mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
cc4f47f21c
This removes the deprecated options from 4.25. This includes the LDAP filters which allow {0} or {1} placeholders. The new aliases are documented. Additionally it refactors the keys validator to use uniform messages for most replaced keys.
94 lines
4.1 KiB
Go
94 lines
4.1 KiB
Go
package schema
|
|
|
|
// LDAPAuthenticationBackendConfiguration represents the configuration related to LDAP server.
|
|
type LDAPAuthenticationBackendConfiguration struct {
|
|
Implementation string `mapstructure:"implementation"`
|
|
URL string `mapstructure:"url"`
|
|
BaseDN string `mapstructure:"base_dn"`
|
|
AdditionalUsersDN string `mapstructure:"additional_users_dn"`
|
|
UsersFilter string `mapstructure:"users_filter"`
|
|
AdditionalGroupsDN string `mapstructure:"additional_groups_dn"`
|
|
GroupsFilter string `mapstructure:"groups_filter"`
|
|
GroupNameAttribute string `mapstructure:"group_name_attribute"`
|
|
UsernameAttribute string `mapstructure:"username_attribute"`
|
|
MailAttribute string `mapstructure:"mail_attribute"`
|
|
DisplayNameAttribute string `mapstructure:"display_name_attribute"`
|
|
User string `mapstructure:"user"`
|
|
Password string `mapstructure:"password"`
|
|
StartTLS bool `mapstructure:"start_tls"`
|
|
TLS *TLSConfig `mapstructure:"tls"`
|
|
}
|
|
|
|
// FileAuthenticationBackendConfiguration represents the configuration related to file-based backend.
|
|
type FileAuthenticationBackendConfiguration struct {
|
|
Path string `mapstructure:"path"`
|
|
Password *PasswordConfiguration `mapstructure:"password"`
|
|
}
|
|
|
|
// PasswordConfiguration represents the configuration related to password hashing.
|
|
type PasswordConfiguration struct {
|
|
Iterations int `mapstructure:"iterations"`
|
|
KeyLength int `mapstructure:"key_length"`
|
|
SaltLength int `mapstructure:"salt_length"`
|
|
Algorithm string `mapstrucutre:"algorithm"`
|
|
Memory int `mapstructure:"memory"`
|
|
Parallelism int `mapstructure:"parallelism"`
|
|
}
|
|
|
|
// AuthenticationBackendConfiguration represents the configuration related to the authentication backend.
|
|
type AuthenticationBackendConfiguration struct {
|
|
DisableResetPassword bool `mapstructure:"disable_reset_password"`
|
|
RefreshInterval string `mapstructure:"refresh_interval"`
|
|
LDAP *LDAPAuthenticationBackendConfiguration `mapstructure:"ldap"`
|
|
File *FileAuthenticationBackendConfiguration `mapstructure:"file"`
|
|
}
|
|
|
|
// DefaultPasswordConfiguration represents the default configuration related to Argon2id hashing.
|
|
var DefaultPasswordConfiguration = PasswordConfiguration{
|
|
Iterations: 1,
|
|
KeyLength: 32,
|
|
SaltLength: 16,
|
|
Algorithm: argon2id,
|
|
Memory: 64,
|
|
Parallelism: 8,
|
|
}
|
|
|
|
// DefaultCIPasswordConfiguration represents the default configuration related to Argon2id hashing for CI.
|
|
var DefaultCIPasswordConfiguration = PasswordConfiguration{
|
|
Iterations: 1,
|
|
KeyLength: 32,
|
|
SaltLength: 16,
|
|
Algorithm: argon2id,
|
|
Memory: 64,
|
|
Parallelism: 8,
|
|
}
|
|
|
|
// DefaultPasswordSHA512Configuration represents the default configuration related to SHA512 hashing.
|
|
var DefaultPasswordSHA512Configuration = PasswordConfiguration{
|
|
Iterations: 50000,
|
|
SaltLength: 16,
|
|
Algorithm: "sha512",
|
|
}
|
|
|
|
// DefaultLDAPAuthenticationBackendConfiguration represents the default LDAP config.
|
|
var DefaultLDAPAuthenticationBackendConfiguration = LDAPAuthenticationBackendConfiguration{
|
|
Implementation: LDAPImplementationCustom,
|
|
UsernameAttribute: "uid",
|
|
MailAttribute: "mail",
|
|
DisplayNameAttribute: "displayname",
|
|
GroupNameAttribute: "cn",
|
|
TLS: &TLSConfig{
|
|
MinimumVersion: "TLS1.2",
|
|
},
|
|
}
|
|
|
|
// DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration represents the default LDAP config for the MSAD Implementation.
|
|
var DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration = LDAPAuthenticationBackendConfiguration{
|
|
UsersFilter: "(&(|({username_attribute}={input})({mail_attribute}={input}))(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)(!pwdLastSet=0))",
|
|
UsernameAttribute: "sAMAccountName",
|
|
MailAttribute: "mail",
|
|
DisplayNameAttribute: "displayName",
|
|
GroupsFilter: "(&(member={dn})(objectClass=group))",
|
|
GroupNameAttribute: "cn",
|
|
}
|