Commit graph

101 commits

Author SHA1 Message Date
vishalnayak e3a1ee92b5 Utility Enhancements 2016-04-05 20:32:59 -04:00
vishalnayak 95abdebb06 Added AcceptanceTest boolean to logical.TestCase 2016-04-05 15:10:44 -04:00
Jeff Mitchell 7df3ec46b0 Some fixups around error/warning in LDAP 2016-04-02 13:33:00 -04:00
Jeff Mitchell 40325b8042 If no group DN is configured, still look for policies on local users and
return a warning, rather than just trying to do an LDAP search on an
empty string.
2016-04-02 13:11:36 -04:00
Jeff Mitchell 7fd5a679ca Fix potential error scoping issue.
Ping #1262
2016-03-30 19:48:23 -04:00
Jeff Mitchell 3cfcd4ddf1 Check for nil connection back from go-ldap, which apparently can happen even with no error
Ping #1262
2016-03-29 10:00:04 -04:00
Jeff Mitchell 4c4a65ebd0 Properly check for policy equivalency during renewal.
This introduces a function that compares two string policy sets while
ignoring the presence of "default" (since it's added by core, not the
backend), and ensuring that ordering and/or duplication are not failure
conditions.

Fixes #1256
2016-03-24 09:41:51 -04:00
leon e7942062bd - updated LDAP group search by iterating through all the attributes and searching for CN value instead of assuming the CN is always the first attribute from the RDN list 2016-03-21 19:44:08 +02:00
leon a82114eeb2 - added another method to search LDAP groups by querying the userDN for memberOf attribute 2016-03-21 16:55:38 +02:00
Jeff Mitchell 4a3d3ef300 Use better error message on LDAP renew failure 2016-03-07 09:34:16 -05:00
Jeff Mitchell 6df75231b8 Merge pull request #1100 from hashicorp/issue-1030
Properly escape filter values in LDAP filters
2016-02-19 14:56:40 -05:00
Jeff Mitchell 05b5ff69ed Address some feedback on ldap escaping help text 2016-02-19 13:47:26 -05:00
Jeff Mitchell d7b40b32db Properly escape filter values.
Fixes #1030
2016-02-19 13:16:52 -05:00
Jeff Mitchell c67871c36e Update LDAP documentation with a note on escaping 2016-02-19 13:16:18 -05:00
Jeff Mitchell d3f3122307 Add tests to ldap using the discover capability 2016-02-19 11:46:59 -05:00
Jeff Mitchell 154c326060 Add ldap tests that use a bind dn and bind password 2016-02-19 11:38:27 -05:00
Jeff Mitchell d3a705f17b Make backends much more consistent:
1) Use the new LeaseExtend
2) Use default values controlled by mount tuning/system defaults instead
of a random hard coded value
3) Remove grace periods
2016-01-29 20:03:37 -05:00
Hanno Hecker 0db33274b7 discover bind dn with anonymous binds 2016-01-27 17:06:27 +01:00
Hanno Hecker 4606cd1492 fix stupid c&p error 2016-01-26 16:15:25 +01:00
Hanno Hecker 6a570345a0 add binddn/bindpath to search for the users bind DN 2016-01-26 15:56:41 +01:00
Jeff Mitchell f3ce90164f WriteOperation -> UpdateOperation 2016-01-08 13:03:03 -05:00
Jeff Mitchell 6f4e42efed Add StaticSystemView to LDAP acceptance tests 2015-10-06 15:48:10 -04:00
Bradley Girardeau aa55d36f03 Clean up naming and add documentation 2015-07-30 17:36:40 -07:00
Bradley Girardeau 6697012dd3 mfa: improve edge cases and documentation 2015-07-27 21:14:00 -07:00
Bradley Girardeau 4eb1beb31c ldap: add mfa support to CLI 2015-07-27 21:14:00 -07:00
Bradley Girardeau 8fa5a349a5 ldap: add mfa to LDAP login 2015-07-27 21:14:00 -07:00
Bradley Girardeau e8d26d244b ldap: change setting user policies to setting user groups 2015-07-20 11:33:39 -07:00
Bradley Girardeau 301a22295d ldap: add ability to set policies based on username as well as groups 2015-07-14 15:46:15 -07:00
Bradley Girardeau 0e2edc2378 ldap: add ability to login with a userPrincipalName (user@upndomain) 2015-07-14 15:37:46 -07:00
Bradley Girardeau 42050fe77b ldap: add starttls support and option to specificy ca certificate 2015-07-02 15:49:51 -07:00
Armon Dadgar 4b27e4d8c5 Remove SetLogger, and unify on framework.Setup 2015-06-30 17:45:20 -07:00
Armon Dadgar 5d69e7da90 Updating for backend API change 2015-06-30 17:36:12 -07:00
Armon Dadgar b1f7e2f0ea ldap: fixing merge conflict 2015-06-30 09:40:43 -07:00
esell c0e1843263 change skipsslverify to insecure_tls 2015-06-29 19:23:31 -06:00
Armon Dadgar 337997ab04 Fixing merge conflict 2015-06-29 14:50:55 -07:00
esell e81f966842 Set SkipSSLVerify default to false, add warning in help message 2015-06-24 13:38:14 -06:00
esell d3225dae07 cleanup the code a bit 2015-06-24 10:09:29 -06:00
esell 84371ea734 allow skipping SSL verification on ldap auth 2015-06-24 10:05:45 -06:00
Armon Dadgar 45d3c512fb builtin: fixing API change in logical framework 2015-06-17 14:34:11 -07:00
Ian Unruh 2e1bce27a9 Allow dot in LDAP login username 2015-05-20 11:54:15 -07:00
Giovanni Bajo 8156b88353 auth/ldap: move password into InternalData 2015-05-09 22:06:34 +02:00
Giovanni Bajo 84388b2b20 auth/ldap: move username into the path (to allow per-user revokation on the path) 2015-05-09 22:06:28 +02:00
Giovanni Bajo 5e899e7de2 auth/ldap: fix pasto 2015-05-09 22:06:22 +02:00
Giovanni Bajo 1e1219dfcc auth/ldap: implement login renew 2015-05-09 22:04:20 +02:00
Giovanni Bajo a0f53f177c auth/ldap: document LDAP server used in tests 2015-05-09 22:04:20 +02:00
Giovanni Bajo b4093e2ddf auth/ldap: add acceptance tests 2015-05-09 22:04:20 +02:00
Giovanni Bajo 02d3b1c74c auth/ldap: add support for groups with unique members 2015-05-09 22:04:20 +02:00
Giovanni Bajo c313ff2802 auth/ldap: implement authorization via LDAP groups 2015-05-09 22:04:20 +02:00
Giovanni Bajo dc6b4ab9db auth/ldap: add configuration path for groups 2015-05-09 22:04:20 +02:00
Giovanni Bajo 7e39da2e67 Attempt connection to LDAP server at login time.
Also switch to a LDAP library fork which fixes a panic when
shutting down a connection immediately.
2015-05-09 22:04:19 +02:00
Giovanni Bajo 7492c5712a Initial implementation of the LDAP credential backend 2015-05-09 22:04:19 +02:00