1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
|
package schema
import (
"crypto/tls"
"net/url"
"time"
)
// AuthenticationBackend represents the configuration related to the authentication backend.
type AuthenticationBackend struct {
PasswordReset AuthenticationBackendPasswordReset `koanf:"password_reset" json:"password_reset" jsonschema:"title=Password Reset" jsonschema_description:"Allows configuration of the password reset behaviour."`
RefreshInterval RefreshIntervalDuration `koanf:"refresh_interval" json:"refresh_interval" jsonschema:"default=5 minutes,title=Refresh Interval" jsonschema_description:"How frequently the user details are refreshed from the backend."`
// The file authentication backend configuration.
File *AuthenticationBackendFile `koanf:"file" json:"file" jsonschema:"title=File Backend" jsonschema_description:"The file authentication backend configuration."`
LDAP *AuthenticationBackendLDAP `koanf:"ldap" json:"ldap" jsonschema:"title=LDAP Backend" jsonschema_description:"The LDAP authentication backend configuration."`
}
// AuthenticationBackendPasswordReset represents the configuration related to password reset functionality.
type AuthenticationBackendPasswordReset struct {
Disable bool `koanf:"disable" json:"disable" jsonschema:"default=false,title=Disable" jsonschema_description:"Disables the Password Reset option."`
CustomURL url.URL `koanf:"custom_url" json:"custom_url" jsonschema:"title=Custom URL" jsonschema_description:"Disables the internal Password Reset option and instead redirects users to this specified URL."`
}
// AuthenticationBackendFile represents the configuration related to file-based backend.
type AuthenticationBackendFile struct {
Path string `koanf:"path" json:"path" jsonschema:"title=Path" jsonschema_description:"The file path to the user database."`
Watch bool `koanf:"watch" json:"watch" jsonschema:"default=false,title=Watch" jsonschema_description:"Enables watching the file for external changes and dynamically reloading the database."`
Password AuthenticationBackendFilePassword `koanf:"password" json:"password" jsonschema:"title=Password Options" jsonschema_description:"Allows configuration of the password hashing options when the user passwords are changed directly by Authelia."`
Search AuthenticationBackendFileSearch `koanf:"search" json:"search" jsonschema:"title=Search" jsonschema_description:"Configures the user searching behaviour."`
ExtraAttributes map[string]AuthenticationBackendExtraAttribute `koanf:"extra_attributes" json:"extra_attributes" jsonschema:"title=Extra Attributes" jsonschema_description:"Configures the extra attributes available in expressions and other areas of Authelia."`
}
type AuthenticationBackendExtraAttribute struct {
MultiValued bool `koanf:"multi_valued" json:"multi_valued" jsonschema:"title=Multi-Valued" jsonschema_description:"Defines the attribute as multi-valued."`
ValueType string `koanf:"value_type" json:"value_type" jsonschema:"enum=boolean,enum=integer,enum=string,title=Value Type" jsonschema_description:"Defines the value type for the attribute."`
}
func (a AuthenticationBackendExtraAttribute) IsMultiValued() (multi bool) {
return a.MultiValued
}
func (a AuthenticationBackendExtraAttribute) GetValueType() (vtype string) {
return a.ValueType
}
// AuthenticationBackendFileSearch represents the configuration related to file-based backend searching.
type AuthenticationBackendFileSearch struct {
Email bool `koanf:"email" json:"email" jsonschema:"default=false,title=Email Searching" jsonschema_description:"Allows users to either use their username or their configured email as a username."`
CaseInsensitive bool `koanf:"case_insensitive" json:"case_insensitive" jsonschema:"default=false,title=Case Insensitive Searching" jsonschema_description:"Allows usernames to be any case during the search."`
}
// AuthenticationBackendFilePassword represents the configuration related to password hashing.
type AuthenticationBackendFilePassword struct {
Algorithm string `koanf:"algorithm" json:"algorithm" jsonschema:"default=argon2,enum=argon2,enum=sha2crypt,enum=pbkdf2,enum=bcrypt,enum=scrypt,title=Algorithm" jsonschema_description:"The password hashing algorithm to use."`
Argon2 AuthenticationBackendFilePasswordArgon2 `koanf:"argon2" json:"argon2" jsonschema:"title=Argon2" jsonschema_description:"Configure the Argon2 password hashing parameters."`
SHA2Crypt AuthenticationBackendFilePasswordSHA2Crypt `koanf:"sha2crypt" json:"sha2crypt" jsonschema:"title=SHA2Crypt" jsonschema_description:"Configure the SHA2Crypt password hashing parameters."`
PBKDF2 AuthenticationBackendFilePasswordPBKDF2 `koanf:"pbkdf2" json:"pbkdf2" jsonschema:"title=PBKDF2" jsonschema_description:"Configure the PBKDF2 password hashing parameters."`
BCrypt AuthenticationBackendFilePasswordBCrypt `koanf:"bcrypt" json:"bcrypt" jsonschema:"title=BCrypt" jsonschema_description:"Configure the BCrypt password hashing parameters."`
SCrypt AuthenticationBackendFilePasswordSCrypt `koanf:"scrypt" json:"scrypt" jsonschema:"title=SCrypt" jsonschema_description:"Configure the SCrypt password hashing parameters."`
// Deprecated: Use individual password options instead.
Iterations int `koanf:"iterations" json:"iterations" jsonschema:"deprecated,title=Iterations"`
// Deprecated: Use individual password options instead.
Memory int `koanf:"memory" json:"memory" jsonschema:"deprecated,title=Memory"`
// Deprecated: Use individual password options instead.
Parallelism int `koanf:"parallelism" json:"parallelism" jsonschema:"deprecated,title=Parallelism"`
// Deprecated: Use individual password options instead.
KeyLength int `koanf:"key_length" json:"key_length" jsonschema:"deprecated,title=Key Length"`
// Deprecated: Use individual password options instead.
SaltLength int `koanf:"salt_length" json:"salt_length" jsonschema:"deprecated,title=Salt Length"`
}
// AuthenticationBackendFilePasswordArgon2 represents the argon2 hashing settings.
type AuthenticationBackendFilePasswordArgon2 struct {
Variant string `koanf:"variant" json:"variant" jsonschema:"default=argon2id,enum=argon2id,enum=argon2i,enum=argon2d,title=Variant" jsonschema_description:"The Argon2 variant to be used."`
Iterations int `koanf:"iterations" json:"iterations" jsonschema:"default=3,title=Iterations" jsonschema_description:"The number of Argon2 iterations (parameter t) to be used."`
Memory int `koanf:"memory" json:"memory" jsonschema:"default=65536,minimum=8,maximum=4294967295,title=Memory" jsonschema_description:"The Argon2 amount of memory in kibibytes (parameter m) to be used."`
Parallelism int `koanf:"parallelism" json:"parallelism" jsonschema:"default=4,minimum=1,maximum=16777215,title=Parallelism" jsonschema_description:"The Argon2 degree of parallelism (parameter p) to be used."`
KeyLength int `koanf:"key_length" json:"key_length" jsonschema:"default=32,minimum=4,maximum=2147483647,title=Key Length" jsonschema_description:"The Argon2 key output length."`
SaltLength int `koanf:"salt_length" json:"salt_length" jsonschema:"default=16,minimum=1,maximum=2147483647,title=Salt Length" jsonschema_description:"The Argon2 salt length."`
}
// AuthenticationBackendFilePasswordSHA2Crypt represents the sha2crypt hashing settings.
type AuthenticationBackendFilePasswordSHA2Crypt struct {
Variant string `koanf:"variant" json:"variant" jsonschema:"default=sha512,enum=sha256,enum=sha512,title=Variant" jsonschema_description:"The SHA2Crypt variant to be used."`
Iterations int `koanf:"iterations" json:"iterations" jsonschema:"default=50000,minimum=1000,maximum=999999999,title=Iterations" jsonschema_description:"The SHA2Crypt iterations (parameter rounds) to be used."`
SaltLength int `koanf:"salt_length" json:"salt_length" jsonschema:"default=16,minimum=1,maximum=16,title=Salt Length" jsonschema_description:"The SHA2Crypt salt length to be used."`
}
// AuthenticationBackendFilePasswordPBKDF2 represents the PBKDF2 hashing settings.
type AuthenticationBackendFilePasswordPBKDF2 struct {
Variant string `koanf:"variant" json:"variant" jsonschema:"default=sha512,enum=sha1,enum=sha224,enum=sha256,enum=sha384,enum=sha512,title=Variant" jsonschema_description:"The PBKDF2 variant to be used."`
Iterations int `koanf:"iterations" json:"iterations" jsonschema:"default=310000,minimum=100000,maximum=2147483647,title=Iterations" jsonschema_description:"The PBKDF2 iterations to be used."`
SaltLength int `koanf:"salt_length" json:"salt_length" jsonschema:"default=16,minimum=8,maximum=2147483647,title=Salt Length" jsonschema_description:"The PBKDF2 salt length to be used."`
}
// AuthenticationBackendFilePasswordBCrypt represents the bcrypt hashing settings.
type AuthenticationBackendFilePasswordBCrypt struct {
Variant string `koanf:"variant" json:"variant" jsonschema:"default=standard,enum=standard,enum=sha256,title=Variant" jsonschema_description:"The BCrypt variant to be used."`
Cost int `koanf:"cost" json:"cost" jsonschema:"default=12,minimum=10,maximum=31,title=Cost" jsonschema_description:"The BCrypt cost to be used."`
}
// AuthenticationBackendFilePasswordSCrypt represents the scrypt hashing settings.
type AuthenticationBackendFilePasswordSCrypt struct {
Iterations int `koanf:"iterations" json:"iterations" jsonschema:"default=16,minimum=1,maximum=58,title=Iterations" jsonschema_description:"The SCrypt iterations to be used."`
BlockSize int `koanf:"block_size" json:"block_size" jsonschema:"default=8,minimum=1,maximum=36028797018963967,title=Key Length" jsonschema_description:"The SCrypt block size to be used."`
Parallelism int `koanf:"parallelism" json:"parallelism" jsonschema:"default=1,minimum=1,maximum=1073741823,title=Key Length" jsonschema_description:"The SCrypt parallelism factor to be used."`
KeyLength int `koanf:"key_length" json:"key_length" jsonschema:"default=32,minimum=1,maximum=137438953440,title=Key Length" jsonschema_description:"The SCrypt key length to be used."`
SaltLength int `koanf:"salt_length" json:"salt_length" jsonschema:"default=16,minimum=8,maximum=1024,title=Salt Length" jsonschema_description:"The SCrypt salt length to be used."`
}
// AuthenticationBackendLDAP represents the configuration related to LDAP server.
type AuthenticationBackendLDAP struct {
Address *AddressLDAP `koanf:"address" json:"address" jsonschema:"title=Address" jsonschema_description:"The address of the LDAP directory server."`
Implementation string `koanf:"implementation" json:"implementation" jsonschema:"default=custom,enum=custom,enum=activedirectory,enum=rfc2307bis,enum=freeipa,enum=lldap,enum=glauth,title=Implementation" jsonschema_description:"The implementation which mostly decides the default values."`
Timeout time.Duration `koanf:"timeout" json:"timeout" jsonschema:"default=5 seconds,title=Timeout" jsonschema_description:"The LDAP directory server connection timeout."`
StartTLS bool `koanf:"start_tls" json:"start_tls" jsonschema:"default=false,title=StartTLS" jsonschema_description:"Enables the use of StartTLS."`
TLS *TLS `koanf:"tls" json:"tls" jsonschema:"title=TLS" jsonschema_description:"The LDAP directory server TLS connection properties."`
Pooling AuthenticationBackendLDAPPooling `koanf:"pooling" json:"pooling" jsonschema:"title=Pooling" jsonschema_description:"The LDAP Connection Pooling properties."`
BaseDN string `koanf:"base_dn" json:"base_dn" jsonschema:"title=Base DN" jsonschema_description:"The base for all directory server operations."`
AdditionalUsersDN string `koanf:"additional_users_dn" json:"additional_users_dn" jsonschema:"title=Additional User Base" jsonschema_description:"The base in addition to the Base DN for all directory server operations for users."`
UsersFilter string `koanf:"users_filter" json:"users_filter" jsonschema:"title=Users Filter" jsonschema_description:"The LDAP filter used to search for user objects."`
AdditionalGroupsDN string `koanf:"additional_groups_dn" json:"additional_groups_dn" jsonschema:"title=Additional Group Base" jsonschema_description:"The base in addition to the Base DN for all directory server operations for groups."`
GroupsFilter string `koanf:"groups_filter" json:"groups_filter" jsonschema:"title=Groups Filter" jsonschema_description:"The LDAP filter used to search for group objects."`
GroupSearchMode string `koanf:"group_search_mode" json:"group_search_mode" jsonschema:"default=filter,enum=filter,enum=memberof,title=Groups Search Modes" jsonschema_description:"The LDAP group search mode used to search for group objects."`
Attributes AuthenticationBackendLDAPAttributes `koanf:"attributes" json:"attributes"`
PermitReferrals bool `koanf:"permit_referrals" json:"permit_referrals" jsonschema:"default=false,title=Permit Referrals" jsonschema_description:"Enables chasing LDAP referrals."`
PermitUnauthenticatedBind bool `koanf:"permit_unauthenticated_bind" json:"permit_unauthenticated_bind" jsonschema:"default=false,title=Permit Unauthenticated Bind" jsonschema_description:"Enables omission of the password to perform an unauthenticated bind."`
PermitFeatureDetectionFailure bool `koanf:"permit_feature_detection_failure" json:"permit_feature_detection_failure" jsonschema:"default=false,title=Permit Feature Detection Failure" jsonschema_description:"Enables failures when detecting directory server features using the Root DSE lookup."`
User string `koanf:"user" json:"user" jsonschema:"title=User" jsonschema_description:"The user distinguished name for LDAP binding."`
Password string `koanf:"password" json:"password" jsonschema:"title=Password" jsonschema_description:"The password for LDAP authenticated binding."`
}
type AuthenticationBackendLDAPPooling struct {
Enable bool `koanf:"enable" json:"enable" jsonschema:"title=Enable,default=false" jsonschema_description:"Enable LDAP connection pooling."`
Count int `koanf:"count" json:"count" jsonschema:"title=Count,default=5" jsonschema_description:"The number of connections to keep open for LDAP connection pooling."`
Retries int `koanf:"retries" json:"retries" jsonschema:"title=Retries,default=2" jsonschema_description:"The number of attempts to retrieve a connection from the pool during the timeout."`
Timeout time.Duration `koanf:"timeout" json:"timeout" jsonschema:"title=Timeout,default=10 seconds" jsonschema_description:"The duration of time to wait for a connection to become available in the connection pool."`
}
// AuthenticationBackendLDAPAttributes represents the configuration related to LDAP server attributes.
type AuthenticationBackendLDAPAttributes struct {
DistinguishedName string `koanf:"distinguished_name" json:"distinguished_name" jsonschema:"title=Attribute: Distinguished Name" jsonschema_description:"The directory server attribute which contains the distinguished name for all objects."`
Username string `koanf:"username" json:"username" jsonschema:"title=Attribute: User Username" jsonschema_description:"The directory server attribute which contains the username for all users."`
DisplayName string `koanf:"display_name" json:"display_name" jsonschema:"title=Attribute: User Display Name" jsonschema_description:"The directory server attribute which contains the display name for all users."`
FamilyName string `koanf:"family_name" json:"family_name" jsonschema:"title=Attribute: Family Name" jsonschema_description:"The directory server attribute which contains the family name for all users."`
GivenName string `koanf:"given_name" json:"given_name" jsonschema:"title=Attribute: Given Name" jsonschema_description:"The directory server attribute which contains the given name for all users."`
MiddleName string `koanf:"middle_name" json:"middle_name" jsonschema:"title=Attribute: Middle Name" jsonschema_description:"The directory server attribute which contains the middle name for all users."`
Nickname string `koanf:"nickname" json:"nickname" jsonschema:"title=Attribute: Nickname" jsonschema_description:"The directory server attribute which contains the nickname for all users."`
Gender string `koanf:"gender" json:"gender" jsonschema:"title=Attribute: Gender" jsonschema_description:"The directory server attribute which contains the gender for all users."`
Birthdate string `koanf:"birthdate" json:"birthdate" jsonschema:"title=Attribute: Birthdate" jsonschema_description:"The directory server attribute which contains the birthdate for all users."`
Website string `koanf:"website" json:"website" jsonschema:"title=Attribute: Website" jsonschema_description:"The directory server attribute which contains the website URL for all users."`
Profile string `koanf:"profile" json:"profile" jsonschema:"title=Attribute: Profile" jsonschema_description:"The directory server attribute which contains the profile URL for all users."`
Picture string `koanf:"picture" json:"picture" jsonschema:"title=Attribute: Picture" jsonschema_description:"The directory server attribute which contains the picture URL for all users."`
ZoneInfo string `koanf:"zoneinfo" json:"zoneinfo" jsonschema:"title=Attribute: Zone Information" jsonschema_description:"The directory server attribute which contains the time zone information for all users."`
Locale string `koanf:"locale" json:"locale" jsonschema:"title=Attribute: Locale" jsonschema_description:"The directory server attribute which contains the locale information for all users."`
PhoneNumber string `koanf:"phone_number" json:"phone_number" jsonschema:"title=Attribute: Phone Number" jsonschema_description:"The directory server attribute which contains the phone number for all users."`
PhoneExtension string `koanf:"phone_extension" json:"phone_extension" jsonschema:"title=Attribute: Phone Extension" jsonschema_description:"The directory server attribute which contains the phone extension for all users."`
StreetAddress string `koanf:"street_address" json:"street_address" jsonschema:"title=Attribute: Street Address" jsonschema_description:"The directory server attribute which contains the street address for all users."`
Locality string `koanf:"locality" json:"locality" jsonschema:"title=Attribute: Locality" jsonschema_description:"The directory server attribute which contains the locality for all users."`
Region string `koanf:"region" json:"region" jsonschema:"title=Attribute: Region" jsonschema_description:"The directory server attribute which contains the region for all users."`
PostalCode string `koanf:"postal_code" json:"postal_code" jsonschema:"title=Attribute: Postal Code" jsonschema_description:"The directory server attribute which contains the postal code for all users."`
Country string `koanf:"country" json:"country" jsonschema:"title=Attribute: Country" jsonschema_description:"The directory server attribute which contains the country for all users."`
Mail string `koanf:"mail" json:"mail" jsonschema:"title=Attribute: User Mail" jsonschema_description:"The directory server attribute which contains the mail address for all users and groups."`
MemberOf string `koanf:"member_of" jsonschema:"title=Attribute: Member Of" jsonschema_description:"The directory server attribute which contains the objects that an object is a member of."`
GroupName string `koanf:"group_name" json:"group_name" jsonschema:"title=Attribute: Group Name" jsonschema_description:"The directory server attribute which contains the group name for all groups."`
Extra map[string]AuthenticationBackendLDAPAttributesAttribute `koanf:"extra" json:"extra" jsonschema:"title=Extra Attributes" jsonschema_description:"Configures the extra attributes available in expressions and other areas of Authelia."`
}
type AuthenticationBackendLDAPAttributesAttribute struct {
Name string `koanf:"name" json:"name" jsonschema:"title=Name" jsonschema_description:"The name of the attribute within Authelia. This does not adjust the attribute queried from the LDAP server."`
AuthenticationBackendExtraAttribute `koanf:",squash"`
}
// DefaultPasswordConfig represents the default configuration related to Argon2id hashing.
var DefaultPasswordConfig = AuthenticationBackendFilePassword{
Algorithm: argon2,
Argon2: AuthenticationBackendFilePasswordArgon2{
Variant: argon2id,
Iterations: 3,
Memory: 64 * 1024,
Parallelism: 4,
KeyLength: 32,
SaltLength: 16,
},
SHA2Crypt: AuthenticationBackendFilePasswordSHA2Crypt{
Variant: sha512,
Iterations: 50000,
SaltLength: 16,
},
PBKDF2: AuthenticationBackendFilePasswordPBKDF2{
Variant: sha512,
Iterations: 310000,
SaltLength: 16,
},
BCrypt: AuthenticationBackendFilePasswordBCrypt{
Variant: "standard",
Cost: 12,
},
SCrypt: AuthenticationBackendFilePasswordSCrypt{
Iterations: 16,
BlockSize: 8,
Parallelism: 1,
KeyLength: 32,
SaltLength: 16,
},
}
// DefaultCIPasswordConfig represents the default configuration related to Argon2id hashing for CI.
var DefaultCIPasswordConfig = AuthenticationBackendFilePassword{
Algorithm: argon2,
Argon2: AuthenticationBackendFilePasswordArgon2{
Iterations: 3,
Memory: 64,
Parallelism: 4,
KeyLength: 32,
SaltLength: 16,
},
SHA2Crypt: AuthenticationBackendFilePasswordSHA2Crypt{
Variant: sha512,
Iterations: 50000,
SaltLength: 16,
},
}
// DefaultLDAPAuthenticationBackendConfigurationImplementationCustom represents the default LDAP config.
var DefaultLDAPAuthenticationBackendConfigurationImplementationCustom = AuthenticationBackendLDAP{
GroupSearchMode: ldapGroupSearchModeFilter,
Attributes: AuthenticationBackendLDAPAttributes{
Username: ldapAttrUserID,
DisplayName: ldapAttrDisplayName,
Mail: ldapAttrMail,
GroupName: ldapAttrCommonName,
},
Timeout: time.Second * 5,
Pooling: AuthenticationBackendLDAPPooling{
Count: 5,
Retries: 2,
Timeout: time.Second * 10,
},
TLS: &TLS{
MinimumVersion: TLSVersion{tls.VersionTLS12},
},
}
// DefaultLDAPAuthenticationBackendConfigurationImplementationActiveDirectory represents the default LDAP config for the LDAPImplementationActiveDirectory Implementation.
var DefaultLDAPAuthenticationBackendConfigurationImplementationActiveDirectory = AuthenticationBackendLDAP{
UsersFilter: "(&(|({username_attribute}={input})({mail_attribute}={input}))(sAMAccountType=805306368)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!(pwdLastSet=0))(|(!(accountExpires=*))(accountExpires=0)(accountExpires>={date-time:microsoft-nt})))",
GroupsFilter: "(&(member={dn})(|(sAMAccountType=268435456)(sAMAccountType=536870912)))",
GroupSearchMode: ldapGroupSearchModeFilter,
Attributes: AuthenticationBackendLDAPAttributes{
DistinguishedName: ldapAttrDistinguishedName,
Username: ldapAttrSAMAccountName,
DisplayName: ldapAttrDisplayName,
FamilyName: ldapAttrSurname,
GivenName: ldapAttrGivenName,
MiddleName: ldapAttrMiddleName,
Website: "wWWHomePage",
Mail: ldapAttrMail,
PhoneNumber: "telephoneNumber",
StreetAddress: "streetAddress",
Locality: "l",
Region: "st",
PostalCode: "postalCode",
Country: "c",
MemberOf: ldapAttrMemberOf,
GroupName: ldapAttrCommonName,
},
Timeout: time.Second * 5,
TLS: &TLS{
MinimumVersion: TLSVersion{tls.VersionTLS12},
},
}
// DefaultLDAPAuthenticationBackendConfigurationImplementationRFC2307bis represents the default LDAP config for the LDAPImplementationRFC2307bis Implementation.
var DefaultLDAPAuthenticationBackendConfigurationImplementationRFC2307bis = AuthenticationBackendLDAP{
UsersFilter: "(&(|({username_attribute}={input})({mail_attribute}={input}))(|(objectClass=inetOrgPerson)(objectClass=organizationalPerson)))",
GroupsFilter: "(&(|(member={dn})(uniqueMember={dn}))(|(objectClass=groupOfNames)(objectClass=groupOfUniqueNames)(objectClass=groupOfMembers))(!(pwdReset=TRUE)))",
GroupSearchMode: ldapGroupSearchModeFilter,
Attributes: AuthenticationBackendLDAPAttributes{
Username: ldapAttrUserID,
DisplayName: ldapAttrDisplayName,
Mail: ldapAttrMail,
MemberOf: ldapAttrMemberOf,
GroupName: ldapAttrCommonName,
},
Timeout: time.Second * 5,
TLS: &TLS{
MinimumVersion: TLSVersion{tls.VersionTLS12},
},
}
// DefaultLDAPAuthenticationBackendConfigurationImplementationFreeIPA represents the default LDAP config for the LDAPImplementationFreeIPA Implementation.
var DefaultLDAPAuthenticationBackendConfigurationImplementationFreeIPA = AuthenticationBackendLDAP{
UsersFilter: "(&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person)(!(nsAccountLock=TRUE))(krbPasswordExpiration>={date-time:generalized})(|(!(krbPrincipalExpiration=*))(krbPrincipalExpiration>={date-time:generalized})))",
GroupsFilter: "(&(member={dn})(objectClass=groupOfNames))",
GroupSearchMode: ldapGroupSearchModeFilter,
Attributes: AuthenticationBackendLDAPAttributes{
Username: ldapAttrUserID,
DisplayName: ldapAttrDisplayName,
Mail: ldapAttrMail,
MemberOf: ldapAttrMemberOf,
GroupName: ldapAttrCommonName,
},
Timeout: time.Second * 5,
TLS: &TLS{
MinimumVersion: TLSVersion{tls.VersionTLS12},
},
}
// DefaultLDAPAuthenticationBackendConfigurationImplementationLLDAP represents the default LDAP config for the LDAPImplementationLLDAP Implementation.
var DefaultLDAPAuthenticationBackendConfigurationImplementationLLDAP = AuthenticationBackendLDAP{
AdditionalUsersDN: "OU=people",
AdditionalGroupsDN: "OU=groups",
UsersFilter: "(&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person))",
GroupsFilter: "(&(member={dn})(objectClass=groupOfUniqueNames))",
GroupSearchMode: ldapGroupSearchModeFilter,
Attributes: AuthenticationBackendLDAPAttributes{
Username: ldapAttrUserID,
DisplayName: ldapAttrCommonName,
Mail: ldapAttrMail,
MemberOf: ldapAttrMemberOf,
GroupName: ldapAttrCommonName,
},
Timeout: time.Second * 5,
TLS: &TLS{
MinimumVersion: TLSVersion{tls.VersionTLS12},
},
}
// DefaultLDAPAuthenticationBackendConfigurationImplementationGLAuth represents the default LDAP config for the LDAPImplementationGLAuth Implementation.
var DefaultLDAPAuthenticationBackendConfigurationImplementationGLAuth = AuthenticationBackendLDAP{
UsersFilter: "(&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=posixAccount)(!(accountStatus=inactive)))",
GroupsFilter: "(&(uniqueMember={dn})(objectClass=posixGroup))",
GroupSearchMode: ldapGroupSearchModeFilter,
Attributes: AuthenticationBackendLDAPAttributes{
Username: ldapAttrCommonName,
DisplayName: ldapAttrDescription,
Mail: ldapAttrMail,
MemberOf: ldapAttrMemberOf,
GroupName: ldapAttrCommonName,
},
Timeout: time.Second * 5,
TLS: &TLS{
MinimumVersion: TLSVersion{tls.VersionTLS12},
},
}
|
