Documentation ¶
Overview ¶
Package ipa is a Go client library for FreeIPA
Index ¶
- Constants
- type Algorithm
- type Client
- func (c *Client) AddTOTPToken(uid string, algo Algorithm, digits Digits, interval int) (*OTPToken, error)
- func (c *Client) ChangePassword(uid, old_passwd, new_passwd, otpcode string) error
- func (c *Client) ClearSession()
- func (c *Client) CreateGroup(gid string, description string, options map[string]interface{}) (*GroupRecord, error)
- func (c *Client) CreateUser(uid string, firstName string, lastName string, options map[string]interface{}) (*UserRecord, error)
- func (c *Client) DeleteGroup(gid string) error
- func (c *Client) DeleteUser(uid string) error
- func (c *Client) DisableOTPToken(tokenID string) error
- func (c *Client) EnableOTPToken(tokenID string) error
- func (c *Client) FetchOTPTokens(uid string) ([]*OTPToken, error)
- func (c *Client) GetGroup(gid string) (*GroupRecord, error)
- func (c *Client) GetGroupByGidNumber(gidNumber string) (*GroupRecord, error)
- func (c *Client) GetUser(uid string) (*UserRecord, error)
- func (c *Client) GetUserByUidNumber(uidNumber string) (*UserRecord, error)
- func (c *Client) GroupAddGroup(gid string, sgid string) error
- func (c *Client) GroupAddMember(gid string, memberId string, memberType string) error
- func (c *Client) GroupAddUser(gid string, uid string) error
- func (c *Client) GroupExists(uid string) (bool, error)
- func (c *Client) GroupMod(gid string, key string, value string) error
- func (c *Client) GroupRemoveGroup(gid string, sgid string) error
- func (c *Client) GroupRemoveMember(gid string, member string, memberType string) error
- func (c *Client) GroupRemoveMembers(gid string, members []string, memberType string) error
- func (c *Client) GroupRemoveUser(gid string, uid string) error
- func (c *Client) GroupRemoveUsers(gid string, uids []string) error
- func (c *Client) GroupSyncGroups(gid string, desired []string, reverse bool) error
- func (c *Client) GroupUpdateDescription(gid string, description string) error
- func (c *Client) GroupUpdateGid(oldGid string, newGid string) error
- func (c *Client) GroupUpdateGidNumber(gid string, gidNumber string) error
- func (c *Client) Login(uid, passwd string) (string, error)
- func (c *Client) Ping() (*Response, error)
- func (c *Client) PreserveUser(uid string) error
- func (c *Client) RemoveOTPToken(tokenID string) error
- func (c *Client) ResetPassword(uid string) (string, error)
- func (c *Client) SetAuthTypes(uid string, types []string) error
- func (c *Client) SetPassword(uid, old_passwd, new_passwd, otpcode string) error
- func (c *Client) SetSession(sid string)
- func (c *Client) UpdateSSHPubKeys(uid string, keys []string) ([]string, error)
- func (c *Client) UserExists(uid string) (bool, error)
- func (c *Client) UserMod(uid string, key string, value string) error
- func (c *Client) UserSyncGroups(uid string, desired []string) error
- func (c *Client) UserUpdateEmail(uid string, email string) error
- func (c *Client) UserUpdateFirstName(uid string, firstName string) error
- func (c *Client) UserUpdateGidNumber(uid string, gidNumber string) error
- func (c *Client) UserUpdateLastName(uid string, lastName string) error
- func (c *Client) UserUpdateMobileNumber(uid string, number string) error
- func (c *Client) UserUpdateShell(uid string, email string) error
- func (c *Client) UserUpdateUid(oldUid string, newUid string) error
- func (c *Client) UserUpdateUidNumber(uid string, uidNumber string) error
- type Digits
- type ErrInvalidPassword
- type ErrPasswordPolicy
- type GroupRecord
- type IpaDateTime
- type IpaError
- type IpaString
- type LdapClient
- func (c *LdapClient) Close()
- func (c *LdapClient) GetGroupForGroupname(groupname string) (*string, error)
- func (c *LdapClient) GetGroupForUUID(uuid string) (*string, error)
- func (c *LdapClient) GetUserForUUID(uuid string) (*string, error)
- func (c *LdapClient) GetUserForUsername(username string) (*string, error)
- func (c *LdapClient) GroupExistsForUUID(uuid string) (bool, error)
- func (c *LdapClient) Search(childDn string, filter string, attributes []string) (*ldap.SearchResult, error)
- func (c *LdapClient) UserExistsForUUID(uuid string) (bool, error)
- type OTPToken
- type Response
- type Result
- type UserRecord
Constants ¶
const ( IpaClientVersion = "2.156" IpaDatetimeFormat = "20060102150405Z" )
const ( AlgorithmSHA1 Algorithm = "SHA1" AlgorithmSHA256 = "SHA256" AlgorithmSHA384 = "SHA384" AlgorithmSHA512 = "SHA512" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Algorithm ¶
type Algorithm string
OTP Token hash Algorithms supported by FreeIPA
func (*Algorithm) UnmarshalJSON ¶
Unmarshal a FreeIPA string from an array of strings and convert to an Algorithm. Uses the first value in the array as the value of the string.
type Client ¶
type Client struct { Host string CaCert string KeyTab string // contains filtered or unexported fields }
FreeIPA Client
func (*Client) AddTOTPToken ¶
func (c *Client) AddTOTPToken(uid string, algo Algorithm, digits Digits, interval int) (*OTPToken, error)
Add TOTP token. Returns new OTPToken
func (*Client) ChangePassword ¶
Change user password. This will run the passwd ipa command. Optionally provide an OTP if required
func (*Client) CreateGroup ¶
func (*Client) CreateUser ¶
func (c *Client) CreateUser(uid string, firstName string, lastName string, options map[string]interface{}) (*UserRecord, error)
Create user
func (*Client) DeleteGroup ¶
func (*Client) DisableOTPToken ¶
Disable OTP token.
func (*Client) EnableOTPToken ¶
Enable OTP token.
func (*Client) FetchOTPTokens ¶
Fetch all OTP tokens.
func (*Client) GetGroup ¶
func (c *Client) GetGroup(gid string) (*GroupRecord, error)
Fetch user details by calling the FreeIPA group-show method
func (*Client) GetGroupByGidNumber ¶
func (c *Client) GetGroupByGidNumber(gidNumber string) (*GroupRecord, error)
This doesn't work for primary groups - this appears to be a deficiency in FreeIPA as it also doesn't work from the ipa CLI
func (*Client) GetUser ¶
func (c *Client) GetUser(uid string) (*UserRecord, error)
Fetch user details by call the FreeIPA user-show method
func (*Client) GetUserByUidNumber ¶
func (c *Client) GetUserByUidNumber(uidNumber string) (*UserRecord, error)
Fetch user details by call the FreeIPA user-show method
func (*Client) GroupAddMember ¶
func (*Client) GroupRemoveMember ¶
func (*Client) GroupRemoveMembers ¶
func (*Client) GroupRemoveUsers ¶
func (*Client) GroupSyncGroups ¶
func (*Client) GroupUpdateDescription ¶
func (*Client) GroupUpdateGidNumber ¶
func (*Client) Login ¶
Login to FreeIPA with uid/passwd and set the FreeIPA session id on the client for subsequent requests.
func (*Client) RemoveOTPToken ¶
Remove OTP token
func (*Client) ResetPassword ¶
Reset user password and return new random password
func (*Client) SetAuthTypes ¶
Update user authentication types.
func (*Client) SetPassword ¶
Set user password. In FreeIPA when a password is first set or when a password is later reset it is marked as immediately expired and requires the owner to perform a password change. This function exists to allow an administrator to use mokey to send a user a link in an email and allow the user to set a new password without it being expired. This is acheived by first calling ResetPassword() then immediately calling this function.
func (*Client) UpdateSSHPubKeys ¶
Update ssh public keys for user uid. Returns the fingerprints on success.
func (*Client) UserUpdateFirstName ¶
func (*Client) UserUpdateGidNumber ¶
func (*Client) UserUpdateLastName ¶
func (*Client) UserUpdateMobileNumber ¶
type Digits ¶
type Digits int
Number of digits each OTP token code will have
func (*Digits) UnmarshalJSON ¶
Unmarshal a FreeIPA string from an array of strings and convert to Digits. Uses the first value in the array as the value of the string.
type ErrInvalidPassword ¶
type ErrInvalidPassword struct { }
FreeIPA Invalid Password Error
func (*ErrInvalidPassword) Error ¶
func (e *ErrInvalidPassword) Error() string
type ErrPasswordPolicy ¶
type ErrPasswordPolicy struct { }
FreeIPA Password Policy Error
func (*ErrPasswordPolicy) Error ¶
func (e *ErrPasswordPolicy) Error() string
type GroupRecord ¶
type GroupRecord struct { Dn string `json:"dn"` Description IpaString `json:"description"` Gid IpaString `json:"cn"` GidNumber IpaString `json:"gidnumber"` Groups []string `json:"memberof_group"` GroupMembers []string `json:"member_group"` MepManagedBy IpaString `json:"mepmanagedby"` IpaUniqueId IpaString `json:"ipauniqueid"` Users []string `json:"member_user"` HbacRules []string `json:"memberof_hbacrule"` }
type IpaDateTime ¶
Custom FreeIPA datetime type
func (*IpaDateTime) Format ¶
func (dt *IpaDateTime) Format(layout string) string
func (*IpaDateTime) MarshalBinary ¶
func (dt *IpaDateTime) MarshalBinary() (data []byte, err error)
func (*IpaDateTime) String ¶
func (dt *IpaDateTime) String() string
func (*IpaDateTime) UnmarshalBinary ¶
func (dt *IpaDateTime) UnmarshalBinary(data []byte) error
func (*IpaDateTime) UnmarshalJSON ¶
func (dt *IpaDateTime) UnmarshalJSON(b []byte) error
Unmarshal a FreeIPA datetime. Datetimes in FreeIPA are returned using a class-hint system. Values are stored as an array with a single element indicating the type and value, for example, '[{"__datetime__": "YYYY-MM-DDTHH:MM:SSZ"]}'
type IpaString ¶
type IpaString string
Custom FreeIPA string type
func (*IpaString) UnmarshalJSON ¶
Unmarshal a FreeIPA string from an array of strings. Uses the first value in the array as the value of the string.
type LdapClient ¶
type LdapClient struct { BaseDN string Connection *ldap.Conn }
func LdapConnect ¶
func (*LdapClient) Close ¶
func (c *LdapClient) Close()
func (*LdapClient) GetGroupForGroupname ¶
func (c *LdapClient) GetGroupForGroupname(groupname string) (*string, error)
func (*LdapClient) GetGroupForUUID ¶
func (c *LdapClient) GetGroupForUUID(uuid string) (*string, error)
func (*LdapClient) GetUserForUUID ¶
func (c *LdapClient) GetUserForUUID(uuid string) (*string, error)
func (*LdapClient) GetUserForUsername ¶
func (c *LdapClient) GetUserForUsername(username string) (*string, error)
func (*LdapClient) GroupExistsForUUID ¶
func (c *LdapClient) GroupExistsForUUID(uuid string) (bool, error)
func (*LdapClient) Search ¶
func (c *LdapClient) Search(childDn string, filter string, attributes []string) (*ldap.SearchResult, error)
func (*LdapClient) UserExistsForUUID ¶
func (c *LdapClient) UserExistsForUUID(uuid string) (bool, error)
type OTPToken ¶
type OTPToken struct { DN string `json:"dn"` Algorithm Algorithm `json:"ipatokenotpalgorithm"` Digits Digits `json:"ipatokenotpdigits"` Owner IpaString `json:"ipatokenowner"` TimeStep IpaString `json:"ipatokentotptimestep"` UUID IpaString `json:"ipatokenuniqueid"` ManagedBy IpaString `json:"managedby_user"` Disabled IpaString `json:"ipatokendisabled"` Type string `json:"type"` URI string `json:"uri"` }
OTPToken encapsulates FreeIPA otptokens
type Response ¶
type Response struct { Error *IpaError `json:"error"` Id string `json:"id"` Principal string `json:"principal"` Version string `json:"version"` Result *Result `json:"result"` }
Response returned from a FreeIPA JSON rpc call
type Result ¶
type Result struct { Summary string `json:"summary"` Value interface{} `json:"value"` Data json.RawMessage `json:"result"` }
Result returned from a FreeIPA JSON rpc call
type UserRecord ¶
type UserRecord struct { Dn string `json:"dn"` First IpaString `json:"givenname"` Last IpaString `json:"sn"` DisplayName IpaString `json:"displayname"` Principal IpaString `json:"krbprincipalname"` Uid IpaString `json:"uid"` UidNumber IpaString `json:"uidnumber"` GidNumber IpaString `json:"gidnumber"` Groups []string `json:"memberof_group"` SSHPubKeys []string `json:"ipasshpubkey"` SSHPubKeyFps []string `json:"sshpubkeyfp"` AuthTypes []string `json:"ipauserauthtype"` HasKeytab bool `json:"has_keytab"` HasPassword bool `json:"has_password"` Locked bool `json:"nsaccountlock"` HomeDir IpaString `json:"homedirectory"` Email IpaString `json:"mail"` Mobile IpaString `json:"mobile"` Shell IpaString `json:"loginshell"` SudoRules []string `json:"memberofindirect_sudorule"` HbacRules []string `json:"memberofindirect_hbacrule"` LastPasswdChange IpaDateTime `json:"krblastpwdchange"` PasswdExpire IpaDateTime `json:"krbpasswordexpiration"` PrincipalExpire IpaDateTime `json:"krbprincipalexpiration"` LastLoginSuccess IpaDateTime `json:"krblastsuccessfulauth"` LastLoginFail IpaDateTime `json:"krblastfailedauth"` Randompassword string `json:"randompassword"` IpaUniqueId IpaString `json:"ipauniqueid"` }
UserRecord encapsulates user data returned from ipa user commands
func (*UserRecord) HasGroup ¶
func (u *UserRecord) HasGroup(group string) bool
Returns true if the User is in group
func (*UserRecord) OTPOnly ¶
func (u *UserRecord) OTPOnly() bool
Returns true if OTP is the only authentication type enabled