The Kanidmd server library. This implements all of the internal components of the server which is used to process authentication, store identities and enforce access controls.
The backend. This contains the “low level” storage and query code, which is implemented as a json-like kv document database. This has no rules about content of the server, which are all enforced at higher levels. The role of the backend is to persist content safely to disk, load that content, and execute queries utilising indexes in the most effective way possible.
The server configuration as processed from the startup wrapper. This controls a number of variables that determine how our backends, query server, and frontends are configured.
These contain the server “cores”. These are able to startup the server (bootstrap) to a running state and then execute tasks. This is where modules are logically ordered based on their depenedncies for execution. Some of these are task-only i.e. reindexing, and some of these launch the server into a fully operational state (https, ldap, etc).
event is a self contained module of data, that contains all of the
required information for any operation to proceed. While there are many
types of potential events, they all eventually lower to one of:
Filters are one of the three foundational concepts of the design in kanidm.
They are used in nearly every aspect of the server to provide searching of
datasets and assertion of entry properties.
Contains structures related to the Identity that initiated an
Event in the
server. Generally this Identity is what will have access controls applied to
and this provides the set of
Limits to confine how many resources that the
identity may consume during operations to prevent denial-of-service.
The Identity Management components that are layered ontop of the QueryServer. These allow rich and expressive events and transformations that are lowered into the correct/relevant actions in the QueryServer. Generally this is where “Identity Management” policy and code is implemented.
A prelude of imports that should be imported by all other Kanidm modules to help make imports cleaner.
server contains the query server, which is the main high level construction
to coordinate queries and operations in the server.
Inside an entry, the key-value pairs are stored in these
Value types. The components of
Value module allow storage and transformation of various types of input into strongly
typed values, allows their comparison, filtering and more. It also has the code for serialising
these into a form for the backend that can be persistent into the