kanidm_ldap_sync/
config.rs

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
use kanidm_proto::constants::{ATTR_UID, LDAP_ATTR_CN, LDAP_CLASS_GROUPOFNAMES};
use kanidmd_lib::prelude::{Attribute, EntryClass};
use serde::Deserialize;
use std::collections::BTreeMap;
use url::Url;
use uuid::Uuid;

use ldap3_client::proto::LdapFilter;

fn person_objectclass() -> String {
    EntryClass::Person.to_string()
}

fn person_attr_user_name() -> String {
    ATTR_UID.to_string()
}

fn person_attr_display_name() -> String {
    LDAP_ATTR_CN.to_string()
}

fn person_attr_gidnumber() -> String {
    Attribute::UidNumber.to_string()
}

fn person_attr_password() -> String {
    Attribute::UserPassword.to_string()
}

fn person_attr_login_shell() -> String {
    Attribute::LoginShell.to_string()
}

fn person_attr_mail() -> String {
    Attribute::Mail.to_string()
}

fn person_attr_ssh_public_key() -> String {
    Attribute::LdapSshPublicKey.to_string()
}

fn group_objectclass() -> String {
    LDAP_CLASS_GROUPOFNAMES.to_string()
}

fn group_attr_name() -> String {
    Attribute::Cn.to_string()
}

fn group_attr_description() -> String {
    Attribute::Description.to_string()
}

fn group_attr_member() -> String {
    Attribute::Member.to_string()
}

fn group_attr_gidnumber() -> String {
    Attribute::GidNumber.to_string()
}

#[derive(Debug, Deserialize)]
pub struct Config {
    pub sync_token: String,
    pub schedule: Option<String>,
    pub status_bind: Option<String>,
    pub ldap_uri: Url,
    pub ldap_ca: String,
    pub ldap_sync_dn: String,
    pub ldap_sync_pw: String,
    pub ldap_sync_base_dn: String,

    pub ldap_filter: LdapFilter,

    pub sync_password_as_unix_password: Option<bool>,

    #[serde(default = "person_objectclass")]
    pub person_objectclass: String,
    #[serde(default = "person_attr_user_name")]
    pub person_attr_user_name: String,
    #[serde(default = "person_attr_display_name")]
    pub person_attr_display_name: String,
    #[serde(default = "person_attr_gidnumber")]
    pub person_attr_gidnumber: String,
    #[serde(default = "person_attr_password")]
    pub person_attr_password: String,
    pub person_password_prefix: Option<String>,
    #[serde(default = "person_attr_login_shell")]
    pub person_attr_login_shell: String,
    #[serde(default = "person_attr_mail")]
    pub person_attr_mail: String,
    #[serde(default = "person_attr_ssh_public_key")]
    pub person_attr_ssh_public_key: String,

    #[serde(default = "group_objectclass")]
    pub group_objectclass: String,
    #[serde(default = "group_attr_name")]
    pub group_attr_name: String,
    #[serde(default = "group_attr_description")]
    pub group_attr_description: String,
    #[serde(default = "group_attr_gidnumber")]
    pub group_attr_gidnumber: String,
    #[serde(default = "group_attr_member")]
    pub group_attr_member: String,

    #[serde(flatten)]
    pub entry_map: BTreeMap<Uuid, EntryConfig>,

    /// Maximum LDAP message size (in kilobytes)
    pub max_ber_size: Option<usize>,
}

#[derive(Debug, Deserialize, Default, Clone)]
pub struct EntryConfig {
    // Default false
    #[serde(default)]
    pub exclude: bool,

    pub map_uuid: Option<Uuid>,
    pub map_name: Option<String>,
    pub map_gidnumber: Option<u32>,
}