Documentation
¶
Overview ¶
Package ldap implements a basic LDAP authentication plugin.
Index ¶
- Variables
- func NewCreds(username, password string) grpc.DialOption
- type Config
- type Plugin
- func (p *Plugin) Authenticate(ctx context.Context, req *v1.AuthenticationRequest) (*v1.AuthenticationResponse, error)
- func (p *Plugin) Close(ctx context.Context, req *emptypb.Empty) (*emptypb.Empty, error)
- func (p *Plugin) Configure(ctx context.Context, req *v1.PluginConfiguration) (*emptypb.Empty, error)
- func (p *Plugin) GetInfo(context.Context, *emptypb.Empty) (*v1.PluginInfo, error)
Constants ¶
This section is empty.
Variables ¶
View Source
var ErrInvalidCredentials = fmt.Errorf("invalid credentials")
ErrInvalidCredentials is returned when the credentials are invalid.
View Source
var ErrUserDisabled = fmt.Errorf("user disabled")
ErrUserDisabled is returned when the user is disabled.
Functions ¶
func NewCreds ¶
func NewCreds(username, password string) grpc.DialOption
NewCreds returns a DialOption that sets the LDAP credentials.
Types ¶
type Config ¶
type Config struct {
// Server is the LDAP server to connect to. Specify as ldap[s]://host[:port].
Server string `mapstructure:"server" koanf:"server"`
// BindDN is the DN to bind with.
BindDN string `mapstructure:"bind-dn" koanf:"bind-dn"`
// BindPassword is the password to bind with.
BindPassword string `mapstructure:"bind-password" koanf:"bind-password"`
// CAFile is the path to a CA file to use to verify the LDAP server's certificate.
CAFile string `mapstructure:"ca-file" koanf:"ca-file"`
// UserBaseDN is the base DN to use to search for users. If empty, the entire
// directory will be searched.
UserBaseDN string `mapstructure:"user-base-dn" koanf:"user-base-dn"`
// UserIDAttribute is the attribute to use to identify the user.
UserIDAttribute string `mapstructure:"user-id-attribute" koanf:"user-id-attribute"`
// NodeIDAttribute is the attribute to use to identify the node. If not specified, the
// UserIDAttribute will be used.
NodeIDAttribute string `mapstructure:"node-id-attribute" koanf:"node-id-attribute"`
// UserDisabledAttribute is the attribute to use to determine if the user is disabled.
// If not specified, all user's will be considered active.
UserDisabledAttribute string `mapstructure:"user-status-attribute" koanf:"user-status-attribute"`
// UserDisabledValue is the value of the UserStatusAttribute that indicates the user is disabled.
// If not specified, any non-empty value of the UserDisabledAttribute will be considered disabled.
UserDisabledValue string `mapstructure:"user-disabled-value" koanf:"user-disabled-value"`
}
Config is the configuration for the LDAP plugin.
func (*Config) AsMapStructure ¶ added in v0.3.1
func (*Config) DefaultOptions ¶ added in v0.3.1
DefaultOptions returns the default options for the plugin.
func (*Config) SetMapStructure ¶ added in v0.8.0
type Plugin ¶
type Plugin struct {
v1.UnimplementedPluginServer
v1.UnimplementedAuthPluginServer
// contains filtered or unexported fields
}
Plugin is the ldap plugin.
func (*Plugin) Authenticate ¶
func (p *Plugin) Authenticate(ctx context.Context, req *v1.AuthenticationRequest) (*v1.AuthenticationResponse, error)
Source Files
Click to show internal directories.
Click to hide internal directories.