RPJosh
/
authelia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
authelia/internal/configuration/schema/const.go

162 lines
4.4 KiB
Go
Raw Permalink Normal View History

[CI] Add goconst linter (#961) * [CI] Add goconst linter * Implement goconst recommendations * Rename defaultPolicy to denyPolicy * Change order for test constants Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-05-02 16:20:40 +00:00
package schema
[FEATURE] Automatic Profile Refresh - LDAP (#912) * [FIX] LDAP Not Checking for Updated Groups * refactor handlers verifyFromSessionCookie * refactor authorizer selectMatchingObjectRules * refactor authorizer isDomainMatching * add authorizer URLHasGroupSubjects method * add user provider ProviderType method * update tests * check for new LDAP groups and update session when: * user provider type is LDAP * authorization is forbidden * URL has rule with group subjects * Implement Refresh Interval * add default values for LDAP user provider * add default for refresh interval * add schema validator for refresh interval * add various tests * rename hasUserBeenInactiveLongEnough to hasUserBeenInactiveTooLong * use Authelia ctx clock * add check to determine if user is deleted, if so destroy the * make ldap user not found error a const * implement GetRefreshSettings in mock * Use user not found const with FileProvider * comment exports * use ctx.Clock instead of time pkg * add debug logging * use ptr to reference userSession so we don't have to retrieve it again * add documenation * add check for 0 refresh interval to reduce CPU cost * remove badly copied debug msg * add group change delta message * add SliceStringDelta * refactor ldap refresh to use the new func * improve delta add/remove log message * fix incorrect logic in SliceStringDelta * add tests to SliceStringDelta * add always config option * add tests for always config option * update docs * apply suggestions from code review Co-Authored-By: Amir Zarrinkafsh <nightah@me.com> * complete mocks and fix an old one * show warning when LDAP details failed to update for an unknown reason * golint fix * actually fix existing mocks * use mocks for LDAP refresh testing * use mocks for LDAP refresh testing for both added and removed groups * use test mock to verify disabled refresh behaviour * add information to threat model * add time const for default Unix() value * misc adjustments to mocks * Suggestions from code review * requested changes * update emails * docs updates * test updates * misc * golint fix * set debug for dev testing * misc docs and logging updates * misc grammar/spelling * use built function for VerifyGet * fix reviewdog suggestions * requested changes * Apply suggestions from code review Co-authored-by: Amir Zarrinkafsh <nightah@me.com> Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-05-04 19:39:25 +00:00
import (
feat(configuration): mtls clients (#4221) This implements mTLS support for LDAP, Redis, and SMTP. Specified via the tls.certificate_chain and tls.private_key options. Closes #4044
2022-10-21 08:41:33 +00:00
"errors"
fix(configuration): address parsing failure (#3653) This fixes an issue with parsing address types from strings.
2022-07-05 04:43:12 +00:00
"regexp"
[FEATURE] Automatic Profile Refresh - LDAP (#912) * [FIX] LDAP Not Checking for Updated Groups * refactor handlers verifyFromSessionCookie * refactor authorizer selectMatchingObjectRules * refactor authorizer isDomainMatching * add authorizer URLHasGroupSubjects method * add user provider ProviderType method * update tests * check for new LDAP groups and update session when: * user provider type is LDAP * authorization is forbidden * URL has rule with group subjects * Implement Refresh Interval * add default values for LDAP user provider * add default for refresh interval * add schema validator for refresh interval * add various tests * rename hasUserBeenInactiveLongEnough to hasUserBeenInactiveTooLong * use Authelia ctx clock * add check to determine if user is deleted, if so destroy the * make ldap user not found error a const * implement GetRefreshSettings in mock * Use user not found const with FileProvider * comment exports * use ctx.Clock instead of time pkg * add debug logging * use ptr to reference userSession so we don't have to retrieve it again * add documenation * add check for 0 refresh interval to reduce CPU cost * remove badly copied debug msg * add group change delta message * add SliceStringDelta * refactor ldap refresh to use the new func * improve delta add/remove log message * fix incorrect logic in SliceStringDelta * add tests to SliceStringDelta * add always config option * add tests for always config option * update docs * apply suggestions from code review Co-Authored-By: Amir Zarrinkafsh <nightah@me.com> * complete mocks and fix an old one * show warning when LDAP details failed to update for an unknown reason * golint fix * actually fix existing mocks * use mocks for LDAP refresh testing * use mocks for LDAP refresh testing for both added and removed groups * use test mock to verify disabled refresh behaviour * add information to threat model * add time const for default Unix() value * misc adjustments to mocks * Suggestions from code review * requested changes * update emails * docs updates * test updates * misc * golint fix * set debug for dev testing * misc docs and logging updates * misc grammar/spelling * use built function for VerifyGet * fix reviewdog suggestions * requested changes * Apply suggestions from code review Co-authored-by: Amir Zarrinkafsh <nightah@me.com> Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-05-04 19:39:25 +00:00
"time"
)
feat(authentication): file password algorithms (#3848) This adds significant enhancements to the file auth provider including multiple additional algorithms.
2022-10-17 10:51:59 +00:00
const (
argon2 = "argon2"
argon2id = "argon2id"
sha512 = "sha512"
)
[CI] Add gocritic linter (#977) * [CI] Add gocritic linter * Implement gocritic recommendations The outstanding recommendations are due to be addressed in #959 and #971 respectively. * Fix implementation tests * Fix remaining linting issues. * Fix tests. Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-05-06 00:52:06 +00:00
feat(configuration): mtls clients (#4221) This implements mTLS support for LDAP, Redis, and SMTP. Specified via the tls.certificate_chain and tls.private_key options. Closes #4044
2022-10-21 08:41:33 +00:00
const (
// TLSVersion13 is the textual representation of TLS 1.3.
TLSVersion13 = "TLS1.3"
// TLSVersion12 is the textual representation of TLS 1.2.
TLSVersion12 = "TLS1.2"
// TLSVersion11 is the textual representation of TLS 1.1.
TLSVersion11 = "TLS1.1"
// TLSVersion10 is the textual representation of TLS 1.0.
TLSVersion10 = "TLS1.0"
// SSLVersion30 is the textual representation of SSL 3.0.
SSLVersion30 = "SSL3.0"
// Version13 is the textual representation of version 1.3.
Version13 = "1.3"
// Version12 is the textual representation of version 1.2.
Version12 = "1.2"
// Version11 is the textual representation of version 1.1.
Version11 = "1.1"
// Version10 is the textual representation of version 1.0.
Version10 = "1.0"
)
// ErrTLSVersionNotSupported returned when an unknown TLS version supplied.
var ErrTLSVersionNotSupported = errors.New("supplied tls version isn't supported")
// ProfileRefreshDisabled represents a Value for refresh_interval that disables the check entirely.
[FEATURE] Automatic Profile Refresh - LDAP (#912) * [FIX] LDAP Not Checking for Updated Groups * refactor handlers verifyFromSessionCookie * refactor authorizer selectMatchingObjectRules * refactor authorizer isDomainMatching * add authorizer URLHasGroupSubjects method * add user provider ProviderType method * update tests * check for new LDAP groups and update session when: * user provider type is LDAP * authorization is forbidden * URL has rule with group subjects * Implement Refresh Interval * add default values for LDAP user provider * add default for refresh interval * add schema validator for refresh interval * add various tests * rename hasUserBeenInactiveLongEnough to hasUserBeenInactiveTooLong * use Authelia ctx clock * add check to determine if user is deleted, if so destroy the * make ldap user not found error a const * implement GetRefreshSettings in mock * Use user not found const with FileProvider * comment exports * use ctx.Clock instead of time pkg * add debug logging * use ptr to reference userSession so we don't have to retrieve it again * add documenation * add check for 0 refresh interval to reduce CPU cost * remove badly copied debug msg * add group change delta message * add SliceStringDelta * refactor ldap refresh to use the new func * improve delta add/remove log message * fix incorrect logic in SliceStringDelta * add tests to SliceStringDelta * add always config option * add tests for always config option * update docs * apply suggestions from code review Co-Authored-By: Amir Zarrinkafsh <nightah@me.com> * complete mocks and fix an old one * show warning when LDAP details failed to update for an unknown reason * golint fix * actually fix existing mocks * use mocks for LDAP refresh testing * use mocks for LDAP refresh testing for both added and removed groups * use test mock to verify disabled refresh behaviour * add information to threat model * add time const for default Unix() value * misc adjustments to mocks * Suggestions from code review * requested changes * update emails * docs updates * test updates * misc * golint fix * set debug for dev testing * misc docs and logging updates * misc grammar/spelling * use built function for VerifyGet * fix reviewdog suggestions * requested changes * Apply suggestions from code review Co-authored-by: Amir Zarrinkafsh <nightah@me.com> Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-05-04 19:39:25 +00:00
const ProfileRefreshDisabled = "disable"
fix(configuration): remember me duration disabled impossible (#2997) This fixes an issue not properly resolved by db6dd32151a8161e8348f32d19a687f0faa16ddf.
2022-03-13 02:51:23 +00:00
const (
feat(configuration): comment unnecessary template lines (#4222) This adjusts the default configuration to mostly include commented configuration.
2022-10-21 09:17:30 +00:00
// ProfileRefreshAlways represents a value for refresh_interval that's the same as 0ms.
fix(configuration): remember me duration disabled impossible (#2997) This fixes an issue not properly resolved by db6dd32151a8161e8348f32d19a687f0faa16ddf.
2022-03-13 02:51:23 +00:00
ProfileRefreshAlways = "always"
[FEATURE] Automatic Profile Refresh - LDAP (#912) * [FIX] LDAP Not Checking for Updated Groups * refactor handlers verifyFromSessionCookie * refactor authorizer selectMatchingObjectRules * refactor authorizer isDomainMatching * add authorizer URLHasGroupSubjects method * add user provider ProviderType method * update tests * check for new LDAP groups and update session when: * user provider type is LDAP * authorization is forbidden * URL has rule with group subjects * Implement Refresh Interval * add default values for LDAP user provider * add default for refresh interval * add schema validator for refresh interval * add various tests * rename hasUserBeenInactiveLongEnough to hasUserBeenInactiveTooLong * use Authelia ctx clock * add check to determine if user is deleted, if so destroy the * make ldap user not found error a const * implement GetRefreshSettings in mock * Use user not found const with FileProvider * comment exports * use ctx.Clock instead of time pkg * add debug logging * use ptr to reference userSession so we don't have to retrieve it again * add documenation * add check for 0 refresh interval to reduce CPU cost * remove badly copied debug msg * add group change delta message * add SliceStringDelta * refactor ldap refresh to use the new func * improve delta add/remove log message * fix incorrect logic in SliceStringDelta * add tests to SliceStringDelta * add always config option * add tests for always config option * update docs * apply suggestions from code review Co-Authored-By: Amir Zarrinkafsh <nightah@me.com> * complete mocks and fix an old one * show warning when LDAP details failed to update for an unknown reason * golint fix * actually fix existing mocks * use mocks for LDAP refresh testing * use mocks for LDAP refresh testing for both added and removed groups * use test mock to verify disabled refresh behaviour * add information to threat model * add time const for default Unix() value * misc adjustments to mocks * Suggestions from code review * requested changes * update emails * docs updates * test updates * misc * golint fix * set debug for dev testing * misc docs and logging updates * misc grammar/spelling * use built function for VerifyGet * fix reviewdog suggestions * requested changes * Apply suggestions from code review Co-authored-by: Amir Zarrinkafsh <nightah@me.com> Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-05-04 19:39:25 +00:00
feat(configuration): comment unnecessary template lines (#4222) This adjusts the default configuration to mostly include commented configuration.
2022-10-21 09:17:30 +00:00
// RefreshIntervalDefault represents the default value of refresh_interval.
fix(configuration): remember me duration disabled impossible (#2997) This fixes an issue not properly resolved by db6dd32151a8161e8348f32d19a687f0faa16ddf.
2022-03-13 02:51:23 +00:00
RefreshIntervalDefault = "5m"
[FEATURE] Automatic Profile Refresh - LDAP (#912) * [FIX] LDAP Not Checking for Updated Groups * refactor handlers verifyFromSessionCookie * refactor authorizer selectMatchingObjectRules * refactor authorizer isDomainMatching * add authorizer URLHasGroupSubjects method * add user provider ProviderType method * update tests * check for new LDAP groups and update session when: * user provider type is LDAP * authorization is forbidden * URL has rule with group subjects * Implement Refresh Interval * add default values for LDAP user provider * add default for refresh interval * add schema validator for refresh interval * add various tests * rename hasUserBeenInactiveLongEnough to hasUserBeenInactiveTooLong * use Authelia ctx clock * add check to determine if user is deleted, if so destroy the * make ldap user not found error a const * implement GetRefreshSettings in mock * Use user not found const with FileProvider * comment exports * use ctx.Clock instead of time pkg * add debug logging * use ptr to reference userSession so we don't have to retrieve it again * add documenation * add check for 0 refresh interval to reduce CPU cost * remove badly copied debug msg * add group change delta message * add SliceStringDelta * refactor ldap refresh to use the new func * improve delta add/remove log message * fix incorrect logic in SliceStringDelta * add tests to SliceStringDelta * add always config option * add tests for always config option * update docs * apply suggestions from code review Co-Authored-By: Amir Zarrinkafsh <nightah@me.com> * complete mocks and fix an old one * show warning when LDAP details failed to update for an unknown reason * golint fix * actually fix existing mocks * use mocks for LDAP refresh testing * use mocks for LDAP refresh testing for both added and removed groups * use test mock to verify disabled refresh behaviour * add information to threat model * add time const for default Unix() value * misc adjustments to mocks * Suggestions from code review * requested changes * update emails * docs updates * test updates * misc * golint fix * set debug for dev testing * misc docs and logging updates * misc grammar/spelling * use built function for VerifyGet * fix reviewdog suggestions * requested changes * Apply suggestions from code review Co-authored-by: Amir Zarrinkafsh <nightah@me.com> Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-05-04 19:39:25 +00:00
feat(configuration): comment unnecessary template lines (#4222) This adjusts the default configuration to mostly include commented configuration.
2022-10-21 09:17:30 +00:00
// RefreshIntervalAlways represents the duration value refresh interval should have if set to always.
fix(configuration): remember me duration disabled impossible (#2997) This fixes an issue not properly resolved by db6dd32151a8161e8348f32d19a687f0faa16ddf.
2022-03-13 02:51:23 +00:00
RefreshIntervalAlways = 0 * time.Millisecond
)
[FEATURE] Support MSAD password reset via unicodePwd attribute (#1460) * Added `ActiveDirectory` suite for integration tests with Samba AD * Updated documentation * Minor styling refactor to suites * Clean up LDAP user provisioning * Fix Authelia home splash to reference correct link for webmail * Add notification message for password complexity errors * Add password complexity integration test * Rename implementation default from rfc to custom * add specific defaults for LDAP (activedirectory implementation) * add docs to show the new defaults * add docs explaining the importance of users filter * add tests * update instances of LDAP implementation names to use the new consts where applicable * made the 'custom' case in the UpdatePassword method for the implementation switch the default case instead * update config examples due to the new defaults * apply changes from code review * replace schema default name from MSAD to ActiveDirectory for consistency * fix missing default for username_attribute * replace test raising on empty username attribute with not raising on empty Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-11-27 09:59:22 +00:00
fix(configuration): remember me duration disabled impossible (#2997) This fixes an issue not properly resolved by db6dd32151a8161e8348f32d19a687f0faa16ddf.
2022-03-13 02:51:23 +00:00
const (
// LDAPImplementationCustom is the string for the custom LDAP implementation.
LDAPImplementationCustom = "custom"
[FEATURE] Support MSAD password reset via unicodePwd attribute (#1460) * Added `ActiveDirectory` suite for integration tests with Samba AD * Updated documentation * Minor styling refactor to suites * Clean up LDAP user provisioning * Fix Authelia home splash to reference correct link for webmail * Add notification message for password complexity errors * Add password complexity integration test * Rename implementation default from rfc to custom * add specific defaults for LDAP (activedirectory implementation) * add docs to show the new defaults * add docs explaining the importance of users filter * add tests * update instances of LDAP implementation names to use the new consts where applicable * made the 'custom' case in the UpdatePassword method for the implementation switch the default case instead * update config examples due to the new defaults * apply changes from code review * replace schema default name from MSAD to ActiveDirectory for consistency * fix missing default for username_attribute * replace test raising on empty username attribute with not raising on empty Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-11-27 09:59:22 +00:00
fix(configuration): remember me duration disabled impossible (#2997) This fixes an issue not properly resolved by db6dd32151a8161e8348f32d19a687f0faa16ddf.
2022-03-13 02:51:23 +00:00
// LDAPImplementationActiveDirectory is the string for the Active Directory LDAP implementation.
LDAPImplementationActiveDirectory = "activedirectory"
feat(configuration): freeipa ldap implementation (#4482) This adds a FreeIPA LDAP implementation which purely adds sane defaults for FreeIPA. There are no functional differences just when the implementation option is set to 'freeipa' sane defaults which should be sufficient for most use cases are set. See the documentation at https://www.authelia.com/r/ldap#defaults for more details. Closes #2177, Closes #2161
2022-12-21 10:07:00 +00:00
feat(configuration): rfc2307bis implementation (#4900) This adds configuration defaults for RFC2307bis LDAP implementations such as OpenLDAP with the RFC2307bis LDIF which should service most user needs.
2023-02-08 02:35:57 +00:00
// LDAPImplementationRFC2307bis is the string for the RFC2307bis LDAP implementation.
LDAPImplementationRFC2307bis = "rfc2307bis"
feat(configuration): freeipa ldap implementation (#4482) This adds a FreeIPA LDAP implementation which purely adds sane defaults for FreeIPA. There are no functional differences just when the implementation option is set to 'freeipa' sane defaults which should be sufficient for most use cases are set. See the documentation at https://www.authelia.com/r/ldap#defaults for more details. Closes #2177, Closes #2161
2022-12-21 10:07:00 +00:00
// LDAPImplementationFreeIPA is the string for the FreeIPA LDAP implementation.
LDAPImplementationFreeIPA = "freeipa"
feat(configuration): lldap implementation (#4498) This adds a lldap LDAP implementation which purely adds sane defaults for lldap. There are no functional differences just when the implementation option is set to 'lldap' sane defaults which should be sufficient for most use cases are set. See the documentation at https://www.authelia.com/r/ldap#defaults for more details.
2022-12-21 10:51:25 +00:00
// LDAPImplementationLLDAP is the string for the lldap LDAP implementation.
LDAPImplementationLLDAP = "lldap"
feat(configuration): glauth ldap implementation (#4499) This adds a GLAuth LDAP implementation which purely adds sane defaults for GLAuth. There are no functional differences just when the implementation option is set to 'glauth' sane defaults which should be sufficient for most use cases are set. See the documentation at https://www.authelia.com/r/ldap#defaults for more details.
2022-12-21 11:14:22 +00:00
// LDAPImplementationGLAuth is the string for the GLAuth LDAP implementation.
LDAPImplementationGLAuth = "glauth"
fix(configuration): remember me duration disabled impossible (#2997) This fixes an issue not properly resolved by db6dd32151a8161e8348f32d19a687f0faa16ddf.
2022-03-13 02:51:23 +00:00
)
feat(totp): algorithm and digits config (#2634) Allow users to configure the TOTP Algorithm and Digits. This should be used with caution as many TOTP applications do not support it. Some will also fail to notify the user that there is an issue. i.e. if the algorithm in the QR code is sha512, they continue to generate one time passwords with sha1. In addition this drastically refactors TOTP in general to be more user friendly by not forcing them to register a new device if the administrator changes the period (or algorithm). Fixes #1226.
2021-12-01 12:11:29 +00:00
feat(authentication): ldap memberof group search (#5418) Introduces the concept of group search mode into the LDAP configuration. This also adds the filter and memberof search modes. The full description of these is included in the docs but the filter mode is the same mode as previous which is also the default and recommended value. The memberof mode should only be used by users who are aware of how the concept works as per the docs. Closes #2161 Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-06-18 04:40:38 +00:00
const (
// LDAPGroupSearchModeFilter is the string for the filter group search mode.
LDAPGroupSearchModeFilter = "filter"
// LDAPGroupSearchModeMemberOf is the string for the memberOf group search mode.
LDAPGroupSearchModeMemberOf = "memberof"
)
feat(totp): algorithm and digits config (#2634) Allow users to configure the TOTP Algorithm and Digits. This should be used with caution as many TOTP applications do not support it. Some will also fail to notify the user that there is an issue. i.e. if the algorithm in the QR code is sha512, they continue to generate one time passwords with sha1. In addition this drastically refactors TOTP in general to be more user friendly by not forcing them to register a new device if the administrator changes the period (or algorithm). Fixes #1226.
2021-12-01 12:11:29 +00:00
// TOTP Algorithm.
const (
TOTPAlgorithmSHA1 = "SHA1"
TOTPAlgorithmSHA256 = "SHA256"
TOTPAlgorithmSHA512 = "SHA512"
)
fix(configuration): remember me duration disabled impossible (#2997) This fixes an issue not properly resolved by db6dd32151a8161e8348f32d19a687f0faa16ddf.
2022-03-13 02:51:23 +00:00
const (
// RememberMeDisabled represents the duration for a disabled remember me session configuration.
RememberMeDisabled = time.Second * -1
)
feat(totp): algorithm and digits config (#2634) Allow users to configure the TOTP Algorithm and Digits. This should be used with caution as many TOTP applications do not support it. Some will also fail to notify the user that there is an issue. i.e. if the algorithm in the QR code is sha512, they continue to generate one time passwords with sha1. In addition this drastically refactors TOTP in general to be more user friendly by not forcing them to register a new device if the administrator changes the period (or algorithm). Fixes #1226.
2021-12-01 12:11:29 +00:00
var (
// TOTPPossibleAlgorithms is a list of valid TOTP Algorithms.
TOTPPossibleAlgorithms = []string{TOTPAlgorithmSHA1, TOTPAlgorithmSHA256, TOTPAlgorithmSHA512}
)
feat(totp): secret customization (#2681) Allow customizing the shared secrets size specifically for apps which don't support 256bit shared secrets.
2022-04-07 23:01:01 +00:00
const (
// TOTPSecretSizeDefault is the default secret size.
TOTPSecretSizeDefault = 32
// TOTPSecretSizeMinimum is the minimum secret size.
TOTPSecretSizeMinimum = 20
)
fix(configuration): address parsing failure (#3653) This fixes an issue with parsing address types from strings.
2022-07-05 04:43:12 +00:00
refactor(configuration): umask from query (#5416) Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-09 11:25:56 +00:00
var (
// regexpHasScheme checks if a string has a scheme. Valid characters for schemes include alphanumeric, hyphen,
// period, and plus characters.
regexpHasScheme = regexp.MustCompile(`^[-+.a-zA-Z\d]*(://|:$)`)
regexpIsUmask = regexp.MustCompile(`^[0-7]{3,4}$`)
)
const (
addressQueryParamUmask = "umask"
)
feat(oidc): issuer jwk certificates (#3989) This allows for JWKs to include certificate information, either signed via Global PKI, Enterprise PKI, or self-signed.
2022-10-02 02:07:40 +00:00
const (
blockCERTIFICATE = "CERTIFICATE"
blockRSAPRIVATEKEY = "RSA PRIVATE KEY"
)
feat(configuration): freeipa ldap implementation (#4482) This adds a FreeIPA LDAP implementation which purely adds sane defaults for FreeIPA. There are no functional differences just when the implementation option is set to 'freeipa' sane defaults which should be sufficient for most use cases are set. See the documentation at https://www.authelia.com/r/ldap#defaults for more details. Closes #2177, Closes #2161
2022-12-21 10:07:00 +00:00
const (
feat(authentication): ldap memberof group search (#5418) Introduces the concept of group search mode into the LDAP configuration. This also adds the filter and memberof search modes. The full description of these is included in the docs but the filter mode is the same mode as previous which is also the default and recommended value. The memberof mode should only be used by users who are aware of how the concept works as per the docs. Closes #2161 Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-06-18 04:40:38 +00:00
ldapGroupSearchModeFilter = "filter"
)
const (
ldapAttrDistinguishedName = "distinguishedName"
ldapAttrMail = "mail"
ldapAttrUserID = "uid"
ldapAttrSAMAccountName = "sAMAccountName"
ldapAttrDisplayName = "displayName"
ldapAttrDescription = "description"
ldapAttrCommonName = "cn"
ldapAttrMemberOf = "memberOf"
feat(configuration): freeipa ldap implementation (#4482) This adds a FreeIPA LDAP implementation which purely adds sane defaults for FreeIPA. There are no functional differences just when the implementation option is set to 'freeipa' sane defaults which should be sufficient for most use cases are set. See the documentation at https://www.authelia.com/r/ldap#defaults for more details. Closes #2177, Closes #2161
2022-12-21 10:07:00 +00:00
)
feat(server): listen on unix sockets (#5038) This allows listening on unix sockets. Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-07 05:48:26 +00:00
// Address Schemes.
const (
AddressSchemeTCP = "tcp"
AddressSchemeTCP4 = "tcp4"
AddressSchemeTCP6 = "tcp6"
AddressSchemeUDP = "udp"
AddressSchemeUDP4 = "udp4"
AddressSchemeUDP6 = "udp6"
AddressSchemeUnix = "unix"
AddressSchemeLDAP = "ldap"
AddressSchemeLDAPS = "ldaps"
AddressSchemeLDAPI = "ldapi"
AddressSchemeSMTP = "smtp"
AddressSchemeSUBMISSION = "submission"
AddressSchemeSUBMISSIONS = "submissions"
)