feat: Implement LDAP authentication
- Jul 20, 2023
-
-
Dmitry Ivanov authoredNow it's possible to specify the desired authentication method during user creation via `auth_type`, e.g. ```lua box.schema.user.create('mickey', { auth_type = 'chap-sha1', password = 'foobar' }) ``` Furthermore, authentication methods may now specify that they don't require password to create stored authentication info. This is used in LDAP authentication (`auth_type = 'ldap'`): ```lua box.schema.user.create('mickey', { auth_type = 'ldap' }) ``` NO_DOC=picodata internal patch NO_CHANGELOG=picodata internal patch NO_TEST=picodata internal patch -
Dmitry Ivanov authored
This authentication method doesn't store any secrets; instead, we delegate the whole auth to a pre-configured LDAP server. In the method's implementation, we connect to the LDAP server and perform a BIND operation which checks user's credentials. Usage example: ```lua -- Set the default auth method to LDAP and create a new user. -- NOTE that we still have to provide a dummy password; otherwise -- box.schema.user.create will setup an empty auth data. box.cfg({auth_type = 'ldap'}) box.schema.user.create('demo', { password = '' }) -- Configure LDAP server connection URL and DN format string. os = require('os') os.setenv('TT_LDAP_URL', 'ldap://localhost:1389') os.setenv('TT_LDAP_DN_FMT', 'cn=$USER,ou=users,dc=example,dc=org') -- Authenticate using the LDAP authentication method via net.box. conn = require('net.box').connect(uri, { user = 'demo', password = 'password', auth_type = 'ldap', }) ``` NO_DOC=picodata internal patch NO_CHANGELOG=picodata internal patch NO_TEST=picodata internal patch -
Dmitry Ivanov authored
This is required for LDAP authentication, because we need username to format the corresponding DN. NO_DOC=picodata internal patch NO_CHANGELOG=picodata internal patch NO_TEST=picodata internal patch
-