ldapsync

package

v0.0.3 Latest Latest Go to latest Published: Dec 2, 2022 License: BSD-3-Clause Imports: 6 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/adedayo/ldap-sync

Links

Open Source Insights

Documentation ¶

Index ¶

type AuthResult
- func Auth(data LDAPAuthData) (auth AuthResult, err error)
type Constraint
- func (c Constraint) IsMember(user, group *LDAPEntry) bool
type FilterExpression
type Group
type GroupMembershipAssociator
- func (gmf GroupMembershipAssociator) IsMember(user, group *LDAPEntry) bool
type LDAPAttribute
- func (att LDAPAttribute) String() string
type LDAPAuthData
type LDAPConfig
type LDAPEntry
- func (ent *LDAPEntry) ContainsAttribute(ff *FilterExpression) bool
- func (ent *LDAPEntry) ContainsAttributeValue(attr, value string) bool
- func (ent LDAPEntry) GetAttribute(attribute string) (bool, []string)
type LDAPFilter
- func (f *LDAPFilter) Matches(ent *LDAPEntry) bool
type LDAPFilterOperator
type LDAPRecords
- func Do(config LDAPSyncConfig) (result LDAPRecords, err error)
- func (sr *LDAPRecords) GetGroups() []*LDAPEntry
- func (sr *LDAPRecords) GetUsers() []*LDAPEntry
- func (sr LDAPRecords) GetUsersAndGroups() UsersAndGroups
- func (sr *LDAPRecords) IsMember(user, group string) bool
type LDAPSyncConfig
- func (conf LDAPSyncConfig) GetDialAddr() string
- func (conf LDAPSyncConfig) GetDialURL() string
- func (conf LDAPSyncConfig) Sanitize() LDAPSyncConfig
type NameValue
type User
type UsersAndGroups

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AuthResult ¶ added in v0.0.3

type AuthResult struct {
	Success      bool
	ErrorMessage string
}

func Auth ¶ added in v0.0.3

func Auth(data LDAPAuthData) (auth AuthResult, err error)

Authenticate against LDAP service. Successful authentication if AuthResult.Success = true

type Constraint ¶ added in v0.0.3

type Constraint struct {
	UserAttribute  string //user attribute to match against the group attribute, e.g. memberOf
	GroupAttribute string // Group attribute to match against a user attribute e.g. DN
}

func (Constraint) IsMember ¶ added in v0.0.3

func (c Constraint) IsMember(user, group *LDAPEntry) bool

type FilterExpression ¶

type FilterExpression struct {
	Name, Value string
	// contains filtered or unexported fields
}

type Group ¶ added in v0.0.2

type Group struct {
	ID      string
	DN      string
	Members []string //user DNs
}

type GroupMembershipAssociator ¶

type GroupMembershipAssociator struct {
	Constraints     []Constraint                `json:"constraints"`
	Operator        LDAPFilterOperator          `json:"operator"` // logical operator to chain this and AdditionalRules for more complex membership conditions
	AdditionalRules []GroupMembershipAssociator `json:"additionalRules"`
}

Used for determining group membership of users

func (GroupMembershipAssociator) IsMember ¶

func (gmf GroupMembershipAssociator) IsMember(user, group *LDAPEntry) bool

determines whether a user based on a user LDAP attribute belongs to a group e.g. {UserAttribute: uid, GroupAttribute: memberUid}

type LDAPAttribute ¶

type LDAPAttribute struct {
	Name   string
	Values []string
}

LDAPAttribute is an LDAP attribute that has a name and a list of values

func (LDAPAttribute) String ¶

func (att LDAPAttribute) String() string

type LDAPAuthData ¶ added in v0.0.3

type LDAPAuthData struct {
	Server   string `json:"server"`
	Port     string `json:"port"`
	TLS      string `json:"tls"`
	UID      string `json:"uid"`
	URDNs    string `json:"urdns"`
	User     string `json:"user"`
	Password string `json:"pwd"`
}

type LDAPConfig ¶

type LDAPConfig struct {
	Server                 string
	RequiresAuthentication bool   `json:"requiresAuth"` //if sync requires authentication, in which case sync username and passwords below must be set
	SyncUserName           string `json:"syncUserName"` //distinguished name of an administrative user that the application will use when connecting to the directory server. For Active Directory, the user should be a member of the built-in administrator group
	SyncPassword           string `json:"syncPassword"`
	TLS, StartTLS          bool
	Port                   *string //389 if not set
}

type LDAPEntry ¶

type LDAPEntry struct {
	DN         string
	Attributes []LDAPAttribute
}

func (*LDAPEntry) ContainsAttribute ¶

func (ent *LDAPEntry) ContainsAttribute(ff *FilterExpression) bool

func (*LDAPEntry) ContainsAttributeValue ¶

func (ent *LDAPEntry) ContainsAttributeValue(attr, value string) bool

func (LDAPEntry) GetAttribute ¶

func (ent LDAPEntry) GetAttribute(attribute string) (bool, []string)

type LDAPFilter ¶

type LDAPFilter struct {
	Operator     LDAPFilterOperator
	Filters      []FilterExpression
	FilterGroups []LDAPFilter
	// contains filtered or unexported fields
}

Filter LDAP entities with the struct e.g. (&(memberof=cn=access-checkmate,cn=groups,cn=accounts,dc=example,dc=org)(cn=*Developers*)) {Operator: And, Filters: []FilterExpression{{Name: "memberof", Value: "cn=access-checkmate,cn=groups,cn=accounts,dc=example,dc=org"}, {Name: "cn", Value: "*Developers*"}}}

func (*LDAPFilter) Matches ¶

func (f *LDAPFilter) Matches(ent *LDAPEntry) bool

type LDAPFilterOperator ¶

type LDAPFilterOperator int

const (
	And LDAPFilterOperator = iota
	Or
)

type LDAPRecords ¶

type LDAPRecords struct {
	Entries []*LDAPEntry

	UsersAndGroups UsersAndGroups
	// contains filtered or unexported fields
}

func Do ¶ added in v0.0.3

func Do(config LDAPSyncConfig) (result LDAPRecords, err error)

sync an Do service based on provided sync configuration

func (*LDAPRecords) GetGroups ¶

func (sr *LDAPRecords) GetGroups() []*LDAPEntry

func (*LDAPRecords) GetUsers ¶

func (sr *LDAPRecords) GetUsers() []*LDAPEntry

func (LDAPRecords) GetUsersAndGroups ¶ added in v0.0.2

func (sr LDAPRecords) GetUsersAndGroups() UsersAndGroups

func (*LDAPRecords) IsMember ¶

func (sr *LDAPRecords) IsMember(user, group string) bool

checks whether a user distinguished name (DN) belongs to the group specified as a DN

type LDAPSyncConfig ¶

type LDAPSyncConfig struct {
	// ServerConfig    LDAPConfig
	Server                 string                    `json:"server"`
	RequiresAuthentication bool                      `json:"syncRequiresAuth"` //if sync requires authentication, in which case sync username and passwords below must be set
	SyncUserName           string                    `json:"syncUserName"`     //distinguished name of an administrative user that the application will use when connecting to the directory server. For Active Directory, the user should be a member of the built-in administrator group
	SyncPassword           string                    `json:"syncUserPassword"`
	TLS                    string                    `json:"tls"`     // options: none, tls, starttls
	Port                   *string                   `json:"port"`    //389 if not set
	BaseDNs                []string                  `json:"baseDNs"` //Base DNs to search from `json:"baseDNs"`
	GroupFilter            LDAPFilter                `json:"groupFilter"`
	UserFilter             LDAPFilter                `json:"userFilter"`
	GroupMembership        GroupMembershipAssociator `json:"groupMembership"` // how we determine which groups the user belongs to
}

func (LDAPSyncConfig) GetDialAddr ¶

func (conf LDAPSyncConfig) GetDialAddr() string

func (LDAPSyncConfig) GetDialURL ¶

func (conf LDAPSyncConfig) GetDialURL() string

func (LDAPSyncConfig) Sanitize ¶

func (conf LDAPSyncConfig) Sanitize() LDAPSyncConfig

Prevent LDAP Injection See https://cheatsheetseries.owasp.org/cheatsheets/LDAP_Injection_Prevention_Cheat_Sheet.html TODO: Implement the sanitization

type NameValue ¶

type NameValue struct {
	Name, Value string
}

type User ¶ added in v0.0.2

type User struct {
	ID string //simple name johnd
	DN string // e.g. uid=johnd,ou=users,dc=company,dc=com
}

type UsersAndGroups ¶ added in v0.0.2

type UsersAndGroups struct {
	Users  []User
	Groups []Group
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL