2018-09-11 21:25:24 +00:00
|
|
|
// Copyright (C) 2018 The Syncthing Authors.
|
|
|
|
|
//
|
|
|
|
|
// This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
|
// License, v. 2.0. If a copy of the MPL was not distributed with this file,
|
|
|
|
|
// You can obtain one at https://mozilla.org/MPL/2.0/.
|
|
|
|
|
|
|
|
|
|
package config
|
|
|
|
|
|
|
|
|
|
type LDAPConfiguration struct {
|
2020-03-18 10:44:00 +00:00
|
|
|
Address string `xml:"address,omitempty" json:"address"`
|
2018-09-11 21:25:24 +00:00
|
|
|
BindDN string `xml:"bindDN,omitempty" json:"bindDN"`
|
|
|
|
|
Transport LDAPTransport `xml:"transport,omitempty" json:"transport"`
|
|
|
|
|
InsecureSkipVerify bool `xml:"insecureSkipVerify,omitempty" json:"insecureSkipVerify" default:"false"`
|
lib/api: Add LDAP search filters (fixes #5376) (#6488)
This adds the functionality to run a user search with a filter for LDAP
authentication. The search is done after successful bind, as the binding
user. The typical use case is to limit authentication to users who are
member of a group or under a certain OU. For example, to only match
users in the "Syncthing" group in otherwise default Active Directory
set up for example.com:
<searchBaseDN>CN=Users,DC=example,DC=com</searchBaseDN>
<searchFilter>(&(sAMAccountName=%s)(memberOf=CN=Syncthing,CN=Users,DC=example,DC=com))</searchFilter>
The search filter is an "and" of two criteria (with the ampersand being
XML quoted),
- "(sAMAccountName=%s)" matches the user logging in
- "(memberOf=CN=Syncthing,CN=Users,DC=example,DC=com)" matches members
of the group in question.
Authentication will only proceed if the search filter matches precisely
one user.
2020-04-04 09:33:43 +00:00
|
|
|
SearchBaseDN string `xml:"searchBaseDN,omitempty" json:"searchBaseDN"`
|
|
|
|
|
SearchFilter string `xml:"searchFilter,omitempty" json:"searchFilter"`
|
2018-09-11 21:25:24 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c LDAPConfiguration) Copy() LDAPConfiguration {
|
|
|
|
|
return c
|
|
|
|
|
}
|
