Documentation ¶
Overview ¶
Package ldap defines the LDAP configuration object and methods used by the MinIO server.
Index ¶
- type Config
- func (l *Config) Clone() (cloned Config)
- func (l *Config) Connect() (ldapConn *ldap.Conn, err error)
- func (l *Config) LookupBind(conn *ldap.Conn) error
- func (l *Config) LookupUserDN(conn *ldap.Conn, username string) (string, error)
- func (l *Config) SearchForUserGroups(conn *ldap.Conn, username, bindDN string) ([]string, error)
- func (l *Config) Validate() Validation
- func (l *Config) ValidateLookup(testUsername string) (*UserLookupResult, Validation)
- type Result
- type UserLookupResult
- type Validation
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct { Enabled bool // E.g. "ldap.minio.io:636" ServerAddr string TLSSkipVerify bool // allows skipping TLS verification ServerInsecure bool // allows plain text connection to LDAP server ServerStartTLS bool // allows using StartTLS connection to LDAP server RootCAs *x509.CertPool // Lookup bind LDAP service account LookupBindDN string LookupBindPassword string // User DN search parameters UserDNSearchBaseDistName string UserDNSearchBaseDistNames []string UserDNSearchFilter string // Group search parameters GroupSearchBaseDistName string GroupSearchBaseDistNames []string GroupSearchFilter string }
Config contains configuration to connect to an LDAP server.
func (*Config) LookupBind ¶
LookupBind connects to LDAP server using the bind user credentials.
func (*Config) LookupUserDN ¶
LookupUserDN searches for the DN of the user given their username. conn is assumed to be using the lookup bind service account. It is required that the search result in at most one result.
func (*Config) SearchForUserGroups ¶
SearchForUserGroups finds the groups of the user.
func (*Config) Validate ¶
func (l *Config) Validate() Validation
Validate validates the LDAP configuration. It can be called with any subset of configuration parameters provided by the user - it will return information on what needs to be done to fix the problem if any.
This function updates the UserDNSearchBaseDistNames and GroupSearchBaseDistNames fields of the Config - however this an idempotent operation. This is done to support configuration validation in Console/mc and for tests.
func (*Config) ValidateLookup ¶
func (l *Config) ValidateLookup(testUsername string) (*UserLookupResult, Validation)
ValidateLookup takes a test username and performs user and group lookup (if configured) and returns the result. It is to validate the LDAP configuration. The lookup is performed without requiring the password for the test user - and so can be used to test any LDAP user intending to use MinIO.
type Result ¶
type Result string
Result - type for high-level names for the validation status of the config.
const ( ConfigOk Result = "Config OK" ConnectivityError Result = "LDAP Server Connection Error" LookupBindError Result = "LDAP Lookup Bind Error" UserSearchParamsMisconfigured Result = "User Search Parameters Misconfigured" GroupSearchParamsMisconfigured Result = "Group Search Parameters Misconfigured" UserDNLookupError Result = "User DN Lookup Error" GroupMembershipsLookupError Result = "Group Memberships Lookup Error" )
Constant values for Result type.
type UserLookupResult ¶
UserLookupResult returns the DN found for the test user and their group memberships.
type Validation ¶
Validation returns feedback on the configuration. The `Suggestion` field needs to be "printed" for friendly display (it can contain escaped newlines `\n`).
func (Validation) FormatError ¶
func (v Validation) FormatError() string
FormatError returns detailed validation error information.
func (Validation) IsOk ¶
func (v Validation) IsOk() bool
IsOk - returns if the validation succeeded.