NameField                 = "Name"
	DescriptionField          = "Description"
	StartTlsField             = "StartTls"
	InsecureTlsField          = "InsecureTls"
	DiscoverDnField           = "DiscoverDn"
	AnonGroupSearchField      = "AnonGroupSearch"
	UpnDomainField            = "UpnDomain"
	UrlsField                 = "Urls"
	UserDnField               = "UserDn"
	UserAttrField             = "UserAttr"
	UserFilterField           = "UserFilter"
	EnableGroupsField         = "EnableGroups"
	UseTokenGroupsField       = "UseTokenGroups"
	GroupDnField              = "GroupDn"
	GroupAttrField            = "GroupAttr"
	GroupFilterField          = "GroupFilter"
	CertificatesField         = "Certificates"
	ClientCertificateField    = "ClientCertificate"
	ClientCertificateKeyField = "ClientCertificateKey"
	BindDnField               = "BindDn"
	BindPasswordField         = "BindPassword"
	AccountAttributeMapsField = "AccountAttributeMaps"
	GroupNamesField           = "GroupNames"
)
View Source 
const (
	CertificateVO          voName = "Certificates"
	UrlVO                  voName = "Urls"
	AccountAttributeMapsVO voName = "AccountAttributeMaps"
)
View Source 
const (
	DefaultEmailAttribute    = "email"
	DefaultFullNameAttribute = "fullName"
	DefaultRequestTimeout    = 5 // seconds
)
View Source 
const (
	CtCertificateKeyField = "CtCertificateKey"
	CtPasswordField       = "CtPassword"
	KeyIdField            = "KeyId"
)
View Source 
const (
	Subtype = subtypes.Subtype("ldap")
)
View Source 
const TestInvalidPem = `-----BEGIN CERTIFICATE-----
MIICUTCCAfugAwIBAgIBADANBgkqhkiG9w0BAQQFADBXMQswCQYDVQQGEwJDTjEL
-----END CERTIFICATE-----`

Variables

This section is empty.

Functions

func Authenticate 

func Authenticate(
	ctx context.Context,
	authenticatorFn AuthenticatorFactory,
	lookupUserFn LookupUserFactory,
	tokenCreatorFn AuthTokenCreatorFactory,
	authMethodId, loginName, password string,
) (*authtoken.AuthToken, error)

Authenticate is an ldap domain service function for handling an LDAP authentication flow. On success, it returns an auth token.

The service operation includes:

  • Authenticate the user against the auth method's configured ldap server.
  • Use iam.(Repository).LookupUserWithLogin(...) look up the iam.User matching the Account.
  • Use the authtoken.(Repository).CreateAuthToken(...) to create a pending auth token for the authenticated user.

func EncodeCertificates 

func EncodeCertificates(ctx context.Context, certs ...*x509.Certificate) ([]string, error)

EncodeCertificates will encode a number of x509 certificates to PEMs.

func ParseCertificates 

func ParseCertificates(ctx context.Context, pems ...string) ([]*x509.Certificate, error)

ParseCertificates will parse a number of certificates PEMs to x509s.

func TestConvertToUrls 

func TestConvertToUrls(t testing.TB, urls ...string) []*url.URL

TestConvertToUrls will convert URL string representations to a slice of *url.URL

func TestEncodedGrpNames 

func TestEncodedGrpNames(t *testing.T, names ...string) string

TestEncodeGrpNames will json marshal group names

func TestGenerateCA 

func TestGenerateCA(t testing.TB, hosts ...string) (*x509.Certificate, string)

TestGenerateCA will generate a test x509 CA cert, along with it encoded in a PEM format.

func TestGetAcctManagedGroups 

func TestGetAcctManagedGroups(t testing.TB, conn *db.DB, acctId string) []string

TestGetAcctManagedGroups will retrieve the managed groups associated with an account.

func TestSortAuthMethods 

func TestSortAuthMethods(t testing.TB, methods []*AuthMethod)

TestSortAuthMethods will sort the provided auth methods by public id and it will sort each auth method's embedded value objects

Types

type Account 

type Account struct {
	*store.Account
	// contains filtered or unexported fields
}

Account contains an ldap auth account. It is assigned to an ldap AuthMethod and updates/deletes to that AuthMethod are cascaded to its Accounts.

func AllocAccount 

func AllocAccount() *Account

AllocAccount makes an empty one in memory

func NewAccount 

func NewAccount(ctx context.Context, scopeId, authMethodId, loginName string, opt ...Option) (*Account, error)

NewAccount creates a new in memory Account assigned to ldap AuthMethod. WithFullName, WithEmail, WithDn, WithName and WithDescription are the only valid options. All other options are ignored.

func TestAccount 

func TestAccount(t testing.TB, conn *db.DB, am *AuthMethod, loginName string, opt ...Option) *Account

TestAccount creates a test ldap auth account.

func (*Account) GetSubject 

func (a *Account) GetSubject() string

GetSubject returns the subject, which will always be empty as this type doesn't currently support subject.

func (*Account) SetTableName 

func (a *Account) SetTableName(n string)

SetTableName sets the table name.

func (*Account) TableName 

func (a *Account) TableName() string

TableName returns the table name.

type AccountAttributeMap 

type AccountAttributeMap struct {
	*store.AccountAttributeMap
	// contains filtered or unexported fields
}

AccountAttributeMap defines optional from/to account attribute maps.

func AllocAccountAttributeMap 

func AllocAccountAttributeMap() AccountAttributeMap

AllocAccountAttributeMap makes an empty one in memory

func NewAccountAttributeMap 

func NewAccountAttributeMap(ctx context.Context, authMethodId, fromAttribute string, toAttribute AccountToAttribute) (*AccountAttributeMap, error)

NewAccountAttributeMap creates a new one in memory

func (*AccountAttributeMap) SetTableName 

func (aam *AccountAttributeMap) SetTableName(n string)

SetTableName sets the table name.

func (*AccountAttributeMap) TableName 

func (aam *AccountAttributeMap) TableName() string

TableName returns the table name.

type AccountToAttribute 

type AccountToAttribute string

AccountToAttribute defines a type for: to account attributes 

const (
	// ToEmailAttribute defines the valid email attribute name
	ToEmailAttribute AccountToAttribute = "email"
	// ToFullNameAttribute defines the valid full name attribute name
	ToFullNameAttribute AccountToAttribute = "fullName"
)

func ConvertToAccountToAttribute 

func ConvertToAccountToAttribute(ctx context.Context, s string) (AccountToAttribute, error)

ConvertToAccountToAttribute will convert a string to an AccountToAttribute. Useful within the ldap package and service packages which wish to convert/validate a string into an AccountToAttribute

type AttributeMap 

type AttributeMap struct {
	To   string
	From string
}

AttributeMap defines the To and From of an ldap attribute map

func ParseAccountAttributeMaps 

func ParseAccountAttributeMaps(ctx context.Context, m ...string) ([]AttributeMap, error)

ParseAccountAttributeMaps will parse the inbound attribute maps

type AuthMethod 

type AuthMethod struct {
	*store.AuthMethod
	// contains filtered or unexported fields
}

AuthMethod contains an LDAP auth method configuration. It is owned by a scope. AuthMethods MUST have at least one Url. AuthMethods MAY one or zero: UserEntrySearchConf, a GroupEntrySearchConf, BindCredential. AuthMethods may have zero to many: Accounts, Certificates,

func AllocAuthMethod 

func AllocAuthMethod() AuthMethod

AllocAuthMethod makes an empty one in memory

func NewAuthMethod 

func NewAuthMethod(ctx context.Context, scopeId string, opt ...Option) (*AuthMethod, error)

NewAuthMethod creates a new in memory AuthMethod assigned to a scopeId. The new auth method will have an OperationalState of Inactive.

Supports the options: WithUrls, WithName, WithDescription, WithStartTLS, WithInsecureTLS, WithDiscoverDN, WithAnonGroupSearch, WithUpnDomain, WithUserSearchConf, WithGroupSearchConf, WithCertificates, WithBindCredential are the only valid options and all other options are ignored.

func TestAuthMethod 

func TestAuthMethod(t testing.TB,
	conn *db.DB,
	databaseWrapper wrapping.Wrapper,
	scopeId string,
	urls []string,
	opt ...Option,
) *AuthMethod

TestAuthMethod creates a new auth method and it's persisted in the database. See NewAuthMethod for list of supported options.

func (*AuthMethod) SetTableName 

func (am *AuthMethod) SetTableName(n string)

SetTableName sets the table name (func is required by oplog)

func (*AuthMethod) TableName 

func (am *AuthMethod) TableName() string

TableName returns the table name (func is required by gorm)

type AuthMethodState 

type AuthMethodState string

AuthMethodState defines the possible states for an ldap auth method 

const (
	UnknownState       AuthMethodState = "unknown"
	InactiveState      AuthMethodState = "inactive"
	ActivePrivateState AuthMethodState = "active-private"
	ActivePublicState  AuthMethodState = "active-public"
)

func (AuthMethodState) String 

func (s AuthMethodState) String() string

type AuthTokenCreator 

type AuthTokenCreator interface {
	CreateAuthToken(ctx context.Context, withIamUser *iam.User, withAuthAccountId string, opt ...authtoken.Option) (*authtoken.AuthToken, error)
}

type AuthTokenCreatorFactory 

type AuthTokenCreatorFactory func() (AuthTokenCreator, error)

AuthTokenCreatorFactory is used by "service functions" to create a new AuthTokenCreator (typically an auth token repo)

type Authenticator 

type Authenticator interface {
	Authenticate(ctx context.Context, authMethodId, loginName, password string) (*Account, error)
}

type AuthenticatorFactory 

type AuthenticatorFactory func() (Authenticator, error)

AuthenticatorFactory is used by "service functions" to create a new ldap.Authenticator (typically an ldap.Repository)

type BindCredential 

type BindCredential struct {
	*store.BindCredential
	// contains filtered or unexported fields
}

BindCredential represent optional parameters which allow Boundary to bind (aka authenticate) using the credentials provided when searching for the user entry used to authenticate the end user.

func NewBindCredential 

func NewBindCredential(ctx context.Context, authMethodId string, dn string, password []byte, _ ...Option) (*BindCredential, error)

NewBindCredential creates a new in memory BindCredential. No options are currently supported.

func (*BindCredential) SetTableName 

func (bc *BindCredential) SetTableName(n string)

SetTableName sets the table name.

func (*BindCredential) TableName 

func (bc *BindCredential) TableName() string

TableName returns the table name

type Certificate 

type Certificate struct {
	*store.Certificate
	// contains filtered or unexported fields
}

Certificate defines a certificate to use as part of a trust root when connecting to an auth method's LDAP server. It is assigned to an LDAP AuthMethod and updates/deletes to that AuthMethod are cascaded to its Certificates. Certificates are value objects of an AuthMethod, therefore there's no need for oplog metadata, since only the AuthMethod will have metadata because it's the root aggregate.

func NewCertificate 

func NewCertificate(ctx context.Context, authMethodId string, certificatePem string) (*Certificate, error)

NewCertificate creates a new in memory certificate assigned to and LDAP auth method.

func (*Certificate) SetTableName 

func (c *Certificate) SetTableName(n string)

SetTableName sets the table name.

func (*Certificate) TableName 

func (c *Certificate) TableName() string

TableName returns the table name.

type ClientCertificate 

type ClientCertificate struct {
	*store.ClientCertificate
	// contains filtered or unexported fields
}

ClientCertificate represents a set of optional configuration fields used for specifying a mTLS client cert for LDAP connections. ClientCertificates are value objects of an AuthMethod, therefore there's no need for oplog metadata, since only the AuthMethod will have metadata because it's the root aggregate.

func NewClientCertificate 

func NewClientCertificate(ctx context.Context, authMethodId string, privKey []byte, certPem string, _ ...Option) (*ClientCertificate, error)

NewClientCertificate creates a new in memory ClientCertificate. No options are currently supported. PrivKey must be in PKCS #8, ASN.1 DER form. certPem must be in ASN.1 DER form encoded as PEM.

func (*ClientCertificate) SetTableName 

func (cc *ClientCertificate) SetTableName(n string)

SetTableName sets the table name.

func (*ClientCertificate) TableName 

func (cc *ClientCertificate) TableName() string

TableName returns the table name

type GroupEntrySearchConf 

type GroupEntrySearchConf struct {
	*store.GroupEntrySearchConf
	// contains filtered or unexported fields
}

GroupEntrySearchConf represent a set of optional configuration fields used to search for group entries. It is assigned to an LDAP AuthMethod and updates/deletes to that AuthMethod are cascaded to its GroupEntrySearchConf. GroupEntrySearchConf are value objects of an AuthMethod, therefore there's no need for oplog metadata, since only the AuthMethod will have metadata because it's the root aggregate.

func NewGroupEntrySearchConf 

func NewGroupEntrySearchConf(ctx context.Context, authMethodId string, opt ...Option) (*GroupEntrySearchConf, error)

NewGroupEntrySearchConf creates a new in memory NewGroupEntrySearchConf. Supported options are: WithGroupDn, WithGroupAttr, WithGroupFilter and all other options are ignored.

func (*GroupEntrySearchConf) SetTableName 

func (gc *GroupEntrySearchConf) SetTableName(n string)

SetTableName sets the table name.

func (*GroupEntrySearchConf) TableName 

func (gc *GroupEntrySearchConf) TableName() string

TableName returns the table name

type LookupUser 

type LookupUser interface {
	LookupUserWithLogin(ctx context.Context, accountId string, opt ...iam.Option) (*iam.User, error)
}

type LookupUserFactory 

type LookupUserFactory func() (LookupUser, error)

LookupUserFactory is used by "service functions" to create a new LookupUser (typically an iam repo)

type ManagedGroup 

type ManagedGroup struct {
	*store.ManagedGroup
	// contains filtered or unexported fields
}

ManagedGroup contains an LDAP managed group. It is assigned to an LDAP AuthMethod and updates/deletes to that AuthMethod are cascaded to its Managed Groups.

func AllocManagedGroup 

func AllocManagedGroup() *ManagedGroup

AllocManagedGroup makes an empty one in memory

func NewManagedGroup 

func NewManagedGroup(ctx context.Context, authMethodId string, groupNames []string, opt ...Option) (*ManagedGroup, error)

NewManagedGroup creates a new in memory ManagedGroup assigned to LDAP AuthMethod. Supported options are WithName and WithDescription.

func TestManagedGroup 

func TestManagedGroup(t testing.TB, conn *db.DB, am *AuthMethod, grpNames []string, opt ...Option) *ManagedGroup

TestManagedGroup creates a test ldap managed group.

func (*ManagedGroup) SetTableName 

func (mg *ManagedGroup) SetTableName(n string)

SetTableName sets the table name.

func (*ManagedGroup) TableName 

func (mg *ManagedGroup) TableName() string

TableName returns the table name.

type ManagedGroupMemberAccount 

type ManagedGroupMemberAccount struct {
	*store.ManagedGroupMemberAccount
	// contains filtered or unexported fields
}

ManagedGroupMemberAccount contains a mapping between a managed group and a member account.

func (*ManagedGroupMemberAccount) SetTableName 

func (mg *ManagedGroupMemberAccount) SetTableName(n string)

SetTableName sets the table name.

func (*ManagedGroupMemberAccount) TableName 

func (mg *ManagedGroupMemberAccount) TableName() string

TableName returns the table name.

type Option 

type Option func(*options) error

Option - how options are passed as args

func WithAccountAttributeMap 

func WithAccountAttributeMap(_ context.Context, aam map[string]AccountToAttribute) Option

WithAccountAttributeMap provides an option for specifying an Account Attribute map.

func WithAnonGroupSearch 

func WithAnonGroupSearch(_ context.Context) Option

WithAnonGroupSearch optionally specifies to use anon bind when performing LDAP group searches

func WithBindCredential 

func WithBindCredential(ctx context.Context, dn, password string) Option

WithBindCredential optionally specifies a set of optional configuration parameters which allow Boundary to bind (aka authenticate) using the credentials provided when searching for the user entry used to authenticate the end user.

func WithCertificates 

func WithCertificates(ctx context.Context, certs ...*x509.Certificate) Option

WithCertificates provides optional certificates.

func WithClientCertificate 

func WithClientCertificate(ctx context.Context, privKey []byte, cert *x509.Certificate) Option

WithClientCertificate provides optional configuration fields used for specifying a mTLS client cert for LDAP connections.

func WithDescription 

func WithDescription(_ context.Context, desc string) Option

WithDescription provides an optional description.

func WithDiscoverDn 

func WithDiscoverDn(_ context.Context) Option

WithDiscoverDn optionally specifies to use anon bind to discover the bind DN of a user.

func WithDn 

func WithDn(ctx context.Context, dn string) Option

WithDn provides an optional distinguished name

func WithEmail 

func WithEmail(_ context.Context, email string) Option

WithEmail provides an optional email address for the account.

func WithEnableGroups 

func WithEnableGroups(_ context.Context) Option

WithEnableGroups optionally enables an authenticated user's groups will be found during authentication.

func WithFullName 

func WithFullName(_ context.Context, n string) Option

WithFullName provides an optional full name for the account.

func WithGroupAttr 

func WithGroupAttr(_ context.Context, attr string) Option

WithGroupAttr optionally specifies a group attr used to search for group entries.

func WithGroupDn 

func WithGroupDn(_ context.Context, dn string) Option

WithGroupDn optionally specifies a group dn used to search for group entries.

func WithGroupFilter 

func WithGroupFilter(_ context.Context, filter string) Option

WithGroupFilter optionally specifies a group filter used to search for group entries.

func WithInsecureTLS 

func WithInsecureTLS(_ context.Context) Option

WithInsecureTLS optional specifies to skip LDAP server SSL certificate validation - insecure and use with caution

func WithLimit 

func WithLimit(_ context.Context, l int) Option

WithLimit provides an option to provide a limit. Intentionally allowing negative integers. If WithLimit < 0, then unlimited results are returned. If WithLimit == 0, then default limits are used for results.

func WithMemberOfGroups 

func WithMemberOfGroups(ctx context.Context, groupName ...string) Option

WithMemberOfGroups provides an option for specifying a list of group names

func WithName 

func WithName(_ context.Context, n string) Option

WithName provides an optional name.

func WithOperationalState 

func WithOperationalState(_ context.Context, state AuthMethodState) Option

WithOperationalState provides an option for specifying the auth method's operational state

func WithOrderByCreateTime 

func WithOrderByCreateTime(_ context.Context, ascending bool) Option

WithOrderByCreateTime provides an option to specify ordering by the CreateTime field.

func WithPublicId 

func WithPublicId(ctx context.Context, publicId string) Option

WithPublicId provides an option for passing a public id to the operation

func WithStartTLS 

func WithStartTLS(_ context.Context) Option

WithStartTLS optionally enables a StartTLS command after establishing an unencrypted connection.

func WithUnauthenticatedUser 

func WithUnauthenticatedUser(_ context.Context, enabled bool) Option

WithUnauthenticatedUser provides an option for filtering results for an unauthenticated users.

func WithUpnDomain 

func WithUpnDomain(_ context.Context, domain string) Option

WithUpnDomain optionally specifies the userPrincipalDomain used to construct the UPN string for the authenticating user. The constructed UPN will appear as [username]@UPNDomain Example: example.com, which will cause Boundary to bind as username@example.com when authenticating the user.

func WithUrls 

func WithUrls(ctx context.Context, urls ...*url.URL) Option

WithUrls provides optional urls for the auth method.

func WithUseTokenGroups 

func WithUseTokenGroups(_ context.Context) Option

WithUseTokenGroups optionally enables the use the Active Directory tokenGroups constructed attribute of the user to find the group memberships. This will find all security groups including nested ones,

func WithUserAttr 

func WithUserAttr(_ context.Context, attr string) Option

WithUserAttr optionally specifies a user attr used to search for user entries.

func WithUserDn 

func WithUserDn(_ context.Context, dn string) Option

WithUserDn optionally specifies a user dn used to search for user entries.

func WithUserFilter 

func WithUserFilter(_ context.Context, filter string) Option

WithUserFilter optionally specifies a user filter used to search for user entries.

type RepoFactory 

type RepoFactory func() (*Repository, error)

RepoFactory is a factory function that returns a repository and any error

type Repository 

type Repository struct {
	// contains filtered or unexported fields
}

Repository is the ldap repository

func NewRepository 

func NewRepository(ctx context.Context, r db.Reader, w db.Writer, kms kms.GetWrapperer, opt ...Option) (*Repository, error)

NewRepository creates a new ldap Repository. Supports the options: WithLimit which sets a default limit on results returned by repo operations.

func (*Repository) Authenticate 

func (r *Repository) Authenticate(ctx context.Context, authMethodId, loginName, password string) (*Account, error)

Authenticate authenticates loginName and password via the auth method's configured LDAP service. The account for the loginName is returned if authentication is successful. Returns nil if authentication fails.

If the AuthMethod.EnableGroups is true, then the authenticated user's groups will be returned in account.

Authenticate will update the stored values for the authenticated user's Account: FullName, Email, Dn, EntryAttributes, and MemberOfGroups.

Note: the auth_method table uses public id as its PK, so there's no need a scope id parameter.

func (*Repository) CreateAccount 

func (r *Repository) CreateAccount(ctx context.Context, a *Account, _ ...Option) (*Account, error)

CreateAccount inserts an Account, a, into the repository and returns a new Account containing its PublicId. a is not changed. a must contain a valid LdapMethodId and ScopeId. a must not contain a PublicId. The PublicId is generated and assigned by this method. a must contain a valid LoginName. a.LoginName must be unique for an a.AuthMethod.

Both a.Name and a.Description are optional. If a.Name is set, it must be unique within a.AuthMethodId.

func (*Repository) CreateAuthMethod 

func (r *Repository) CreateAuthMethod(ctx context.Context, am *AuthMethod, opt ...Option) (*AuthMethod, error)

CreateAuthMethod creates am (*AuthMethod) in the repo along with its associated embedded optional value objects (urls, certs, client certs, bind creds, user search conf and group search conf) and returns the newly created AuthMethod (with its PublicId set)

The AuthMethod's public id and version must be empty (zero values).

All options are ignored.

func (*Repository) CreateManagedGroup 

func (r *Repository) CreateManagedGroup(ctx context.Context, scopeId string, mg *ManagedGroup, _ ...Option) (*ManagedGroup, error)

CreateManagedGroup inserts an ManagedGroup, mg, into the repository and returns a new ManagedGroup containing its PublicId. mg is not changed. mg must contain a valid AuthMethodId. mg must not contain a PublicId. The PublicId is generated and assigned by this method. All options are ignored.

Both mg.Name and mg.Description are optional. If mg.Name is set, it must be unique within mg.AuthMethodId.

func (*Repository) DeleteAccount 

func (r *Repository) DeleteAccount(ctx context.Context, withPublicId string, _ ...Option) (int, error)

DeleteAccount deletes the account for the provided id from the repository returning a count of the number of records deleted. All options are ignored.

func (*Repository) DeleteAuthMethod 

func (r *Repository) DeleteAuthMethod(ctx context.Context, publicId string, _ ...Option) (int, error)

DeleteAuthMethod will delete the auth method from the repository. It is idempotent so if the auth method was not found, return 0 (no rows affected) and nil. No options are currently supported.

func (*Repository) DeleteManagedGroup 

func (r *Repository) DeleteManagedGroup(ctx context.Context, scopeId, withPublicId string, opt ...Option) (int, error)

DeleteManagedGroup deletes the managed group for the provided id from the repository returning a count of the number of records deleted. All options are ignored.

func (*Repository) ListAccounts 

func (r *Repository) ListAccounts(ctx context.Context, withAuthMethodId string, opt ...Option) ([]*Account, error)

ListAccounts in an auth method and supports WithLimit option.

func (*Repository) ListAuthMethods 

func (r *Repository) ListAuthMethods(ctx context.Context, scopeIds []string, opt ...Option) ([]*AuthMethod, error)

ListAuthMethods returns a slice of AuthMethods for the scopeId. The WithUnauthenticatedUser, WithLimit and WithOrder options are supported and all other options are ignored.

func (*Repository) ListManagedGroupMembershipsByGroup 

func (r *Repository) ListManagedGroupMembershipsByGroup(ctx context.Context, withGroupId string, opt ...Option) ([]*ManagedGroupMemberAccount, error)

ListManagedGroupMembershipsByGroup lists managed group memberships via the group ID and supports WithLimit option.

func (*Repository) ListManagedGroupMembershipsByMember 

func (r *Repository) ListManagedGroupMembershipsByMember(ctx context.Context, withAcctId string, opt ...Option) ([]*ManagedGroupMemberAccount, error)

ListManagedGroupMembershipsByMember lists managed group memberships via the member (account) ID and supports WithLimit option.

func (*Repository) ListManagedGroups 

func (r *Repository) ListManagedGroups(ctx context.Context, withAuthMethodId string, opt ...Option) ([]*ManagedGroup, error)

ListManagedGroups in an auth method and supports WithLimit option.

func (*Repository) LookupAccount 

func (r *Repository) LookupAccount(ctx context.Context, withPublicId string, _ ...Option) (*Account, error)

LookupAccount will look up an account in the repository. If the account is not found, it will return nil, nil. All options are ignored.

func (*Repository) LookupAuthMethod 

func (r *Repository) LookupAuthMethod(ctx context.Context, publicId string, opt ...Option) (*AuthMethod, error)

LookupAuthMethod will lookup an auth method in the repo, along with its associated Value Objects of SigningAlgs, CallbackUrls, AudClaims and Certificates. If it's not found, it will return nil, nil. The WithUnauthenticatedUser options is supported and all other options are ignored.

func (*Repository) LookupManagedGroup 

func (r *Repository) LookupManagedGroup(ctx context.Context, withPublicId string, _ ...Option) (*ManagedGroup, error)

LookupManagedGroup will look up a managed group in the repository. If the managed group is not found, it will return nil, nil. All options are ignored.

func (*Repository) UpdateAccount 

func (r *Repository) UpdateAccount(ctx context.Context, scopeId string, a *Account, version uint32, fieldMaskPaths []string, opt ...Option) (*Account, int, error)

UpdateAccount updates the repository entry for a.PublicId with the values in a for the fields listed in fieldMaskPaths. It returns a new Account containing the updated values and a count of the number of records updated. a is not changed.

a must contain a valid PublicId. Only a.Name and a.Description can be updated. If a.Name is set to a non-empty string, it must be unique within a.AuthMethodId.

An attribute of a will be set to NULL in the database if the attribute in a is the zero value and it is included in fieldMaskPaths.

func (*Repository) UpdateAuthMethod 

func (r *Repository) UpdateAuthMethod(ctx context.Context, am *AuthMethod, version uint32, fieldMaskPaths []string, _ ...Option) (*AuthMethod, int, error)

UpdateAuthMethod will retrieve the auth method from the repository, and update it based on the field masks provided.

fieldMaskPaths provides field_mask.proto paths for fields that should be updated. Fields will be set to NULL if the field is a zero value and included in fieldMask. Name, Description, StartTLs, DiscoverDn, AnonGroupSearch, UpnDomain, UserDn, UserAttr, UserFilter, GroupDn, GroupAttr, GroupFilter, ClientCertificateKey, ClientCertificate, BindDn and BindPassword are all updatable fields. The AuthMethod's Value Objects of Urls and Certificates are also updatable. If no updatable fields are included in the fieldMaskPaths, then an error is returned.

No Options are currently supported.

func (*Repository) UpdateManagedGroup 

func (r *Repository) UpdateManagedGroup(ctx context.Context, scopeId string, mg *ManagedGroup, version uint32, fieldMaskPaths []string, opt ...Option) (*ManagedGroup, int, error)

UpdateManagedGroup updates the repository entry for mg.PublicId with the values in mg for the fields listed in fieldMaskPaths. It returns a new ManagedGroup containing the updated values and a count of the number of records updated. mg is not changed.

mg must contain a valid PublicId. Only mg.Name, mg.Description, and mg.GroupNames can be updated. If mg.Name is set to a non-empty string, it must be unique within mg.AuthMethodId.

An attribute of a will be set to NULL in the database if the attribute in a is the zero value and it is included in fieldMaskPaths.

type Url 

type Url struct {
	*store.Url
	// contains filtered or unexported fields
}

Url represents a required one to many auth method urls. It is assigned to an LDAP AuthMethod and updates/deletes to that AuthMethod are cascaded to its Urls. Urls are value objects of an AuthMethod, therefore there's no need for oplog metadata, since only the AuthMethod will have metadata because it's the root aggregate.

func NewUrl 

func NewUrl(ctx context.Context, authMethodId string, connectionPriority int, url *url.URL, _ ...Option) (*Url, error)

NewUrl creates a new in memory Url. connectionPriority cannot be less than one. No options are currently supported.

func (*Url) SetTableName 

func (u *Url) SetTableName(n string)

SetTableName sets the table name.

func (*Url) TableName 

func (u *Url) TableName() string

TableName returns the table name

type UserEntrySearchConf 

type UserEntrySearchConf struct {
	*store.UserEntrySearchConf
	// contains filtered or unexported fields
}

UserEntrySearchConf represent a set of optional configuration fields used to search for user entries. It is assigned to an LDAP AuthMethod and updates/deletes to that AuthMethod are cascaded to its UserEntrySearchConf. UserEntrySearchConf are value objects of an AuthMethod, therefore there's no need for oplog metadata, since only the AuthMethod will have metadata because it's the root aggregate.

func NewUserEntrySearchConf 

func NewUserEntrySearchConf(ctx context.Context, authMethodId string, opt ...Option) (*UserEntrySearchConf, error)

NewUserEntrySearchConf creates a new in memory NewUserEntrySearchConf. Supported options are: WithUserDn, WithUserAttr, WithUserFilter and all other options are ignored.

func (*UserEntrySearchConf) SetTableName 

func (uc *UserEntrySearchConf) SetTableName(n string)

SetTableName sets the table name.

func (*UserEntrySearchConf) TableName 

func (uc *UserEntrySearchConf) TableName() string

TableName returns the table name

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.