ldaputil

package
v1.0.8 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 7, 2015 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// LDAPHostLabel is the Label value that stores the host of the LDAP server
	// TODO: we don't store port here because labels don't allow for colons. We might want to add this back
	// with a different separator
	LDAPHostLabel string = "openshift.io/ldap.host"

	// LDAPURLAnnotation is the Annotation value that stores the host:port of the LDAP server
	LDAPURLAnnotation string = "openshift.io/ldap.url"
	// LDAPUIDAnnotation is the Annotation value that stores the corresponding LDAP group UID for the Group
	LDAPUIDAnnotation string = "openshift.io/ldap.uid"
	// LDAPSyncTime is the Annotation value that stores the last time this Group was synced with LDAP
	LDAPSyncTimeAnnotation string = "openshift.io/ldap.sync-time"
)

These constants contain values for annotations and labels affixed to Groups by the LDAP sync job

View Source
const (
	DerefAliasesNever     = ldap.NeverDerefAliases
	DerefAliasesSearching = ldap.DerefInSearching
	DerefAliasesFinding   = ldap.DerefFindingBaseObj
	DerefAliasesAlways    = ldap.DerefAlways
)

Variables

This section is empty.

Functions

func DetermineLDAPFilter

func DetermineLDAPFilter(filter string) (string, error)

DetermineLDAPFilter determines the LDAP search filter. Filter is a valid LDAP filter Default to "(objectClass=*)" per RFC

func DetermineLDAPHost

func DetermineLDAPHost(hostport string, scheme Scheme) (string, error)

DetermineLDAPHost determines the host and port for the LDAP connection. The default host is localhost; the default port for scheme "ldap" is 389, for "ldaps" is 686

func GetAttributeValue added in v1.0.7

func GetAttributeValue(entry *ldap.Entry, attributes []string) string

GetAttributeValue finds the first attribute of those given that the LDAP entry has, and returns it. GetAttributeValue is able to query the DN as well as Attributes of the LDAP entry. If no value is found, the empty string is returned.

func IsEntryNotFoundError added in v1.0.7

func IsEntryNotFoundError(err error) bool

func IsQueryOutOfBoundsError added in v1.0.7

func IsQueryOutOfBoundsError(err error) bool

func QueryForEntries added in v1.0.7

func QueryForEntries(clientConfig *LDAPClientConfig, query *ldap.SearchRequest) ([]*ldap.Entry, error)

QueryForEntries queries for LDAP with the given searchRequest

func QueryForUniqueEntry added in v1.0.7

func QueryForUniqueEntry(clientConfig *LDAPClientConfig, query *ldap.SearchRequest) (*ldap.Entry, error)

QueryForUniqueEntry queries for an LDAP entry with the given searchRequest. The query is expected to return one unqiue result. If this is not the case, errors are raised

func SplitLDAPQuery

func SplitLDAPQuery(query string) (attributes, scope, filter, extensions string, err error)

SplitLDAPQuery splits the query in the URL into the substituent parts. All sections are optional. Query syntax is attribute?scope?filter?extensions

Types

type DefaultLDAPUserIdentityFactory

type DefaultLDAPUserIdentityFactory struct {
	ProviderName string
	Definer      LDAPUserAttributeDefiner
}

DefaultLDAPUserIdentityFactory creates Identities for LDAP user entries using an LDAPUserAttributeDefiner

func (*DefaultLDAPUserIdentityFactory) IdentityFor

func (f *DefaultLDAPUserIdentityFactory) IdentityFor(user *ldap.Entry) (identity authapi.UserIdentityInfo, err error)

type DerefAliases

type DerefAliases int

DerefAliases is a valid LDAP alias dereference parameter

func DetermineDerefAliasesBehavior

func DetermineDerefAliasesBehavior(derefAliasesString string) (DerefAliases, error)

type LDAPClientConfig

type LDAPClientConfig struct {
	// Scheme is the LDAP connection scheme, either ldap or ldaps
	Scheme Scheme
	// Host is the host:port of the LDAP server
	Host string
	// BindDN is an optional DN to bind with during the search phase.
	BindDN string
	// BindPassword is an optional password to bind with during the search phase.
	BindPassword string
	// Insecure specifies if TLS is required for the connection. If true, either an ldap://... URL or
	// StartTLS must be supported by the server
	Insecure bool
	// TLSConfig holds the TLS options. Only used when Insecure=false
	TLSConfig *tls.Config
}

LDAPClientConfig holds information for connecting to an LDAP server

func NewLDAPClientConfig

func NewLDAPClientConfig(URL, bindDN, bindPassword, CA string, insecure bool) (*LDAPClientConfig, error)

NewLDAPClientConfig returns a new LDAPClientConfig

func (*LDAPClientConfig) Bind added in v1.0.7

func (l *LDAPClientConfig) Bind(connection *ldap.Conn) (bound bool, err error)

Bind binds to a given LDAP connection if a bind DN and password were given. Bind returns whether a bind occured and whether an error occurred

func (*LDAPClientConfig) Connect

func (l *LDAPClientConfig) Connect() (*ldap.Conn, error)

Connect returns an established LDAP connection, or an error if the connection could not be made (or successfully upgraded to TLS). If no error is returned, the caller is responsible for closing the connection

func (LDAPClientConfig) String added in v1.0.7

func (l LDAPClientConfig) String() string

type LDAPQuery added in v1.0.7

type LDAPQuery struct {
	// The DN of the branch of the directory where all searches should start from
	BaseDN string

	// The (optional) scope of the search. Defaults to the entire subtree if not set
	Scope Scope

	// The (optional) behavior of the search with regards to alisases. Defaults to always
	// dereferencing if not set
	DerefAliases DerefAliases

	// TimeLimit holds the limit of time in seconds that any request to the server can remain outstanding
	// before the wait for a response is given up. If this is 0, no client-side limit is imposed
	TimeLimit int

	// Filter is a valid LDAP search filter that retrieves all relevant entries from the LDAP server with the base DN
	Filter string
}

LDAPQuery encodes an LDAP query

func NewLDAPQuery added in v1.0.7

func NewLDAPQuery(config api.LDAPQuery) (LDAPQuery, error)

NewLDAPQuery converts a user-provided LDAPQuery into a version we can use

func (*LDAPQuery) NewSearchRequest added in v1.0.7

func (q *LDAPQuery) NewSearchRequest(additionalAttributes []string) *ldap.SearchRequest

NewSearchRequest creates a new search request for the LDAP query and optionally includes more attributes

type LDAPQueryOnAttribute added in v1.0.7

type LDAPQueryOnAttribute struct {
	// Query retrieves entries from an LDAP server
	LDAPQuery

	// QueryAttribute is the attribute for a specific filter that, when conjoined with the common filter,
	// retrieves the specific LDAP entry from the LDAP server. (e.g. "cn", when formatted with "aGroupName"
	// and conjoined with "objectClass=groupOfNames", becomes (&(objectClass=groupOfNames)(cn=aGroupName))")
	QueryAttribute string
}

LDAPQueryOnAttribute encodes an LDAP query that conjoins two filters to extract a specific LDAP entry This query is not self-sufficient and needs the value of the QueryAttribute to construct the final filter

func NewLDAPQueryOnAttribute added in v1.0.7

func NewLDAPQueryOnAttribute(config api.LDAPQuery, attribute string) (LDAPQueryOnAttribute, error)

NewLDAPQueryOnAttribute converts a user-provided LDAPQuery into a version we can use by parsing the input and combining it with a set of name attributes

func (*LDAPQueryOnAttribute) NewSearchRequest added in v1.0.7

func (o *LDAPQueryOnAttribute) NewSearchRequest(attributeValue string, attributes []string) (*ldap.SearchRequest, error)

NewSearchRequest creates a new search request from the identifying query by internalizing the value of the attribute to be filtered as well as any attributes that need to be recovered

type LDAPURL

type LDAPURL struct {
	// Scheme is ldap or ldaps
	Scheme Scheme
	// Host is the host:port of the LDAP server
	Host string
	// The DN of the branch of the directory where all searches should start from
	BaseDN string
	// The attribute to search for
	QueryAttribute string
	// The scope of the search. Can be ldap.ScopeWholeSubtree, ldap.ScopeSingleLevel, or ldap.ScopeBaseObject
	Scope Scope
	// A valid LDAP search filter (e.g. "(objectClass=*)")
	Filter string
}

LDAPURL holds a parsed RFC 2255 URL

func ParseURL

func ParseURL(ldapURL string) (LDAPURL, error)

ParseURL parsed the given ldapURL as an RFC 2255 URL The syntax of the URL is ldap://host:port/basedn?attribute?scope?filter

type LDAPUserAttributeDefiner

type LDAPUserAttributeDefiner struct {
	// contains filtered or unexported fields
}

LDAPUserAttributeDefiner defines the values corresponding to OpenShift Identities in LDAP entries by using a deterministic mapping of LDAP entry attributes to OpenShift Identity fields

func NewLDAPUserAttributeDefiner

func NewLDAPUserAttributeDefiner(attributeMapping serverapi.LDAPAttributeMapping) LDAPUserAttributeDefiner

func (*LDAPUserAttributeDefiner) AllAttributes

func (d *LDAPUserAttributeDefiner) AllAttributes() sets.String

AllAttributes gets all attributes listed in the LDAPUserAttributeDefiner

func (*LDAPUserAttributeDefiner) Email

func (d *LDAPUserAttributeDefiner) Email(user *ldap.Entry) string

Email extracts the email value from an LDAP user entry

func (*LDAPUserAttributeDefiner) ID

ID extracts the ID value from an LDAP user entry

func (*LDAPUserAttributeDefiner) Name

func (d *LDAPUserAttributeDefiner) Name(user *ldap.Entry) string

Name extracts the name value from an LDAP user entry

func (*LDAPUserAttributeDefiner) PreferredUsername

func (d *LDAPUserAttributeDefiner) PreferredUsername(user *ldap.Entry) string

PreferredUsername extracts the preferred username value from an LDAP user entry

type LDAPUserIdentityFactory

type LDAPUserIdentityFactory interface {
	IdentityFor(user *ldap.Entry) (identity authapi.UserIdentityInfo, err error)
}

LDAPUserIdentityFactory creates Identites for LDAP user entries.

type Scheme

type Scheme string

Scheme is a valid ldap scheme

const (
	SchemeLDAP  Scheme = "ldap"
	SchemeLDAPS Scheme = "ldaps"
)

func DetermineLDAPScheme

func DetermineLDAPScheme(scheme string) (Scheme, error)

DetermineLDAPScheme determines the LDAP connection scheme. Scheme is one of "ldap" or "ldaps" Default to "ldap"

type Scope

type Scope int

Scope is a valid LDAP search scope

const (
	ScopeWholeSubtree Scope = ldap.ScopeWholeSubtree
	ScopeSingleLevel  Scope = ldap.ScopeSingleLevel
	ScopeBaseObject   Scope = ldap.ScopeBaseObject
)

func DetermineLDAPScope

func DetermineLDAPScope(scope string) (Scope, error)

DeterminmeLDAPScope determines the LDAP search scope. Scope is one of "sub", "one", or "base" Default to "sub" to match mod_auth_ldap

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL