Documentation ¶
Index ¶
Constants ¶
const ( ServerAddr = "server_addr" STSExpiry = "sts_expiry" UsernameFormat = "username_format" GroupSearchFilter = "group_search_filter" GroupNameAttribute = "group_name_attribute" GroupSearchBaseDN = "group_search_base_dn" TLSSkipVerify = "tls_skip_verify" EnvLDAPState = "MINIO_IDENTITY_LDAP_STATE" EnvServerAddr = "MINIO_IDENTITY_LDAP_SERVER_ADDR" EnvSTSExpiry = "MINIO_IDENTITY_LDAP_STS_EXPIRY" EnvTLSSkipVerify = "MINIO_IDENTITY_LDAP_TLS_SKIP_VERIFY" EnvUsernameFormat = "MINIO_IDENTITY_LDAP_USERNAME_FORMAT" EnvGroupSearchFilter = "MINIO_IDENTITY_LDAP_GROUP_SEARCH_FILTER" EnvGroupNameAttribute = "MINIO_IDENTITY_LDAP_GROUP_NAME_ATTRIBUTE" EnvGroupSearchBaseDN = "MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN" )
LDAP keys and envs.
Variables ¶
var ( DefaultKVS = config.KVS{ config.State: config.StateOff, config.Comment: "This is a default LDAP configuration", ServerAddr: "", STSExpiry: "1h", UsernameFormat: "", GroupSearchFilter: "", GroupNameAttribute: "", GroupSearchBaseDN: "", TLSSkipVerify: config.StateOff, } )
DefaultKVS - default config for LDAP config
var ( Help = config.HelpKV{ ServerAddr: `(Required) AD/LDAP server address eg: "myldapserver.com:636"`, UsernameFormat: `(Required) AD/LDAP format of full username DN eg: "uid={username},cn=accounts,dc=myldapserver,dc=com"`, GroupSearchFilter: `Search filter to find groups of a user (optional) eg: "(&(objectclass=groupOfNames)(member={usernamedn}))"`, GroupNameAttribute: `Attribute of search results to use as group name (optional) eg: "cn"`, GroupSearchBaseDN: `Base DN in AD/LDAP hierarchy to use in search requests (optional) eg: "dc=myldapserver,dc=com"`, STSExpiry: `AD/LDAP STS credentials validity duration (optional) eg: "1h"`, TLSSkipVerify: "Set this to 'on', to disable client verification of server certificates", config.State: "(Required) Enable or disable LDAP/AD identity", config.Comment: "A comment to describe the LDAP/AD identity setting", } )
Help template for Ldap identity feature.
Functions ¶
func SetIdentityLDAP ¶
SetIdentityLDAP - One time migration code needed, for migrating from older config to new for LDAPConfig.
Types ¶
type Config ¶
type Config struct { Enabled bool `json:"enabled"` // E.g. "ldap.minio.io:636" ServerAddr string `json:"serverAddr"` // STS credentials expiry duration STSExpiryDuration string `json:"stsExpiryDuration"` // Format string for usernames UsernameFormat string `json:"usernameFormat"` GroupSearchBaseDN string `json:"groupSearchBaseDN"` GroupSearchFilter string `json:"groupSearchFilter"` GroupNameAttribute string `json:"groupNameAttribute"` // contains filtered or unexported fields }
Config contains AD/LDAP server connectivity information.
func (Config) GetExpiryDuration ¶
GetExpiryDuration - return parsed expiry duration.
type Substituter ¶
type Substituter struct {
// contains filtered or unexported fields
}
Substituter - This type is to allow restricted runtime substitutions of variables in LDAP configuration items during runtime.
func NewSubstituter ¶
func NewSubstituter(v ...string) (Substituter, error)
NewSubstituter - sets up the substituter for usage, for e.g.:
subber := NewSubstituter("username", "john")
func (*Substituter) Substitute ¶
func (s *Substituter) Substitute(t string) (string, error)
Substitute - performs substitution on the given string `t`. Returns an error if there are any variables in the input that do not have values in the substituter. E.g.:
subber.Substitute("uid=${username},cn=users,dc=example,dc=com")
or
subber.Substitute("uid={username},cn=users,dc=example,dc=com")
returns "uid=john,cn=users,dc=example,dc=com"
whereas:
subber.Substitute("uid=${usernamedn}")
returns an error.