ldap

package
v0.12.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 23, 2023 License: Apache-2.0 Imports: 25 Imported by: 0

Documentation

Overview

Copyright The Guard Authors.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Index

Constants

View Source 
const (
	OrgType = "ldap"

	DefaultUserSearchFilter     = "(objectClass=person)"
	DefaultGroupSearchFilter    = "(objectClass=groupOfNames)"
	DefaultUserAttribute        = "uid"
	DefaultGroupMemberAttribute = "member"
	DefaultGroupNameAttribute   = "cn"
)

Variables

This section is empty.

Functions

func New 

func New(opts Options) auth.Interface

Types

type AuthChoice 

type AuthChoice int32

AuthChoice x ENUM( Simple, Kerberos ) 

const (
	// AuthChoiceSimple is a AuthChoice of type Simple
	AuthChoiceSimple AuthChoice = iota
	// AuthChoiceKerberos is a AuthChoice of type Kerberos
	AuthChoiceKerberos
)

func ParseAuthChoice 

func ParseAuthChoice(name string) (AuthChoice, error)

ParseAuthChoice attempts to convert a string to a AuthChoice

func (*AuthChoice) Get 

func (x *AuthChoice) Get() interface{}

Get implements the Golang flag.Getter interface func.

func (*AuthChoice) Set 

func (x *AuthChoice) Set(val string) error

Set implements the Golang flag.Value interface func.

func (AuthChoice) String 

func (x AuthChoice) String() string

String implements the Stringer interface.

func (*AuthChoice) Type 

func (x *AuthChoice) Type() string

Type implements the github.com/spf13/pFlag Value interface.

type Authenticator 

type Authenticator struct {
	// contains filtered or unexported fields
}

func (Authenticator) Check 

func (s Authenticator) Check(token string) (*authv1.UserInfo, error)

func (Authenticator) UID 

func (g Authenticator) UID() string

type Options 

type Options struct {
	ServerAddress string

	ServerPort string

	// The connector uses this DN in credentials to search for users and groups.
	// Not required if the LDAP server provides access for anonymous auth.
	BindDN string

	// The connector uses this Password in credentials to search for users and groups.
	// Not required if the LDAP server provides access for anonymous auth.
	BindPassword string

	// BaseDN to start the search user
	UserSearchDN string

	// filter to apply when searching user
	// default : (objectClass=person)
	UserSearchFilter string

	// Ldap username attribute
	// default : uid
	UserAttribute string

	// BaseDN to start the search group
	GroupSearchDN string

	// filter to apply when searching the groups that user is member of
	// default : (objectClass=groupOfNames)
	GroupSearchFilter string

	// Ldap group member attribute
	// default: member
	GroupMemberAttribute string

	// Ldap group name attribute
	// default: cn
	GroupNameAttribute string

	SkipTLSVerification bool

	// for LDAP over SSL
	IsSecureLDAP bool

	// for start tls connection
	StartTLS bool

	// path to the caCert file, needed for self signed server certificate
	CaCertFile string

	CaCertPool *x509.CertPool

	// LDAP user authentication mechanism
	// 0 for simple authentication
	// 1 for kerberos(via GSSAPI)
	AuthenticationChoice AuthChoice

	// path to the keytab file
	// it's contain LDAP service principal keys
	// required for kerberos
	// default : 0
	KeytabFile string

	// The serviceAccountName needs to be defined when using Active Directory
	// where the SPN is mapped to a user account. If this is not required it
	// should be set to an empty string ""
	// default : ""
	ServiceAccountName string
	// contains filtered or unexported fields
}

func NewOptions 

func NewOptions() Options

func (*Options) AddFlags 

func (o *Options) AddFlags(fs *pflag.FlagSet)

func (Options) Apply 

func (o Options) Apply(d *apps.Deployment) (extraObjs []runtime.Object, err error)

func (*Options) Configure 

func (o *Options) Configure() error

if ca cert is provided then create CA Cert Pool if keytab file is provides then load it

func (*Options) Validate 

func (o *Options) Validate() []error

type TokenOptions 

type TokenOptions struct {
	Username string

	UserPassword string

	// set the realm to empty string to use the default realm from config
	Realm string

	Krb5configFile string

	ServicePrincipalName string

	// Active Directory does not commonly support FAST negotiation so you will need to disable this on the client.
	// If this is the case you will see this error: KDC did not respond appropriately  to FAST negotiation To resolve
	// this disable PA-FX-Fast on the client before performing Login()
	DisablePAFXFast bool

	// LDAP user authentication mechanism
	// 0 for simple authentication
	// 1 for kerberos(via GSSAPI)
	// default: 0 (simple authentication)
	AuthenticationChoice int
}

func (*TokenOptions) AddFlags 

func (t *TokenOptions) AddFlags(fs *pflag.FlagSet)

func (*TokenOptions) IssueToken 

func (t *TokenOptions) IssueToken() error

func (*TokenOptions) Validate 

func (t *TokenOptions) Validate() error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.