mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
2a1f5e3f8d
* fix(configuration): lower argon2id default memory requirements The current default hashing value of 1024MB (1GB) is far too aggressive to cover all use cases. Reducing this number and encouraging users to to read the documentation and tune will result in less issues and a better user experience. * test: fix broken tests
96 lines
4.4 KiB
Go
96 lines
4.4 KiB
Go
package schema
|
|
|
|
// LDAPAuthenticationBackendConfiguration represents the configuration related to LDAP server.
|
|
type LDAPAuthenticationBackendConfiguration struct {
|
|
Implementation string `mapstructure:"implementation"`
|
|
URL string `mapstructure:"url"`
|
|
BaseDN string `mapstructure:"base_dn"`
|
|
AdditionalUsersDN string `mapstructure:"additional_users_dn"`
|
|
UsersFilter string `mapstructure:"users_filter"`
|
|
AdditionalGroupsDN string `mapstructure:"additional_groups_dn"`
|
|
GroupsFilter string `mapstructure:"groups_filter"`
|
|
GroupNameAttribute string `mapstructure:"group_name_attribute"`
|
|
UsernameAttribute string `mapstructure:"username_attribute"`
|
|
MailAttribute string `mapstructure:"mail_attribute"`
|
|
DisplayNameAttribute string `mapstructure:"display_name_attribute"`
|
|
User string `mapstructure:"user"`
|
|
Password string `mapstructure:"password"`
|
|
StartTLS bool `mapstructure:"start_tls"`
|
|
TLS *TLSConfig `mapstructure:"tls"`
|
|
SkipVerify *bool `mapstructure:"skip_verify"` // Deprecated: Replaced with LDAPAuthenticationBackendConfiguration.TLS.SkipVerify. TODO: Remove in 4.28.
|
|
MinimumTLSVersion string `mapstructure:"minimum_tls_version"` // Deprecated: Replaced with LDAPAuthenticationBackendConfiguration.TLS.MinimumVersion. TODO: Remove in 4.28.
|
|
}
|
|
|
|
// FileAuthenticationBackendConfiguration represents the configuration related to file-based backend.
|
|
type FileAuthenticationBackendConfiguration struct {
|
|
Path string `mapstructure:"path"`
|
|
Password *PasswordConfiguration `mapstructure:"password"`
|
|
}
|
|
|
|
// PasswordConfiguration represents the configuration related to password hashing.
|
|
type PasswordConfiguration struct {
|
|
Iterations int `mapstructure:"iterations"`
|
|
KeyLength int `mapstructure:"key_length"`
|
|
SaltLength int `mapstructure:"salt_length"`
|
|
Algorithm string `mapstrucutre:"algorithm"`
|
|
Memory int `mapstructure:"memory"`
|
|
Parallelism int `mapstructure:"parallelism"`
|
|
}
|
|
|
|
// AuthenticationBackendConfiguration represents the configuration related to the authentication backend.
|
|
type AuthenticationBackendConfiguration struct {
|
|
DisableResetPassword bool `mapstructure:"disable_reset_password"`
|
|
RefreshInterval string `mapstructure:"refresh_interval"`
|
|
Ldap *LDAPAuthenticationBackendConfiguration `mapstructure:"ldap"`
|
|
File *FileAuthenticationBackendConfiguration `mapstructure:"file"`
|
|
}
|
|
|
|
// DefaultPasswordConfiguration represents the default configuration related to Argon2id hashing.
|
|
var DefaultPasswordConfiguration = PasswordConfiguration{
|
|
Iterations: 1,
|
|
KeyLength: 32,
|
|
SaltLength: 16,
|
|
Algorithm: argon2id,
|
|
Memory: 64,
|
|
Parallelism: 8,
|
|
}
|
|
|
|
// DefaultCIPasswordConfiguration represents the default configuration related to Argon2id hashing for CI.
|
|
var DefaultCIPasswordConfiguration = PasswordConfiguration{
|
|
Iterations: 1,
|
|
KeyLength: 32,
|
|
SaltLength: 16,
|
|
Algorithm: argon2id,
|
|
Memory: 64,
|
|
Parallelism: 8,
|
|
}
|
|
|
|
// DefaultPasswordSHA512Configuration represents the default configuration related to SHA512 hashing.
|
|
var DefaultPasswordSHA512Configuration = PasswordConfiguration{
|
|
Iterations: 50000,
|
|
SaltLength: 16,
|
|
Algorithm: "sha512",
|
|
}
|
|
|
|
// DefaultLDAPAuthenticationBackendConfiguration represents the default LDAP config.
|
|
var DefaultLDAPAuthenticationBackendConfiguration = LDAPAuthenticationBackendConfiguration{
|
|
Implementation: LDAPImplementationCustom,
|
|
UsernameAttribute: "uid",
|
|
MailAttribute: "mail",
|
|
DisplayNameAttribute: "displayname",
|
|
GroupNameAttribute: "cn",
|
|
TLS: &TLSConfig{
|
|
MinimumVersion: "TLS1.2",
|
|
},
|
|
}
|
|
|
|
// DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration represents the default LDAP config for the MSAD Implementation.
|
|
var DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration = LDAPAuthenticationBackendConfiguration{
|
|
UsersFilter: "(&(|({username_attribute}={input})({mail_attribute}={input}))(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)(!pwdLastSet=0))",
|
|
UsernameAttribute: "sAMAccountName",
|
|
MailAttribute: "mail",
|
|
DisplayNameAttribute: "displayName",
|
|
GroupsFilter: "(&(member={dn})(objectClass=group))",
|
|
GroupNameAttribute: "cn",
|
|
}
|