Database plugins #133
Merged
Database plugins #133
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Additionally, apologies for the Travis CI error. Not sure I understand it.
|
|
Awesome, I haventd had the time to look into gos plugin mechanism, but it might be worth moving eg. the owncloud / graph backend into a plugin as well... The Could you create your PR against |
|
@Fusion I updated the base branch to dev. can you resolve the conflicts? |
|
Hi. I resolved the conflict. Note that I used GitHub's interface, due to how straightforward the resolution is. Also, I got a warning that I was committing to Master. Sorry if you were expecting a dev commit, I've always been a tad confused by GitHub's interpretation of Git. |
|
Is this still being worked on? Just stumbled upon glauth while looking for a simple ldap server to synchronize authentication between several services i run and it a great simple setup for my usecase. |
|
@sonicnkt Edit: I realized that @butonic had fixed the dev branch concern. So, I guess, it's just a matter of the project owner having time to look into it. Not sure he has much time on his hands; he removed the donation entries from the README file. |
…oes not believe that we are building the same classes with the same function names.
|
To be clear, I have gone quite farther than originally anticipated because I needed to use GLAuth as a LDAP proxy to inject OTP when authenticating against an existing AD3 server. I ended up supporting multiple backends, when the first one in line is the actual backend and the rest can act as middleware. So, right now, I am using a SQLite-backed "middleware-backend" to do just that and it seems to be working well as well as passing CI. I think I'm also going to build some binaries if you guys would like to test this. |
|
@Fusion would love to test a build with sqlite backend if you supply one. What other backends are supported in your version as you are talking about multiple? |
I created a bogus release called "w1.1.3" so I guess it's a "welease." -- it is available here: https://github.com/Fusion/glauth/releases When I talk about multiple backends, I mean our existing backends, but used together. For instance one can use the "ldap" backend to authenticate accounts against an external server we are proxying to, while also using the "sqlite" backend to add two-factor authentication based on the content of a local database. |
|
Just tried your "welease", couldnt get the built working on my pc because of a newer glibc dependeny tho. Because i didnt want to compile it myself i tried it using docker and a slim debian base image. This worked great. Only tried the sqlite plugin yet tho. Next step for me would be to build a small webapp that shares the same db to allow users to authenticate and change their password, email and name. Maybe a small admin interface to easily create and configure users/groups etc. |
|
I know what you mean. A while ago I wrote a small thing to share GLauth QR codes (https://github.com/Fusion/glauth-qr-code) and, yes, there is definitely a lack of UI. Not being a Go developer (well I guess I'm becoming one) I played with Martini the other day and the results were promising. I noticed that opinions on that framework are pretty mixed though. |
…hentication appliances
|
So, this is becoming a quite the conundrum: I have been adding more feature to my cloned repo and now I am in a position where I will have to maintain that as well ;) |
Closed
This was referenced Aug 3, 2021
Merged
Fusion
added a commit
that referenced
this pull request
Feb 28, 2022
* use functional options pattern to inject logr (#124) * use functional options pattern to inject logr Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * cleanup log formatting Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * allow clean shutdown (#126) * fix owncloud posix query, log message and provisioning api results (#128) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * don't hardcode graphapi endpoint Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * add support for write handlers (#135) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * config: match shadowaccount objectlcass (#136) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Makefile compatiblility (#134) Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> * update travis.yml (#154) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * check owncloud status code is ok (#153) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Bulid and push multiarch docker images (#142) Fix #141. With this change, a github action is added that builds a multiarch docker image on every commit, supporting x86_64, aarch64 and arm/v7. When the action is triggered on a release or tag, it also uploads the versioned image to github container image registry. Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> * don't mix graph and provisioning api (#157) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Reuse http client as much as possible and allow insecure transport (#160) * Allow using configmaps when deploying in kubernetes (#161) * Ensure config watcher also works in kubernetes When using configmaps in kubernetes, the file is a symlink, and then file-watcher is not opdated with a write event. Instead it receives a CHMOD and a REMOVE event. This change adds two things 1) Removal of the current wacther and adding of a new watcher for the same path 2) The do-reload conditional is updated to also include the remove event. * Align write and removed conditionals * Fix API server json formating (#163) (#164) * Update README.md (#167) Fixing bad port in quickstart * Use port 3893 with ldapsearch in example (#150) * feat: add flags for ldap listen addresses (#169) Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com> * Assets build fix. (#171) * Docker build fix. * Makefile fix. * update readme, config and deps (#170) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Remove byanke's donation fields * Database plugins (#133) This commit actually covers a few items. In future commits, I will keep features distinct. This is only happening this time around due to how long it took to merge this branch. Covered: - Database plugins (at this time: SQLite, MySQL, Postgres) - Backends acting as middleware: added the [[Backends]] configuration directive while retaining backward compatibility with [Backend] - Schema introspection (root DSE query with base scope) - When proxying, insert queried attribute back in upstream response, if absent, so that the LDAP library does not filter out all entries - When chaining backends, any backend can be used to inject OTP value in password, before reaching a non-OTP-aware backend (currently guarded by a True statement in case we find an issue (I did thoroughly test but you never know)) - Handling of special "1.1" attributes filter meaning "I do not want attributes" (RFC 4511, 4.5.1.8) - Support for "want types only" queries, even when proxying * Mac M1 Support and LDAP Req Attributes (#192) * Mac M1 Support * Augmented root DSS and schema discovery based on content of schema directory * LDAP workaround where req. attribute gets injected in response now works with combined filters * SubSchema query can return a minimal set, freeipa or openldap's schemas * Feature/upgrade ldap library version (#194) * Stronger, salted paswords using bcrypt. (#195) * Fixed badges in README file and added a couple improvements (#196) * fix lock for ownCloud / graph backend (#198) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * the config struct is only needed by the config backend (#199) * Variable "unixid" is now respectively "UIDNumber" and "GIDNumber" for… (#201) * fix: keep watch config file when changed,renamed,removed (#189) I will need to run `glauth.go` through `gofmt` myself but that is fine. * Returning when unable to start config watcher (#203) * Introducing goconvey testing and refactoring of config and ... (#204) * Introducing goconvey testing and refactoring of config and plugin backends. * gofmt, oops * Refactored re-insertion of requested attributes * Allow bind operations with no group provided (#205) * Support for userPrincipalName binding and browsing. (#206) * Support for userPrincipalName binding and browsing. * Fixed travis CI test for userprincipalname * fixing travis tests for more users * Rate limit after failed binds (#207) * Capabilities -- part 2 (#214) + do not dump config at startup * Attempting migration from Travis to Github Actions * Migration Step#2 * Migration Step#3 * Migration Step#4 * Migration Step#5 * Migration Step#6 * Migration Step#7 * Migration Step#8 * Migration Step#9 * Migration Step#9 * Migration dev... * Migration dev... * Migration dev... * Migration dev... * Docker with plugins, first step (#215) * Docker with plugins, first step * Build better docker images, including plugins * Merge back from dev to feature branch step #2 * Added capabilities to CI * - Now creating two docker images, including one with plugins - Moving from Travis CI to GitHub Actions * Plugins now run on distroless (#217) * Getting rid of Travis CI now that it doesn't support FOSS anymore. * Internal Stats -- performance view (#221) * Local merge * Update CI to forget about bindata * Forgot to cleanup the cleanup... * assets: use stdlib "embed" package (#200) This should make it easier to include GLAuth in other projects using `go get` * 'Airgapping' web assets for security and preventing breakage (#227) * v2 -- V2 hierarchy (#228) * Search refactoring, tree traversal and scope correctness (#229) Search refactoring, tree traversal and scope correctness. * Feature/multi cfg (#233) * Feature/custom attributes (#240) * Makefiles: platform releases (#241) * Feature/release script (#242) * Bug/fix docker build in v2 (#244) * Fix #246 and #252 Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> Co-authored-by: Zhou Wenzong <wenzong@users.noreply.github.com> Co-authored-by: Jairo Llopis <Yajo@users.noreply.github.com> Co-authored-by: Benedikt Kulmann <benedikt@kulmann.biz> Co-authored-by: Nicolai Willems <172633+nwillems@users.noreply.github.com> Co-authored-by: Thibault Soubiran <soubi.thibault@gmail.com> Co-authored-by: Clement JACOB <clems71@gmail.com> Co-authored-by: Lutz Horn <code@lhorn.de> Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com> Co-authored-by: Peter Heise <pheise@koprolalie.com> Co-authored-by: Ben Yanke <ben@benyanke.com> Co-authored-by: fanlix <fanlix@gmail.com> Co-authored-by: Hank Donnay <hdonnay@gmail.com>
Fusion
added a commit
that referenced
this pull request
May 7, 2022
* Dev (#254) * use functional options pattern to inject logr (#124) * use functional options pattern to inject logr Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * cleanup log formatting Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * allow clean shutdown (#126) * fix owncloud posix query, log message and provisioning api results (#128) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * don't hardcode graphapi endpoint Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * add support for write handlers (#135) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * config: match shadowaccount objectlcass (#136) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Makefile compatiblility (#134) Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> * update travis.yml (#154) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * check owncloud status code is ok (#153) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Bulid and push multiarch docker images (#142) Fix #141. With this change, a github action is added that builds a multiarch docker image on every commit, supporting x86_64, aarch64 and arm/v7. When the action is triggered on a release or tag, it also uploads the versioned image to github container image registry. Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> * don't mix graph and provisioning api (#157) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Reuse http client as much as possible and allow insecure transport (#160) * Allow using configmaps when deploying in kubernetes (#161) * Ensure config watcher also works in kubernetes When using configmaps in kubernetes, the file is a symlink, and then file-watcher is not opdated with a write event. Instead it receives a CHMOD and a REMOVE event. This change adds two things 1) Removal of the current wacther and adding of a new watcher for the same path 2) The do-reload conditional is updated to also include the remove event. * Align write and removed conditionals * Fix API server json formating (#163) (#164) * Update README.md (#167) Fixing bad port in quickstart * Use port 3893 with ldapsearch in example (#150) * feat: add flags for ldap listen addresses (#169) Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com> * Assets build fix. (#171) * Docker build fix. * Makefile fix. * update readme, config and deps (#170) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Remove byanke's donation fields * Database plugins (#133) This commit actually covers a few items. In future commits, I will keep features distinct. This is only happening this time around due to how long it took to merge this branch. Covered: - Database plugins (at this time: SQLite, MySQL, Postgres) - Backends acting as middleware: added the [[Backends]] configuration directive while retaining backward compatibility with [Backend] - Schema introspection (root DSE query with base scope) - When proxying, insert queried attribute back in upstream response, if absent, so that the LDAP library does not filter out all entries - When chaining backends, any backend can be used to inject OTP value in password, before reaching a non-OTP-aware backend (currently guarded by a True statement in case we find an issue (I did thoroughly test but you never know)) - Handling of special "1.1" attributes filter meaning "I do not want attributes" (RFC 4511, 4.5.1.8) - Support for "want types only" queries, even when proxying * Mac M1 Support and LDAP Req Attributes (#192) * Mac M1 Support * Augmented root DSS and schema discovery based on content of schema directory * LDAP workaround where req. attribute gets injected in response now works with combined filters * SubSchema query can return a minimal set, freeipa or openldap's schemas * Feature/upgrade ldap library version (#194) * Stronger, salted paswords using bcrypt. (#195) * Fixed badges in README file and added a couple improvements (#196) * fix lock for ownCloud / graph backend (#198) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * the config struct is only needed by the config backend (#199) * Variable "unixid" is now respectively "UIDNumber" and "GIDNumber" for… (#201) * fix: keep watch config file when changed,renamed,removed (#189) I will need to run `glauth.go` through `gofmt` myself but that is fine. * Returning when unable to start config watcher (#203) * Introducing goconvey testing and refactoring of config and ... (#204) * Introducing goconvey testing and refactoring of config and plugin backends. * gofmt, oops * Refactored re-insertion of requested attributes * Allow bind operations with no group provided (#205) * Support for userPrincipalName binding and browsing. (#206) * Support for userPrincipalName binding and browsing. * Fixed travis CI test for userprincipalname * fixing travis tests for more users * Rate limit after failed binds (#207) * Capabilities -- part 2 (#214) + do not dump config at startup * Attempting migration from Travis to Github Actions * Migration Step#2 * Migration Step#3 * Migration Step#4 * Migration Step#5 * Migration Step#6 * Migration Step#7 * Migration Step#8 * Migration Step#9 * Migration Step#9 * Migration dev... * Migration dev... * Migration dev... * Migration dev... * Docker with plugins, first step (#215) * Docker with plugins, first step * Build better docker images, including plugins * Merge back from dev to feature branch step #2 * Added capabilities to CI * - Now creating two docker images, including one with plugins - Moving from Travis CI to GitHub Actions * Plugins now run on distroless (#217) * Getting rid of Travis CI now that it doesn't support FOSS anymore. * Internal Stats -- performance view (#221) * Local merge * Update CI to forget about bindata * Forgot to cleanup the cleanup... * assets: use stdlib "embed" package (#200) This should make it easier to include GLAuth in other projects using `go get` * 'Airgapping' web assets for security and preventing breakage (#227) * v2 -- V2 hierarchy (#228) * Search refactoring, tree traversal and scope correctness (#229) Search refactoring, tree traversal and scope correctness. * Feature/multi cfg (#233) * Feature/custom attributes (#240) * Makefiles: platform releases (#241) * Feature/release script (#242) * Bug/fix docker build in v2 (#244) * Fix #246 and #252 Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> Co-authored-by: Zhou Wenzong <wenzong@users.noreply.github.com> Co-authored-by: Jairo Llopis <Yajo@users.noreply.github.com> Co-authored-by: Benedikt Kulmann <benedikt@kulmann.biz> Co-authored-by: Nicolai Willems <172633+nwillems@users.noreply.github.com> Co-authored-by: Thibault Soubiran <soubi.thibault@gmail.com> Co-authored-by: Clement JACOB <clems71@gmail.com> Co-authored-by: Lutz Horn <code@lhorn.de> Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com> Co-authored-by: Peter Heise <pheise@koprolalie.com> Co-authored-by: Ben Yanke <ben@benyanke.com> Co-authored-by: fanlix <fanlix@gmail.com> Co-authored-by: Hank Donnay <hdonnay@gmail.com> * Cleanup Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> Co-authored-by: Zhou Wenzong <wenzong@users.noreply.github.com> Co-authored-by: Jairo Llopis <Yajo@users.noreply.github.com> Co-authored-by: Benedikt Kulmann <benedikt@kulmann.biz> Co-authored-by: Nicolai Willems <172633+nwillems@users.noreply.github.com> Co-authored-by: Thibault Soubiran <soubi.thibault@gmail.com> Co-authored-by: Clement JACOB <clems71@gmail.com> Co-authored-by: Lutz Horn <code@lhorn.de> Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com> Co-authored-by: Peter Heise <pheise@koprolalie.com> Co-authored-by: Ben Yanke <ben@benyanke.com> Co-authored-by: fanlix <fanlix@gmail.com> Co-authored-by: Hank Donnay <hdonnay@gmail.com>
Fusion
added a commit
that referenced
this pull request
May 7, 2022
* Reverse pull request from master to dev. Reverse pull request. * Fix/docker latest tag (#260) * Dev (#254) * use functional options pattern to inject logr (#124) * use functional options pattern to inject logr Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * cleanup log formatting Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * allow clean shutdown (#126) * fix owncloud posix query, log message and provisioning api results (#128) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * don't hardcode graphapi endpoint Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * add support for write handlers (#135) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * config: match shadowaccount objectlcass (#136) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Makefile compatiblility (#134) Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> * update travis.yml (#154) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * check owncloud status code is ok (#153) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Bulid and push multiarch docker images (#142) Fix #141. With this change, a github action is added that builds a multiarch docker image on every commit, supporting x86_64, aarch64 and arm/v7. When the action is triggered on a release or tag, it also uploads the versioned image to github container image registry. Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> * don't mix graph and provisioning api (#157) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Reuse http client as much as possible and allow insecure transport (#160) * Allow using configmaps when deploying in kubernetes (#161) * Ensure config watcher also works in kubernetes When using configmaps in kubernetes, the file is a symlink, and then file-watcher is not opdated with a write event. Instead it receives a CHMOD and a REMOVE event. This change adds two things 1) Removal of the current wacther and adding of a new watcher for the same path 2) The do-reload conditional is updated to also include the remove event. * Align write and removed conditionals * Fix API server json formating (#163) (#164) * Update README.md (#167) Fixing bad port in quickstart * Use port 3893 with ldapsearch in example (#150) * feat: add flags for ldap listen addresses (#169) Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com> * Assets build fix. (#171) * Docker build fix. * Makefile fix. * update readme, config and deps (#170) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Remove byanke's donation fields * Database plugins (#133) This commit actually covers a few items. In future commits, I will keep features distinct. This is only happening this time around due to how long it took to merge this branch. Covered: - Database plugins (at this time: SQLite, MySQL, Postgres) - Backends acting as middleware: added the [[Backends]] configuration directive while retaining backward compatibility with [Backend] - Schema introspection (root DSE query with base scope) - When proxying, insert queried attribute back in upstream response, if absent, so that the LDAP library does not filter out all entries - When chaining backends, any backend can be used to inject OTP value in password, before reaching a non-OTP-aware backend (currently guarded by a True statement in case we find an issue (I did thoroughly test but you never know)) - Handling of special "1.1" attributes filter meaning "I do not want attributes" (RFC 4511, 4.5.1.8) - Support for "want types only" queries, even when proxying * Mac M1 Support and LDAP Req Attributes (#192) * Mac M1 Support * Augmented root DSS and schema discovery based on content of schema directory * LDAP workaround where req. attribute gets injected in response now works with combined filters * SubSchema query can return a minimal set, freeipa or openldap's schemas * Feature/upgrade ldap library version (#194) * Stronger, salted paswords using bcrypt. (#195) * Fixed badges in README file and added a couple improvements (#196) * fix lock for ownCloud / graph backend (#198) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * the config struct is only needed by the config backend (#199) * Variable "unixid" is now respectively "UIDNumber" and "GIDNumber" for… (#201) * fix: keep watch config file when changed,renamed,removed (#189) I will need to run `glauth.go` through `gofmt` myself but that is fine. * Returning when unable to start config watcher (#203) * Introducing goconvey testing and refactoring of config and ... (#204) * Introducing goconvey testing and refactoring of config and plugin backends. * gofmt, oops * Refactored re-insertion of requested attributes * Allow bind operations with no group provided (#205) * Support for userPrincipalName binding and browsing. (#206) * Support for userPrincipalName binding and browsing. * Fixed travis CI test for userprincipalname * fixing travis tests for more users * Rate limit after failed binds (#207) * Capabilities -- part 2 (#214) + do not dump config at startup * Attempting migration from Travis to Github Actions * Migration Step#2 * Migration Step#3 * Migration Step#4 * Migration Step#5 * Migration Step#6 * Migration Step#7 * Migration Step#8 * Migration Step#9 * Migration Step#9 * Migration dev... * Migration dev... * Migration dev... * Migration dev... * Docker with plugins, first step (#215) * Docker with plugins, first step * Build better docker images, including plugins * Merge back from dev to feature branch step #2 * Added capabilities to CI * - Now creating two docker images, including one with plugins - Moving from Travis CI to GitHub Actions * Plugins now run on distroless (#217) * Getting rid of Travis CI now that it doesn't support FOSS anymore. * Internal Stats -- performance view (#221) * Local merge * Update CI to forget about bindata * Forgot to cleanup the cleanup... * assets: use stdlib "embed" package (#200) This should make it easier to include GLAuth in other projects using `go get` * 'Airgapping' web assets for security and preventing breakage (#227) * v2 -- V2 hierarchy (#228) * Search refactoring, tree traversal and scope correctness (#229) Search refactoring, tree traversal and scope correctness. * Feature/multi cfg (#233) * Feature/custom attributes (#240) * Makefiles: platform releases (#241) * Feature/release script (#242) * Bug/fix docker build in v2 (#244) * Fix #246 and #252 Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> Co-authored-by: Zhou Wenzong <wenzong@users.noreply.github.com> Co-authored-by: Jairo Llopis <Yajo@users.noreply.github.com> Co-authored-by: Benedikt Kulmann <benedikt@kulmann.biz> Co-authored-by: Nicolai Willems <172633+nwillems@users.noreply.github.com> Co-authored-by: Thibault Soubiran <soubi.thibault@gmail.com> Co-authored-by: Clement JACOB <clems71@gmail.com> Co-authored-by: Lutz Horn <code@lhorn.de> Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com> Co-authored-by: Peter Heise <pheise@koprolalie.com> Co-authored-by: Ben Yanke <ben@benyanke.com> Co-authored-by: fanlix <fanlix@gmail.com> Co-authored-by: Hank Donnay <hdonnay@gmail.com> * Cleanup Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> Co-authored-by: Zhou Wenzong <wenzong@users.noreply.github.com> Co-authored-by: Jairo Llopis <Yajo@users.noreply.github.com> Co-authored-by: Benedikt Kulmann <benedikt@kulmann.biz> Co-authored-by: Nicolai Willems <172633+nwillems@users.noreply.github.com> Co-authored-by: Thibault Soubiran <soubi.thibault@gmail.com> Co-authored-by: Clement JACOB <clems71@gmail.com> Co-authored-by: Lutz Horn <code@lhorn.de> Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com> Co-authored-by: Peter Heise <pheise@koprolalie.com> Co-authored-by: Ben Yanke <ben@benyanke.com> Co-authored-by: fanlix <fanlix@gmail.com> Co-authored-by: Hank Donnay <hdonnay@gmail.com> Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> Co-authored-by: Zhou Wenzong <wenzong@users.noreply.github.com> Co-authored-by: Jairo Llopis <Yajo@users.noreply.github.com> Co-authored-by: Benedikt Kulmann <benedikt@kulmann.biz> Co-authored-by: Nicolai Willems <172633+nwillems@users.noreply.github.com> Co-authored-by: Thibault Soubiran <soubi.thibault@gmail.com> Co-authored-by: Clement JACOB <clems71@gmail.com> Co-authored-by: Lutz Horn <code@lhorn.de> Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com> Co-authored-by: Peter Heise <pheise@koprolalie.com> Co-authored-by: Ben Yanke <ben@benyanke.com> Co-authored-by: fanlix <fanlix@gmail.com> Co-authored-by: Hank Donnay <hdonnay@gmail.com>
Fusion
added a commit
that referenced
this pull request
May 9, 2022
* Dev -> Master after v1/v2 cleanup (#261) * Reverse pull request from master to dev. Reverse pull request. * Fix/docker latest tag (#260) * Dev (#254) * use functional options pattern to inject logr (#124) * use functional options pattern to inject logr Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * cleanup log formatting Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * allow clean shutdown (#126) * fix owncloud posix query, log message and provisioning api results (#128) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * don't hardcode graphapi endpoint Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * add support for write handlers (#135) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * config: match shadowaccount objectlcass (#136) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Makefile compatiblility (#134) Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> * update travis.yml (#154) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * check owncloud status code is ok (#153) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Bulid and push multiarch docker images (#142) Fix #141. With this change, a github action is added that builds a multiarch docker image on every commit, supporting x86_64, aarch64 and arm/v7. When the action is triggered on a release or tag, it also uploads the versioned image to github container image registry. Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> * don't mix graph and provisioning api (#157) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Reuse http client as much as possible and allow insecure transport (#160) * Allow using configmaps when deploying in kubernetes (#161) * Ensure config watcher also works in kubernetes When using configmaps in kubernetes, the file is a symlink, and then file-watcher is not opdated with a write event. Instead it receives a CHMOD and a REMOVE event. This change adds two things 1) Removal of the current wacther and adding of a new watcher for the same path 2) The do-reload conditional is updated to also include the remove event. * Align write and removed conditionals * Fix API server json formating (#163) (#164) * Update README.md (#167) Fixing bad port in quickstart * Use port 3893 with ldapsearch in example (#150) * feat: add flags for ldap listen addresses (#169) Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com> * Assets build fix. (#171) * Docker build fix. * Makefile fix. * update readme, config and deps (#170) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Remove byanke's donation fields * Database plugins (#133) This commit actually covers a few items. In future commits, I will keep features distinct. This is only happening this time around due to how long it took to merge this branch. Covered: - Database plugins (at this time: SQLite, MySQL, Postgres) - Backends acting as middleware: added the [[Backends]] configuration directive while retaining backward compatibility with [Backend] - Schema introspection (root DSE query with base scope) - When proxying, insert queried attribute back in upstream response, if absent, so that the LDAP library does not filter out all entries - When chaining backends, any backend can be used to inject OTP value in password, before reaching a non-OTP-aware backend (currently guarded by a True statement in case we find an issue (I did thoroughly test but you never know)) - Handling of special "1.1" attributes filter meaning "I do not want attributes" (RFC 4511, 4.5.1.8) - Support for "want types only" queries, even when proxying * Mac M1 Support and LDAP Req Attributes (#192) * Mac M1 Support * Augmented root DSS and schema discovery based on content of schema directory * LDAP workaround where req. attribute gets injected in response now works with combined filters * SubSchema query can return a minimal set, freeipa or openldap's schemas * Feature/upgrade ldap library version (#194) * Stronger, salted paswords using bcrypt. (#195) * Fixed badges in README file and added a couple improvements (#196) * fix lock for ownCloud / graph backend (#198) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * the config struct is only needed by the config backend (#199) * Variable "unixid" is now respectively "UIDNumber" and "GIDNumber" for… (#201) * fix: keep watch config file when changed,renamed,removed (#189) I will need to run `glauth.go` through `gofmt` myself but that is fine. * Returning when unable to start config watcher (#203) * Introducing goconvey testing and refactoring of config and ... (#204) * Introducing goconvey testing and refactoring of config and plugin backends. * gofmt, oops * Refactored re-insertion of requested attributes * Allow bind operations with no group provided (#205) * Support for userPrincipalName binding and browsing. (#206) * Support for userPrincipalName binding and browsing. * Fixed travis CI test for userprincipalname * fixing travis tests for more users * Rate limit after failed binds (#207) * Capabilities -- part 2 (#214) + do not dump config at startup * Attempting migration from Travis to Github Actions * Migration Step#2 * Migration Step#3 * Migration Step#4 * Migration Step#5 * Migration Step#6 * Migration Step#7 * Migration Step#8 * Migration Step#9 * Migration Step#9 * Migration dev... * Migration dev... * Migration dev... * Migration dev... * Docker with plugins, first step (#215) * Docker with plugins, first step * Build better docker images, including plugins * Merge back from dev to feature branch step #2 * Added capabilities to CI * - Now creating two docker images, including one with plugins - Moving from Travis CI to GitHub Actions * Plugins now run on distroless (#217) * Getting rid of Travis CI now that it doesn't support FOSS anymore. * Internal Stats -- performance view (#221) * Local merge * Update CI to forget about bindata * Forgot to cleanup the cleanup... * assets: use stdlib "embed" package (#200) This should make it easier to include GLAuth in other projects using `go get` * 'Airgapping' web assets for security and preventing breakage (#227) * v2 -- V2 hierarchy (#228) * Search refactoring, tree traversal and scope correctness (#229) Search refactoring, tree traversal and scope correctness. * Feature/multi cfg (#233) * Feature/custom attributes (#240) * Makefiles: platform releases (#241) * Feature/release script (#242) * Bug/fix docker build in v2 (#244) * Fix #246 and #252 Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> Co-authored-by: Zhou Wenzong <wenzong@users.noreply.github.com> Co-authored-by: Jairo Llopis <Yajo@users.noreply.github.com> Co-authored-by: Benedikt Kulmann <benedikt@kulmann.biz> Co-authored-by: Nicolai Willems <172633+nwillems@users.noreply.github.com> Co-authored-by: Thibault Soubiran <soubi.thibault@gmail.com> Co-authored-by: Clement JACOB <clems71@gmail.com> Co-authored-by: Lutz Horn <code@lhorn.de> Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com> Co-authored-by: Peter Heise <pheise@koprolalie.com> Co-authored-by: Ben Yanke <ben@benyanke.com> Co-authored-by: fanlix <fanlix@gmail.com> Co-authored-by: Hank Donnay <hdonnay@gmail.com> * Cleanup Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> Co-authored-by: Zhou Wenzong <wenzong@users.noreply.github.com> Co-authored-by: Jairo Llopis <Yajo@users.noreply.github.com> Co-authored-by: Benedikt Kulmann <benedikt@kulmann.biz> Co-authored-by: Nicolai Willems <172633+nwillems@users.noreply.github.com> Co-authored-by: Thibault Soubiran <soubi.thibault@gmail.com> Co-authored-by: Clement JACOB <clems71@gmail.com> Co-authored-by: Lutz Horn <code@lhorn.de> Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com> Co-authored-by: Peter Heise <pheise@koprolalie.com> Co-authored-by: Ben Yanke <ben@benyanke.com> Co-authored-by: fanlix <fanlix@gmail.com> Co-authored-by: Hank Donnay <hdonnay@gmail.com> Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> Co-authored-by: Zhou Wenzong <wenzong@users.noreply.github.com> Co-authored-by: Jairo Llopis <Yajo@users.noreply.github.com> Co-authored-by: Benedikt Kulmann <benedikt@kulmann.biz> Co-authored-by: Nicolai Willems <172633+nwillems@users.noreply.github.com> Co-authored-by: Thibault Soubiran <soubi.thibault@gmail.com> Co-authored-by: Clement JACOB <clems71@gmail.com> Co-authored-by: Lutz Horn <code@lhorn.de> Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com> Co-authored-by: Peter Heise <pheise@koprolalie.com> Co-authored-by: Ben Yanke <ben@benyanke.com> Co-authored-by: fanlix <fanlix@gmail.com> Co-authored-by: Hank Donnay <hdonnay@gmail.com> * SSH Keys support in database plugins Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> Co-authored-by: Zhou Wenzong <wenzong@users.noreply.github.com> Co-authored-by: Jairo Llopis <Yajo@users.noreply.github.com> Co-authored-by: Benedikt Kulmann <benedikt@kulmann.biz> Co-authored-by: Nicolai Willems <172633+nwillems@users.noreply.github.com> Co-authored-by: Thibault Soubiran <soubi.thibault@gmail.com> Co-authored-by: Clement JACOB <clems71@gmail.com> Co-authored-by: Lutz Horn <code@lhorn.de> Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com> Co-authored-by: Peter Heise <pheise@koprolalie.com> Co-authored-by: Ben Yanke <ben@benyanke.com> Co-authored-by: fanlix <fanlix@gmail.com> Co-authored-by: Hank Donnay <hdonnay@gmail.com>
Fusion
added a commit
that referenced
this pull request
Nov 7, 2022
* Reverse pull request from master to dev. Reverse pull request. * Fix/docker latest tag (#260) * Dev (#254) * use functional options pattern to inject logr (#124) * use functional options pattern to inject logr Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * cleanup log formatting Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * allow clean shutdown (#126) * fix owncloud posix query, log message and provisioning api results (#128) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * don't hardcode graphapi endpoint Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * add support for write handlers (#135) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * config: match shadowaccount objectlcass (#136) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Makefile compatiblility (#134) Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> * update travis.yml (#154) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * check owncloud status code is ok (#153) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Bulid and push multiarch docker images (#142) Fix #141. With this change, a github action is added that builds a multiarch docker image on every commit, supporting x86_64, aarch64 and arm/v7. When the action is triggered on a release or tag, it also uploads the versioned image to github container image registry. Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> * don't mix graph and provisioning api (#157) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Reuse http client as much as possible and allow insecure transport (#160) * Allow using configmaps when deploying in kubernetes (#161) * Ensure config watcher also works in kubernetes When using configmaps in kubernetes, the file is a symlink, and then file-watcher is not opdated with a write event. Instead it receives a CHMOD and a REMOVE event. This change adds two things 1) Removal of the current wacther and adding of a new watcher for the same path 2) The do-reload conditional is updated to also include the remove event. * Align write and removed conditionals * Fix API server json formating (#163) (#164) * Update README.md (#167) Fixing bad port in quickstart * Use port 3893 with ldapsearch in example (#150) * feat: add flags for ldap listen addresses (#169) Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com> * Assets build fix. (#171) * Docker build fix. * Makefile fix. * update readme, config and deps (#170) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Remove byanke's donation fields * Database plugins (#133) This commit actually covers a few items. In future commits, I will keep features distinct. This is only happening this time around due to how long it took to merge this branch. Covered: - Database plugins (at this time: SQLite, MySQL, Postgres) - Backends acting as middleware: added the [[Backends]] configuration directive while retaining backward compatibility with [Backend] - Schema introspection (root DSE query with base scope) - When proxying, insert queried attribute back in upstream response, if absent, so that the LDAP library does not filter out all entries - When chaining backends, any backend can be used to inject OTP value in password, before reaching a non-OTP-aware backend (currently guarded by a True statement in case we find an issue (I did thoroughly test but you never know)) - Handling of special "1.1" attributes filter meaning "I do not want attributes" (RFC 4511, 4.5.1.8) - Support for "want types only" queries, even when proxying * Mac M1 Support and LDAP Req Attributes (#192) * Mac M1 Support * Augmented root DSS and schema discovery based on content of schema directory * LDAP workaround where req. attribute gets injected in response now works with combined filters * SubSchema query can return a minimal set, freeipa or openldap's schemas * Feature/upgrade ldap library version (#194) * Stronger, salted paswords using bcrypt. (#195) * Fixed badges in README file and added a couple improvements (#196) * fix lock for ownCloud / graph backend (#198) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * the config struct is only needed by the config backend (#199) * Variable "unixid" is now respectively "UIDNumber" and "GIDNumber" for… (#201) * fix: keep watch config file when changed,renamed,removed (#189) I will need to run `glauth.go` through `gofmt` myself but that is fine. * Returning when unable to start config watcher (#203) * Introducing goconvey testing and refactoring of config and ... (#204) * Introducing goconvey testing and refactoring of config and plugin backends. * gofmt, oops * Refactored re-insertion of requested attributes * Allow bind operations with no group provided (#205) * Support for userPrincipalName binding and browsing. (#206) * Support for userPrincipalName binding and browsing. * Fixed travis CI test for userprincipalname * fixing travis tests for more users * Rate limit after failed binds (#207) * Capabilities -- part 2 (#214) + do not dump config at startup * Attempting migration from Travis to Github Actions * Migration Step#2 * Migration Step#3 * Migration Step#4 * Migration Step#5 * Migration Step#6 * Migration Step#7 * Migration Step#8 * Migration Step#9 * Migration Step#9 * Migration dev... * Migration dev... * Migration dev... * Migration dev... * Docker with plugins, first step (#215) * Docker with plugins, first step * Build better docker images, including plugins * Merge back from dev to feature branch step #2 * Added capabilities to CI * - Now creating two docker images, including one with plugins - Moving from Travis CI to GitHub Actions * Plugins now run on distroless (#217) * Getting rid of Travis CI now that it doesn't support FOSS anymore. * Internal Stats -- performance view (#221) * Local merge * Update CI to forget about bindata * Forgot to cleanup the cleanup... * assets: use stdlib "embed" package (#200) This should make it easier to include GLAuth in other projects using `go get` * 'Airgapping' web assets for security and preventing breakage (#227) * v2 -- V2 hierarchy (#228) * Search refactoring, tree traversal and scope correctness (#229) Search refactoring, tree traversal and scope correctness. * Feature/multi cfg (#233) * Feature/custom attributes (#240) * Makefiles: platform releases (#241) * Feature/release script (#242) * Bug/fix docker build in v2 (#244) * Fix #246 and #252 Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> Co-authored-by: Zhou Wenzong <wenzong@users.noreply.github.com> Co-authored-by: Jairo Llopis <Yajo@users.noreply.github.com> Co-authored-by: Benedikt Kulmann <benedikt@kulmann.biz> Co-authored-by: Nicolai Willems <172633+nwillems@users.noreply.github.com> Co-authored-by: Thibault Soubiran <soubi.thibault@gmail.com> Co-authored-by: Clement JACOB <clems71@gmail.com> Co-authored-by: Lutz Horn <code@lhorn.de> Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com> Co-authored-by: Peter Heise <pheise@koprolalie.com> Co-authored-by: Ben Yanke <ben@benyanke.com> Co-authored-by: fanlix <fanlix@gmail.com> Co-authored-by: Hank Donnay <hdonnay@gmail.com> * Cleanup Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> Co-authored-by: Zhou Wenzong <wenzong@users.noreply.github.com> Co-authored-by: Jairo Llopis <Yajo@users.noreply.github.com> Co-authored-by: Benedikt Kulmann <benedikt@kulmann.biz> Co-authored-by: Nicolai Willems <172633+nwillems@users.noreply.github.com> Co-authored-by: Thibault Soubiran <soubi.thibault@gmail.com> Co-authored-by: Clement JACOB <clems71@gmail.com> Co-authored-by: Lutz Horn <code@lhorn.de> Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com> Co-authored-by: Peter Heise <pheise@koprolalie.com> Co-authored-by: Ben Yanke <ben@benyanke.com> Co-authored-by: fanlix <fanlix@gmail.com> Co-authored-by: Hank Donnay <hdonnay@gmail.com> * Feature/dbsshkeys (#262) * Dev -> Master after v1/v2 cleanup (#261) * Reverse pull request from master to dev. Reverse pull request. * Fix/docker latest tag (#260) * Dev (#254) * use functional options pattern to inject logr (#124) * use functional options pattern to inject logr Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * cleanup log formatting Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * allow clean shutdown (#126) * fix owncloud posix query, log message and provisioning api results (#128) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * don't hardcode graphapi endpoint Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * add support for write handlers (#135) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * config: match shadowaccount objectlcass (#136) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Makefile compatiblility (#134) Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> * update travis.yml (#154) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * check owncloud status code is ok (#153) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Bulid and push multiarch docker images (#142) Fix #141. With this change, a github action is added that builds a multiarch docker image on every commit, supporting x86_64, aarch64 and arm/v7. When the action is triggered on a release or tag, it also uploads the versioned image to github container image registry. Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> * don't mix graph and provisioning api (#157) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Reuse http client as much as possible and allow insecure transport (#160) * Allow using configmaps when deploying in kubernetes (#161) * Ensure config watcher also works in kubernetes When using configmaps in kubernetes, the file is a symlink, and then file-watcher is not opdated with a write event. Instead it receives a CHMOD and a REMOVE event. This change adds two things 1) Removal of the current wacther and adding of a new watcher for the same path 2) The do-reload conditional is updated to also include the remove event. * Align write and removed conditionals * Fix API server json formating (#163) (#164) * Update README.md (#167) Fixing bad port in quickstart * Use port 3893 with ldapsearch in example (#150) * feat: add flags for ldap listen addresses (#169) Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com> * Assets build fix. (#171) * Docker build fix. * Makefile fix. * update readme, config and deps (#170) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Remove byanke's donation fields * Database plugins (#133) This commit actually covers a few items. In future commits, I will keep features distinct. This is only happening this time around due to how long it took to merge this branch. Covered: - Database plugins (at this time: SQLite, MySQL, Postgres) - Backends acting as middleware: added the [[Backends]] configuration directive while retaining backward compatibility with [Backend] - Schema introspection (root DSE query with base scope) - When proxying, insert queried attribute back in upstream response, if absent, so that the LDAP library does not filter out all entries - When chaining backends, any backend can be used to inject OTP value in password, before reaching a non-OTP-aware backend (currently guarded by a True statement in case we find an issue (I did thoroughly test but you never know)) - Handling of special "1.1" attributes filter meaning "I do not want attributes" (RFC 4511, 4.5.1.8) - Support for "want types only" queries, even when proxying * Mac M1 Support and LDAP Req Attributes (#192) * Mac M1 Support * Augmented root DSS and schema discovery based on content of schema directory * LDAP workaround where req. attribute gets injected in response now works with combined filters * SubSchema query can return a minimal set, freeipa or openldap's schemas * Feature/upgrade ldap library version (#194) * Stronger, salted paswords using bcrypt. (#195) * Fixed badges in README file and added a couple improvements (#196) * fix lock for ownCloud / graph backend (#198) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * the config struct is only needed by the config backend (#199) * Variable "unixid" is now respectively "UIDNumber" and "GIDNumber" for… (#201) * fix: keep watch config file when changed,renamed,removed (#189) I will need to run `glauth.go` through `gofmt` myself but that is fine. * Returning when unable to start config watcher (#203) * Introducing goconvey testing and refactoring of config and ... (#204) * Introducing goconvey testing and refactoring of config and plugin backends. * gofmt, oops * Refactored re-insertion of requested attributes * Allow bind operations with no group provided (#205) * Support for userPrincipalName binding and browsing. (#206) * Support for userPrincipalName binding and browsing. * Fixed travis CI test for userprincipalname * fixing travis tests for more users * Rate limit after failed binds (#207) * Capabilities -- part 2 (#214) + do not dump config at startup * Attempting migration from Travis to Github Actions * Migration Step#2 * Migration Step#3 * Migration Step#4 * Migration Step#5 * Migration Step#6 * Migration Step#7 * Migration Step#8 * Migration Step#9 * Migration Step#9 * Migration dev... * Migration dev... * Migration dev... * Migration dev... * Docker with plugins, first step (#215) * Docker with plugins, first step * Build better docker images, including plugins * Merge back from dev to feature branch step #2 * Added capabilities to CI * - Now creating two docker images, including one with plugins - Moving from Travis CI to GitHub Actions * Plugins now run on distroless (#217) * Getting rid of Travis CI now that it doesn't support FOSS anymore. * Internal Stats -- performance view (#221) * Local merge * Update CI to forget about bindata * Forgot to cleanup the cleanup... * assets: use stdlib "embed" package (#200) This should make it easier to include GLAuth in other projects using `go get` * 'Airgapping' web assets for security and preventing breakage (#227) * v2 -- V2 hierarchy (#228) * Search refactoring, tree traversal and scope correctness (#229) Search refactoring, tree traversal and scope correctness. * Feature/multi cfg (#233) * Feature/custom attributes (#240) * Makefiles: platform releases (#241) * Feature/release script (#242) * Bug/fix docker build in v2 (#244) * Fix #246 and #252 Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> Co-authored-by: Zhou Wenzong <wenzong@users.noreply.github.com> Co-authored-by: Jairo Llopis <Yajo@users.noreply.github.com> Co-authored-by: Benedikt Kulmann <benedikt@kulmann.biz> Co-authored-by: Nicolai Willems <172633+nwillems@users.noreply.github.com> Co-authored-by: Thibault Soubiran <soubi.thibault@gmail.com> Co-authored-by: Clement JACOB <clems71@gmail.com> Co-authored-by: Lutz Horn <code@lhorn.de> Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com> Co-authored-by: Peter Heise <pheise@koprolalie.com> Co-authored-by: Ben Yanke <ben@benyanke.com> Co-authored-by: fanlix <fanlix@gmail.com> Co-authored-by: Hank Donnay <hdonnay@gmail.com> * Cleanup Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> Co-authored-by: Zhou Wenzong <wenzong@users.noreply.github.com> Co-authored-by: Jairo Llopis <Yajo@users.noreply.github.com> Co-authored-by: Benedikt Kulmann <benedikt@kulmann.biz> Co-authored-by: Nicolai Willems <172633+nwillems@users.noreply.github.com> Co-authored-by: Thibault Soubiran <soubi.thibault@gmail.com> Co-authored-by: Clement JACOB <clems71@gmail.com> Co-authored-by: Lutz Horn <code@lhorn.de> Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com> Co-authored-by: Peter Heise <pheise@koprolalie.com> Co-authored-by: Ben Yanke <ben@benyanke.com> Co-authored-by: fanlix <fanlix@gmail.com> Co-authored-by: Hank Donnay <hdonnay@gmail.com> Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> Co-authored-by: Zhou Wenzong <wenzong@users.noreply.github.com> Co-authored-by: Jairo Llopis <Yajo@users.noreply.github.com> Co-authored-by: Benedikt Kulmann <benedikt@kulmann.biz> Co-authored-by: Nicolai Willems <172633+nwillems@users.noreply.github.com> Co-authored-by: Thibault Soubiran <soubi.thibault@gmail.com> Co-authored-by: Clement JACOB <clems71@gmail.com> Co-authored-by: Lutz Horn <code@lhorn.de> Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com> Co-authored-by: Peter Heise <pheise@koprolalie.com> Co-authored-by: Ben Yanke <ben@benyanke.com> Co-authored-by: fanlix <fanlix@gmail.com> Co-authored-by: Hank Donnay <hdonnay@gmail.com> * SSH Keys support in database plugins Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> Co-authored-by: Zhou Wenzong <wenzong@users.noreply.github.com> Co-authored-by: Jairo Llopis <Yajo@users.noreply.github.com> Co-authored-by: Benedikt Kulmann <benedikt@kulmann.biz> Co-authored-by: Nicolai Willems <172633+nwillems@users.noreply.github.com> Co-authored-by: Thibault Soubiran <soubi.thibault@gmail.com> Co-authored-by: Clement JACOB <clems71@gmail.com> Co-authored-by: Lutz Horn <code@lhorn.de> Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com> Co-authored-by: Peter Heise <pheise@koprolalie.com> Co-authored-by: Ben Yanke <ben@benyanke.com> Co-authored-by: fanlix <fanlix@gmail.com> Co-authored-by: Hank Donnay <hdonnay@gmail.com> * Better plugin build for darwin * add link to documentation, only discovered it while perusing issues list (#276) * Plugin: Unix PAM Authentication (#263) (#277) * Plugin: Unix PAM Authentication (#263) * Add plugin using pam authentication Adds an additional plugin which us authenticating against the PAM unix backend and exposing users and groups local to the machine glauth is running on. This can be used to expose local users for authentication in other services which support ldap only. * plugins: pam: Rewrite Bind() to use ldapopshelper Modernizes the implementation of Bind() to make use of the helper functions provided by LDAPOpsHelper. In order to support custom authentication the existing config.User has received an additional PassAppCustom property which allows to specify a custom authentication callback for a user. In case of the PAM backend this will be used to authenticate against the local PAM database. * plugins: pam: Rewrite Search() to use ldapopshelper Modernizes the implementation of Search() to make use of the helper functions provided by LDAPOpsHelper. * plugins: pam: Capability through group membership Adds a configuration option which decides if a user gets the search capability or not based on the group memberships of a user. * plugins: pam: Apply formatting Runs gofmt and go get on all changes done earlier * plugins: pam: Address feedback from CodeClimate - reduce code similarity - document new exports - address casing of variables and functions - reduce complexity of FindPosixGroups() - reduce complexity of FindPosixAccounts() - fix else branch in ldapopshelper Co-authored-by: Marius Zwicker <marius.zwicker@mlba-team.de> * Updated README for pam plugin * Updated README for pam plugin Co-authored-by: Marius Zwicker <marius@mlba-team.de> Co-authored-by: Marius Zwicker <marius.zwicker@mlba-team.de> * Removing db plugins * Changing plugind package * Remove main frmo plugin * Move plugins to their own repos (#283) * Plugins release build delegated to plugin Makefile * Build and push docker containers * README points to documentation * Shortened README * Prometheus exported (#284) * Prometheus exporter * Feature/zerolog (#285) * Zerolog * Adjusted logging levels * Structured logging including ldap library * Feature/check config (#286) Add config check `--check-config` * Removed last trace of old docker files Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> Co-authored-by: Zhou Wenzong <wenzong@users.noreply.github.com> Co-authored-by: Jairo Llopis <Yajo@users.noreply.github.com> Co-authored-by: Benedikt Kulmann <benedikt@kulmann.biz> Co-authored-by: Nicolai Willems <172633+nwillems@users.noreply.github.com> Co-authored-by: Thibault Soubiran <soubi.thibault@gmail.com> Co-authored-by: Clement JACOB <clems71@gmail.com> Co-authored-by: Lutz Horn <code@lhorn.de> Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com> Co-authored-by: Peter Heise <pheise@koprolalie.com> Co-authored-by: Ben Yanke <ben@benyanke.com> Co-authored-by: fanlix <fanlix@gmail.com> Co-authored-by: Hank Donnay <hdonnay@gmail.com> Co-authored-by: dlitster <davidlitster@gmail.com> Co-authored-by: Marius Zwicker <marius@mlba-team.de> Co-authored-by: Marius Zwicker <marius.zwicker@mlba-team.de>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Me again!
Following your feedback, things are now much lighter: CGO dependencies are gone and, more importantly, I am now using Go's plugin mechanism so that the database backends are not compiled in GLAuth by default.
I added 3 simple targets so that either of them can be easily compiled to a dynamically loadable plugin.
You will also note that everything is self contained in its own package.