Documentation
¶
Index ¶
Constants ¶
View Source
const ( OrgType = "ldap" DefaultUserSearchFilter = "(objectClass=person)" DefaultGroupSearchFilter = "(objectClass=groupOfNames)" DefaultUserAttribute = "uid" DefaultGroupMemberAttribute = "member" DefaultGroupNameAttribute = "cn" )
Variables ¶
This section is empty.
Functions ¶
Types ¶
type AuthChoice ¶
type AuthChoice int32
AuthChoice x ENUM( Simple, Kerberos )
const ( // AuthChoiceSimple is a AuthChoice of type Simple AuthChoiceSimple AuthChoice = iota // AuthChoiceKerberos is a AuthChoice of type Kerberos AuthChoiceKerberos )
func ParseAuthChoice ¶
func ParseAuthChoice(name string) (AuthChoice, error)
ParseAuthChoice attempts to convert a string to a AuthChoice
func (*AuthChoice) Get ¶
func (x *AuthChoice) Get() interface{}
Get implements the Golang flag.Getter interface func.
func (*AuthChoice) Set ¶
func (x *AuthChoice) Set(val string) error
Set implements the Golang flag.Value interface func.
func (AuthChoice) String ¶
func (x AuthChoice) String() string
String implements the Stringer interface.
func (*AuthChoice) Type ¶
func (x *AuthChoice) Type() string
Type implements the github.com/spf13/pFlag Value interface.
type Authenticator ¶
type Authenticator struct {
// contains filtered or unexported fields
}
func (Authenticator) UID ¶
func (g Authenticator) UID() string
type Options ¶
type Options struct {
ServerAddress string
ServerPort string
// The connector uses this DN in credentials to search for users and groups.
// Not required if the LDAP server provides access for anonymous auth.
BindDN string
// The connector uses this Password in credentials to search for users and groups.
// Not required if the LDAP server provides access for anonymous auth.
BindPassword string
// BaseDN to start the search user
UserSearchDN string
// filter to apply when searching user
// default : (objectClass=person)
UserSearchFilter string
// Ldap username attribute
// default : uid
UserAttribute string
// BaseDN to start the search group
GroupSearchDN string
// filter to apply when searching the groups that user is member of
// default : (objectClass=groupOfNames)
GroupSearchFilter string
// Ldap group member attribute
// default: member
GroupMemberAttribute string
// Ldap group name attribute
// default: cn
GroupNameAttribute string
SkipTLSVerification bool
// for LDAP over SSL
IsSecureLDAP bool
// for start tls connection
StartTLS bool
// path to the caCert file, needed for self signed server certificate
CaCertFile string
CaCertPool *x509.CertPool
// LDAP user authentication mechanism
// 0 for simple authentication
// 1 for kerberos(via GSSAPI)
AuthenticationChoice AuthChoice
// path to the keytab file
// it's contain LDAP service principal keys
// required for kerberos
// default : 0
KeytabFile string
// The serviceAccountName needs to be defined when using Active Directory
// where the SPN is mapped to a user account. If this is not required it
// should be set to an empty string ""
// default : ""
ServiceAccountName string
// contains filtered or unexported fields
}
func NewOptions ¶
func NewOptions() Options
type TokenOptions ¶
type TokenOptions struct {
Username string
UserPassword string
// set the realm to empty string to use the default realm from config
Realm string
Krb5configFile string
ServicePrincipalName string
// Active Directory does not commonly support FAST negotiation so you will need to disable this on the client.
// If this is the case you will see this error: KDC did not respond appropriately to FAST negotiation To resolve
// this disable PA-FX-Fast on the client before performing Login()
DisablePAFXFast bool
// LDAP user authentication mechanism
// 0 for simple authentication
// 1 for kerberos(via GSSAPI)
// default: 0 (simple authentication)
AuthenticationChoice int
}
func (*TokenOptions) AddFlags ¶
func (t *TokenOptions) AddFlags(fs *pflag.FlagSet)
func (*TokenOptions) IssueToken ¶
func (t *TokenOptions) IssueToken() error
func (*TokenOptions) Validate ¶
func (t *TokenOptions) Validate() error
Source Files
Click to show internal directories.
Click to hide internal directories.