ldap

package

v3.0.20 Latest Latest Go to latest Published: Sep 21, 2024 License: AGPL-3.0 Imports: 10 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/minio/pkg

Links

Open Source Insights

Documentation ¶

Overview ¶

Package ldap defines the LDAP configuration object and methods used by the MinIO server.

Index ¶

func DecodeDN(str string) (string, error)
func NormalizeDN(dn string) (string, error)
type BaseDNInfo
type Config
type DNSearchResult
- func LookupDN(conn *ldap.Conn, dn string, attrs []string) (*DNSearchResult, error)
type Result
type UserLookupResult
type Validation

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func DecodeDN ¶ added in v3.0.6

func DecodeDN(str string) (string, error)

DecodeDN - remove leading and trailing spaces from the attribute type and value and unescape any escaped characters in these fields

pulled from the go-ldap library https://github.com/go-ldap/ldap/blob/dbdc485259442f987d83e604cd4f5859cfc1be58/dn.go

func NormalizeDN ¶

func NormalizeDN(dn string) (string, error)

NormalizeDN normalizes the DN. The ldap library here mainly lowercases the attribute type names in the DN.

Types ¶

type BaseDNInfo ¶

type BaseDNInfo struct {
	// User provided base DN.
	Original string
	// DN string returned by the LDAP server. This value is used as the
	// canonical form of the DN.
	ServerDN string
	// Parsed DN (from `ServerDN` value, not `Original`).
	Parsed *ldap.DN
}

BaseDNInfo contains information about a base DN.

type Config ¶

type Config struct {
	Enabled bool

	// E.g. "ldap.minio.io:636"
	ServerAddr     string
	SRVRecordName  string
	ServerInsecure bool        // allows plain text connection to LDAP server
	ServerStartTLS bool        // allows using StartTLS connection to LDAP server
	TLS            *tls.Config // TLS client config

	// Lookup bind LDAP service account
	LookupBindDN       string
	LookupBindPassword string

	// User DN search parameters
	UserDNSearchBaseDistName string

	UserDNSearchFilter string

	// Additional attributes to fetch from the user DN search.
	UserDNAttributes string

	// Group search parameters
	GroupSearchBaseDistName string

	GroupSearchFilter string
	// contains filtered or unexported fields
}

Config contains configuration to connect to an LDAP server.

func (*Config) Clone ¶

func (l *Config) Clone() (cloned Config)

Clone creates a copy of the config.

func (*Config) Connect ¶

func (l *Config) Connect() (ldapConn *ldap.Conn, err error)

Connect connect to ldap server.

func (*Config) GetGroupSearchBaseDistNames ¶

func (l *Config) GetGroupSearchBaseDistNames() []BaseDNInfo

GetGroupSearchBaseDistNames returns the group search base DN list.

func (*Config) GetUserDNAttributesList ¶

func (l *Config) GetUserDNAttributesList() []string

GetUserDNAttributesList returns the user attributes list.

func (*Config) GetUserDNSearchBaseDistNames ¶

func (l *Config) GetUserDNSearchBaseDistNames() []BaseDNInfo

GetUserDNSearchBaseDistNames returns the user DN search base DN list.

func (*Config) LookupBind ¶

func (l *Config) LookupBind(conn *ldap.Conn) error

LookupBind connects to LDAP server using the bind user credentials.

func (*Config) LookupUsername ¶

func (l *Config) LookupUsername(conn *ldap.Conn, username string) (*DNSearchResult, error)

LookupUsername searches for the DN of the user given their login username. conn is assumed to be using the lookup bind service account.

It is required that the search return at most one result.

If the user does not exist, an error is returned that starts with:

"User DN not found for:"

func (*Config) SearchForUserGroups ¶

func (l *Config) SearchForUserGroups(conn *ldap.Conn, username, bindDN string) ([]string, error)

SearchForUserGroups finds the groups of the user.

func (*Config) Validate ¶

func (l *Config) Validate() Validation

Validate validates the LDAP configuration. It can be called with any subset of configuration parameters provided by the user - it will return information on what needs to be done to fix the problem if any.

This function updates the UserDNSearchBaseDistNames and GroupSearchBaseDistNames fields of the Config - however this an idempotent operation. This is done to support configuration validation in Console/mc and for tests.

func (*Config) ValidateLookup ¶

func (l *Config) ValidateLookup(testUsername string) (*UserLookupResult, Validation)

ValidateLookup takes a test username and performs user and group lookup (if configured) and returns the result. It is to validate the LDAP configuration. The lookup is performed without requiring the password for the test user - and so can be used to test any LDAP user intending to use MinIO.

type DNSearchResult ¶

type DNSearchResult struct {
	// Normalized DN of the user.
	NormDN string
	// Actual DN of the user.
	ActualDN string

	// Attributes of the user.
	Attributes map[string][]string
}

DNSearchResult contains the result of a DN search. The attibutes map may be empty if no attributes were requested or if no attributes were found.

func LookupDN ¶

func LookupDN(conn *ldap.Conn, dn string, attrs []string) (*DNSearchResult, error)

LookupDN looks a given DN and returns its normalized form along with any requested attributes. It only performs a base object search to check if the DN exists. If the DN does not exist on the server, it returns a nil result and a nil error.

type Result ¶

type Result string

Result - type for high-level names for the validation status of the config.

const (
	ConfigOk                       Result = "Config OK"
	ConnectivityError              Result = "LDAP Server Connection Error"
	ConnectionParamMisconfigured   Result = "LDAP Server Connection Parameters Misconfigured"
	LookupBindError                Result = "LDAP Lookup Bind Error"
	UserSearchParamsMisconfigured  Result = "User Search Parameters Misconfigured"
	GroupSearchParamsMisconfigured Result = "Group Search Parameters Misconfigured"
	UserDNLookupError              Result = "User DN Lookup Error"
	GroupMembershipsLookupError    Result = "Group Memberships Lookup Error"
)

Constant values for Result type.

type UserLookupResult ¶

type UserLookupResult struct {
	DN                 string
	DNAttributes       map[string][]string
	GroupDNMemberships []string
}

UserLookupResult returns the DN found for the test user and their group memberships.

type Validation ¶

type Validation struct {
	Result     Result
	Detail     string
	Suggestion string
	ErrCause   error
}

Validation returns feedback on the configuration. The `Suggestion` field needs to be "printed" for friendly display (it can contain escaped newlines `\n`).

func (Validation) Error ¶

func (v Validation) Error() string

Error instance for Validation.

func (Validation) FormatError ¶

func (v Validation) FormatError() string

FormatError returns detailed validation error information.

func (Validation) IsOk ¶

func (v Validation) IsOk() bool

IsOk - returns if the validation succeeded.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL