ldap

package

v0.0.0-...-8699e9f Latest Latest Go to latest Published: May 7, 2023 License: Apache-2.0 Imports: 18 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/oskoi/go-authcrunch

Links

Open Source Insights

Documentation ¶

Index ¶

type AuthServer
type Authenticator
- func NewAuthenticator() *Authenticator
type Config
- func (cfg *Config) Validate() error
type IdentityStore
- func NewIdentityStore(cfg *Config, logger *zap.Logger) (*IdentityStore, error)
type UserAttributes
type UserGroup

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AuthServer ¶

type AuthServer struct {
	Address          string   `json:"address,omitempty" xml:"address,omitempty" yaml:"address,omitempty"`
	URL              *url.URL `json:"-"`
	Port             string   `json:"-"`
	Encrypted        bool     `json:"-"`
	IgnoreCertErrors bool     `json:"ignore_cert_errors,omitempty" xml:"ignore_cert_errors,omitempty" yaml:"ignore_cert_errors,omitempty"`
	PosixGroups      bool     `json:"posix_groups,omitempty" xml:"posix_groups,omitempty" yaml:"posix_groups,omitempty"`
	Timeout          int      `json:"timeout,omitempty" xml:"timeout,omitempty" yaml:"timeout,omitempty"`
}

AuthServer represents an instance of LDAP server.

type Authenticator ¶

type Authenticator struct {
	// contains filtered or unexported fields
}

Authenticator represents database connector.

func NewAuthenticator ¶

func NewAuthenticator() *Authenticator

NewAuthenticator returns an instance of Authenticator.

func (*Authenticator) AuthenticateUser ¶

func (sa *Authenticator) AuthenticateUser(r *requests.Request) error

AuthenticateUser checks the database for the presence of a username/email and password and returns user claims.

func (*Authenticator) ConfigureBindCredentials ¶

func (sa *Authenticator) ConfigureBindCredentials(cfg *Config) error

ConfigureBindCredentials configures user credentials for LDAP binding.

func (*Authenticator) ConfigureRealm ¶

func (sa *Authenticator) ConfigureRealm(cfg *Config) error

ConfigureRealm configures a domain name (realm) associated with the instance of authenticator.

func (*Authenticator) ConfigureSearch ¶

func (sa *Authenticator) ConfigureSearch(cfg *Config) error

ConfigureSearch configures base DN, search filter, attributes for LDAP queries.

func (*Authenticator) ConfigureServers ¶

func (sa *Authenticator) ConfigureServers(cfg *Config) error

ConfigureServers configures the addresses of LDAP servers.

func (*Authenticator) ConfigureTrustedAuthorities ¶

func (sa *Authenticator) ConfigureTrustedAuthorities(cfg *Config) error

ConfigureTrustedAuthorities configured trusted certificate authorities, if any.

func (*Authenticator) ConfigureUserGroups ¶

func (sa *Authenticator) ConfigureUserGroups(cfg *Config) error

ConfigureUserGroups configures user group bindings for LDAP searching.

func (*Authenticator) IdentifyUser ¶

func (sa *Authenticator) IdentifyUser(r *requests.Request) error

IdentifyUser returns user challenges.

type Config ¶

type Config struct {
	Name               string         `json:"name,omitempty" xml:"name,omitempty" yaml:"name,omitempty"`
	Realm              string         `json:"realm,omitempty" xml:"realm,omitempty" yaml:"realm,omitempty"`
	Servers            []AuthServer   `json:"servers,omitempty" xml:"servers,omitempty" yaml:"servers,omitempty"`
	BindUsername       string         `json:"bind_username,omitempty" xml:"bind_username,omitempty" yaml:"bind_username,omitempty"`
	BindPassword       string         `json:"bind_password,omitempty" xml:"bind_password,omitempty" yaml:"bind_password,omitempty"`
	Attributes         UserAttributes `json:"attributes,omitempty" xml:"attributes,omitempty" yaml:"attributes,omitempty"`
	SearchBaseDN       string         `json:"search_base_dn,omitempty" xml:"search_base_dn,omitempty" yaml:"search_base_dn,omitempty"`
	SearchUserFilter   string         `json:"search_user_filter,omitempty" xml:"search_user_filter,omitempty" yaml:"search_user_filter,omitempty"`
	SearchGroupFilter  string         `json:"search_group_filter,omitempty" xml:"search_group_filter,omitempty" yaml:"search_group_filter,omitempty"`
	Groups             []UserGroup    `json:"groups,omitempty" xml:"groups,omitempty" yaml:"groups,omitempty"`
	TrustedAuthorities []string       `json:"trusted_authorities,omitempty" xml:"trusted_authorities,omitempty" yaml:"trusted_authorities,omitempty"`

	// LoginIcon is the UI login icon attributes.
	LoginIcon *icons.LoginIcon `json:"login_icon,omitempty" xml:"login_icon,omitempty" yaml:"login_icon,omitempty"`

	// RegistrationEnabled controls whether visitors can registers.
	RegistrationEnabled bool `json:"registration_enabled,omitempty" xml:"registration_enabled,omitempty" yaml:"registration_enabled,omitempty"`
	// UsernameRecoveryEnabled controls whether a user could recover username by providing an email address.
	UsernameRecoveryEnabled bool `` /* 127-byte string literal not displayed */
	// PasswordRecoveryEnabled controls whether a user could recover password by providing an email address.
	PasswordRecoveryEnabled bool `` /* 127-byte string literal not displayed */
	// ContactSupportEnabled controls whether contact support link is available.
	ContactSupportEnabled bool `json:"contact_support_enabled,omitempty" xml:"contact_support_enabled,omitempty" yaml:"contact_support_enabled,omitempty"`

	// SupportLink is the link to the support portal.
	SupportLink string `json:"support_link,omitempty" xml:"support_link,omitempty" yaml:"support_link,omitempty"`
	// SupportEmail is the email address to reach support.
	SupportEmail string `json:"support_email,omitempty" xml:"support_email,omitempty" yaml:"support_email,omitempty"`

	// The roles assigned to a user when no matching LDAP groups found.
	FallbackRoles []string `json:"fallback_roles,omitempty" xml:"fallback_roles,omitempty" yaml:"fallback_roles,omitempty"`
}

Config holds the configuration for the IdentityStore.

func (*Config) Validate ¶

func (cfg *Config) Validate() error

Validate validates identity store configuration.

type IdentityStore ¶

type IdentityStore struct {
	// contains filtered or unexported fields
}

IdentityStore represents authentication provider with LDAP identity store.

func NewIdentityStore ¶

func NewIdentityStore(cfg *Config, logger *zap.Logger) (*IdentityStore, error)

NewIdentityStore return an instance of LDAP-based identity store.

func (*IdentityStore) Authenticate ¶

func (b *IdentityStore) Authenticate(r *requests.Request) error

Authenticate performs authentication.

func (*IdentityStore) Configure ¶

func (b *IdentityStore) Configure() error

Configure configures IdentityStore.

func (*IdentityStore) Configured ¶

func (b *IdentityStore) Configured() bool

Configured returns true if the identity store was configured.

func (*IdentityStore) GetConfig ¶

func (b *IdentityStore) GetConfig() map[string]interface{}

GetConfig returns IdentityStore configuration.

func (*IdentityStore) GetKind ¶

func (b *IdentityStore) GetKind() string

GetKind returns the authentication method associated with this identity store.

func (*IdentityStore) GetLoginIcon ¶

func (b *IdentityStore) GetLoginIcon() *icons.LoginIcon

GetLoginIcon returns the instance of the icon associated with the provider.

func (*IdentityStore) GetName ¶

func (b *IdentityStore) GetName() string

GetName return the name associated with this identity store.

func (*IdentityStore) GetRealm ¶

func (b *IdentityStore) GetRealm() string

GetRealm return authentication realm.

func (*IdentityStore) IdentifyUser ¶

func (b *IdentityStore) IdentifyUser(r *requests.Request) error

IdentifyUser performs user identification.

func (*IdentityStore) Request ¶

func (b *IdentityStore) Request(op operator.Type, r *requests.Request) error

Request performs the requested identity store operation.

type UserAttributes ¶

type UserAttributes struct {
	Name     string `json:"name,omitempty" xml:"name,omitempty" yaml:"name,omitempty"`
	Surname  string `json:"surname,omitempty" xml:"surname,omitempty" yaml:"surname,omitempty"`
	Username string `json:"username,omitempty" xml:"username,omitempty" yaml:"username,omitempty"`
	MemberOf string `json:"member_of,omitempty" xml:"member_of,omitempty" yaml:"member_of,omitempty"`
	Email    string `json:"email,omitempty" xml:"email,omitempty" yaml:"email,omitempty"`
}

UserAttributes represent the mapping of LDAP attributes to JWT fields.

type UserGroup ¶

type UserGroup struct {
	GroupDN string   `json:"dn,omitempty" xml:"dn,omitempty" yaml:"dn,omitempty"`
	Roles   []string `json:"roles,omitempty" xml:"roles,omitempty" yaml:"roles,omitempty"`
}

UserGroup represent the binding between BaseDN and a serarch filter. Upon successful authentation for the combination, a user gets assigned the roles associated with the binding.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL