authelia/internal/authentication/ldap_connection_factory.go

87 lines
2.6 KiB
Go
Raw Normal View History

2019-12-06 08:15:54 +00:00
package authentication
import (
"crypto/tls"
"github.com/go-ldap/ldap/v3"
2019-12-06 08:15:54 +00:00
)
// ********************* CONNECTION *********************.
2019-12-06 08:15:54 +00:00
// LDAPConnection interface representing a connection to the ldap.
type LDAPConnection interface {
Bind(username, password string) error
Close()
Search(searchRequest *ldap.SearchRequest) (*ldap.SearchResult, error)
Modify(modifyRequest *ldap.ModifyRequest) error
PasswordModify(pwdModifyRequest *ldap.PasswordModifyRequest) error
StartTLS(config *tls.Config) error
2019-12-06 08:15:54 +00:00
}
// LDAPConnectionImpl the production implementation of an ldap connection.
2019-12-06 08:15:54 +00:00
type LDAPConnectionImpl struct {
conn *ldap.Conn
}
// NewLDAPConnectionImpl create a new ldap connection.
2019-12-06 08:15:54 +00:00
func NewLDAPConnectionImpl(conn *ldap.Conn) *LDAPConnectionImpl {
return &LDAPConnectionImpl{conn}
}
// Bind binds ldap connection to a username/password.
2019-12-06 08:15:54 +00:00
func (lc *LDAPConnectionImpl) Bind(username, password string) error {
return lc.conn.Bind(username, password)
}
// Close closes a ldap connection.
2019-12-06 08:15:54 +00:00
func (lc *LDAPConnectionImpl) Close() {
lc.conn.Close()
}
// Search searches a ldap server.
2019-12-06 08:15:54 +00:00
func (lc *LDAPConnectionImpl) Search(searchRequest *ldap.SearchRequest) (*ldap.SearchResult, error) {
return lc.conn.Search(searchRequest)
}
// Modify modifies an ldap object.
2019-12-06 08:15:54 +00:00
func (lc *LDAPConnectionImpl) Modify(modifyRequest *ldap.ModifyRequest) error {
return lc.conn.Modify(modifyRequest)
}
// PasswordModify modifies an ldap objects password.
func (lc *LDAPConnectionImpl) PasswordModify(pwdModifyRequest *ldap.PasswordModifyRequest) error {
_, err := lc.conn.PasswordModify(pwdModifyRequest)
return err
}
// StartTLS requests the LDAP server upgrades to TLS encryption.
func (lc *LDAPConnectionImpl) StartTLS(config *tls.Config) error {
return lc.conn.StartTLS(config)
}
// ********************* FACTORY ***********************.
2019-12-06 08:15:54 +00:00
// LDAPConnectionFactory an interface of factory of ldap connections.
2019-12-06 08:15:54 +00:00
type LDAPConnectionFactory interface {
DialURL(addr string, opts ...ldap.DialOpt) (LDAPConnection, error)
2019-12-06 08:15:54 +00:00
}
// LDAPConnectionFactoryImpl the production implementation of an ldap connection factory.
type LDAPConnectionFactoryImpl struct{}
// NewLDAPConnectionFactoryImpl create a concrete ldap connection factory.
2019-12-06 08:15:54 +00:00
func NewLDAPConnectionFactoryImpl() *LDAPConnectionFactoryImpl {
return &LDAPConnectionFactoryImpl{}
}
[FEATURE] Enhance LDAP/SMTP TLS Configuration and Unify Them (#1557) * add new directive in the global scope `certificates_directory` which is used to bulk load certs and trust them in Authelia * this is in ADDITION to system certs and are trusted by both LDAP and SMTP * added a shared TLSConfig struct to be used by both SMTP and LDAP, and anything else in the future that requires tuning the TLS * remove usage of deprecated LDAP funcs Dial and DialTLS in favor of DialURL which is also easier to use * use the server name from LDAP URL or SMTP host when validating the certificate unless otherwise defined in the TLS section * added temporary translations from the old names to the new ones for all deprecated options * added docs * updated example configuration * final deprecations to be done in 4.28.0 * doc updates * fix misc linting issues * uniform deprecation notices for ease of final removal * added additional tests covering previously uncovered areas and the new configuration options * add non-fatal to certificate loading when system certs could not be loaded * adjust timeout of Suite ShortTimeouts * add warnings pusher for the StructValidator * make the schema suites uninform * utilize the warnings in the StructValidator * fix test suite usage for skip_verify * extract LDAP filter parsing into it's own function to make it possible to test * test LDAP filter parsing * update ErrorContainer interface * add tests to the StructValidator * add NewTLSConfig test * move baseDN for users/groups into parsed values * add tests to cover many of the outstanding areas in LDAP * add explicit deferred LDAP conn close to UpdatePassword * add some basic testing to SMTP notifier * suggestions from code review
2021-01-04 10:28:55 +00:00
// DialURL creates a connection from an LDAP URL when successful.
func (lcf *LDAPConnectionFactoryImpl) DialURL(addr string, opts ...ldap.DialOpt) (LDAPConnection, error) {
conn, err := ldap.DialURL(addr, opts...)
2019-12-06 08:15:54 +00:00
if err != nil {
return nil, err
}
2019-12-06 08:15:54 +00:00
return NewLDAPConnectionImpl(conn), nil
}