mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-17 20:17:00 +02:00
Code Issues Projects Releases Wiki Activity
10,543 Commits 2,844 Branches 445 Tags 454 MiB
68b40b814c
Commit Graph

145 Commits

Author SHA1 Message Date
Jeff Mitchell
7ce9701800 Properly check for policy equivalency during renewal. 
This introduces a function that compares two string policy sets while
ignoring the presence of "default" (since it's added by core, not the
backend), and ensuring that ordering and/or duplication are not failure
conditions.

Fixes #1256
 2016-03-24 09:41:51 -04:00
leon
8ebacbc563 - updated LDAP group search by iterating through all the attributes and searching for CN value instead of assuming the CN is always the first attribute from the RDN list 2016-03-21 19:44:08 +02:00
leon
df96234ac9 - added another method to search LDAP groups by querying the userDN for memberOf attribute 2016-03-21 16:55:38 +02:00
Jeff Mitchell
7ef904b930 Use better error message on LDAP renew failure 2016-03-07 09:34:16 -05:00
Jeff Mitchell
65494f8268 Merge pull request #1100 from hashicorp/issue-1030 
Properly escape filter values in LDAP filters
 2016-02-19 14:56:40 -05:00
Jeff Mitchell
73e84b8c38 Address some feedback on ldap escaping help text 2016-02-19 13:47:26 -05:00
Jeff Mitchell
a2aad0bbd6 Properly escape filter values. 
Fixes #1030
 2016-02-19 13:16:52 -05:00
Jeff Mitchell
331f57c082 Update LDAP documentation with a note on escaping 2016-02-19 13:16:18 -05:00
Jeff Mitchell
6ef35dcbb7 Add tests to ldap using the discover capability 2016-02-19 11:46:59 -05:00
Jeff Mitchell
7458084e09 Add ldap tests that use a bind dn and bind password 2016-02-19 11:38:27 -05:00
Jeff Mitchell
2eb08d3bde Make backends much more consistent: 
1) Use the new LeaseExtend
2) Use default values controlled by mount tuning/system defaults instead
of a random hard coded value
3) Remove grace periods
 2016-01-29 20:03:37 -05:00
Hanno Hecker
ba9b20d275 discover bind dn with anonymous binds 2016-01-27 17:06:27 +01:00
Hanno Hecker
a702f849bc fix stupid c&p error 2016-01-26 16:15:25 +01:00
Hanno Hecker
11aee85c0b add binddn/bindpath to search for the users bind DN 2016-01-26 15:56:41 +01:00
Jeff Mitchell
45e32756ea WriteOperation -> UpdateOperation 2016-01-08 13:03:03 -05:00
Jeff Mitchell
5c73e779c4 Add StaticSystemView to LDAP acceptance tests 2015-10-06 15:48:10 -04:00
Bradley Girardeau
7b6547abf7 Clean up naming and add documentation 2015-07-30 17:36:40 -07:00
Bradley Girardeau
083226f317 mfa: improve edge cases and documentation 2015-07-27 21:14:00 -07:00
Bradley Girardeau
85a4d740b5 ldap: add mfa support to CLI 2015-07-27 21:14:00 -07:00
Bradley Girardeau
5afc6115c7 ldap: add mfa to LDAP login 2015-07-27 21:14:00 -07:00
Bradley Girardeau
709b91fbd1 ldap: change setting user policies to setting user groups 2015-07-20 11:33:39 -07:00
Bradley Girardeau
7ee2419323 ldap: add ability to set policies based on username as well as groups 2015-07-14 15:46:15 -07:00
Bradley Girardeau
cbb6b64ce6 ldap: add ability to login with a userPrincipalName (user@upndomain) 2015-07-14 15:37:46 -07:00
Bradley Girardeau
0ef2eca24f ldap: add starttls support and option to specificy ca certificate 2015-07-02 15:49:51 -07:00
Armon Dadgar
6a9dc00e57 Remove SetLogger, and unify on framework.Setup 2015-06-30 17:45:20 -07:00
Armon Dadgar
22f543f837 Updating for backend API change 2015-06-30 17:36:12 -07:00
Armon Dadgar
dd9040b85d ldap: fixing merge conflict 2015-06-30 09:40:43 -07:00
esell
dac2cd8c62 change skipsslverify to insecure_tls 2015-06-29 19:23:31 -06:00
Armon Dadgar
de6ce89c39 Fixing merge conflict 2015-06-29 14:50:55 -07:00
esell
11a0b3b6c6 Set SkipSSLVerify default to false, add warning in help message 2015-06-24 13:38:14 -06:00
esell
e3a3fc8ab1 cleanup the code a bit 2015-06-24 10:09:29 -06:00
esell
ee690118b9 allow skipping SSL verification on ldap auth 2015-06-24 10:05:45 -06:00
Armon Dadgar
28dd283c93 builtin: fixing API change in logical framework 2015-06-17 14:34:11 -07:00
Ian Unruh
82bca95537 Allow dot in LDAP login username 2015-05-20 11:54:15 -07:00
Giovanni Bajo
4273247923 auth/ldap: move password into InternalData 2015-05-09 22:06:34 +02:00
Giovanni Bajo
4a9be1fb5f auth/ldap: move username into the path (to allow per-user revokation on the path) 2015-05-09 22:06:28 +02:00
Giovanni Bajo
45a151ef73 auth/ldap: fix pasto 2015-05-09 22:06:22 +02:00
Giovanni Bajo
9e8b045308 auth/ldap: implement login renew 2015-05-09 22:04:20 +02:00
Giovanni Bajo
368df9fac1 auth/ldap: document LDAP server used in tests 2015-05-09 22:04:20 +02:00
Giovanni Bajo
b41328c72d auth/ldap: add acceptance tests 2015-05-09 22:04:20 +02:00
Giovanni Bajo
16d1d052f0 auth/ldap: add support for groups with unique members 2015-05-09 22:04:20 +02:00
Giovanni Bajo
f0c2c95909 auth/ldap: implement authorization via LDAP groups 2015-05-09 22:04:20 +02:00
Giovanni Bajo
ab269aef60 auth/ldap: add configuration path for groups 2015-05-09 22:04:20 +02:00
Giovanni Bajo
7f3313c587 Attempt connection to LDAP server at login time. 
Also switch to a LDAP library fork which fixes a panic when
shutting down a connection immediately.
 2015-05-09 22:04:19 +02:00
Giovanni Bajo
230fc30ea2 Initial implementation of the LDAP credential backend 2015-05-09 22:04:19 +02:00