client

package

v0.19.0 Latest Latest Go to latest Published: Sep 11, 2024 License: MPL-2.0 Imports: 11 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/hashicorp/vault-plugin-secrets-ad

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func ParseTicks(ticks string) (time.Time, error)
func TicksToTime(ticks int64) time.Time
type ADConf
type Client
- func NewClient(logger hclog.Logger) *Client
type Entry
- func NewEntry(ldapEntry *ldap.Entry) *Entry
- func (e *Entry) Get(field *Field) ([]string, bool)
- func (e *Entry) GetJoined(field *Field) (string, bool)
type Field
- func (f *Field) String() string

Constants ¶

This section is empty.

Variables ¶

View Source

var FieldRegistry = newFieldRegistry()

FieldRegistry is designed to look and feel like an enum from another language like Python.

Example: Accessing constants

FieldRegistry.AccountExpires
FieldRegistry.BadPasswordCount

Example: Utility methods

FieldRegistry.List()
FieldRegistry.Parse("givenName")

Functions ¶

func ParseTicks ¶

func ParseTicks(ticks string) (time.Time, error)

ParseTicks parses dates represented as Active Directory LargeInts into times. Not all time fields are represented this way, so be sure to test that your particular time returns expected results. Some time fields represented as LargeInts include accountExpires, lastLogon, lastLogonTimestamp, and pwdLastSet. More: https://social.technet.microsoft.com/wiki/contents/articles/31135.active-directory-large-integer-attributes.aspx

func TicksToTime ¶

func TicksToTime(ticks int64) time.Time

TicksToTime converts an ActiveDirectory time in ticks to a time. This algorithm is summarized as:

Many dates are saved in Active Directory as Large Integer values.
These attributes represent dates as the number of 100-nanosecond intervals since 12:00 AM January 1, 1601.
100-nanosecond intervals, equal to 0.0000001 seconds, are also called ticks.
Dates in Active Directory are always saved in Coordinated Universal Time, or UTC.
More: https://social.technet.microsoft.com/wiki/contents/articles/31135.active-directory-large-integer-attributes.aspx

If we directly follow the above algorithm we encounter time.Duration limits of 290 years and int overflow issues. Thus below, we carefully sidestep those.

Types ¶

type ADConf ¶

type ADConf struct {
	*ldaputil.ConfigEntry
	LastBindPassword         string    `json:"last_bind_password"`
	LastBindPasswordRotation time.Time `json:"last_bind_password_rotation"`
}

type Client ¶

type Client struct {
	// contains filtered or unexported fields
}

func NewClient ¶

func NewClient(logger hclog.Logger) *Client

func (*Client) Search ¶

func (c *Client) Search(cfg *ADConf, baseDN string, filters map[*Field][]string) ([]*Entry, error)

func (*Client) UpdateEntry ¶

func (c *Client) UpdateEntry(cfg *ADConf, baseDN string, filters map[*Field][]string, newValues map[*Field][]string) error

func (*Client) UpdatePassword ¶

func (c *Client) UpdatePassword(cfg *ADConf, baseDN string, filters map[*Field][]string, newPassword string) error

UpdatePassword uses a Modify call under the hood because Active Directory doesn't recognize the passwordModify method. See https://github.com/go-ldap/ldap/issues/106 for more.

type Entry ¶

type Entry struct {
	*ldap.Entry
	// contains filtered or unexported fields
}

func NewEntry ¶

func NewEntry(ldapEntry *ldap.Entry) *Entry

Entry is an Active Directory-specific construct to make knowing and grabbing fields more convenient, while retaining all original information.

func (*Entry) Get ¶

func (e *Entry) Get(field *Field) ([]string, bool)

func (*Entry) GetJoined ¶

func (e *Entry) GetJoined(field *Field) (string, bool)

type Field ¶

type Field struct {
	// contains filtered or unexported fields
}

func (*Field) String ¶

func (f *Field) String() string

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
tools

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL