Cadoles
/
hydra-werther
10
0
Fork 0
Code Issues Pull Requests Projects Releases 3 Wiki Activity

Compare commits

base: Cadoles:194c1864c4b864a32d2f451daed37aa2ca64a004
Branches Tags
Cadoles:develop
Cadoles:master
Cadoles:staging
Cadoles:dist/ubuntu/bionic/develop
Cadoles:dist/ubuntu/bionic/staging
Cadoles:2023.12.6-stable.1421.15a4717
Cadoles:2023.12.6-testing.1421.15a4717
Cadoles:2023.12.6-develop.1421.15a4717
Cadoles:2023.12.6-develop.1447.7edc889
Cadoles:2023.12.6-develop.1347.7edc889
Cadoles:2023.12.6-jenkinsrelease.1334.b9bc218
Cadoles:2023.12.6-develop.1202.d74f812
Cadoles:pkg/staging/ubuntu-bionic/1.2.1-2
Cadoles:pkg/dev/ubuntu-bionic/1.2.1-4
Cadoles:pkg/dev/ubuntu-bionic/1.2.1-3
Cadoles:pkg/staging/ubuntu-bionic/1.2.1-1
Cadoles:pkg/dev/ubuntu-bionic/1.2.1-2
Cadoles:pkg/dev/ubuntu-bionic/1.2.1-0
Cadoles:pkg/staging/ubuntu-bionic/1.2.1-0
Cadoles:pkg/deb/ubuntu-bionic/1.2.1-0
Cadoles:v1.2.1
Cadoles:v1.2.0
Cadoles:v1.1.1
Cadoles:v1.1.0
Cadoles:v1.0.1
Cadoles:v1.0.0
Cadoles:1.2.1-2-7-gd74f812
Cadoles:1.2.1-2-6-g885d18e
Cadoles:1.2.1-2-4-g592749e
Cadoles:1.2.1-2-2-g194c186
Cadoles:1.2.1-2-1-gb940aae
..
compare: Cadoles:592749eebf176e9ba508ac35008f476c354c5a0f
Branches Tags
Cadoles:develop
Cadoles:master
Cadoles:staging
Cadoles:dist/ubuntu/bionic/develop
Cadoles:dist/ubuntu/bionic/staging
Cadoles:2023.12.6-stable.1421.15a4717
Cadoles:2023.12.6-testing.1421.15a4717
Cadoles:2023.12.6-develop.1421.15a4717
Cadoles:2023.12.6-develop.1447.7edc889
Cadoles:2023.12.6-develop.1347.7edc889
Cadoles:2023.12.6-jenkinsrelease.1334.b9bc218
Cadoles:2023.12.6-develop.1202.d74f812
Cadoles:pkg/staging/ubuntu-bionic/1.2.1-2
Cadoles:pkg/dev/ubuntu-bionic/1.2.1-4
Cadoles:pkg/dev/ubuntu-bionic/1.2.1-3
Cadoles:pkg/staging/ubuntu-bionic/1.2.1-1
Cadoles:pkg/dev/ubuntu-bionic/1.2.1-2
Cadoles:pkg/dev/ubuntu-bionic/1.2.1-0
Cadoles:pkg/staging/ubuntu-bionic/1.2.1-0
Cadoles:pkg/deb/ubuntu-bionic/1.2.1-0
Cadoles:v1.2.1
Cadoles:v1.2.0
Cadoles:v1.1.1
Cadoles:v1.1.0
Cadoles:v1.0.1
Cadoles:v1.0.0
Cadoles:1.2.1-2-7-gd74f812
Cadoles:1.2.1-2-6-g885d18e
Cadoles:1.2.1-2-4-g592749e
Cadoles:1.2.1-2-2-g194c186
Cadoles:1.2.1-2-1-gb940aae

2 Commits
194c1864c4 ... 592749eebf

Author SHA1 Message Date
wpetit 592749eebf Merge pull request 'Délai de connexion au serveur LDAP configurable' (#2) from ldap-configurable-timeout into develop
Cadoles/hydra-werther/pipeline/head This commit looks good Details 
Reviewed-on: #2
 2023-12-06 11:45:30 +01:00
wpetit 24b66a12ef feat: add configurable ldap connection timeout
Cadoles/hydra-werther/pipeline/head This commit looks good Details
Cadoles/hydra-werther/pipeline/pr-develop This commit looks good Details
2023-12-06 11:43:58 +01:00
2 changed files with 33 additions and 24 deletions
Show Stats Expand all files Collapse all files

6
conf/hydra-werther.conf
View File

@ -117,3 +117,9 @@ WERTHER_LDAP_ROLE_BASEDN=ou=groups,dc=myorg,dc=com
# [type] String
# [default] /
# [required]
#WERTHER_LDAP_CONNECTION_TIMEOUT=
# [description] LDAP server connection timeout
# [type] Duration
# [default] 60s
# [required]

51
internal/ldapclient/ldapclient.go
View File

@ -48,19 +48,20 @@ type connector interface {
// Config is a LDAP configuration.
type Config struct {
Endpoints []string `envconfig:"endpoints" required:"true" desc:"a LDAP's server URLs as \"<address>:<port>\""`
BindDN string `envconfig:"binddn" desc:"a LDAP bind DN"`
BindPass string `envconfig:"bindpw" json:"-" desc:"a LDAP bind password"`
BaseDN string `envconfig:"basedn" required:"true" desc:"a LDAP base DN for searching users"`
UserSearchQuery string `envconfig:"user_search_query" desc:"the user search query" default:"(&(|(objectClass=organizationalPerson)(objectClass=inetOrgPerson))(|(uid=%[1]s)(mail=%[1]s)(userPrincipalName=%[1]s)(sAMAccountName=%[1]s)))"`
AttrClaims map[string]string `envconfig:"attr_claims" default:"name:name,sn:family_name,givenName:given_name,mail:email" desc:"a mapping of LDAP attributes to OpenID connect claims"`
RoleBaseDN string `envconfig:"role_basedn" required:"true" desc:"a LDAP base DN for searching roles"`
RoleSearchQuery string `envconfig:"role_search_query" desc:"the role search query" default:"(|(&(|(objectClass=group)(objectClass=groupOfNames))(member=%[1]s))(&(objectClass=groupOfUniqueNames)(uniqueMember=%[1]s)))"`
RoleAttr string `envconfig:"role_attr" default:"description" desc:"a LDAP group's attribute that contains a role's name"`
RoleClaim string `envconfig:"role_claim" default:"https://github.com/i-core/werther/claims/roles" desc:"a name of an OpenID Connect claim that contains user roles"`
CacheSize int `envconfig:"cache_size" default:"512" desc:"a user info cache's size in KiB"`
CacheTTL time.Duration `envconfig:"cache_ttl" default:"30m" desc:"a user info cache TTL"`
IsTLS bool `envconfig:"is_tls" default:"false" desc:"should LDAP connection be established via TLS"`
Endpoints []string `envconfig:"endpoints" required:"true" desc:"a LDAP's server URLs as \"<address>:<port>\""`
BindDN string `envconfig:"binddn" desc:"a LDAP bind DN"`
BindPass string `envconfig:"bindpw" json:"-" desc:"a LDAP bind password"`
BaseDN string `envconfig:"basedn" required:"true" desc:"a LDAP base DN for searching users"`
UserSearchQuery string `envconfig:"user_search_query" desc:"the user search query" default:"(&(|(objectClass=organizationalPerson)(objectClass=inetOrgPerson))(|(uid=%[1]s)(mail=%[1]s)(userPrincipalName=%[1]s)(sAMAccountName=%[1]s)))"`
AttrClaims map[string]string `envconfig:"attr_claims" default:"name:name,sn:family_name,givenName:given_name,mail:email" desc:"a mapping of LDAP attributes to OpenID connect claims"`
RoleBaseDN string `envconfig:"role_basedn" required:"true" desc:"a LDAP base DN for searching roles"`
RoleSearchQuery string `envconfig:"role_search_query" desc:"the role search query" default:"(|(&(|(objectClass=group)(objectClass=groupOfNames))(member=%[1]s))(&(objectClass=groupOfUniqueNames)(uniqueMember=%[1]s)))"`
RoleAttr string `envconfig:"role_attr" default:"description" desc:"a LDAP group's attribute that contains a role's name"`
RoleClaim string `envconfig:"role_claim" default:"https://github.com/i-core/werther/claims/roles" desc:"a name of an OpenID Connect claim that contains user roles"`
CacheSize int `envconfig:"cache_size" default:"512" desc:"a user info cache's size in KiB"`
CacheTTL time.Duration `envconfig:"cache_ttl" default:"30m" desc:"a user info cache TTL"`
IsTLS bool `envconfig:"is_tls" default:"false" desc:"should LDAP connection be established via TLS"`
ConnectionTimeout time.Duration `envconfig:"connection_timeout" default:"60s" desc:"LDAP server connection timeout"`
}
// Client is a LDAP client (compatible with Active Directory).
@ -75,11 +76,12 @@ func New(cnf Config) *Client {
return &Client{
Config: cnf,
connector: &ldapConnector{
BaseDN: cnf.BaseDN,
UserSearchQuery: cnf.UserSearchQuery,
RoleBaseDN: cnf.RoleBaseDN,
IsTLS: cnf.IsTLS,
RoleSearchQuery: cnf.RoleSearchQuery,
BaseDN: cnf.BaseDN,
UserSearchQuery: cnf.UserSearchQuery,
RoleBaseDN: cnf.RoleBaseDN,
IsTLS: cnf.IsTLS,
RoleSearchQuery: cnf.RoleSearchQuery,
ConnectionTimeout: cnf.ConnectionTimeout,
},
cache: freecache.NewCache(cnf.CacheSize * 1024),
}
@ -291,15 +293,16 @@ func (cli *Client) findBasicUserDetails(cn conn, username string, attrs []string
}
type ldapConnector struct {
BaseDN string
RoleBaseDN string
IsTLS bool
UserSearchQuery string
RoleSearchQuery string
BaseDN string
RoleBaseDN string
IsTLS bool
UserSearchQuery string
RoleSearchQuery string
ConnectionTimeout time.Duration
}
func (c *ldapConnector) Connect(ctx context.Context, addr string) (conn, error) {
d := net.Dialer{Timeout: ldap.DefaultTimeout}
d := net.Dialer{Timeout: c.ConnectionTimeout}
tcpcn, err := d.DialContext(ctx, "tcp", addr)
if err != nil {
return nil, err