Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuthResult ¶ added in v0.0.3
func Auth ¶ added in v0.0.3
func Auth(data LDAPAuthData) (auth AuthResult, err error)
Authenticate against LDAP service. Successful authentication if AuthResult.Success = true
type Constraint ¶ added in v0.0.3
type Constraint struct { UserAttribute string //user attribute to match against the group attribute, e.g. memberOf GroupAttribute string // Group attribute to match against a user attribute e.g. DN }
func (Constraint) IsMember ¶ added in v0.0.3
func (c Constraint) IsMember(user, group *LDAPEntry) bool
type FilterExpression ¶
type FilterExpression struct {
Name, Value string
// contains filtered or unexported fields
}
type GroupMembershipAssociator ¶
type GroupMembershipAssociator struct { Constraints []Constraint `json:"constraints"` Operator LDAPFilterOperator `json:"operator"` // logical operator to chain this and AdditionalRules for more complex membership conditions AdditionalRules []GroupMembershipAssociator `json:"additionalRules"` }
Used for determining group membership of users
func (GroupMembershipAssociator) IsMember ¶
func (gmf GroupMembershipAssociator) IsMember(user, group *LDAPEntry) bool
determines whether a user based on a user LDAP attribute belongs to a group e.g. {UserAttribute: uid, GroupAttribute: memberUid}
type LDAPAttribute ¶
LDAPAttribute is an LDAP attribute that has a name and a list of values
func (LDAPAttribute) String ¶
func (att LDAPAttribute) String() string
type LDAPAuthData ¶ added in v0.0.3
type LDAPConfig ¶
type LDAPConfig struct { Server string RequiresAuthentication bool `json:"requiresAuth"` //if sync requires authentication, in which case sync username and passwords below must be set SyncUserName string `json:"syncUserName"` //distinguished name of an administrative user that the application will use when connecting to the directory server. For Active Directory, the user should be a member of the built-in administrator group SyncPassword string `json:"syncPassword"` TLS, StartTLS bool Port *string //389 if not set }
type LDAPEntry ¶
type LDAPEntry struct { DN string Attributes []LDAPAttribute }
func (*LDAPEntry) ContainsAttribute ¶
func (ent *LDAPEntry) ContainsAttribute(ff *FilterExpression) bool
func (*LDAPEntry) ContainsAttributeValue ¶
type LDAPFilter ¶
type LDAPFilter struct { Operator LDAPFilterOperator Filters []FilterExpression FilterGroups []LDAPFilter // contains filtered or unexported fields }
Filter LDAP entities with the struct e.g. (&(memberof=cn=access-checkmate,cn=groups,cn=accounts,dc=example,dc=org)(cn=*Developers*)) {Operator: And, Filters: []FilterExpression{{Name: "memberof", Value: "cn=access-checkmate,cn=groups,cn=accounts,dc=example,dc=org"}, {Name: "cn", Value: "*Developers*"}}}
func (*LDAPFilter) Matches ¶
func (f *LDAPFilter) Matches(ent *LDAPEntry) bool
type LDAPRecords ¶
type LDAPRecords struct { Entries []*LDAPEntry UsersAndGroups UsersAndGroups // contains filtered or unexported fields }
func Do ¶ added in v0.0.3
func Do(config LDAPSyncConfig) (result LDAPRecords, err error)
sync an Do service based on provided sync configuration
func (*LDAPRecords) GetGroups ¶
func (sr *LDAPRecords) GetGroups() []*LDAPEntry
func (*LDAPRecords) GetUsers ¶
func (sr *LDAPRecords) GetUsers() []*LDAPEntry
func (LDAPRecords) GetUsersAndGroups ¶ added in v0.0.2
func (sr LDAPRecords) GetUsersAndGroups() UsersAndGroups
func (*LDAPRecords) IsMember ¶
func (sr *LDAPRecords) IsMember(user, group string) bool
checks whether a user distinguished name (DN) belongs to the group specified as a DN
type LDAPSyncConfig ¶
type LDAPSyncConfig struct { // ServerConfig LDAPConfig Server string `json:"server"` RequiresAuthentication bool `json:"syncRequiresAuth"` //if sync requires authentication, in which case sync username and passwords below must be set SyncUserName string `json:"syncUserName"` //distinguished name of an administrative user that the application will use when connecting to the directory server. For Active Directory, the user should be a member of the built-in administrator group SyncPassword string `json:"syncUserPassword"` TLS string `json:"tls"` // options: none, tls, starttls Port *string `json:"port"` //389 if not set BaseDNs []string `json:"baseDNs"` //Base DNs to search from `json:"baseDNs"` GroupFilter LDAPFilter `json:"groupFilter"` UserFilter LDAPFilter `json:"userFilter"` GroupMembership GroupMembershipAssociator `json:"groupMembership"` // how we determine which groups the user belongs to }
func (LDAPSyncConfig) GetDialAddr ¶
func (conf LDAPSyncConfig) GetDialAddr() string
func (LDAPSyncConfig) GetDialURL ¶
func (conf LDAPSyncConfig) GetDialURL() string
func (LDAPSyncConfig) Sanitize ¶
func (conf LDAPSyncConfig) Sanitize() LDAPSyncConfig
Prevent LDAP Injection See https://cheatsheetseries.owasp.org/cheatsheets/LDAP_Injection_Prevention_Cheat_Sheet.html TODO: Implement the sanitization