Documentation
¶
Index ¶
Constants ¶
const ( ServerAddr = "server_addr" STSExpiry = "sts_expiry" UsernameFormat = "username_format" GroupSearchFilter = "group_search_filter" GroupNameAttribute = "group_name_attribute" GroupSearchBaseDN = "group_search_base_dn" TLSSkipVerify = "tls_skip_verify" EnvServerAddr = "MINIO_IDENTITY_LDAP_SERVER_ADDR" EnvSTSExpiry = "MINIO_IDENTITY_LDAP_STS_EXPIRY" EnvTLSSkipVerify = "MINIO_IDENTITY_LDAP_TLS_SKIP_VERIFY" EnvUsernameFormat = "MINIO_IDENTITY_LDAP_USERNAME_FORMAT" EnvGroupSearchFilter = "MINIO_IDENTITY_LDAP_GROUP_SEARCH_FILTER" EnvGroupNameAttribute = "MINIO_IDENTITY_LDAP_GROUP_NAME_ATTRIBUTE" EnvGroupSearchBaseDN = "MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN" )
LDAP keys and envs.
Variables ¶
var ( DefaultKVS = config.KVS{ config.KV{ Key: ServerAddr, Value: "", }, config.KV{ Key: STSExpiry, Value: "1h", }, config.KV{ Key: UsernameFormat, Value: "", }, config.KV{ Key: GroupSearchFilter, Value: "", }, config.KV{ Key: GroupNameAttribute, Value: "", }, config.KV{ Key: GroupSearchBaseDN, Value: "", }, config.KV{ Key: TLSSkipVerify, Value: config.EnableOff, }, } )
DefaultKVS - default config for LDAP config
var ( Help = config.HelpKVS{ config.HelpKV{ Key: ServerAddr, Description: `AD/LDAP server address e.g. "myldapserver.com:636"`, Type: "address", }, config.HelpKV{ Key: UsernameFormat, Description: `username bind DNs e.g. "uid=%s,cn=accounts,dc=myldapserver,dc=com"`, Type: "string", }, config.HelpKV{ Key: GroupSearchFilter, Description: `search filter for groups e.g. "(&(objectclass=groupOfNames)(memberUid=%s))"`, Optional: true, Type: "string", }, config.HelpKV{ Key: GroupNameAttribute, Description: `search attribute for group name e.g. "cn"`, Optional: true, Type: "string", }, config.HelpKV{ Key: GroupSearchBaseDN, Description: `group search base DNs e.g. "dc=myldapserver,dc=com"`, Optional: true, Type: "string", }, config.HelpKV{ Key: STSExpiry, Description: `temporary credentials validity duration in s,m,h,d. Default is "1h"`, Optional: true, Type: "duration", }, config.HelpKV{ Key: TLSSkipVerify, Description: `trust server TLS without verification, defaults to "on" (verify)`, Optional: true, Type: "on|off", }, config.HelpKV{ Key: config.Comment, Description: config.DefaultComment, Optional: true, Type: "sentence", }, } )
Help template for LDAP identity feature.
Functions ¶
func SetIdentityLDAP ¶
SetIdentityLDAP - One time migration code needed, for migrating from older config to new for LDAPConfig.
Types ¶
type Config ¶
type Config struct {
Enabled bool `json:"enabled"`
// E.g. "ldap.minio.io:636"
ServerAddr string `json:"serverAddr"`
// STS credentials expiry duration
STSExpiryDuration string `json:"stsExpiryDuration"`
// Format string for usernames
UsernameFormat string `json:"usernameFormat"`
GroupSearchBaseDN string `json:"groupSearchBaseDN"`
GroupSearchFilter string `json:"groupSearchFilter"`
GroupNameAttribute string `json:"groupNameAttribute"`
// contains filtered or unexported fields
}
Config contains AD/LDAP server connectivity information.
func (Config) GetExpiryDuration ¶
GetExpiryDuration - return parsed expiry duration.
type Substituter ¶
type Substituter struct {
// contains filtered or unexported fields
}
Substituter - This type is to allow restricted runtime substitutions of variables in LDAP configuration items during runtime.
func NewSubstituter ¶
func NewSubstituter(v ...string) (Substituter, error)
NewSubstituter - sets up the substituter for usage, for e.g.:
subber := NewSubstituter("username", "john")
func (*Substituter) Substitute ¶
func (s *Substituter) Substitute(t string) (string, error)
Substitute - performs substitution on the given string `t`. Returns an error if there are any variables in the input that do not have values in the substituter. E.g.:
subber.Substitute("uid=${username},cn=users,dc=example,dc=com")
or
subber.Substitute("uid={username},cn=users,dc=example,dc=com")
returns "uid=john,cn=users,dc=example,dc=com"
whereas:
subber.Substitute("uid=${usernamedn}")
returns an error.
Source Files