Documentation ¶
Index ¶
- Constants
- func BuildFilter(filters []string) string
- func Contains[T comparable](s []T, e T) bool
- func EqualProto(a proto.Message, b proto.Message) (bool, string)
- func EscapeDN(dn string) string
- func EscapeFilter(s string) string
- func PrettyPrint(m interface{}) string
- func ValidateEmail(email string) error
- func ValidateFirstName(name string) error
- func ValidateLastName(name string) error
- func ValidatePassword(password string) error
- func ValidateUsername(username string) error
- type Container
- type ContainerOptions
- type GroupAlreadyExistsError
- type InvalidUserError
- type LDAPManager
- func (m *LDAPManager) AddGroupMember(req *pb.GroupMember, allowNonExistent bool) error
- func (m *LDAPManager) AdminUserDN() string
- func (m *LDAPManager) AuthenticateUser(req *pb.LoginRequest) (*pb.User, error)
- func (m *LDAPManager) ChangePassword(req *pb.ChangePasswordRequest) error
- func (m *LDAPManager) Close()
- func (m *LDAPManager) Connect() error
- func (m *LDAPManager) DeleteGroup(req *pb.DeleteGroupRequest) error
- func (m *LDAPManager) DeleteUser(req *pb.DeleteUserRequest, keepGroups bool) error
- func (m *LDAPManager) GetGroupByGID(GID int) (*pb.Group, error)
- func (m *LDAPManager) GetGroupByName(name string) (*pb.Group, error)
- func (m *LDAPManager) GetGroupList(req *pb.GetGroupListRequest) (*pb.GroupList, error)
- func (m *LDAPManager) GetHighestGID() (int, error)
- func (m *LDAPManager) GetHighestUID() (int, error)
- func (m *LDAPManager) GetUser(username string) (*pb.User, error)
- func (m *LDAPManager) GetUserGroup(username string) (*pb.Group, error)
- func (m *LDAPManager) GetUserGroups(req *pb.GetUserGroupsRequest) (*pb.GroupList, error)
- func (m *LDAPManager) GetUserList(req *pb.GetUserListRequest) (*pb.UserList, error)
- func (m *LDAPManager) GroupDN(name string) string
- func (m *LDAPManager) GroupMemberDN(username string) string
- func (m *LDAPManager) IsGroupMember(req *pb.IsGroupMemberRequest) (*pb.GroupMemberStatus, error)
- func (m *LDAPManager) IsProtectedGroup(group string) bool
- func (m *LDAPManager) MigrateUserGroups(username, newUsername string) error
- func (m *LDAPManager) NewGroup(req *pb.NewGroupRequest, strict bool) error
- func (m *LDAPManager) NewUser(req *pb.NewUserRequest) error
- func (m *LDAPManager) ParseUser(entry *ldap.Entry) *pb.User
- func (m *LDAPManager) ReadOnlyUserDN() string
- func (m *LDAPManager) RemoveGroupMember(req *pb.GroupMember, allowRemoveFromDefaultGroups bool) error
- func (m *LDAPManager) Setup() error
- func (m *LDAPManager) SetupLDAP() error
- func (m *LDAPManager) UpdateGroup(req *pb.UpdateGroupRequest) error
- func (m *LDAPManager) UpdateUser(req *pb.UpdateUserRequest, isAdmin bool) (string, error)
- func (m *LDAPManager) UserDN(name string) string
- type MemberAlreadyExistsError
- type NoSuchMemberError
- type RemoveLastGroupMemberError
- type Test
- type UserAlreadyExistsError
- type ZeroOrMultipleGroupsError
- type ZeroOrMultipleUsersError
Constants ¶
const ( // MinUID for POSIX accounts MinUID = 2000 // MinGID for POSIX accounts MinGID = 2000 )
const (
// OpenLDAPPort is the OpenLDAP protocol port
OpenLDAPPort = 389
)
Variables ¶
This section is empty.
Functions ¶
func BuildFilter ¶
BuildFilter escapes and concatenates multiple filter expressions
func Contains ¶
func Contains[T comparable](s []T, e T) bool
Contains is a generic function that checks if a collection contains a value
func EqualProto ¶
EqualProto checks if two proto messages are equal if they are not equal, a diff describes how they differ
func EscapeDN ¶
EscapeDN escapes an LDAP DN to avoid LDAP injection attacks
source: https://github.com/go-ldap/ldap/blob/master/ldap.go Note: for the next ldap release, we can directly use `ldap.EscapeDN`
func EscapeFilter ¶
EscapeFilter escapes an LDAP filter to avoid LDAP injection attacks
func PrettyPrint ¶
func PrettyPrint(m interface{}) string
PrettyPrint formats an interface into a human readable string
func ValidateFirstName ¶
ValidateFirstName validates a first name
func ValidateLastName ¶
ValidateLastName validates a last name
func ValidatePassword ¶
ValidatePassword validates a password
func ValidateUsername ¶
ValidateUsername validates a username
Types ¶
type Container ¶
type Container struct { ldapconfig.Config Container testcontainers.Container }
Container holds the LDAP container
func StartOpenLDAP ¶
func StartOpenLDAP(ctx context.Context, options ContainerOptions) (Container, error)
StartOpenLDAP starts the OpenLDAP container
type ContainerOptions ¶
type ContainerOptions struct { ldapconfig.Config ImageTag string Networks []string }
ContainerOptions describes options for the container
type GroupAlreadyExistsError ¶
type GroupAlreadyExistsError struct { ldaperror.ApplicationError Group string }
GroupAlreadyExistsError is returned when a group already exists
func (*GroupAlreadyExistsError) Error ¶
func (e *GroupAlreadyExistsError) Error() string
func (*GroupAlreadyExistsError) StatusError ¶
func (e *GroupAlreadyExistsError) StatusError() error
StatusError returns the GRPC status error for this error
type InvalidUserError ¶
type InvalidUserError struct { ldaperror.ApplicationError Invalid map[string]error }
InvalidUserError is returned when the user contains invalid values
func ValidateNewUser ¶
func ValidateNewUser(req *pb.NewUserRequest) *InvalidUserError
ValidateNewUser validates a new user request
func (*InvalidUserError) Error ¶
func (e *InvalidUserError) Error() string
func (*InvalidUserError) StatusError ¶
func (e *InvalidUserError) StatusError() error
StatusError returns the GRPC status error for this error
type LDAPManager ¶
type LDAPManager struct { ldapconfig.Config Pool ldappool.Pool GroupsDN string UserGroupDN string GroupsOU string UsersOU string DefaultUserGroup string DefaultAdminGroup string DefaultUserShell string DefaultAdminUsername string DefaultAdminPassword string ForceCreateAdmin bool GroupMembershipAttribute string AccountAttribute string GroupAttribute string GroupMembershipUsesUID bool }
LDAPManager implements the LDAP manager functionality
func NewLDAPManager ¶
func NewLDAPManager(config ldapconfig.Config) *LDAPManager
NewLDAPManager creates a new LDAPManager
func (*LDAPManager) AddGroupMember ¶
func (m *LDAPManager) AddGroupMember(req *pb.GroupMember, allowNonExistent bool) error
AddGroupMember adds a user as a group member
func (*LDAPManager) AdminUserDN ¶
func (m *LDAPManager) AdminUserDN() string
AdminUserDN gets the DN of the admin user
func (*LDAPManager) AuthenticateUser ¶
func (m *LDAPManager) AuthenticateUser(req *pb.LoginRequest) (*pb.User, error)
AuthenticateUser authenticates a user
func (*LDAPManager) ChangePassword ¶
func (m *LDAPManager) ChangePassword(req *pb.ChangePasswordRequest) error
ChangePassword changes the password of a user
func (*LDAPManager) Connect ¶
func (m *LDAPManager) Connect() error
Connect sets up the connection pool to the LDAP server
func (*LDAPManager) DeleteGroup ¶
func (m *LDAPManager) DeleteGroup(req *pb.DeleteGroupRequest) error
DeleteGroup deletes a group
func (*LDAPManager) DeleteUser ¶
func (m *LDAPManager) DeleteUser(req *pb.DeleteUserRequest, keepGroups bool) error
DeleteUser deletes a user
func (*LDAPManager) GetGroupByGID ¶
func (m *LDAPManager) GetGroupByGID(GID int) (*pb.Group, error)
GetGroupByGID gets a group by its GID
func (*LDAPManager) GetGroupByName ¶
func (m *LDAPManager) GetGroupByName(name string) (*pb.Group, error)
GetGroupByName gets a group by its name
func (*LDAPManager) GetGroupList ¶
func (m *LDAPManager) GetGroupList(req *pb.GetGroupListRequest) (*pb.GroupList, error)
GetGroupList gets a list of all groups
func (*LDAPManager) GetHighestGID ¶
func (m *LDAPManager) GetHighestGID() (int, error)
GetHighestGID gets the highest GID
func (*LDAPManager) GetHighestUID ¶
func (m *LDAPManager) GetHighestUID() (int, error)
GetHighestUID gets the highest UID
func (*LDAPManager) GetUser ¶
func (m *LDAPManager) GetUser(username string) (*pb.User, error)
GetUser gets a user
func (*LDAPManager) GetUserGroup ¶
func (m *LDAPManager) GetUserGroup(username string) (*pb.Group, error)
GetUserGroup gets or creates the user group
If there exist no users yet, the default user groups is created with the given user as the initial member
func (*LDAPManager) GetUserGroups ¶
func (m *LDAPManager) GetUserGroups(req *pb.GetUserGroupsRequest) (*pb.GroupList, error)
GetUserGroups gets the groups a user is member of
func (*LDAPManager) GetUserList ¶
func (m *LDAPManager) GetUserList(req *pb.GetUserListRequest) (*pb.UserList, error)
GetUserList gets a list of all users
func (*LDAPManager) GroupDN ¶
func (m *LDAPManager) GroupDN(name string) string
GroupDN returns the full group DN for a group name
func (*LDAPManager) GroupMemberDN ¶
func (m *LDAPManager) GroupMemberDN(username string) string
GroupMemberDN gets the distinguished name of a group member
func (*LDAPManager) IsGroupMember ¶
func (m *LDAPManager) IsGroupMember(req *pb.IsGroupMemberRequest) (*pb.GroupMemberStatus, error)
IsGroupMember checks if a user is member of a group
func (*LDAPManager) IsProtectedGroup ¶
func (m *LDAPManager) IsProtectedGroup(group string) bool
IsProtectedGroup returns `true` if the group is the user or admin group
func (*LDAPManager) MigrateUserGroups ¶
func (m *LDAPManager) MigrateUserGroups(username, newUsername string) error
MigrateUserGroups migrates a user in each group it is a member of
func (*LDAPManager) NewGroup ¶
func (m *LDAPManager) NewGroup(req *pb.NewGroupRequest, strict bool) error
NewGroup creates a new group
func (*LDAPManager) NewUser ¶
func (m *LDAPManager) NewUser(req *pb.NewUserRequest) error
NewUser adds a new user
func (*LDAPManager) ParseUser ¶
func (m *LDAPManager) ParseUser(entry *ldap.Entry) *pb.User
ParseUser parses an ldap entry as a User
func (*LDAPManager) ReadOnlyUserDN ¶
func (m *LDAPManager) ReadOnlyUserDN() string
ReadOnlyUserDN gets the DN of the read-only user
func (*LDAPManager) RemoveGroupMember ¶
func (m *LDAPManager) RemoveGroupMember(req *pb.GroupMember, allowRemoveFromDefaultGroups bool) error
RemoveGroupMember removes a group member from a group
func (*LDAPManager) SetupLDAP ¶
func (m *LDAPManager) SetupLDAP() error
SetupLDAP sets up the LDAP server
func (*LDAPManager) UpdateGroup ¶
func (m *LDAPManager) UpdateGroup(req *pb.UpdateGroupRequest) error
UpdateGroup updates a group
func (*LDAPManager) UpdateUser ¶
func (m *LDAPManager) UpdateUser(req *pb.UpdateUserRequest, isAdmin bool) (string, error)
UpdateUser updates a user
func (*LDAPManager) UserDN ¶
func (m *LDAPManager) UserDN(name string) string
UserDN returns the full user DN for a user name
type MemberAlreadyExistsError ¶
type MemberAlreadyExistsError struct { ldaperror.ApplicationError Group, Member string }
MemberAlreadyExistsError is returned when a user is already a group member
func (*MemberAlreadyExistsError) Error ¶
func (e *MemberAlreadyExistsError) Error() string
func (*MemberAlreadyExistsError) StatusError ¶
func (e *MemberAlreadyExistsError) StatusError() error
StatusError returns the GRPC status error for this error
type NoSuchMemberError ¶
type NoSuchMemberError struct { ldaperror.ApplicationError Group, Member string }
A NoSuchMemberError is returned when the group does not contain the member
func (*NoSuchMemberError) StatusError ¶
func (err *NoSuchMemberError) StatusError() error
StatusError ...
type RemoveLastGroupMemberError ¶
type RemoveLastGroupMemberError struct { ldaperror.ApplicationError Group string }
A RemoveLastGroupMemberError is returned when attempting to remove the only member of a group
func (*RemoveLastGroupMemberError) Error ¶
func (err *RemoveLastGroupMemberError) Error() string
func (*RemoveLastGroupMemberError) StatusError ¶
func (err *RemoveLastGroupMemberError) StatusError() error
StatusError returns the GRPC status error for this error
type Test ¶
type Test struct { Container *Container Manager *LDAPManager }
Test wraps a pre-configured OpenLDAP container and Manager instance
type UserAlreadyExistsError ¶
type UserAlreadyExistsError struct { ldaperror.ApplicationError Username string }
UserAlreadyExistsError is returned when a username already exists
func (*UserAlreadyExistsError) Error ¶
func (e *UserAlreadyExistsError) Error() string
func (*UserAlreadyExistsError) StatusError ¶
func (e *UserAlreadyExistsError) StatusError() error
StatusError returns the GRPC status error for this error
type ZeroOrMultipleGroupsError ¶
A ZeroOrMultipleGroupsError is returned when zero or multiple groups are found
func (*ZeroOrMultipleGroupsError) Error ¶
func (e *ZeroOrMultipleGroupsError) Error() string
func (*ZeroOrMultipleGroupsError) StatusError ¶
func (e *ZeroOrMultipleGroupsError) StatusError() error
StatusError returns the GRPC status error for this error
type ZeroOrMultipleUsersError ¶
type ZeroOrMultipleUsersError struct { ldaperror.ApplicationError Username string Count int }
A ZeroOrMultipleUsersError is returned when zero or multiple users are found
func (*ZeroOrMultipleUsersError) Error ¶
func (e *ZeroOrMultipleUsersError) Error() string
func (*ZeroOrMultipleUsersError) StatusError ¶
func (e *ZeroOrMultipleUsersError) StatusError() error
StatusError returns the GRPC status error for this error
Source Files ¶
- add_group_member.go
- authenticate_user.go
- change_password.go
- container.go
- delete_group.go
- delete_user.go
- get_group.go
- get_group_list.go
- get_user.go
- get_user_groups.go
- get_user_list.go
- ids.go
- is_group_member.go
- ldapmanager.go
- new_group.go
- new_user.go
- remove_group_member.go
- setup.go
- test.go
- update_group.go
- update_user.go
- utils.go