The highest tagged major version is v1.

ldaputil

package

v0.11.6 Latest Latest Go to latest Published: Dec 14, 2018 License: MPL-2.0 Imports: 18 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/hashicorp/vault

Links

Open Source Insights

Documentation ¶

Index ¶

func ConfigFields() map[string]*framework.FieldSchema
func EscapeLDAPValue(input string) string
type Client
type ConfigEntry
- func NewConfigEntry(d *framework.FieldData) (*ConfigEntry, error)
type Connection
type LDAP
- func NewLDAP() LDAP

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func ConfigFields ¶

func ConfigFields() map[string]*framework.FieldSchema

ConfigFields returns all the config fields that can potentially be used by the LDAP client. Not all fields will be used by every integration.

func EscapeLDAPValue ¶

func EscapeLDAPValue(input string) string

EscapeLDAPValue is exported because a plugin uses it outside this package.

Types ¶

type Client ¶

type Client struct {
	Logger hclog.Logger
	LDAP   LDAP
}

func (*Client) DialLDAP ¶

func (c *Client) DialLDAP(cfg *ConfigEntry) (Connection, error)

func (*Client) GetLdapGroups ¶

func (c *Client) GetLdapGroups(cfg *ConfigEntry, conn Connection, userDN string, username string) ([]string, error)

* getLdapGroups queries LDAP and returns a slice describing the set of groups the authenticated user is a member of. * * If cfg.UseTokenGroups is true then the search is performed directly on the userDN. * The values of those attributes are converted to string SIDs, and then looked up to get ldap.Entry objects. * Otherwise, the search query is constructed according to cfg.GroupFilter, and run in context of cfg.GroupDN. * Groups will be resolved from the query results by following the attribute defined in cfg.GroupAttr. * * cfg.GroupFilter is a go template and is compiled with the following context: [UserDN, Username] * UserDN - The DN of the authenticated user * Username - The Username of the authenticated user * * Example: * cfg.GroupFilter = "(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))" * cfg.GroupDN = "OU=Groups,DC=myorg,DC=com" * cfg.GroupAttr = "cn" * * NOTE - If cfg.GroupFilter is empty, no query is performed and an empty result slice is returned. *

func (*Client) GetUserBindDN ¶

func (c *Client) GetUserBindDN(cfg *ConfigEntry, conn Connection, username string) (string, error)

* Discover and return the bind string for the user attempting to authenticate. * This is handled in one of several ways: * * 1. If DiscoverDN is set, the user object will be searched for using userdn (base search path) * and userattr (the attribute that maps to the provided username). * The bind will either be anonymous or use binddn and bindpassword if they were provided. * 2. If upndomain is set, the user dn is constructed as 'username@upndomain'. See https://msdn.microsoft.com/en-us/library/cc223499.aspx *

func (*Client) GetUserDN ¶

func (c *Client) GetUserDN(cfg *ConfigEntry, conn Connection, bindDN string) (string, error)

* Returns the DN of the object representing the authenticated user.

type ConfigEntry ¶

type ConfigEntry struct {
	Url            string `json:"url"`
	UserDN         string `json:"userdn"`
	GroupDN        string `json:"groupdn"`
	GroupFilter    string `json:"groupfilter"`
	GroupAttr      string `json:"groupattr"`
	UPNDomain      string `json:"upndomain"`
	UserAttr       string `json:"userattr"`
	Certificate    string `json:"certificate"`
	InsecureTLS    bool   `json:"insecure_tls"`
	StartTLS       bool   `json:"starttls"`
	BindDN         string `json:"binddn"`
	BindPassword   string `json:"bindpass"`
	DenyNullBind   bool   `json:"deny_null_bind"`
	DiscoverDN     bool   `json:"discoverdn"`
	TLSMinVersion  string `json:"tls_min_version"`
	TLSMaxVersion  string `json:"tls_max_version"`
	UseTokenGroups bool   `json:"use_token_groups"`

	// This json tag deviates from snake case because there was a past issue
	// where the tag was being ignored, causing it to be jsonified as "CaseSensitiveNames".
	// To continue reading in users' previously stored values,
	// we chose to carry that forward.
	CaseSensitiveNames *bool `json:"CaseSensitiveNames,omitempty"`
}

func NewConfigEntry ¶

func NewConfigEntry(d *framework.FieldData) (*ConfigEntry, error)

* Creates and initializes a ConfigEntry object with its default values, * as specified by the passed schema.

func (*ConfigEntry) Map ¶

func (c *ConfigEntry) Map() map[string]interface{}

func (*ConfigEntry) PasswordlessMap ¶

func (c *ConfigEntry) PasswordlessMap() map[string]interface{}

func (*ConfigEntry) Validate ¶

func (c *ConfigEntry) Validate() error

type Connection ¶

type Connection interface {
	Bind(username, password string) error
	Close()
	Modify(modifyRequest *ldap.ModifyRequest) error
	Search(searchRequest *ldap.SearchRequest) (*ldap.SearchResult, error)
	StartTLS(config *tls.Config) error
	UnauthenticatedBind(username string) error
}

Connection provides the functionality of an LDAP connection, but through an interface.

type LDAP ¶

type LDAP interface {
	Dial(network, addr string) (Connection, error)
	DialTLS(network, addr string, config *tls.Config) (Connection, error)
}

LDAP provides ldap functionality, but through an interface rather than statically. This allows faking it for tests.

func NewLDAP ¶

func NewLDAP() LDAP

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL