2019-04-25 04:52:08 +07:00
package schema
2020-04-21 04:03:38 +07:00
// LDAPAuthenticationBackendConfiguration represents the configuration related to LDAP server.
2019-04-25 04:52:08 +07:00
type LDAPAuthenticationBackendConfiguration struct {
2021-01-04 17:28:55 +07:00
Implementation string ` mapstructure:"implementation" `
URL string ` mapstructure:"url" `
BaseDN string ` mapstructure:"base_dn" `
AdditionalUsersDN string ` mapstructure:"additional_users_dn" `
UsersFilter string ` mapstructure:"users_filter" `
AdditionalGroupsDN string ` mapstructure:"additional_groups_dn" `
GroupsFilter string ` mapstructure:"groups_filter" `
GroupNameAttribute string ` mapstructure:"group_name_attribute" `
UsernameAttribute string ` mapstructure:"username_attribute" `
MailAttribute string ` mapstructure:"mail_attribute" `
DisplayNameAttribute string ` mapstructure:"display_name_attribute" `
User string ` mapstructure:"user" `
Password string ` mapstructure:"password" `
StartTLS bool ` mapstructure:"start_tls" `
TLS * TLSConfig ` mapstructure:"tls" `
SkipVerify * bool ` mapstructure:"skip_verify" ` // Deprecated: Replaced with LDAPAuthenticationBackendConfiguration.TLS.SkipVerify. TODO: Remove in 4.28.
MinimumTLSVersion string ` mapstructure:"minimum_tls_version" ` // Deprecated: Replaced with LDAPAuthenticationBackendConfiguration.TLS.MinimumVersion. TODO: Remove in 4.28.
2019-04-25 04:52:08 +07:00
}
2020-04-21 04:03:38 +07:00
// FileAuthenticationBackendConfiguration represents the configuration related to file-based backend.
2019-04-25 04:52:08 +07:00
type FileAuthenticationBackendConfiguration struct {
2020-04-11 10:54:18 +07:00
Path string ` mapstructure:"path" `
Password * PasswordConfiguration ` mapstructure:"password" `
2020-03-06 08:38:02 +07:00
}
2020-04-21 04:03:38 +07:00
// PasswordConfiguration represents the configuration related to password hashing.
2020-04-11 10:54:18 +07:00
type PasswordConfiguration struct {
2020-03-06 08:38:02 +07:00
Iterations int ` mapstructure:"iterations" `
KeyLength int ` mapstructure:"key_length" `
SaltLength int ` mapstructure:"salt_length" `
Algorithm string ` mapstrucutre:"algorithm" `
Memory int ` mapstructure:"memory" `
Parallelism int ` mapstructure:"parallelism" `
}
2020-05-05 02:39:25 +07:00
// AuthenticationBackendConfiguration represents the configuration related to the authentication backend.
type AuthenticationBackendConfiguration struct {
DisableResetPassword bool ` mapstructure:"disable_reset_password" `
RefreshInterval string ` mapstructure:"refresh_interval" `
Ldap * LDAPAuthenticationBackendConfiguration ` mapstructure:"ldap" `
File * FileAuthenticationBackendConfiguration ` mapstructure:"file" `
}
2020-04-21 04:03:38 +07:00
// DefaultPasswordConfiguration represents the default configuration related to Argon2id hashing.
2020-04-11 10:54:18 +07:00
var DefaultPasswordConfiguration = PasswordConfiguration {
2020-03-06 08:38:02 +07:00
Iterations : 1 ,
KeyLength : 32 ,
SaltLength : 16 ,
2020-05-06 07:52:06 +07:00
Algorithm : argon2id ,
2021-03-03 16:19:28 +07:00
Memory : 64 ,
2020-03-06 08:38:02 +07:00
Parallelism : 8 ,
}
2020-04-21 04:03:38 +07:00
// DefaultCIPasswordConfiguration represents the default configuration related to Argon2id hashing for CI.
2020-04-11 10:54:18 +07:00
var DefaultCIPasswordConfiguration = PasswordConfiguration {
2020-03-06 08:38:02 +07:00
Iterations : 1 ,
KeyLength : 32 ,
SaltLength : 16 ,
2020-05-06 07:52:06 +07:00
Algorithm : argon2id ,
2021-03-03 16:19:28 +07:00
Memory : 64 ,
2020-03-06 08:38:02 +07:00
Parallelism : 8 ,
}
2020-04-21 04:03:38 +07:00
// DefaultPasswordSHA512Configuration represents the default configuration related to SHA512 hashing.
2020-04-11 10:54:18 +07:00
var DefaultPasswordSHA512Configuration = PasswordConfiguration {
2020-03-06 08:38:02 +07:00
Iterations : 50000 ,
SaltLength : 16 ,
Algorithm : "sha512" ,
2019-04-25 04:52:08 +07:00
}
2020-05-05 02:39:25 +07:00
// DefaultLDAPAuthenticationBackendConfiguration represents the default LDAP config.
var DefaultLDAPAuthenticationBackendConfiguration = LDAPAuthenticationBackendConfiguration {
2020-11-27 16:59:22 +07:00
Implementation : LDAPImplementationCustom ,
UsernameAttribute : "uid" ,
2020-06-19 17:50:21 +07:00
MailAttribute : "mail" ,
DisplayNameAttribute : "displayname" ,
GroupNameAttribute : "cn" ,
2021-01-04 17:28:55 +07:00
TLS : & TLSConfig {
MinimumVersion : "TLS1.2" ,
} ,
2019-04-25 04:52:08 +07:00
}
2020-11-27 16:59:22 +07:00
// DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration represents the default LDAP config for the MSAD Implementation.
var DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration = LDAPAuthenticationBackendConfiguration {
UsersFilter : "(&(|({username_attribute}={input})({mail_attribute}={input}))(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)(!pwdLastSet=0))" ,
UsernameAttribute : "sAMAccountName" ,
MailAttribute : "mail" ,
DisplayNameAttribute : "displayName" ,
GroupsFilter : "(&(member={dn})(objectClass=group))" ,
GroupNameAttribute : "cn" ,
}