Documentation ¶
Overview ¶
Package ldap implements a basic LDAP authentication plugin.
Index ¶
- Variables
- func NewCreds(username, password string) grpc.DialOption
- type Config
- type Plugin
- func (p *Plugin) Authenticate(ctx context.Context, req *v1.AuthenticationRequest) (*v1.AuthenticationResponse, error)
- func (p *Plugin) Close(ctx context.Context, req *emptypb.Empty) (*emptypb.Empty, error)
- func (p *Plugin) Configure(ctx context.Context, req *v1.PluginConfiguration) (*emptypb.Empty, error)
- func (p *Plugin) GetInfo(context.Context, *emptypb.Empty) (*v1.PluginInfo, error)
Constants ¶
This section is empty.
Variables ¶
View Source
var ErrInvalidCredentials = fmt.Errorf("invalid credentials")
ErrInvalidCredentials is returned when the credentials are invalid.
View Source
var ErrUserDisabled = fmt.Errorf("user disabled")
ErrUserDisabled is returned when the user is disabled.
Functions ¶
func NewCreds ¶
func NewCreds(username, password string) grpc.DialOption
NewCreds returns a DialOption that sets the LDAP credentials.
Types ¶
type Config ¶
type Config struct { // Server is the LDAP server to connect to. Specify as ldap[s]://host[:port]. Server string `mapstructure:"server"` // BindDN is the DN to bind with. BindDN string `mapstructure:"bind-dn"` // BindPassword is the password to bind with. BindPassword string `mapstructure:"bind-password"` // CAFile is the path to a CA file to use to verify the LDAP server's certificate. CAFile string `mapstructure:"ca-file"` // UserBaseDN is the base DN to use to search for users. If empty, the entire // directory will be searched. UserBaseDN string `mapstructure:"user-base-dn"` // UserIDAttribute is the attribute to use to identify the user. UserIDAttribute string `mapstructure:"user-id-attribute"` // NodeIDAttribute is the attribute to use to identify the node. If not specified, the // UserIDAttribute will be used. NodeIDAttribute string `mapstructure:"node-id-attribute"` // UserDisabledAttribute is the attribute to use to determine if the user is disabled. // If not specified, all user's will be considered active. UserDisabledAttribute string `mapstructure:"user-status-attribute"` // UserDisabledValue is the value of the UserStatusAttribute that indicates the user is disabled. // If not specified, any non-empty value of the UserDisabledAttribute will be considered disabled. UserDisabledValue string `mapstructure:"user-disabled-value"` }
Config is the configuration for the LDAP plugin.
type Plugin ¶
type Plugin struct { v1.UnimplementedPluginServer v1.UnimplementedAuthPluginServer // contains filtered or unexported fields }
Plugin is the ldap plugin.
func (*Plugin) Authenticate ¶
func (p *Plugin) Authenticate(ctx context.Context, req *v1.AuthenticationRequest) (*v1.AuthenticationResponse, error)
Click to show internal directories.
Click to hide internal directories.