ldappassword

package
v1.0.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 29, 2015 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func New

func New(providerName string, options Options, mapper authapi.UserIdentityMapper) (authenticator.Password, error)

New returns an authenticator which will validate usernames/passwords using LDAP.

Types

type Authenticator

type Authenticator struct {
	// contains filtered or unexported fields
}

Authenticator validates username/passwords against an LDAP v3 server

func (*Authenticator) AuthenticatePassword

func (a *Authenticator) AuthenticatePassword(username, password string) (user.Info, bool, error)

AuthenticatePassword validates the given username and password against an LDAP server

type LDAPURL

type LDAPURL struct {
	// Scheme is ldap or ldaps
	Scheme Scheme
	// Host is the host:port of the LDAP server
	Host string
	// The DN of the branch of the directory where all searches should start from
	BaseDN string
	// The attribute to search for
	QueryAttribute string
	// The scope of the search. Can be ldap.ScopeWholeSubtree, ldap.ScopeSingleLevel, or ldap.ScopeBaseObject
	Scope Scope
	// A valid LDAP search filter (e.g. "(objectClass=*)")
	Filter string
}

LDAPURL holds a parsed RFC 2255 URL

func ParseURL

func ParseURL(ldapURL string) (LDAPURL, error)

ParseURL parsed the given ldapURL as an RFC 2255 URL The syntax of the URL is ldap://host:port/basedn?attribute?scope?filter

type Options

type Options struct {
	// URL is a parsed RFC 2255 URL
	URL LDAPURL
	// Insecure specifies if TLS is required for the connection. If true, either an ldap://... URL or StartTLS must be supported by the server
	Insecure bool
	// TLSConfig holds the TLS options. Only used when Insecure=false
	TLSConfig *tls.Config

	// BindDN is the optional username to bind to for the search phase. If specified, BindPassword must also be set.
	BindDN string
	// BindPassword is the optional password to bind to for the search phase.
	BindPassword string

	// AttributeEmail is the optional list of LDAP attributes to use for the email address of the user identity.
	// The first attribute with a non-empty value is used.
	AttributeEmail []string
	// AttributeName is the optional list of LDAP attributes to use for the display name of the user identity.
	// The first attribute with a non-empty value is used.
	AttributeName []string
	// AttributePreferredUsername is the optional list of LDAP attributes to use for the preferred username of the user identity.
	// The first attribute with a non-empty value is used. If not specified, the id determined by AttributeID is used as the preferred login.
	AttributePreferredUsername []string
	// AttributeID is the required list of LDAP attributes to use for the id address of the user identity.
	// The first attribute with a non-empty value is used. If no attributes have values, login fails.
	AttributeID []string
}

Options contains configuration for an Authenticator instance

type Scheme

type Scheme string

Scheme is a valid ldap scheme

const (
	SchemeLDAP  Scheme = "ldap"
	SchemeLDAPS Scheme = "ldaps"
)

type Scope

type Scope int

Scope is a valid LDAP search scope

const (
	ScopeWholeSubtree Scope = ldap.ScopeWholeSubtree
	ScopeSingleLevel  Scope = ldap.ScopeSingleLevel
	ScopeBaseObject   Scope = ldap.ScopeBaseObject
)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL