ldaputil

package
v3.11.0+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 9, 2018 License: Apache-2.0 Imports: 12 Imported by: 180

Documentation

Index

Constants

View Source
const (
	// LDAPHostLabel is the Label value that stores the host of the LDAP server
	// TODO: we don't store port here because labels don't allow for colons. We might want to add this back
	// with a different separator
	LDAPHostLabel string = "openshift.io/ldap.host"

	// LDAPURLAnnotation is the Annotation value that stores the host:port of the LDAP server
	LDAPURLAnnotation string = "openshift.io/ldap.url"
	// LDAPUIDAnnotation is the Annotation value that stores the corresponding LDAP group UID for the Group
	LDAPUIDAnnotation string = "openshift.io/ldap.uid"
	// LDAPSyncTime is the Annotation value that stores the last time this Group was synced with LDAP
	LDAPSyncTimeAnnotation string = "openshift.io/ldap.sync-time"
)

These constants contain values for annotations and labels affixed to Groups by the LDAP sync job

View Source
const (
	DerefAliasesNever     = ldap.NeverDerefAliases
	DerefAliasesSearching = ldap.DerefInSearching
	DerefAliasesFinding   = ldap.DerefFindingBaseObj
	DerefAliasesAlways    = ldap.DerefAlways
)

Variables

This section is empty.

Functions

func DetermineLDAPFilter

func DetermineLDAPFilter(filter string) (string, error)

DetermineLDAPFilter determines the LDAP search filter. Filter is a valid LDAP filter Default to "(objectClass=*)" per RFC

func DetermineLDAPHost

func DetermineLDAPHost(hostport string, scheme Scheme) (string, error)

DetermineLDAPHost determines the host and port for the LDAP connection. The default host is localhost; the default port for scheme "ldap" is 389, for "ldaps" is 686

func GetAttributeValue

func GetAttributeValue(entry *ldap.Entry, attributes []string) string

GetAttributeValue finds the first attribute of those given that the LDAP entry has, and returns it. GetAttributeValue is able to query the DN as well as Attributes of the LDAP entry. If no value is found, the empty string is returned.

func IsEntryNotFoundError

func IsEntryNotFoundError(err error) bool

func IsNoSuchObjectError

func IsNoSuchObjectError(err error) bool

IsNoSuchObjectError determines if the error is a NoSuchObjectError or if it is the upstream version of the error If this returns true, you are *not* safe to cast the error to a NoSuchObjectError

func IsQueryOutOfBoundsError

func IsQueryOutOfBoundsError(err error) bool

func NewEntryNotFoundError

func NewEntryNotFoundError(baseDN, filter string) error

func NewLDAPClientConfig

func NewLDAPClientConfig(URL, bindDN, bindPassword, CA string, insecure bool) (ldapclient.Config, error)

NewLDAPClientConfig returns a new LDAP client config

func NewNoSuchObjectError

func NewNoSuchObjectError(baseDN string) error

func NewQueryOutOfBoundsError

func NewQueryOutOfBoundsError(queryDN, baseDN string) error

func QueryForEntries

func QueryForEntries(clientConfig ldapclient.Config, query *ldap.SearchRequest) ([]*ldap.Entry, error)

QueryForEntries queries for LDAP with the given searchRequest

func QueryForUniqueEntry

func QueryForUniqueEntry(clientConfig ldapclient.Config, query *ldap.SearchRequest) (*ldap.Entry, error)

QueryForUniqueEntry queries for an LDAP entry with the given searchRequest. The query is expected to return one unqiue result. If this is not the case, errors are raised

func SplitLDAPQuery

func SplitLDAPQuery(query string) (attributes, scope, filter, extensions string, err error)

SplitLDAPQuery splits the query in the URL into the substituent parts. All sections are optional. Query syntax is attribute?scope?filter?extensions

Types

type DefaultLDAPUserIdentityFactory

type DefaultLDAPUserIdentityFactory struct {
	ProviderName string
	Definer      LDAPUserAttributeDefiner
}

DefaultLDAPUserIdentityFactory creates Identities for LDAP user entries using an LDAPUserAttributeDefiner

func (*DefaultLDAPUserIdentityFactory) IdentityFor

func (f *DefaultLDAPUserIdentityFactory) IdentityFor(user *ldap.Entry) (identity authapi.UserIdentityInfo, err error)

type DerefAliases

type DerefAliases int

DerefAliases is a valid LDAP alias dereference parameter

func DetermineDerefAliasesBehavior

func DetermineDerefAliasesBehavior(derefAliasesString string) (DerefAliases, error)

type LDAPQuery

type LDAPQuery struct {
	// The DN of the branch of the directory where all searches should start from
	BaseDN string

	// The (optional) scope of the search. Defaults to the entire subtree if not set
	Scope Scope

	// The (optional) behavior of the search with regards to alisases. Defaults to always
	// dereferencing if not set
	DerefAliases DerefAliases

	// TimeLimit holds the limit of time in seconds that any request to the server can remain outstanding
	// before the wait for a response is given up. If this is 0, no client-side limit is imposed
	TimeLimit int

	// Filter is a valid LDAP search filter that retrieves all relevant entries from the LDAP server with the base DN
	Filter string

	// PageSize is the maximum preferred page size, measured in LDAP entries. A page size of 0 means no paging will be done.
	PageSize int
}

LDAPQuery encodes an LDAP query

func NewLDAPQuery

func NewLDAPQuery(config config.LDAPQuery) (LDAPQuery, error)

NewLDAPQuery converts a user-provided LDAPQuery into a version we can use

func (*LDAPQuery) NewSearchRequest

func (q *LDAPQuery) NewSearchRequest(additionalAttributes []string) *ldap.SearchRequest

NewSearchRequest creates a new search request for the LDAP query and optionally includes more attributes

type LDAPQueryOnAttribute

type LDAPQueryOnAttribute struct {
	// Query retrieves entries from an LDAP server
	LDAPQuery

	// QueryAttribute is the attribute for a specific filter that, when conjoined with the common filter,
	// retrieves the specific LDAP entry from the LDAP server. (e.g. "cn", when formatted with "aGroupName"
	// and conjoined with "objectClass=groupOfNames", becomes (&(objectClass=groupOfNames)(cn=aGroupName))")
	QueryAttribute string
}

LDAPQueryOnAttribute encodes an LDAP query that conjoins two filters to extract a specific LDAP entry This query is not self-sufficient and needs the value of the QueryAttribute to construct the final filter

func NewLDAPQueryOnAttribute

func NewLDAPQueryOnAttribute(config config.LDAPQuery, attribute string) (LDAPQueryOnAttribute, error)

NewLDAPQueryOnAttribute converts a user-provided LDAPQuery into a version we can use by parsing the input and combining it with a set of name attributes

func (*LDAPQueryOnAttribute) NewSearchRequest

func (o *LDAPQueryOnAttribute) NewSearchRequest(attributeValue string, attributes []string) (*ldap.SearchRequest, error)

NewSearchRequest creates a new search request from the identifying query by internalizing the value of the attribute to be filtered as well as any attributes that need to be recovered

type LDAPURL

type LDAPURL struct {
	// Scheme is ldap or ldaps
	Scheme Scheme
	// Host is the host:port of the LDAP server
	Host string
	// The DN of the branch of the directory where all searches should start from
	BaseDN string
	// The attribute to search for
	QueryAttribute string
	// The scope of the search. Can be ldap.ScopeWholeSubtree, ldap.ScopeSingleLevel, or ldap.ScopeBaseObject
	Scope Scope
	// A valid LDAP search filter (e.g. "(objectClass=*)")
	Filter string
}

LDAPURL holds a parsed RFC 2255 URL

func ParseURL

func ParseURL(ldapURL string) (LDAPURL, error)

ParseURL parsed the given ldapURL as an RFC 2255 URL The syntax of the URL is ldap://host:port/basedn?attribute?scope?filter

type LDAPUserAttributeDefiner

type LDAPUserAttributeDefiner struct {
	// contains filtered or unexported fields
}

LDAPUserAttributeDefiner defines the values corresponding to OpenShift Identities in LDAP entries by using a deterministic mapping of LDAP entry attributes to OpenShift Identity fields

func NewLDAPUserAttributeDefiner

func NewLDAPUserAttributeDefiner(attributeMapping serverapi.LDAPAttributeMapping) LDAPUserAttributeDefiner

func (*LDAPUserAttributeDefiner) AllAttributes

func (d *LDAPUserAttributeDefiner) AllAttributes() sets.String

AllAttributes gets all attributes listed in the LDAPUserAttributeDefiner

func (*LDAPUserAttributeDefiner) Email

func (d *LDAPUserAttributeDefiner) Email(user *ldap.Entry) string

Email extracts the email value from an LDAP user entry

func (*LDAPUserAttributeDefiner) ID

func (d *LDAPUserAttributeDefiner) ID(user *ldap.Entry) string

ID extracts the ID value from an LDAP user entry

func (*LDAPUserAttributeDefiner) Name

func (d *LDAPUserAttributeDefiner) Name(user *ldap.Entry) string

Name extracts the name value from an LDAP user entry

func (*LDAPUserAttributeDefiner) PreferredUsername

func (d *LDAPUserAttributeDefiner) PreferredUsername(user *ldap.Entry) string

PreferredUsername extracts the preferred username value from an LDAP user entry

type LDAPUserIdentityFactory

type LDAPUserIdentityFactory interface {
	IdentityFor(user *ldap.Entry) (identity authapi.UserIdentityInfo, err error)
}

LDAPUserIdentityFactory creates Identites for LDAP user entries.

type Scheme

type Scheme string

Scheme is a valid ldap scheme

const (
	SchemeLDAP  Scheme = "ldap"
	SchemeLDAPS Scheme = "ldaps"
)

func DetermineLDAPScheme

func DetermineLDAPScheme(scheme string) (Scheme, error)

DetermineLDAPScheme determines the LDAP connection scheme. Scheme is one of "ldap" or "ldaps" Default to "ldap"

type Scope

type Scope int

Scope is a valid LDAP search scope

const (
	ScopeWholeSubtree Scope = ldap.ScopeWholeSubtree
	ScopeSingleLevel  Scope = ldap.ScopeSingleLevel
	ScopeBaseObject   Scope = ldap.ScopeBaseObject
)

func DetermineLDAPScope

func DetermineLDAPScope(scope string) (Scope, error)

DetermineLDAPScope determines the LDAP search scope. Scope is one of "sub", "one", or "base" Default to "sub" to match mod_auth_ldap

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL