Documentation
¶
Index ¶
Constants ¶
View Source
const ( ServerAddr = "server_addr" STSExpiry = "sts_expiry" LookupBindDN = "lookup_bind_dn" LookupBindPassword = "lookup_bind_password" UserDNSearchBaseDN = "user_dn_search_base_dn" UserDNSearchFilter = "user_dn_search_filter" UsernameFormat = "username_format" GroupSearchFilter = "group_search_filter" GroupSearchBaseDN = "group_search_base_dn" TLSSkipVerify = "tls_skip_verify" ServerInsecure = "server_insecure" ServerStartTLS = "server_starttls" EnvServerAddr = "MINIO_IDENTITY_LDAP_SERVER_ADDR" EnvSTSExpiry = "MINIO_IDENTITY_LDAP_STS_EXPIRY" EnvTLSSkipVerify = "MINIO_IDENTITY_LDAP_TLS_SKIP_VERIFY" EnvServerInsecure = "MINIO_IDENTITY_LDAP_SERVER_INSECURE" EnvServerStartTLS = "MINIO_IDENTITY_LDAP_SERVER_STARTTLS" EnvUsernameFormat = "MINIO_IDENTITY_LDAP_USERNAME_FORMAT" EnvUserDNSearchBaseDN = "MINIO_IDENTITY_LDAP_USER_DN_SEARCH_BASE_DN" EnvUserDNSearchFilter = "MINIO_IDENTITY_LDAP_USER_DN_SEARCH_FILTER" EnvGroupSearchFilter = "MINIO_IDENTITY_LDAP_GROUP_SEARCH_FILTER" EnvGroupSearchBaseDN = "MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN" EnvLookupBindDN = "MINIO_IDENTITY_LDAP_LOOKUP_BIND_DN" EnvLookupBindPassword = "MINIO_IDENTITY_LDAP_LOOKUP_BIND_PASSWORD" )
LDAP keys and envs.
Variables ¶
View Source
var ( DefaultKVS = config.KVS{ config.KV{ Key: ServerAddr, Value: "", }, config.KV{ Key: UsernameFormat, Value: "", }, config.KV{ Key: UserDNSearchBaseDN, Value: "", }, config.KV{ Key: UserDNSearchFilter, Value: "", }, config.KV{ Key: GroupSearchFilter, Value: "", }, config.KV{ Key: GroupSearchBaseDN, Value: "", }, config.KV{ Key: STSExpiry, Value: "1h", }, config.KV{ Key: TLSSkipVerify, Value: config.EnableOff, }, config.KV{ Key: ServerInsecure, Value: config.EnableOff, }, config.KV{ Key: ServerStartTLS, Value: config.EnableOff, }, config.KV{ Key: LookupBindDN, Value: "", }, config.KV{ Key: LookupBindPassword, Value: "", }, } )
DefaultKVS - default config for LDAP config
View Source
var ( Help = config.HelpKVS{ config.HelpKV{ Key: ServerAddr, Description: `AD/LDAP server address e.g. "myldapserver.com:636"`, Type: "address", }, config.HelpKV{ Key: STSExpiry, Description: `temporary credentials validity duration in s,m,h,d. Default is "1h"`, Optional: true, Type: "duration", }, config.HelpKV{ Key: LookupBindDN, Description: `DN for LDAP read-only service account used to perform DN and group lookups`, Optional: true, Type: "string", }, config.HelpKV{ Key: LookupBindPassword, Description: `Password for LDAP read-only service account used to perform DN and group lookups`, Optional: true, Type: "string", }, config.HelpKV{ Key: UserDNSearchBaseDN, Description: `Base LDAP DN to search for user DN`, Optional: true, Type: "string", }, config.HelpKV{ Key: UserDNSearchFilter, Description: `Search filter to lookup user DN`, Optional: true, Type: "string", }, config.HelpKV{ Key: UsernameFormat, Description: `";" separated list of username bind DNs e.g. "uid=%s,cn=accounts,dc=myldapserver,dc=com"`, Optional: true, Type: "list", }, config.HelpKV{ Key: GroupSearchFilter, Description: `search filter for groups e.g. "(&(objectclass=groupOfNames)(memberUid=%s))"`, Optional: true, Type: "string", }, config.HelpKV{ Key: GroupSearchBaseDN, Description: `";" separated list of group search base DNs e.g. "dc=myldapserver,dc=com"`, Optional: true, Type: "list", }, config.HelpKV{ Key: TLSSkipVerify, Description: `trust server TLS without verification, defaults to "off" (verify)`, Optional: true, Type: "on|off", }, config.HelpKV{ Key: ServerInsecure, Description: `allow plain text connection to AD/LDAP server, defaults to "off"`, Optional: true, Type: "on|off", }, config.HelpKV{ Key: ServerStartTLS, Description: `use StartTLS connection to AD/LDAP server, defaults to "off"`, Optional: true, Type: "on|off", }, config.HelpKV{ Key: config.Comment, Description: config.DefaultComment, Optional: true, Type: "sentence", }, } )
Help template for LDAP identity feature.
Functions ¶
func SetIdentityLDAP ¶
SetIdentityLDAP - One time migration code needed, for migrating from older config to new for LDAPConfig.
Types ¶
type Config ¶
type Config struct {
Enabled bool `json:"enabled"`
// E.g. "ldap.minio.io:636"
ServerAddr string `json:"serverAddr"`
// STS credentials expiry duration
STSExpiryDuration string `json:"stsExpiryDuration"`
// Format string for usernames
UsernameFormat string `json:"usernameFormat"`
UsernameFormats []string `json:"-"`
// User DN search parameters
UserDNSearchBaseDN string `json:"userDNSearchBaseDN"`
UserDNSearchFilter string `json:"userDNSearchFilter"`
// Group search parameters
GroupSearchBaseDistName string `json:"groupSearchBaseDN"`
GroupSearchBaseDistNames []string `json:"-"`
GroupSearchFilter string `json:"groupSearchFilter"`
// Lookup bind LDAP service account
LookupBindDN string `json:"lookupBindDN"`
LookupBindPassword string `json:"lookupBindPassword"`
// contains filtered or unexported fields
}
Config contains AD/LDAP server connectivity information.
func (*Config) Bind ¶
Bind - binds to ldap, searches LDAP and returns the distinguished name of the user and the list of groups.
func (Config) GetExpiryDuration ¶
GetExpiryDuration - return parsed expiry duration.
Source Files
Click to show internal directories.
Click to hide internal directories.