users
This commit is contained in:
@@ -12,6 +12,7 @@ type Config struct {
|
|||||||
LDAPBindDN string
|
LDAPBindDN string
|
||||||
LDAPBindPW string
|
LDAPBindPW string
|
||||||
LDAPBaseDN string
|
LDAPBaseDN string
|
||||||
|
LDAPUserBaseDN string
|
||||||
LDAPRoleBaseDN string
|
LDAPRoleBaseDN string
|
||||||
|
|
||||||
ClientSecret string
|
ClientSecret string
|
||||||
|
|||||||
@@ -49,6 +49,7 @@ type Config struct {
|
|||||||
BindPass string `envconfig:"bindpw" json:"-" desc:"a LDAP bind password"`
|
BindPass string `envconfig:"bindpw" json:"-" desc:"a LDAP bind password"`
|
||||||
BaseDN string `envconfig:"basedn" required:"true" desc:"a LDAP base DN for searching users"`
|
BaseDN string `envconfig:"basedn" required:"true" desc:"a LDAP base DN for searching users"`
|
||||||
AttrClaims map[string]string `envconfig:"attr_claims" default:"name:name,sn:family_name,givenName:given_name,mail:email" desc:"a mapping of LDAP attributes to OpenID connect claims"`
|
AttrClaims map[string]string `envconfig:"attr_claims" default:"name:name,sn:family_name,givenName:given_name,mail:email" desc:"a mapping of LDAP attributes to OpenID connect claims"`
|
||||||
|
UserBaseDN string `envconfig:"user_basedn" required:"true" desc:"a LDAP base DN for searching users"`
|
||||||
RoleBaseDN string `envconfig:"role_basedn" required:"true" desc:"a LDAP base DN for searching roles"`
|
RoleBaseDN string `envconfig:"role_basedn" required:"true" desc:"a LDAP base DN for searching roles"`
|
||||||
RoleAttr string `envconfig:"role_attr" default:"description" desc:"a LDAP group's attribute that contains a role's name"`
|
RoleAttr string `envconfig:"role_attr" default:"description" desc:"a LDAP group's attribute that contains a role's name"`
|
||||||
RoleClaim string `envconfig:"role_claim" default:"https://github.com/i-core/werther/claims/roles" desc:"a name of an OpenID Connect claim that contains user roles"`
|
RoleClaim string `envconfig:"role_claim" default:"https://github.com/i-core/werther/claims/roles" desc:"a name of an OpenID Connect claim that contains user roles"`
|
||||||
@@ -65,11 +66,12 @@ func New() *Client {
|
|||||||
BindDN: conf.GetConfig().LDAPBindDN,
|
BindDN: conf.GetConfig().LDAPBindDN,
|
||||||
BindPass: conf.GetConfig().LDAPBindPW,
|
BindPass: conf.GetConfig().LDAPBindPW,
|
||||||
BaseDN: conf.GetConfig().LDAPBaseDN,
|
BaseDN: conf.GetConfig().LDAPBaseDN,
|
||||||
|
UserBaseDN: conf.GetConfig().LDAPRoleBaseDN,
|
||||||
RoleBaseDN: conf.GetConfig().LDAPRoleBaseDN,
|
RoleBaseDN: conf.GetConfig().LDAPRoleBaseDN,
|
||||||
}
|
}
|
||||||
return &Client{
|
return &Client{
|
||||||
Config: cnf,
|
Config: cnf,
|
||||||
connector: &ldapConnector{BaseDN: cnf.BaseDN, RoleBaseDN: cnf.RoleBaseDN, IsTLS: cnf.IsTLS},
|
connector: &ldapConnector{BaseDN: cnf.BaseDN, RoleBaseDN: cnf.RoleBaseDN, UserBaseDN: cnf.UserBaseDN, IsTLS: cnf.IsTLS},
|
||||||
cache: freecache.NewCache(cnf.CacheSize * 1024),
|
cache: freecache.NewCache(cnf.CacheSize * 1024),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -379,7 +381,6 @@ func (cli *Client) findBasicUserDetails(cn conn, username string, attrs []string
|
|||||||
return nil, errors.New(err.Error() + " : failed to login to a LDAP woth a service account")
|
return nil, errors.New(err.Error() + " : failed to login to a LDAP woth a service account")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
entries, err := cn.SearchUser(username, attrs...)
|
entries, err := cn.SearchUser(username, attrs...)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
|||||||
1
main.go
1
main.go
@@ -55,6 +55,7 @@ func main() {
|
|||||||
conf.GetConfig().LDAPBindDN = o.GetStringDefault("LDAP_BINDDN", "cn=admin,dc=example,dc=com")
|
conf.GetConfig().LDAPBindDN = o.GetStringDefault("LDAP_BINDDN", "cn=admin,dc=example,dc=com")
|
||||||
conf.GetConfig().LDAPBindPW = o.GetStringDefault("LDAP_BINDPW", "password")
|
conf.GetConfig().LDAPBindPW = o.GetStringDefault("LDAP_BINDPW", "password")
|
||||||
conf.GetConfig().LDAPBaseDN = o.GetStringDefault("LDAP_BASEDN", "dc=example,dc=com")
|
conf.GetConfig().LDAPBaseDN = o.GetStringDefault("LDAP_BASEDN", "dc=example,dc=com")
|
||||||
|
conf.GetConfig().LDAPUserBaseDN = o.GetStringDefault("LDAP_USER_BASEDN", "ou=users,dc=example,dc=com")
|
||||||
conf.GetConfig().LDAPRoleBaseDN = o.GetStringDefault("LDAP_ROLE_BASEDN", "ou=AppRoles,dc=example,dc=com")
|
conf.GetConfig().LDAPRoleBaseDN = o.GetStringDefault("LDAP_ROLE_BASEDN", "ou=AppRoles,dc=example,dc=com")
|
||||||
go generateSelfPeer()
|
go generateSelfPeer()
|
||||||
go generateRole()
|
go generateRole()
|
||||||
|
|||||||
Reference in New Issue
Block a user