mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-20 06:01:10 +02:00
Code Issues Projects Releases Wiki Activity
4,663 Commits 2,844 Branches 445 Tags
Commit Graph

32 Commits

Author SHA1 Message Date
Jeff Mitchell
68345eb770 Convert to logxi 2016-08-21 18:13:37 -04:00
Jeff Mitchell
d466462b8d Fix re-specification of filter 2016-07-25 09:08:29 -04:00
Oren Shomron
005cb3e042 LDAP Auth Backend Overhaul 
--------------------------

Added new configuration option to ldap auth backend - groupfilter.
GroupFilter accepts a Go template which will be used in conjunction with
GroupDN for finding the groups a user is a member of. The template will
be provided with context consisting of UserDN and Username.

Simplified group membership lookup significantly to support multiple use-cases:
  * Enumerating groups via memberOf attribute on user object
  * Previous default behavior of querying groups based on member/memberUid/uniqueMember attributes
  * Custom queries to support nested groups in AD via LDAP_MATCHING_RULE_IN_CHAIN matchind rule

There is now a new configuration option - groupattr - which specifies
how to resolve group membership from the objects returned by the primary groupfilter query.

Additional changes:
  * Clarify documentation for LDAP auth backend.
  * Reworked how default values are set, added tests
  * Removed Dial from LDAP config read. Network should not affect configuration.
 2016-07-22 21:20:05 -04:00
vishalnayak
cfe0aa860e Backend() functions should return 'backend' objects. 
If they return pointers to 'framework.Backend' objects, the receiver functions can't be tested.
 2016-06-10 15:53:02 -04:00
Jeff Mitchell
74a1e3bd61 Remove most Root paths 2016-05-31 23:42:54 +00:00
Jeff Mitchell
0b7e8cf1c8 Merge pull request #1245 from LeonDaniel/master 
Improved groups search for LDAP login
 2016-05-19 12:13:29 -04:00
Oren Shomron
24ae32f10d Support listing ldap group to policy mappings (Fixes #1270) 2016-05-14 20:00:40 -04:00
leon
7caa667fef - updated refactored functions in ldap backend to return error instead of ldap response and fixed interrupted search in ldap groups search func 2016-04-27 18:17:54 +03:00
leon
df7723bb38 - refactored functionality in separate functions in ldap backend and used a separate ldap query to get ldap groups from userDN 2016-04-27 15:00:26 +03:00
leon
2d31a064f3 - fixed merge with upstream master 2016-04-26 13:23:43 +03:00
leon
ea2efb6531 Merge remote-tracking branch 'upstream/master' 
Conflicts:
	builtin/credential/ldap/backend.go
 2016-04-26 13:16:42 +03:00
Jeff Mitchell
f5f9c098b7 Some fixups around error/warning in LDAP 2016-04-02 13:33:00 -04:00
Jeff Mitchell
aca4e79ac6 If no group DN is configured, still look for policies on local users and 
return a warning, rather than just trying to do an LDAP search on an
empty string.
 2016-04-02 13:11:36 -04:00
Jeff Mitchell
8926a7c7c7 Check for nil connection back from go-ldap, which apparently can happen even with no error 
Ping #1262
 2016-03-29 10:00:04 -04:00
leon
8ebacbc563 - updated LDAP group search by iterating through all the attributes and searching for CN value instead of assuming the CN is always the first attribute from the RDN list 2016-03-21 19:44:08 +02:00
leon
df96234ac9 - added another method to search LDAP groups by querying the userDN for memberOf attribute 2016-03-21 16:55:38 +02:00
Jeff Mitchell
a2aad0bbd6 Properly escape filter values. 
Fixes #1030
 2016-02-19 13:16:52 -05:00
Hanno Hecker
ba9b20d275 discover bind dn with anonymous binds 2016-01-27 17:06:27 +01:00
Hanno Hecker
a702f849bc fix stupid c&p error 2016-01-26 16:15:25 +01:00
Hanno Hecker
11aee85c0b add binddn/bindpath to search for the users bind DN 2016-01-26 15:56:41 +01:00
Bradley Girardeau
7b6547abf7 Clean up naming and add documentation 2015-07-30 17:36:40 -07:00
Bradley Girardeau
5afc6115c7 ldap: add mfa to LDAP login 2015-07-27 21:14:00 -07:00
Bradley Girardeau
709b91fbd1 ldap: change setting user policies to setting user groups 2015-07-20 11:33:39 -07:00
Bradley Girardeau
7ee2419323 ldap: add ability to set policies based on username as well as groups 2015-07-14 15:46:15 -07:00
Bradley Girardeau
cbb6b64ce6 ldap: add ability to login with a userPrincipalName (user@upndomain) 2015-07-14 15:37:46 -07:00
Armon Dadgar
6a9dc00e57 Remove SetLogger, and unify on framework.Setup 2015-06-30 17:45:20 -07:00
Armon Dadgar
22f543f837 Updating for backend API change 2015-06-30 17:36:12 -07:00
Armon Dadgar
de6ce89c39 Fixing merge conflict 2015-06-29 14:50:55 -07:00
Giovanni Bajo
4a9be1fb5f auth/ldap: move username into the path (to allow per-user revokation on the path) 2015-05-09 22:06:28 +02:00
Giovanni Bajo
9e8b045308 auth/ldap: implement login renew 2015-05-09 22:04:20 +02:00
Giovanni Bajo
ab269aef60 auth/ldap: add configuration path for groups 2015-05-09 22:04:20 +02:00
Giovanni Bajo
230fc30ea2 Initial implementation of the LDAP credential backend 2015-05-09 22:04:19 +02:00