package schema // LDAPAuthenticationBackendConfiguration represents the configuration related to LDAP server. type LDAPAuthenticationBackendConfiguration struct { Implementation string `mapstructure:"implementation"` URL string `mapstructure:"url"` SkipVerify bool `mapstructure:"skip_verify"` StartTLS bool `mapstructure:"start_tls"` MinimumTLSVersion string `mapstructure:"minimum_tls_version"` BaseDN string `mapstructure:"base_dn"` AdditionalUsersDN string `mapstructure:"additional_users_dn"` UsersFilter string `mapstructure:"users_filter"` AdditionalGroupsDN string `mapstructure:"additional_groups_dn"` GroupsFilter string `mapstructure:"groups_filter"` GroupNameAttribute string `mapstructure:"group_name_attribute"` UsernameAttribute string `mapstructure:"username_attribute"` MailAttribute string `mapstructure:"mail_attribute"` DisplayNameAttribute string `mapstructure:"display_name_attribute"` User string `mapstructure:"user"` Password string `mapstructure:"password"` } // FileAuthenticationBackendConfiguration represents the configuration related to file-based backend. type FileAuthenticationBackendConfiguration struct { Path string `mapstructure:"path"` Password *PasswordConfiguration `mapstructure:"password"` } // PasswordConfiguration represents the configuration related to password hashing. type PasswordConfiguration struct { Iterations int `mapstructure:"iterations"` KeyLength int `mapstructure:"key_length"` SaltLength int `mapstructure:"salt_length"` Algorithm string `mapstrucutre:"algorithm"` Memory int `mapstructure:"memory"` Parallelism int `mapstructure:"parallelism"` } // AuthenticationBackendConfiguration represents the configuration related to the authentication backend. type AuthenticationBackendConfiguration struct { DisableResetPassword bool `mapstructure:"disable_reset_password"` RefreshInterval string `mapstructure:"refresh_interval"` Ldap *LDAPAuthenticationBackendConfiguration `mapstructure:"ldap"` File *FileAuthenticationBackendConfiguration `mapstructure:"file"` } // DefaultPasswordConfiguration represents the default configuration related to Argon2id hashing. var DefaultPasswordConfiguration = PasswordConfiguration{ Iterations: 1, KeyLength: 32, SaltLength: 16, Algorithm: argon2id, Memory: 1024, Parallelism: 8, } // DefaultCIPasswordConfiguration represents the default configuration related to Argon2id hashing for CI. var DefaultCIPasswordConfiguration = PasswordConfiguration{ Iterations: 1, KeyLength: 32, SaltLength: 16, Algorithm: argon2id, Memory: 128, Parallelism: 8, } // DefaultPasswordSHA512Configuration represents the default configuration related to SHA512 hashing. var DefaultPasswordSHA512Configuration = PasswordConfiguration{ Iterations: 50000, SaltLength: 16, Algorithm: "sha512", } // DefaultLDAPAuthenticationBackendConfiguration represents the default LDAP config. var DefaultLDAPAuthenticationBackendConfiguration = LDAPAuthenticationBackendConfiguration{ Implementation: LDAPImplementationCustom, UsernameAttribute: "uid", MailAttribute: "mail", DisplayNameAttribute: "displayname", GroupNameAttribute: "cn", MinimumTLSVersion: "TLS1.2", } // DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration represents the default LDAP config for the MSAD Implementation. var DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration = LDAPAuthenticationBackendConfiguration{ UsersFilter: "(&(|({username_attribute}={input})({mail_attribute}={input}))(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)(!pwdLastSet=0))", UsernameAttribute: "sAMAccountName", MailAttribute: "mail", DisplayNameAttribute: "displayName", GroupsFilter: "(&(member={dn})(objectClass=group))", GroupNameAttribute: "cn", }