mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-15 11:07:00 +02:00
Code Issues Projects Releases Wiki Activity
6,740 Commits 2,843 Branches 445 Tags 454 MiB
d3a2844a75
Commit Graph

32 Commits

Author SHA1 Message Date
Gobin Sougrakpam
d3dee1375f Adding validation for certificates to be proper x509 PEM encoded (#3016) 2017-07-17 10:49:50 -04:00
Ben Gadbois
f80c851681 Fixing printf (and similar) issues (#2666) 2017-05-01 23:34:10 -04:00
vishalnayak
8b9f3a0b49 use net.JoinHostPort 2017-02-08 18:39:09 -05:00
Jeff Mitchell
c01d394a8d Add support for backup/multiple LDAP URLs. (#2350) 2017-02-08 14:59:24 -08:00
Jeff Mitchell
f56eae5e0d Don't panic when TLS is enabled but the initial dial doesn't return a connection (#2188) 
Related to #2186
 2016-12-15 15:49:30 -05:00
Brian Nuszkowski
4a5ecd5d6c Disallow passwords LDAP binds by default (#2103) 2016-12-01 10:11:40 -08:00
Glenn McAllister
4bb7c96827 Add ldap tls_max_version config (#2060) 2016-11-07 13:43:39 -05:00
Jeff Mitchell
373e42d60c Return warning about ACLing the LDAP configuration endpoint. 
Fixes #1263
 2016-08-08 10:18:36 -04:00
Oren Shomron
005cb3e042 LDAP Auth Backend Overhaul 
--------------------------

Added new configuration option to ldap auth backend - groupfilter.
GroupFilter accepts a Go template which will be used in conjunction with
GroupDN for finding the groups a user is a member of. The template will
be provided with context consisting of UserDN and Username.

Simplified group membership lookup significantly to support multiple use-cases:
  * Enumerating groups via memberOf attribute on user object
  * Previous default behavior of querying groups based on member/memberUid/uniqueMember attributes
  * Custom queries to support nested groups in AD via LDAP_MATCHING_RULE_IN_CHAIN matchind rule

There is now a new configuration option - groupattr - which specifies
how to resolve group membership from the objects returned by the primary groupfilter query.

Additional changes:
  * Clarify documentation for LDAP auth backend.
  * Reworked how default values are set, added tests
  * Removed Dial from LDAP config read. Network should not affect configuration.
 2016-07-22 21:20:05 -04:00
vishalnayak
6977bdd490 Handled upgrade path for TLSMinVersion 2016-07-13 12:42:51 -04:00
vishalnayak
98d5684699 Address review feedback 2016-07-13 11:52:26 -04:00
vishalnayak
150cba24a7 Added tls_min_version to consul storage backend 2016-07-12 20:10:54 -04:00
vishalnayak
ee6ba1e85e Make 'tls_min_version' configurable 2016-07-12 19:32:47 -04:00
vishalnayak
f200a8568b Set minimum TLS version in all tls.Config objects 2016-07-12 17:06:28 -04:00
Jeff Mitchell
aa6a5fa25b Fix potential error scoping issue. 
Ping #1262
 2016-03-30 19:48:23 -04:00
Jeff Mitchell
8926a7c7c7 Check for nil connection back from go-ldap, which apparently can happen even with no error 
Ping #1262
 2016-03-29 10:00:04 -04:00
Jeff Mitchell
73e84b8c38 Address some feedback on ldap escaping help text 2016-02-19 13:47:26 -05:00
Jeff Mitchell
331f57c082 Update LDAP documentation with a note on escaping 2016-02-19 13:16:18 -05:00
Hanno Hecker
ba9b20d275 discover bind dn with anonymous binds 2016-01-27 17:06:27 +01:00
Hanno Hecker
11aee85c0b add binddn/bindpath to search for the users bind DN 2016-01-26 15:56:41 +01:00
Jeff Mitchell
45e32756ea WriteOperation -> UpdateOperation 2016-01-08 13:03:03 -05:00
Bradley Girardeau
cbb6b64ce6 ldap: add ability to login with a userPrincipalName (user@upndomain) 2015-07-14 15:37:46 -07:00
Bradley Girardeau
0ef2eca24f ldap: add starttls support and option to specificy ca certificate 2015-07-02 15:49:51 -07:00
Armon Dadgar
dd9040b85d ldap: fixing merge conflict 2015-06-30 09:40:43 -07:00
esell
dac2cd8c62 change skipsslverify to insecure_tls 2015-06-29 19:23:31 -06:00
Armon Dadgar
de6ce89c39 Fixing merge conflict 2015-06-29 14:50:55 -07:00
esell
11a0b3b6c6 Set SkipSSLVerify default to false, add warning in help message 2015-06-24 13:38:14 -06:00
esell
e3a3fc8ab1 cleanup the code a bit 2015-06-24 10:09:29 -06:00
esell
ee690118b9 allow skipping SSL verification on ldap auth 2015-06-24 10:05:45 -06:00
Giovanni Bajo
f0c2c95909 auth/ldap: implement authorization via LDAP groups 2015-05-09 22:04:20 +02:00
Giovanni Bajo
7f3313c587 Attempt connection to LDAP server at login time. 
Also switch to a LDAP library fork which fixes a panic when
shutting down a connection immediately.
 2015-05-09 22:04:19 +02:00
Giovanni Bajo
230fc30ea2 Initial implementation of the LDAP credential backend 2015-05-09 22:04:19 +02:00