package schema import ( "crypto/tls" "net/url" "time" ) // AuthenticationBackend represents the configuration related to the authentication backend. type AuthenticationBackend struct { PasswordReset AuthenticationBackendPasswordReset `koanf:"password_reset" json:"password_reset" jsonschema:"title=Password Reset" jsonschema_description:"Allows configuration of the password reset behaviour."` RefreshInterval RefreshIntervalDuration `koanf:"refresh_interval" json:"refresh_interval" jsonschema:"default=5 minutes,title=Refresh Interval" jsonschema_description:"How frequently the user details are refreshed from the backend."` // The file authentication backend configuration. File *AuthenticationBackendFile `koanf:"file" json:"file" jsonschema:"title=File Backend" jsonschema_description:"The file authentication backend configuration."` LDAP *AuthenticationBackendLDAP `koanf:"ldap" json:"ldap" jsonschema:"title=LDAP Backend" jsonschema_description:"The LDAP authentication backend configuration."` } // AuthenticationBackendPasswordReset represents the configuration related to password reset functionality. type AuthenticationBackendPasswordReset struct { Disable bool `koanf:"disable" json:"disable" jsonschema:"default=false,title=Disable" jsonschema_description:"Disables the Password Reset option."` CustomURL url.URL `koanf:"custom_url" json:"custom_url" jsonschema:"title=Custom URL" jsonschema_description:"Disables the internal Password Reset option and instead redirects users to this specified URL."` } // AuthenticationBackendFile represents the configuration related to file-based backend. type AuthenticationBackendFile struct { Path string `koanf:"path" json:"path" jsonschema:"title=Path" jsonschema_description:"The file path to the user database."` Watch bool `koanf:"watch" json:"watch" jsonschema:"default=false,title=Watch" jsonschema_description:"Enables watching the file for external changes and dynamically reloading the database."` Password AuthenticationBackendFilePassword `koanf:"password" json:"password" jsonschema:"title=Password Options" jsonschema_description:"Allows configuration of the password hashing options when the user passwords are changed directly by Authelia."` Search AuthenticationBackendFileSearch `koanf:"search" json:"search" jsonschema:"title=Search" jsonschema_description:"Configures the user searching behaviour."` ExtraAttributes map[string]AuthenticationBackendExtraAttribute `koanf:"extra_attributes" json:"extra_attributes" jsonschema:"title=Extra Attributes" jsonschema_description:"Configures the extra attributes available in expressions and other areas of Authelia."` } type AuthenticationBackendExtraAttribute struct { MultiValued bool `koanf:"multi_valued" json:"multi_valued" jsonschema:"title=Multi-Valued" jsonschema_description:"Defines the attribute as multi-valued."` ValueType string `koanf:"value_type" json:"value_type" jsonschema:"enum=boolean,enum=integer,enum=string,title=Value Type" jsonschema_description:"Defines the value type for the attribute."` } func (a AuthenticationBackendExtraAttribute) IsMultiValued() (multi bool) { return a.MultiValued } func (a AuthenticationBackendExtraAttribute) GetValueType() (vtype string) { return a.ValueType } // AuthenticationBackendFileSearch represents the configuration related to file-based backend searching. type AuthenticationBackendFileSearch struct { Email bool `koanf:"email" json:"email" jsonschema:"default=false,title=Email Searching" jsonschema_description:"Allows users to either use their username or their configured email as a username."` CaseInsensitive bool `koanf:"case_insensitive" json:"case_insensitive" jsonschema:"default=false,title=Case Insensitive Searching" jsonschema_description:"Allows usernames to be any case during the search."` } // AuthenticationBackendFilePassword represents the configuration related to password hashing. type AuthenticationBackendFilePassword struct { Algorithm string `koanf:"algorithm" json:"algorithm" jsonschema:"default=argon2,enum=argon2,enum=sha2crypt,enum=pbkdf2,enum=bcrypt,enum=scrypt,title=Algorithm" jsonschema_description:"The password hashing algorithm to use."` Argon2 AuthenticationBackendFilePasswordArgon2 `koanf:"argon2" json:"argon2" jsonschema:"title=Argon2" jsonschema_description:"Configure the Argon2 password hashing parameters."` SHA2Crypt AuthenticationBackendFilePasswordSHA2Crypt `koanf:"sha2crypt" json:"sha2crypt" jsonschema:"title=SHA2Crypt" jsonschema_description:"Configure the SHA2Crypt password hashing parameters."` PBKDF2 AuthenticationBackendFilePasswordPBKDF2 `koanf:"pbkdf2" json:"pbkdf2" jsonschema:"title=PBKDF2" jsonschema_description:"Configure the PBKDF2 password hashing parameters."` BCrypt AuthenticationBackendFilePasswordBCrypt `koanf:"bcrypt" json:"bcrypt" jsonschema:"title=BCrypt" jsonschema_description:"Configure the BCrypt password hashing parameters."` SCrypt AuthenticationBackendFilePasswordSCrypt `koanf:"scrypt" json:"scrypt" jsonschema:"title=SCrypt" jsonschema_description:"Configure the SCrypt password hashing parameters."` // Deprecated: Use individual password options instead. Iterations int `koanf:"iterations" json:"iterations" jsonschema:"deprecated,title=Iterations"` // Deprecated: Use individual password options instead. Memory int `koanf:"memory" json:"memory" jsonschema:"deprecated,title=Memory"` // Deprecated: Use individual password options instead. Parallelism int `koanf:"parallelism" json:"parallelism" jsonschema:"deprecated,title=Parallelism"` // Deprecated: Use individual password options instead. KeyLength int `koanf:"key_length" json:"key_length" jsonschema:"deprecated,title=Key Length"` // Deprecated: Use individual password options instead. SaltLength int `koanf:"salt_length" json:"salt_length" jsonschema:"deprecated,title=Salt Length"` } // AuthenticationBackendFilePasswordArgon2 represents the argon2 hashing settings. type AuthenticationBackendFilePasswordArgon2 struct { Variant string `koanf:"variant" json:"variant" jsonschema:"default=argon2id,enum=argon2id,enum=argon2i,enum=argon2d,title=Variant" jsonschema_description:"The Argon2 variant to be used."` Iterations int `koanf:"iterations" json:"iterations" jsonschema:"default=3,title=Iterations" jsonschema_description:"The number of Argon2 iterations (parameter t) to be used."` Memory int `koanf:"memory" json:"memory" jsonschema:"default=65536,minimum=8,maximum=4294967295,title=Memory" jsonschema_description:"The Argon2 amount of memory in kibibytes (parameter m) to be used."` Parallelism int `koanf:"parallelism" json:"parallelism" jsonschema:"default=4,minimum=1,maximum=16777215,title=Parallelism" jsonschema_description:"The Argon2 degree of parallelism (parameter p) to be used."` KeyLength int `koanf:"key_length" json:"key_length" jsonschema:"default=32,minimum=4,maximum=2147483647,title=Key Length" jsonschema_description:"The Argon2 key output length."` SaltLength int `koanf:"salt_length" json:"salt_length" jsonschema:"default=16,minimum=1,maximum=2147483647,title=Salt Length" jsonschema_description:"The Argon2 salt length."` } // AuthenticationBackendFilePasswordSHA2Crypt represents the sha2crypt hashing settings. type AuthenticationBackendFilePasswordSHA2Crypt struct { Variant string `koanf:"variant" json:"variant" jsonschema:"default=sha512,enum=sha256,enum=sha512,title=Variant" jsonschema_description:"The SHA2Crypt variant to be used."` Iterations int `koanf:"iterations" json:"iterations" jsonschema:"default=50000,minimum=1000,maximum=999999999,title=Iterations" jsonschema_description:"The SHA2Crypt iterations (parameter rounds) to be used."` SaltLength int `koanf:"salt_length" json:"salt_length" jsonschema:"default=16,minimum=1,maximum=16,title=Salt Length" jsonschema_description:"The SHA2Crypt salt length to be used."` } // AuthenticationBackendFilePasswordPBKDF2 represents the PBKDF2 hashing settings. type AuthenticationBackendFilePasswordPBKDF2 struct { Variant string `koanf:"variant" json:"variant" jsonschema:"default=sha512,enum=sha1,enum=sha224,enum=sha256,enum=sha384,enum=sha512,title=Variant" jsonschema_description:"The PBKDF2 variant to be used."` Iterations int `koanf:"iterations" json:"iterations" jsonschema:"default=310000,minimum=100000,maximum=2147483647,title=Iterations" jsonschema_description:"The PBKDF2 iterations to be used."` SaltLength int `koanf:"salt_length" json:"salt_length" jsonschema:"default=16,minimum=8,maximum=2147483647,title=Salt Length" jsonschema_description:"The PBKDF2 salt length to be used."` } // AuthenticationBackendFilePasswordBCrypt represents the bcrypt hashing settings. type AuthenticationBackendFilePasswordBCrypt struct { Variant string `koanf:"variant" json:"variant" jsonschema:"default=standard,enum=standard,enum=sha256,title=Variant" jsonschema_description:"The BCrypt variant to be used."` Cost int `koanf:"cost" json:"cost" jsonschema:"default=12,minimum=10,maximum=31,title=Cost" jsonschema_description:"The BCrypt cost to be used."` } // AuthenticationBackendFilePasswordSCrypt represents the scrypt hashing settings. type AuthenticationBackendFilePasswordSCrypt struct { Iterations int `koanf:"iterations" json:"iterations" jsonschema:"default=16,minimum=1,maximum=58,title=Iterations" jsonschema_description:"The SCrypt iterations to be used."` BlockSize int `koanf:"block_size" json:"block_size" jsonschema:"default=8,minimum=1,maximum=36028797018963967,title=Key Length" jsonschema_description:"The SCrypt block size to be used."` Parallelism int `koanf:"parallelism" json:"parallelism" jsonschema:"default=1,minimum=1,maximum=1073741823,title=Key Length" jsonschema_description:"The SCrypt parallelism factor to be used."` KeyLength int `koanf:"key_length" json:"key_length" jsonschema:"default=32,minimum=1,maximum=137438953440,title=Key Length" jsonschema_description:"The SCrypt key length to be used."` SaltLength int `koanf:"salt_length" json:"salt_length" jsonschema:"default=16,minimum=8,maximum=1024,title=Salt Length" jsonschema_description:"The SCrypt salt length to be used."` } // AuthenticationBackendLDAP represents the configuration related to LDAP server. type AuthenticationBackendLDAP struct { Address *AddressLDAP `koanf:"address" json:"address" jsonschema:"title=Address" jsonschema_description:"The address of the LDAP directory server."` Implementation string `koanf:"implementation" json:"implementation" jsonschema:"default=custom,enum=custom,enum=activedirectory,enum=rfc2307bis,enum=freeipa,enum=lldap,enum=glauth,title=Implementation" jsonschema_description:"The implementation which mostly decides the default values."` Timeout time.Duration `koanf:"timeout" json:"timeout" jsonschema:"default=5 seconds,title=Timeout" jsonschema_description:"The LDAP directory server connection timeout."` StartTLS bool `koanf:"start_tls" json:"start_tls" jsonschema:"default=false,title=StartTLS" jsonschema_description:"Enables the use of StartTLS."` TLS *TLS `koanf:"tls" json:"tls" jsonschema:"title=TLS" jsonschema_description:"The LDAP directory server TLS connection properties."` Pooling AuthenticationBackendLDAPPooling `koanf:"pooling" json:"pooling" jsonschema:"title=Pooling" jsonschema_description:"The LDAP Connection Pooling properties."` BaseDN string `koanf:"base_dn" json:"base_dn" jsonschema:"title=Base DN" jsonschema_description:"The base for all directory server operations."` AdditionalUsersDN string `koanf:"additional_users_dn" json:"additional_users_dn" jsonschema:"title=Additional User Base" jsonschema_description:"The base in addition to the Base DN for all directory server operations for users."` UsersFilter string `koanf:"users_filter" json:"users_filter" jsonschema:"title=Users Filter" jsonschema_description:"The LDAP filter used to search for user objects."` AdditionalGroupsDN string `koanf:"additional_groups_dn" json:"additional_groups_dn" jsonschema:"title=Additional Group Base" jsonschema_description:"The base in addition to the Base DN for all directory server operations for groups."` GroupsFilter string `koanf:"groups_filter" json:"groups_filter" jsonschema:"title=Groups Filter" jsonschema_description:"The LDAP filter used to search for group objects."` GroupSearchMode string `koanf:"group_search_mode" json:"group_search_mode" jsonschema:"default=filter,enum=filter,enum=memberof,title=Groups Search Modes" jsonschema_description:"The LDAP group search mode used to search for group objects."` Attributes AuthenticationBackendLDAPAttributes `koanf:"attributes" json:"attributes"` PermitReferrals bool `koanf:"permit_referrals" json:"permit_referrals" jsonschema:"default=false,title=Permit Referrals" jsonschema_description:"Enables chasing LDAP referrals."` PermitUnauthenticatedBind bool `koanf:"permit_unauthenticated_bind" json:"permit_unauthenticated_bind" jsonschema:"default=false,title=Permit Unauthenticated Bind" jsonschema_description:"Enables omission of the password to perform an unauthenticated bind."` PermitFeatureDetectionFailure bool `koanf:"permit_feature_detection_failure" json:"permit_feature_detection_failure" jsonschema:"default=false,title=Permit Feature Detection Failure" jsonschema_description:"Enables failures when detecting directory server features using the Root DSE lookup."` User string `koanf:"user" json:"user" jsonschema:"title=User" jsonschema_description:"The user distinguished name for LDAP binding."` Password string `koanf:"password" json:"password" jsonschema:"title=Password" jsonschema_description:"The password for LDAP authenticated binding."` } type AuthenticationBackendLDAPPooling struct { Enable bool `koanf:"enable" json:"enable" jsonschema:"title=Enable,default=false" jsonschema_description:"Enable LDAP connection pooling."` Count int `koanf:"count" json:"count" jsonschema:"title=Count,default=5" jsonschema_description:"The number of connections to keep open for LDAP connection pooling."` Retries int `koanf:"retries" json:"retries" jsonschema:"title=Retries,default=2" jsonschema_description:"The number of attempts to retrieve a connection from the pool during the timeout."` Timeout time.Duration `koanf:"timeout" json:"timeout" jsonschema:"title=Timeout,default=10 seconds" jsonschema_description:"The duration of time to wait for a connection to become available in the connection pool."` } // AuthenticationBackendLDAPAttributes represents the configuration related to LDAP server attributes. type AuthenticationBackendLDAPAttributes struct { DistinguishedName string `koanf:"distinguished_name" json:"distinguished_name" jsonschema:"title=Attribute: Distinguished Name" jsonschema_description:"The directory server attribute which contains the distinguished name for all objects."` Username string `koanf:"username" json:"username" jsonschema:"title=Attribute: User Username" jsonschema_description:"The directory server attribute which contains the username for all users."` DisplayName string `koanf:"display_name" json:"display_name" jsonschema:"title=Attribute: User Display Name" jsonschema_description:"The directory server attribute which contains the display name for all users."` FamilyName string `koanf:"family_name" json:"family_name" jsonschema:"title=Attribute: Family Name" jsonschema_description:"The directory server attribute which contains the family name for all users."` GivenName string `koanf:"given_name" json:"given_name" jsonschema:"title=Attribute: Given Name" jsonschema_description:"The directory server attribute which contains the given name for all users."` MiddleName string `koanf:"middle_name" json:"middle_name" jsonschema:"title=Attribute: Middle Name" jsonschema_description:"The directory server attribute which contains the middle name for all users."` Nickname string `koanf:"nickname" json:"nickname" jsonschema:"title=Attribute: Nickname" jsonschema_description:"The directory server attribute which contains the nickname for all users."` Gender string `koanf:"gender" json:"gender" jsonschema:"title=Attribute: Gender" jsonschema_description:"The directory server attribute which contains the gender for all users."` Birthdate string `koanf:"birthdate" json:"birthdate" jsonschema:"title=Attribute: Birthdate" jsonschema_description:"The directory server attribute which contains the birthdate for all users."` Website string `koanf:"website" json:"website" jsonschema:"title=Attribute: Website" jsonschema_description:"The directory server attribute which contains the website URL for all users."` Profile string `koanf:"profile" json:"profile" jsonschema:"title=Attribute: Profile" jsonschema_description:"The directory server attribute which contains the profile URL for all users."` Picture string `koanf:"picture" json:"picture" jsonschema:"title=Attribute: Picture" jsonschema_description:"The directory server attribute which contains the picture URL for all users."` ZoneInfo string `koanf:"zoneinfo" json:"zoneinfo" jsonschema:"title=Attribute: Zone Information" jsonschema_description:"The directory server attribute which contains the time zone information for all users."` Locale string `koanf:"locale" json:"locale" jsonschema:"title=Attribute: Locale" jsonschema_description:"The directory server attribute which contains the locale information for all users."` PhoneNumber string `koanf:"phone_number" json:"phone_number" jsonschema:"title=Attribute: Phone Number" jsonschema_description:"The directory server attribute which contains the phone number for all users."` PhoneExtension string `koanf:"phone_extension" json:"phone_extension" jsonschema:"title=Attribute: Phone Extension" jsonschema_description:"The directory server attribute which contains the phone extension for all users."` StreetAddress string `koanf:"street_address" json:"street_address" jsonschema:"title=Attribute: Street Address" jsonschema_description:"The directory server attribute which contains the street address for all users."` Locality string `koanf:"locality" json:"locality" jsonschema:"title=Attribute: Locality" jsonschema_description:"The directory server attribute which contains the locality for all users."` Region string `koanf:"region" json:"region" jsonschema:"title=Attribute: Region" jsonschema_description:"The directory server attribute which contains the region for all users."` PostalCode string `koanf:"postal_code" json:"postal_code" jsonschema:"title=Attribute: Postal Code" jsonschema_description:"The directory server attribute which contains the postal code for all users."` Country string `koanf:"country" json:"country" jsonschema:"title=Attribute: Country" jsonschema_description:"The directory server attribute which contains the country for all users."` Mail string `koanf:"mail" json:"mail" jsonschema:"title=Attribute: User Mail" jsonschema_description:"The directory server attribute which contains the mail address for all users and groups."` MemberOf string `koanf:"member_of" jsonschema:"title=Attribute: Member Of" jsonschema_description:"The directory server attribute which contains the objects that an object is a member of."` GroupName string `koanf:"group_name" json:"group_name" jsonschema:"title=Attribute: Group Name" jsonschema_description:"The directory server attribute which contains the group name for all groups."` Extra map[string]AuthenticationBackendLDAPAttributesAttribute `koanf:"extra" json:"extra" jsonschema:"title=Extra Attributes" jsonschema_description:"Configures the extra attributes available in expressions and other areas of Authelia."` } type AuthenticationBackendLDAPAttributesAttribute struct { Name string `koanf:"name" json:"name" jsonschema:"title=Name" jsonschema_description:"The name of the attribute within Authelia. This does not adjust the attribute queried from the LDAP server."` AuthenticationBackendExtraAttribute `koanf:",squash"` } // DefaultPasswordConfig represents the default configuration related to Argon2id hashing. var DefaultPasswordConfig = AuthenticationBackendFilePassword{ Algorithm: argon2, Argon2: AuthenticationBackendFilePasswordArgon2{ Variant: argon2id, Iterations: 3, Memory: 64 * 1024, Parallelism: 4, KeyLength: 32, SaltLength: 16, }, SHA2Crypt: AuthenticationBackendFilePasswordSHA2Crypt{ Variant: sha512, Iterations: 50000, SaltLength: 16, }, PBKDF2: AuthenticationBackendFilePasswordPBKDF2{ Variant: sha512, Iterations: 310000, SaltLength: 16, }, BCrypt: AuthenticationBackendFilePasswordBCrypt{ Variant: "standard", Cost: 12, }, SCrypt: AuthenticationBackendFilePasswordSCrypt{ Iterations: 16, BlockSize: 8, Parallelism: 1, KeyLength: 32, SaltLength: 16, }, } // DefaultCIPasswordConfig represents the default configuration related to Argon2id hashing for CI. var DefaultCIPasswordConfig = AuthenticationBackendFilePassword{ Algorithm: argon2, Argon2: AuthenticationBackendFilePasswordArgon2{ Iterations: 3, Memory: 64, Parallelism: 4, KeyLength: 32, SaltLength: 16, }, SHA2Crypt: AuthenticationBackendFilePasswordSHA2Crypt{ Variant: sha512, Iterations: 50000, SaltLength: 16, }, } // DefaultLDAPAuthenticationBackendConfigurationImplementationCustom represents the default LDAP config. var DefaultLDAPAuthenticationBackendConfigurationImplementationCustom = AuthenticationBackendLDAP{ GroupSearchMode: ldapGroupSearchModeFilter, Attributes: AuthenticationBackendLDAPAttributes{ Username: ldapAttrUserID, DisplayName: ldapAttrDisplayName, Mail: ldapAttrMail, GroupName: ldapAttrCommonName, }, Timeout: time.Second * 5, Pooling: AuthenticationBackendLDAPPooling{ Count: 5, Retries: 2, Timeout: time.Second * 10, }, TLS: &TLS{ MinimumVersion: TLSVersion{tls.VersionTLS12}, }, } // DefaultLDAPAuthenticationBackendConfigurationImplementationActiveDirectory represents the default LDAP config for the LDAPImplementationActiveDirectory Implementation. var DefaultLDAPAuthenticationBackendConfigurationImplementationActiveDirectory = AuthenticationBackendLDAP{ UsersFilter: "(&(|({username_attribute}={input})({mail_attribute}={input}))(sAMAccountType=805306368)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!(pwdLastSet=0))(|(!(accountExpires=*))(accountExpires=0)(accountExpires>={date-time:microsoft-nt})))", GroupsFilter: "(&(member={dn})(|(sAMAccountType=268435456)(sAMAccountType=536870912)))", GroupSearchMode: ldapGroupSearchModeFilter, Attributes: AuthenticationBackendLDAPAttributes{ DistinguishedName: ldapAttrDistinguishedName, Username: ldapAttrSAMAccountName, DisplayName: ldapAttrDisplayName, FamilyName: ldapAttrSurname, GivenName: ldapAttrGivenName, MiddleName: ldapAttrMiddleName, Website: "wWWHomePage", Mail: ldapAttrMail, PhoneNumber: "telephoneNumber", StreetAddress: "streetAddress", Locality: "l", Region: "st", PostalCode: "postalCode", Country: "c", MemberOf: ldapAttrMemberOf, GroupName: ldapAttrCommonName, }, Timeout: time.Second * 5, TLS: &TLS{ MinimumVersion: TLSVersion{tls.VersionTLS12}, }, } // DefaultLDAPAuthenticationBackendConfigurationImplementationRFC2307bis represents the default LDAP config for the LDAPImplementationRFC2307bis Implementation. var DefaultLDAPAuthenticationBackendConfigurationImplementationRFC2307bis = AuthenticationBackendLDAP{ UsersFilter: "(&(|({username_attribute}={input})({mail_attribute}={input}))(|(objectClass=inetOrgPerson)(objectClass=organizationalPerson)))", GroupsFilter: "(&(|(member={dn})(uniqueMember={dn}))(|(objectClass=groupOfNames)(objectClass=groupOfUniqueNames)(objectClass=groupOfMembers))(!(pwdReset=TRUE)))", GroupSearchMode: ldapGroupSearchModeFilter, Attributes: AuthenticationBackendLDAPAttributes{ Username: ldapAttrUserID, DisplayName: ldapAttrDisplayName, Mail: ldapAttrMail, MemberOf: ldapAttrMemberOf, GroupName: ldapAttrCommonName, }, Timeout: time.Second * 5, TLS: &TLS{ MinimumVersion: TLSVersion{tls.VersionTLS12}, }, } // DefaultLDAPAuthenticationBackendConfigurationImplementationFreeIPA represents the default LDAP config for the LDAPImplementationFreeIPA Implementation. var DefaultLDAPAuthenticationBackendConfigurationImplementationFreeIPA = AuthenticationBackendLDAP{ UsersFilter: "(&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person)(!(nsAccountLock=TRUE))(krbPasswordExpiration>={date-time:generalized})(|(!(krbPrincipalExpiration=*))(krbPrincipalExpiration>={date-time:generalized})))", GroupsFilter: "(&(member={dn})(objectClass=groupOfNames))", GroupSearchMode: ldapGroupSearchModeFilter, Attributes: AuthenticationBackendLDAPAttributes{ Username: ldapAttrUserID, DisplayName: ldapAttrDisplayName, Mail: ldapAttrMail, MemberOf: ldapAttrMemberOf, GroupName: ldapAttrCommonName, }, Timeout: time.Second * 5, TLS: &TLS{ MinimumVersion: TLSVersion{tls.VersionTLS12}, }, } // DefaultLDAPAuthenticationBackendConfigurationImplementationLLDAP represents the default LDAP config for the LDAPImplementationLLDAP Implementation. var DefaultLDAPAuthenticationBackendConfigurationImplementationLLDAP = AuthenticationBackendLDAP{ AdditionalUsersDN: "OU=people", AdditionalGroupsDN: "OU=groups", UsersFilter: "(&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person))", GroupsFilter: "(&(member={dn})(objectClass=groupOfUniqueNames))", GroupSearchMode: ldapGroupSearchModeFilter, Attributes: AuthenticationBackendLDAPAttributes{ Username: ldapAttrUserID, DisplayName: ldapAttrCommonName, Mail: ldapAttrMail, MemberOf: ldapAttrMemberOf, GroupName: ldapAttrCommonName, }, Timeout: time.Second * 5, TLS: &TLS{ MinimumVersion: TLSVersion{tls.VersionTLS12}, }, } // DefaultLDAPAuthenticationBackendConfigurationImplementationGLAuth represents the default LDAP config for the LDAPImplementationGLAuth Implementation. var DefaultLDAPAuthenticationBackendConfigurationImplementationGLAuth = AuthenticationBackendLDAP{ UsersFilter: "(&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=posixAccount)(!(accountStatus=inactive)))", GroupsFilter: "(&(uniqueMember={dn})(objectClass=posixGroup))", GroupSearchMode: ldapGroupSearchModeFilter, Attributes: AuthenticationBackendLDAPAttributes{ Username: ldapAttrCommonName, DisplayName: ldapAttrDescription, Mail: ldapAttrMail, MemberOf: ldapAttrMemberOf, GroupName: ldapAttrCommonName, }, Timeout: time.Second * 5, TLS: &TLS{ MinimumVersion: TLSVersion{tls.VersionTLS12}, }, }