mirror of
https://github.com/opencloud-eu/opencloud.git
synced 2026-03-30 21:32:11 -04:00
Allow configuration of substring search for searching sharees
This introduces new settings for the users and groups services. "group_substring_filter_type" for the group services and "user_substring_filter_type" for the users service. They allow to set the type of LDAP filter that is used for substring user searches. Possible values are: "initial", "final" and "any" to do either prefix, suffix or full substring searches. Fixes #547
This commit is contained in:
Ralf Haferkamp
committed by
Ralf Haferkamp
Ralf Haferkamp
parent
41cfd6cb23
commit
6d47ee16c9
@@ -66,22 +66,23 @@ type Drivers struct {
|
||||
}
|
||||
|
||||
type LDAPDriver struct {
|
||||
URI string `yaml:"uri" env:"LDAP_URI;GROUPS_LDAP_URI" desc:"URI of the LDAP Server to connect to. Supported URI schemes are 'ldaps://' and 'ldap://'"`
|
||||
CACert string `yaml:"ca_cert" env:"LDAP_CACERT;GROUPS_LDAP_CACERT" desc:"Path to a CA certificate file for validating the LDAP server's TLS certificate. If empty the system default CA bundle will be used."`
|
||||
Insecure bool `yaml:"insecure" env:"LDAP_INSECURE;GROUPS_LDAP_INSECURE" desc:"Disable TLS certificate validation for the LDAP connections. Do not set this in production environments."`
|
||||
BindDN string `yaml:"bind_dn" env:"LDAP_BIND_DN;GROUPS_LDAP_BIND_DN" desc:"LDAP DN to use for simple bind authentication with the target LDAP server."`
|
||||
BindPassword string `yaml:"bind_password" env:"LDAP_BIND_PASSWORD;GROUPS_LDAP_BIND_PASSWORD" desc:"Password to use for authenticating the 'bind_dn'."`
|
||||
UserBaseDN string `yaml:"user_base_dn" env:"LDAP_USER_BASE_DN;GROUPS_LDAP_USER_BASE_DN" desc:"Search base DN for looking up LDAP users."`
|
||||
GroupBaseDN string `yaml:"group_base_dn" env:"LDAP_GROUP_BASE_DN;GROUPS_LDAP_GROUP_BASE_DN" desc:"Search base DN for looking up LDAP groups."`
|
||||
UserScope string `yaml:"user_scope" env:"LDAP_USER_SCOPE;GROUPS_LDAP_USER_SCOPE" desc:"LDAP search scope to use when looking up users. Supported scopes are 'base', 'one' and 'sub'."`
|
||||
GroupScope string `yaml:"group_scope" env:"LDAP_GROUP_SCOPE;GROUPS_LDAP_GROUP_SCOPE" desc:"LDAP search scope to use when looking up groups. Supported scopes are 'base', 'one' and 'sub'."`
|
||||
UserFilter string `yaml:"user_filter" env:"LDAP_USER_FILTER;GROUPS_LDAP_USER_FILTER" desc:"LDAP filter to add to the default filters for user search like '(objectclass=ownCloud)'."`
|
||||
GroupFilter string `yaml:"group_filter" env:"LDAP_GROUP_FILTER;GROUPS_LDAP_GROUP_FILTER" desc:"LDAP filter to add to the default filters for group searches."`
|
||||
UserObjectClass string `yaml:"user_object_class" env:"LDAP_USER_OBJECTCLASS;GROUPS_LDAP_USER_OBJECTCLASS" desc:"The object class to use for users in the default user search filter ('inetOrgPerson')."`
|
||||
GroupObjectClass string `yaml:"group_object_class" env:"LDAP_GROUP_OBJECTCLASS;GROUPS_LDAP_GROUP_OBJECTCLASS" desc:"The object class to use for groups in the default group search filter ('groupOfNames')."`
|
||||
IDP string `yaml:"idp" env:"OCIS_URL;OCIS_OIDC_ISSUER;GROUPS_IDP_URL" desc:"The identity provider value to set in the group IDs of the CS3 group objects for groups returned by this group provider."`
|
||||
UserSchema LDAPUserSchema `yaml:"user_schema"`
|
||||
GroupSchema LDAPGroupSchema `yaml:"group_schema"`
|
||||
URI string `yaml:"uri" env:"LDAP_URI;GROUPS_LDAP_URI" desc:"URI of the LDAP Server to connect to. Supported URI schemes are 'ldaps://' and 'ldap://'"`
|
||||
CACert string `yaml:"ca_cert" env:"LDAP_CACERT;GROUPS_LDAP_CACERT" desc:"Path to a CA certificate file for validating the LDAP server's TLS certificate. If empty, the system default CA bundle will be used."`
|
||||
Insecure bool `yaml:"insecure" env:"LDAP_INSECURE;GROUPS_LDAP_INSECURE" desc:"Disable TLS certificate validation for the LDAP connections. Do not set this in production environments."`
|
||||
BindDN string `yaml:"bind_dn" env:"LDAP_BIND_DN;GROUPS_LDAP_BIND_DN" desc:"LDAP DN to use for simple bind authentication with the target LDAP server."`
|
||||
BindPassword string `yaml:"bind_password" env:"LDAP_BIND_PASSWORD;GROUPS_LDAP_BIND_PASSWORD" desc:"Password to use for authenticating the 'bind_dn'."`
|
||||
UserBaseDN string `yaml:"user_base_dn" env:"LDAP_USER_BASE_DN;GROUPS_LDAP_USER_BASE_DN" desc:"Search base DN for looking up LDAP users."`
|
||||
GroupBaseDN string `yaml:"group_base_dn" env:"LDAP_GROUP_BASE_DN;GROUPS_LDAP_GROUP_BASE_DN" desc:"Search base DN for looking up LDAP groups."`
|
||||
UserScope string `yaml:"user_scope" env:"LDAP_USER_SCOPE;GROUPS_LDAP_USER_SCOPE" desc:"LDAP search scope to use when looking up users. Supported scopes are 'base', 'one' and 'sub'."`
|
||||
GroupScope string `yaml:"group_scope" env:"LDAP_GROUP_SCOPE;GROUPS_LDAP_GROUP_SCOPE" desc:"LDAP search scope to use when looking up groups. Supported scopes are 'base', 'one' and 'sub'."`
|
||||
GroupSubstringFilterType string `yaml:"group_substring_filter_type" env:"LDAP_GROUP_SUBSTRING_FILTER_TYPE;GROUP_LDAP_GROUP_SUBSTRING_FILTER_TYPE" desc:"Type of substring search filter to use for substring searches for groups. Possible values: 'initial' for doing prefix only searches, 'final' for doing suffix only searches or 'any' for doing full substring searches"`
|
||||
UserFilter string `yaml:"user_filter" env:"LDAP_USER_FILTER;GROUPS_LDAP_USER_FILTER" desc:"LDAP filter to add to the default filters for user search like '(objectclass=ownCloud)'."`
|
||||
GroupFilter string `yaml:"group_filter" env:"LDAP_GROUP_FILTER;GROUPS_LDAP_GROUP_FILTER" desc:"LDAP filter to add to the default filters for group searches."`
|
||||
UserObjectClass string `yaml:"user_object_class" env:"LDAP_USER_OBJECTCLASS;GROUPS_LDAP_USER_OBJECTCLASS" desc:"The object class to use for users in the default user search filter ('inetOrgPerson')."`
|
||||
GroupObjectClass string `yaml:"group_object_class" env:"LDAP_GROUP_OBJECTCLASS;GROUPS_LDAP_GROUP_OBJECTCLASS" desc:"The object class to use for groups in the default group search filter ('groupOfNames')."`
|
||||
IDP string `yaml:"idp" env:"OCIS_URL;OCIS_OIDC_ISSUER;GROUPS_IDP_URL" desc:"The identity provider value to set in the group IDs of the CS3 group objects for groups returned by this group provider."`
|
||||
UserSchema LDAPUserSchema `yaml:"user_schema"`
|
||||
GroupSchema LDAPGroupSchema `yaml:"group_schema"`
|
||||
}
|
||||
|
||||
type LDAPUserSchema struct {
|
||||
|
||||
@@ -36,19 +36,20 @@ func DefaultConfig() *config.Config {
|
||||
Driver: "ldap",
|
||||
Drivers: config.Drivers{
|
||||
LDAP: config.LDAPDriver{
|
||||
URI: "ldaps://localhost:9235",
|
||||
CACert: filepath.Join(defaults.BaseDataPath(), "idm", "ldap.crt"),
|
||||
Insecure: false,
|
||||
UserBaseDN: "ou=users,o=libregraph-idm",
|
||||
GroupBaseDN: "ou=groups,o=libregraph-idm",
|
||||
UserScope: "sub",
|
||||
GroupScope: "sub",
|
||||
UserFilter: "",
|
||||
GroupFilter: "",
|
||||
UserObjectClass: "inetOrgPerson",
|
||||
GroupObjectClass: "groupOfNames",
|
||||
BindDN: "uid=reva,ou=sysusers,o=libregraph-idm",
|
||||
IDP: "https://localhost:9200",
|
||||
URI: "ldaps://localhost:9235",
|
||||
CACert: filepath.Join(defaults.BaseDataPath(), "idm", "ldap.crt"),
|
||||
Insecure: false,
|
||||
UserBaseDN: "ou=users,o=libregraph-idm",
|
||||
GroupBaseDN: "ou=groups,o=libregraph-idm",
|
||||
UserScope: "sub",
|
||||
GroupScope: "sub",
|
||||
GroupSubstringFilterType: "initial",
|
||||
UserFilter: "",
|
||||
GroupFilter: "",
|
||||
UserObjectClass: "inetOrgPerson",
|
||||
GroupObjectClass: "groupOfNames",
|
||||
BindDN: "uid=reva,ou=sysusers,o=libregraph-idm",
|
||||
IDP: "https://localhost:9200",
|
||||
UserSchema: config.LDAPUserSchema{
|
||||
ID: "ownclouduuid",
|
||||
Mail: "mail",
|
||||
|
||||
@@ -50,20 +50,21 @@ func GroupsConfigFromStruct(cfg *config.Config) map[string]interface{} {
|
||||
|
||||
func ldapConfigFromString(cfg config.LDAPDriver) map[string]interface{} {
|
||||
return map[string]interface{}{
|
||||
"uri": cfg.URI,
|
||||
"cacert": cfg.CACert,
|
||||
"insecure": cfg.Insecure,
|
||||
"bind_username": cfg.BindDN,
|
||||
"bind_password": cfg.BindPassword,
|
||||
"user_base_dn": cfg.UserBaseDN,
|
||||
"group_base_dn": cfg.GroupBaseDN,
|
||||
"user_scope": cfg.UserScope,
|
||||
"group_scope": cfg.GroupScope,
|
||||
"user_filter": cfg.UserFilter,
|
||||
"group_filter": cfg.GroupFilter,
|
||||
"user_objectclass": cfg.UserObjectClass,
|
||||
"group_objectclass": cfg.GroupObjectClass,
|
||||
"idp": cfg.IDP,
|
||||
"uri": cfg.URI,
|
||||
"cacert": cfg.CACert,
|
||||
"insecure": cfg.Insecure,
|
||||
"bind_username": cfg.BindDN,
|
||||
"bind_password": cfg.BindPassword,
|
||||
"user_base_dn": cfg.UserBaseDN,
|
||||
"group_base_dn": cfg.GroupBaseDN,
|
||||
"user_scope": cfg.UserScope,
|
||||
"group_scope": cfg.GroupScope,
|
||||
"group_substring_filter_type": cfg.GroupSubstringFilterType,
|
||||
"user_filter": cfg.UserFilter,
|
||||
"group_filter": cfg.GroupFilter,
|
||||
"user_objectclass": cfg.UserObjectClass,
|
||||
"group_objectclass": cfg.GroupObjectClass,
|
||||
"idp": cfg.IDP,
|
||||
"user_schema": map[string]interface{}{
|
||||
"id": cfg.UserSchema.ID,
|
||||
"idIsOctetString": cfg.UserSchema.IDIsOctetString,
|
||||
|
||||
@@ -69,22 +69,23 @@ type JSONDriver struct {
|
||||
File string `yaml:"file"`
|
||||
}
|
||||
type LDAPDriver struct {
|
||||
URI string `yaml:"uri" env:"LDAP_URI;USERS_LDAP_URI" desc:"URI of the LDAP Server to connect to. Supported URI schemes are 'ldaps://' and 'ldap://'"`
|
||||
CACert string `yaml:"ca_cert" env:"LDAP_CACERT;USERS_LDAP_CACERT" desc:"Path to a CA certificate file for validating the LDAP server's TLS certificate. If empty the system default CA bundle will be used."`
|
||||
Insecure bool `yaml:"insecure" env:"LDAP_INSECURE;USERS_LDAP_INSECURE" desc:"Disable TLS certificate validation for the LDAP connections. Do not set this in production environments."`
|
||||
BindDN string `yaml:"bind_dn" env:"LDAP_BIND_DN;USERS_LDAP_BIND_DN" desc:"LDAP DN to use for simple bind authentication with the target LDAP server."`
|
||||
BindPassword string `yaml:"bind_password" env:"LDAP_BIND_PASSWORD;USERS_LDAP_BIND_PASSWORD" desc:"Password to use for authenticating the 'bind_dn'."`
|
||||
UserBaseDN string `yaml:"user_base_dn" env:"LDAP_USER_BASE_DN;USERS_LDAP_USER_BASE_DN" desc:"Search base DN for looking up LDAP users."`
|
||||
GroupBaseDN string `yaml:"group_base_dn" env:"LDAP_GROUP_BASE_DN;USERS_LDAP_GROUP_BASE_DN" desc:"Search base DN for looking up LDAP groups."`
|
||||
UserScope string `yaml:"user_scope" env:"LDAP_USER_SCOPE;USERS_LDAP_USER_SCOPE" desc:"LDAP search scope to use when looking up users. Supported values are 'base', 'one' and 'sub'."`
|
||||
GroupScope string `yaml:"group_scope" env:"LDAP_GROUP_SCOPE;USERS_LDAP_GROUP_SCOPE" desc:"LDAP search scope to use when looking up groups. Supported values are 'base', 'one' and 'sub'."`
|
||||
UserFilter string `yaml:"user_filter" env:"LDAP_USER_FILTER;USERS_LDAP_USER_FILTER" desc:"LDAP filter to add to the default filters for user search like '(objectclass=ownCloud)'."`
|
||||
GroupFilter string `yaml:"group_filter" env:"LDAP_GROUP_FILTER;USERS_LDAP_GROUP_FILTER" desc:"LDAP filter to add to the default filters for group searches."`
|
||||
UserObjectClass string `yaml:"user_object_class" env:"LDAP_USER_OBJECTCLASS;USERS_LDAP_USER_OBJECTCLASS" desc:"The object class to use for users in the default user search filter like 'inetOrgPerson'."`
|
||||
GroupObjectClass string `yaml:"group_object_class" env:"LDAP_GROUP_OBJECTCLASS;USERS_LDAP_GROUP_OBJECTCLASS" desc:"The object class to use for groups in the default group search filter like 'groupOfNames'. "`
|
||||
IDP string `yaml:"idp" env:"OCIS_URL;OCIS_OIDC_ISSUER;USERS_IDP_URL" desc:"The identity provider value to set in the userids of the CS3 user objects for users returned by this user provider."`
|
||||
UserSchema LDAPUserSchema `yaml:"user_schema"`
|
||||
GroupSchema LDAPGroupSchema `yaml:"group_schema"`
|
||||
URI string `yaml:"uri" env:"LDAP_URI;USERS_LDAP_URI" desc:"URI of the LDAP Server to connect to. Supported URI schemes are 'ldaps://' and 'ldap://'"`
|
||||
CACert string `yaml:"ca_cert" env:"LDAP_CACERT;USERS_LDAP_CACERT" desc:"Path to a CA certificate file for validating the LDAP server's TLS certificate. If empty, the system default CA bundle will be used."`
|
||||
Insecure bool `yaml:"insecure" env:"LDAP_INSECURE;USERS_LDAP_INSECURE" desc:"Disable TLS certificate validation for the LDAP connections. Do not set this in production environments."`
|
||||
BindDN string `yaml:"bind_dn" env:"LDAP_BIND_DN;USERS_LDAP_BIND_DN" desc:"LDAP DN to use for simple bind authentication with the target LDAP server."`
|
||||
BindPassword string `yaml:"bind_password" env:"LDAP_BIND_PASSWORD;USERS_LDAP_BIND_PASSWORD" desc:"Password to use for authenticating the 'bind_dn'."`
|
||||
UserBaseDN string `yaml:"user_base_dn" env:"LDAP_USER_BASE_DN;USERS_LDAP_USER_BASE_DN" desc:"Search base DN for looking up LDAP users."`
|
||||
GroupBaseDN string `yaml:"group_base_dn" env:"LDAP_GROUP_BASE_DN;USERS_LDAP_GROUP_BASE_DN" desc:"Search base DN for looking up LDAP groups."`
|
||||
UserScope string `yaml:"user_scope" env:"LDAP_USER_SCOPE;USERS_LDAP_USER_SCOPE" desc:"LDAP search scope to use when looking up users. Supported values are 'base', 'one' and 'sub'."`
|
||||
GroupScope string `yaml:"group_scope" env:"LDAP_GROUP_SCOPE;USERS_LDAP_GROUP_SCOPE" desc:"LDAP search scope to use when looking up groups. Supported values are 'base', 'one' and 'sub'."`
|
||||
UserSubstringFilterType string `yaml:"user_substring_filter_type" env:"LDAP_USER_SUBSTRING_FILTER_TYPE;USERS_LDAP_USER_SUBSTRING_FILTER_TYPE" desc:"Type of substring search filter to use for substring searches for users. Possible values: 'initial' for doing prefix only searches, 'final' for doing suffix only searches or 'any' for doing full substring searches"`
|
||||
UserFilter string `yaml:"user_filter" env:"LDAP_USER_FILTER;USERS_LDAP_USER_FILTER" desc:"LDAP filter to add to the default filters for user search like '(objectclass=ownCloud)'."`
|
||||
GroupFilter string `yaml:"group_filter" env:"LDAP_GROUP_FILTER;USERS_LDAP_GROUP_FILTER" desc:"LDAP filter to add to the default filters for group searches."`
|
||||
UserObjectClass string `yaml:"user_object_class" env:"LDAP_USER_OBJECTCLASS;USERS_LDAP_USER_OBJECTCLASS" desc:"The object class to use for users in the default user search filter like 'inetOrgPerson'."`
|
||||
GroupObjectClass string `yaml:"group_object_class" env:"LDAP_GROUP_OBJECTCLASS;USERS_LDAP_GROUP_OBJECTCLASS" desc:"The object class to use for groups in the default group search filter like 'groupOfNames'. "`
|
||||
IDP string `yaml:"idp" env:"OCIS_URL;OCIS_OIDC_ISSUER;USERS_IDP_URL" desc:"The identity provider value to set in the userids of the CS3 user objects for users returned by this user provider."`
|
||||
UserSchema LDAPUserSchema `yaml:"user_schema"`
|
||||
GroupSchema LDAPGroupSchema `yaml:"group_schema"`
|
||||
}
|
||||
|
||||
type LDAPUserSchema struct {
|
||||
|
||||
@@ -36,19 +36,20 @@ func DefaultConfig() *config.Config {
|
||||
Driver: "ldap",
|
||||
Drivers: config.Drivers{
|
||||
LDAP: config.LDAPDriver{
|
||||
URI: "ldaps://localhost:9235",
|
||||
CACert: filepath.Join(defaults.BaseDataPath(), "idm", "ldap.crt"),
|
||||
Insecure: false,
|
||||
UserBaseDN: "ou=users,o=libregraph-idm",
|
||||
GroupBaseDN: "ou=groups,o=libregraph-idm",
|
||||
UserScope: "sub",
|
||||
GroupScope: "sub",
|
||||
UserFilter: "",
|
||||
GroupFilter: "",
|
||||
UserObjectClass: "inetOrgPerson",
|
||||
GroupObjectClass: "groupOfNames",
|
||||
BindDN: "uid=reva,ou=sysusers,o=libregraph-idm",
|
||||
IDP: "https://localhost:9200",
|
||||
URI: "ldaps://localhost:9235",
|
||||
CACert: filepath.Join(defaults.BaseDataPath(), "idm", "ldap.crt"),
|
||||
Insecure: false,
|
||||
UserBaseDN: "ou=users,o=libregraph-idm",
|
||||
GroupBaseDN: "ou=groups,o=libregraph-idm",
|
||||
UserScope: "sub",
|
||||
GroupScope: "sub",
|
||||
UserSubstringFilterType: "initial",
|
||||
UserFilter: "",
|
||||
GroupFilter: "",
|
||||
UserObjectClass: "inetOrgPerson",
|
||||
GroupObjectClass: "groupOfNames",
|
||||
BindDN: "uid=reva,ou=sysusers,o=libregraph-idm",
|
||||
IDP: "https://localhost:9200",
|
||||
UserSchema: config.LDAPUserSchema{
|
||||
ID: "ownclouduuid",
|
||||
Mail: "mail",
|
||||
|
||||
@@ -52,20 +52,21 @@ func UsersConfigFromStruct(cfg *config.Config) map[string]interface{} {
|
||||
|
||||
func ldapConfigFromString(cfg config.LDAPDriver) map[string]interface{} {
|
||||
return map[string]interface{}{
|
||||
"uri": cfg.URI,
|
||||
"cacert": cfg.CACert,
|
||||
"insecure": cfg.Insecure,
|
||||
"bind_username": cfg.BindDN,
|
||||
"bind_password": cfg.BindPassword,
|
||||
"user_base_dn": cfg.UserBaseDN,
|
||||
"group_base_dn": cfg.GroupBaseDN,
|
||||
"user_scope": cfg.UserScope,
|
||||
"group_scope": cfg.GroupScope,
|
||||
"user_filter": cfg.UserFilter,
|
||||
"group_filter": cfg.GroupFilter,
|
||||
"user_objectclass": cfg.UserObjectClass,
|
||||
"group_objectclass": cfg.GroupObjectClass,
|
||||
"idp": cfg.IDP,
|
||||
"uri": cfg.URI,
|
||||
"cacert": cfg.CACert,
|
||||
"insecure": cfg.Insecure,
|
||||
"bind_username": cfg.BindDN,
|
||||
"bind_password": cfg.BindPassword,
|
||||
"user_base_dn": cfg.UserBaseDN,
|
||||
"group_base_dn": cfg.GroupBaseDN,
|
||||
"user_scope": cfg.UserScope,
|
||||
"group_scope": cfg.GroupScope,
|
||||
"user_substring_filter_type": cfg.UserSubstringFilterType,
|
||||
"user_filter": cfg.UserFilter,
|
||||
"group_filter": cfg.GroupFilter,
|
||||
"user_objectclass": cfg.UserObjectClass,
|
||||
"group_objectclass": cfg.GroupObjectClass,
|
||||
"idp": cfg.IDP,
|
||||
"user_schema": map[string]interface{}{
|
||||
"id": cfg.UserSchema.ID,
|
||||
"idIsOctetString": cfg.UserSchema.IDIsOctetString,
|
||||
|
||||
Reference in New Issue
Block a user