docs: fix misc mistakes and adjust placeholders (#4614)
parent
e3e31e3cbc
commit
1a849a37bd
|
@ -78,15 +78,15 @@ search.
|
||||||
|
|
||||||
#### Users filter replacements
|
#### Users filter replacements
|
||||||
|
|
||||||
| Placeholder | Phase | Replacement |
|
| Placeholder | Phase | Replacement |
|
||||||
|:-------------------------:|:-------:|:----------------------------------------------------------------------------------------------------------------:|
|
|:------------------------:|:-------:|:----------------------------------------------------------------------------------------------------------------:|
|
||||||
| {username_attribute} | startup | The configured username attribute |
|
| {username_attribute} | startup | The configured username attribute |
|
||||||
| {mail_attribute} | startup | The configured mail attribute |
|
| {mail_attribute} | startup | The configured mail attribute |
|
||||||
| {display_name_attribute} | startup | The configured display name attribute |
|
| {display_name_attribute} | startup | The configured display name attribute |
|
||||||
| {input} | search | The input into the username field |
|
| {input} | search | The input into the username field |
|
||||||
| {date-time:generalized} | search | The current UTC time formatted as a LDAP generalized time in the format of `20060102150405.0Z` |
|
| {date-time:generalized} | search | The current UTC time formatted as a LDAP generalized time in the format of `20060102150405.0Z` |
|
||||||
| {date-time:unix-epoch} | search | The current time formatted as a Unix epoch |
|
| {date-time:unix} | search | The current time formatted as a Unix epoch |
|
||||||
| {date-time:msft-nt-epoch} | search | The current time formatted as a Microsoft NT epoch which is used by some Microsoft [Active Directory] attributes |
|
| {date-time:microsoft-nt} | search | The current time formatted as a Microsoft NT epoch which is used by some Microsoft [Active Directory] attributes |
|
||||||
|
|
||||||
#### Groups filter replacements
|
#### Groups filter replacements
|
||||||
|
|
||||||
|
@ -134,16 +134,16 @@ the following conditions:
|
||||||
- The [Active Directory] implementation achieves this via the `(!(pwdLastSet=0))` filter.
|
- The [Active Directory] implementation achieves this via the `(!(pwdLastSet=0))` filter.
|
||||||
- The [FreeIPA] implementation achieves this via the `(krbPasswordExpiration>={date-time:generalized})` filter.
|
- The [FreeIPA] implementation achieves this via the `(krbPasswordExpiration>={date-time:generalized})` filter.
|
||||||
- Their account is expired:
|
- Their account is expired:
|
||||||
- The [Active Directory] implementation achieves this via the `(|(!(accountExpires=*))(accountExpires=0)(accountExpires>={date-time:msft-nt-epoch}))` filter.
|
- The [Active Directory] implementation achieves this via the `(|(!(accountExpires=*))(accountExpires=0)(accountExpires>={date-time:microsoft-nt}))` filter.
|
||||||
- The [FreeIPA] implementation achieves this via the `(|(!(krbPrincipalExpiration=*))(krbPrincipalExpiration>={date-time:generalized}))` filter.
|
- The [FreeIPA] implementation achieves this via the `(|(!(krbPrincipalExpiration=*))(krbPrincipalExpiration>={date-time:generalized}))` filter.
|
||||||
|
|
||||||
| Implementation | Users Filter | Groups Filter |
|
| Implementation | Users Filter | Groups Filter |
|
||||||
|:---------------:|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------:|:----------------------------------------------:|
|
|:---------------:|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------:|:----------------------------------------------------------------------------:|
|
||||||
| custom | N/A | N/A |
|
| custom | N/A | N/A |
|
||||||
| activedirectory | (&(|({username_attribute}={input})({mail_attribute}={input}))(sAMAccountType=805306368)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!(pwdLastSet=0))(|(!(accountExpires=*))(accountExpires=0)(accountExpires>={date-time:msft-nt-epoch}))) | (&(member={dn})(sAMAccountType=268435456)) |
|
| activedirectory | (&(|({username_attribute}={input})({mail_attribute}={input}))(sAMAccountType=805306368)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!(pwdLastSet=0))(|(!(accountExpires=*))(accountExpires=0)(accountExpires>={date-time:microsoft-nt}))) | (&(member={dn})(|(sAMAccountType=268435456)(sAMAccountType=536870912))) |
|
||||||
| freeipa | (&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person)(!(nsAccountLock=TRUE))(krbPasswordExpiration>={date-time:generalized})(|(!(krbPrincipalExpiration=*))(krbPrincipalExpiration>={date-time:generalized}))) | (&(member={dn})(objectClass=groupOfNames)) |
|
| freeipa | (&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person)(!(nsAccountLock=TRUE))(krbPasswordExpiration>={date-time:generalized})(|(!(krbPrincipalExpiration=*))(krbPrincipalExpiration>={date-time:generalized}))) | (&(member={dn})(objectClass=groupOfNames)) |
|
||||||
| lldap | (&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person)) | (&(member={dn})(objectClass=groupOfNames)) |
|
| lldap | (&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person)) | (&(member={dn})(objectClass=groupOfNames)) |
|
||||||
| glauth | (&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=posixAccount)(!(accountStatus=inactive))) | (&(uniqueMember={dn})(objectClass=posixGroup)) |
|
| glauth | (&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=posixAccount)(!(accountStatus=inactive))) | (&(uniqueMember={dn})(objectClass=posixGroup)) |
|
||||||
|
|
||||||
##### Microsoft Active Directory sAMAccountType
|
##### Microsoft Active Directory sAMAccountType
|
||||||
|
|
||||||
|
|
|
@ -74,8 +74,8 @@ const (
|
||||||
ldapPlaceholderDistinguishedName = "{dn}"
|
ldapPlaceholderDistinguishedName = "{dn}"
|
||||||
ldapPlaceholderUsername = "{username}"
|
ldapPlaceholderUsername = "{username}"
|
||||||
ldapPlaceholderDateTimeGeneralized = "{date-time:generalized}"
|
ldapPlaceholderDateTimeGeneralized = "{date-time:generalized}"
|
||||||
ldapPlaceholderDateTimeMicrosoftNTTimeEpoch = "{date-time:msft-nt-epoch}"
|
ldapPlaceholderDateTimeMicrosoftNTTimeEpoch = "{date-time:microsoft-nt}"
|
||||||
ldapPlaceholderDateTimeUnixEpoch = "{date-time:unix-epoch}"
|
ldapPlaceholderDateTimeUnixEpoch = "{date-time:unix}"
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
|
|
|
@ -3823,7 +3823,7 @@ func TestShouldParseDynamicConfiguration(t *testing.T) {
|
||||||
UsernameAttribute: "uid",
|
UsernameAttribute: "uid",
|
||||||
MailAttribute: "mail",
|
MailAttribute: "mail",
|
||||||
DisplayNameAttribute: "displayName",
|
DisplayNameAttribute: "displayName",
|
||||||
UsersFilter: "(&(|({username_attribute}={input})({mail_attribute}={input}))(sAMAccountType=805306368)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!(pwdLastSet=0))(|(!(accountExpires=*))(accountExpires=0)(accountExpires>={date-time:msft-nt-epoch})(accountExpires>={date-time:generalized})))",
|
UsersFilter: "(&(|({username_attribute}={input})({mail_attribute}={input}))(sAMAccountType=805306368)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!(pwdLastSet=0))(|(!(accountExpires=*))(accountExpires=0)(accountExpires>={date-time:microsoft-nt})(accountExpires>={date-time:generalized})))",
|
||||||
GroupsFilter: "(&(|(member={dn})(member={input})(member={username}))(objectClass=group))",
|
GroupsFilter: "(&(|(member={dn})(member={input})(member={username}))(objectClass=group))",
|
||||||
AdditionalUsersDN: "ou=users",
|
AdditionalUsersDN: "ou=users",
|
||||||
AdditionalGroupsDN: "ou=groups",
|
AdditionalGroupsDN: "ou=groups",
|
||||||
|
@ -3848,7 +3848,7 @@ func TestShouldParseDynamicConfiguration(t *testing.T) {
|
||||||
assert.True(t, provider.usersFilterReplacementDateTimeGeneralized)
|
assert.True(t, provider.usersFilterReplacementDateTimeGeneralized)
|
||||||
assert.True(t, provider.usersFilterReplacementDateTimeMicrosoftNTTimeEpoch)
|
assert.True(t, provider.usersFilterReplacementDateTimeMicrosoftNTTimeEpoch)
|
||||||
|
|
||||||
assert.Equal(t, "(&(|(uid={input})(mail={input}))(sAMAccountType=805306368)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!(pwdLastSet=0))(|(!(accountExpires=*))(accountExpires=0)(accountExpires>={date-time:msft-nt-epoch})(accountExpires>={date-time:generalized})))", provider.config.UsersFilter)
|
assert.Equal(t, "(&(|(uid={input})(mail={input}))(sAMAccountType=805306368)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!(pwdLastSet=0))(|(!(accountExpires=*))(accountExpires=0)(accountExpires>={date-time:microsoft-nt})(accountExpires>={date-time:generalized})))", provider.config.UsersFilter)
|
||||||
assert.Equal(t, "(&(|(member={dn})(member={input})(member={username}))(objectClass=group))", provider.config.GroupsFilter)
|
assert.Equal(t, "(&(|(member={dn})(member={input})(member={username}))(objectClass=group))", provider.config.GroupsFilter)
|
||||||
assert.Equal(t, "ou=users,dc=example,dc=com", provider.usersBaseDN)
|
assert.Equal(t, "ou=users,dc=example,dc=com", provider.usersBaseDN)
|
||||||
assert.Equal(t, "ou=groups,dc=example,dc=com", provider.groupsBaseDN)
|
assert.Equal(t, "ou=groups,dc=example,dc=com", provider.groupsBaseDN)
|
||||||
|
|
|
@ -187,7 +187,7 @@ var DefaultLDAPAuthenticationBackendConfigurationImplementationCustom = LDAPAuth
|
||||||
|
|
||||||
// DefaultLDAPAuthenticationBackendConfigurationImplementationActiveDirectory represents the default LDAP config for the LDAPImplementationActiveDirectory Implementation.
|
// DefaultLDAPAuthenticationBackendConfigurationImplementationActiveDirectory represents the default LDAP config for the LDAPImplementationActiveDirectory Implementation.
|
||||||
var DefaultLDAPAuthenticationBackendConfigurationImplementationActiveDirectory = LDAPAuthenticationBackend{
|
var DefaultLDAPAuthenticationBackendConfigurationImplementationActiveDirectory = LDAPAuthenticationBackend{
|
||||||
UsersFilter: "(&(|({username_attribute}={input})({mail_attribute}={input}))(sAMAccountType=805306368)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!(pwdLastSet=0))(|(!(accountExpires=*))(accountExpires=0)(accountExpires>={date-time:msft-nt-epoch})))",
|
UsersFilter: "(&(|({username_attribute}={input})({mail_attribute}={input}))(sAMAccountType=805306368)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!(pwdLastSet=0))(|(!(accountExpires=*))(accountExpires=0)(accountExpires>={date-time:microsoft-nt})))",
|
||||||
UsernameAttribute: "sAMAccountName",
|
UsernameAttribute: "sAMAccountName",
|
||||||
MailAttribute: ldapAttrMail,
|
MailAttribute: ldapAttrMail,
|
||||||
DisplayNameAttribute: ldapAttrDisplayName,
|
DisplayNameAttribute: ldapAttrDisplayName,
|
||||||
|
|
Loading…
Reference in New Issue