mirror of
https://github.com/octoleo/syncthing.git
synced 2024-12-23 03:18:59 +00:00
48f9d323fa
This adds the functionality to run a user search with a filter for LDAP authentication. The search is done after successful bind, as the binding user. The typical use case is to limit authentication to users who are member of a group or under a certain OU. For example, to only match users in the "Syncthing" group in otherwise default Active Directory set up for example.com: <searchBaseDN>CN=Users,DC=example,DC=com</searchBaseDN> <searchFilter>(&(sAMAccountName=%s)(memberOf=CN=Syncthing,CN=Users,DC=example,DC=com))</searchFilter> The search filter is an "and" of two criteria (with the ampersand being XML quoted), - "(sAMAccountName=%s)" matches the user logging in - "(memberOf=CN=Syncthing,CN=Users,DC=example,DC=com)" matches members of the group in question. Authentication will only proceed if the search filter matches precisely one user.
21 lines
879 B
Go
21 lines
879 B
Go
// Copyright (C) 2018 The Syncthing Authors.
|
|
//
|
|
// This Source Code Form is subject to the terms of the Mozilla Public
|
|
// License, v. 2.0. If a copy of the MPL was not distributed with this file,
|
|
// You can obtain one at https://mozilla.org/MPL/2.0/.
|
|
|
|
package config
|
|
|
|
type LDAPConfiguration struct {
|
|
Address string `xml:"address,omitempty" json:"address"`
|
|
BindDN string `xml:"bindDN,omitempty" json:"bindDN"`
|
|
Transport LDAPTransport `xml:"transport,omitempty" json:"transport"`
|
|
InsecureSkipVerify bool `xml:"insecureSkipVerify,omitempty" json:"insecureSkipVerify" default:"false"`
|
|
SearchBaseDN string `xml:"searchBaseDN,omitempty" json:"searchBaseDN"`
|
|
SearchFilter string `xml:"searchFilter,omitempty" json:"searchFilter"`
|
|
}
|
|
|
|
func (c LDAPConfiguration) Copy() LDAPConfiguration {
|
|
return c
|
|
}
|