package schema // LDAPAuthenticationBackendConfiguration represents the configuration related to LDAP server. type LDAPAuthenticationBackendConfiguration struct { Implementation string `mapstructure:"implementation"` URL string `mapstructure:"url"` BaseDN string `mapstructure:"base_dn"` AdditionalUsersDN string `mapstructure:"additional_users_dn"` UsersFilter string `mapstructure:"users_filter"` AdditionalGroupsDN string `mapstructure:"additional_groups_dn"` GroupsFilter string `mapstructure:"groups_filter"` GroupNameAttribute string `mapstructure:"group_name_attribute"` UsernameAttribute string `mapstructure:"username_attribute"` MailAttribute string `mapstructure:"mail_attribute"` DisplayNameAttribute string `mapstructure:"display_name_attribute"` User string `mapstructure:"user"` Password string `mapstructure:"password"` StartTLS bool `mapstructure:"start_tls"` TLS *TLSConfig `mapstructure:"tls"` SkipVerify *bool `mapstructure:"skip_verify"` // Deprecated: Replaced with LDAPAuthenticationBackendConfiguration.TLS.SkipVerify. TODO: Remove in 4.28. MinimumTLSVersion string `mapstructure:"minimum_tls_version"` // Deprecated: Replaced with LDAPAuthenticationBackendConfiguration.TLS.MinimumVersion. TODO: Remove in 4.28. } // FileAuthenticationBackendConfiguration represents the configuration related to file-based backend. type FileAuthenticationBackendConfiguration struct { Path string `mapstructure:"path"` Password *PasswordConfiguration `mapstructure:"password"` } // PasswordConfiguration represents the configuration related to password hashing. type PasswordConfiguration struct { Iterations int `mapstructure:"iterations"` KeyLength int `mapstructure:"key_length"` SaltLength int `mapstructure:"salt_length"` Algorithm string `mapstrucutre:"algorithm"` Memory int `mapstructure:"memory"` Parallelism int `mapstructure:"parallelism"` } // AuthenticationBackendConfiguration represents the configuration related to the authentication backend. type AuthenticationBackendConfiguration struct { DisableResetPassword bool `mapstructure:"disable_reset_password"` RefreshInterval string `mapstructure:"refresh_interval"` Ldap *LDAPAuthenticationBackendConfiguration `mapstructure:"ldap"` File *FileAuthenticationBackendConfiguration `mapstructure:"file"` } // DefaultPasswordConfiguration represents the default configuration related to Argon2id hashing. var DefaultPasswordConfiguration = PasswordConfiguration{ Iterations: 1, KeyLength: 32, SaltLength: 16, Algorithm: argon2id, Memory: 64, Parallelism: 8, } // DefaultCIPasswordConfiguration represents the default configuration related to Argon2id hashing for CI. var DefaultCIPasswordConfiguration = PasswordConfiguration{ Iterations: 1, KeyLength: 32, SaltLength: 16, Algorithm: argon2id, Memory: 64, Parallelism: 8, } // DefaultPasswordSHA512Configuration represents the default configuration related to SHA512 hashing. var DefaultPasswordSHA512Configuration = PasswordConfiguration{ Iterations: 50000, SaltLength: 16, Algorithm: "sha512", } // DefaultLDAPAuthenticationBackendConfiguration represents the default LDAP config. var DefaultLDAPAuthenticationBackendConfiguration = LDAPAuthenticationBackendConfiguration{ Implementation: LDAPImplementationCustom, UsernameAttribute: "uid", MailAttribute: "mail", DisplayNameAttribute: "displayname", GroupNameAttribute: "cn", TLS: &TLSConfig{ MinimumVersion: "TLS1.2", }, } // DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration represents the default LDAP config for the MSAD Implementation. var DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration = LDAPAuthenticationBackendConfiguration{ UsersFilter: "(&(|({username_attribute}={input})({mail_attribute}={input}))(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)(!pwdLastSet=0))", UsernameAttribute: "sAMAccountName", MailAttribute: "mail", DisplayNameAttribute: "displayName", GroupsFilter: "(&(member={dn})(objectClass=group))", GroupNameAttribute: "cn", }