feat: Implement LDAP authentication
This authentication method doesn't store any secrets; instead,
we delegate the whole auth to a pre-configured LDAP server. In
the method's implementation, we connect to the LDAP server and
perform a BIND operation which checks user's credentials.
Usage example:
```lua
-- Set the default auth method to LDAP and create a new user.
-- NOTE that we still have to provide a dummy password; otherwise
-- box.schema.user.create will setup an empty auth data.
box.cfg({auth_type = 'ldap'})
box.schema.user.create('demo', { password = '' })
-- Configure LDAP server connection URL and DN format string.
os = require('os')
os.setenv('TT_LDAP_URL', 'ldap://localhost:1389')
os.setenv('TT_LDAP_DN_FMT', 'cn=$USER,ou=users,dc=example,dc=org')
-- Authenticate using the LDAP authentication method via net.box.
conn = require('net.box').connect(uri, {
user = 'demo',
password = 'password',
auth_type = 'ldap',
})
```
NO_DOC=picodata internal patch
NO_CHANGELOG=picodata internal patch
NO_TEST=picodata internal patch
Showing
- .gitlab-ci.yml 2 additions, 0 deletions.gitlab-ci.yml
- CMakeLists.txt 56 additions, 0 deletionsCMakeLists.txt
- cmake/BuildLDAP.cmake 72 additions, 0 deletionscmake/BuildLDAP.cmake
- cmake/BuildSASL.cmake 68 additions, 0 deletionscmake/BuildSASL.cmake
- cmake/FindLDAP.cmake 68 additions, 0 deletionscmake/FindLDAP.cmake
- cmake/FindSASL.cmake 40 additions, 0 deletionscmake/FindSASL.cmake
- src/CMakeLists.txt 2 additions, 0 deletionssrc/CMakeLists.txt
- src/box/CMakeLists.txt 2 additions, 0 deletionssrc/box/CMakeLists.txt
- src/box/auth_ldap.c 306 additions, 0 deletionssrc/box/auth_ldap.c
- src/box/auth_ldap.h 23 additions, 0 deletionssrc/box/auth_ldap.h
- src/box/authentication.c 3 additions, 0 deletionssrc/box/authentication.c
- test/box-luatest/ldap_auth_test.lua 133 additions, 0 deletionstest/box-luatest/ldap_auth_test.lua
Loading
Please register or sign in to comment