Exemple #1
0
func (b *RFC2307Builder) getRFC2307LDAPInterface() (*rfc2307.LDAPInterface, error) {
	if b.rfc2307LDAPInterface != nil {
		return b.rfc2307LDAPInterface, nil
	}

	groupQuery, err := ldaputil.NewLDAPQueryOnAttribute(b.Config.AllGroupsQuery, b.Config.GroupUIDAttribute)
	if err != nil {
		return nil, err
	}
	userQuery, err := ldaputil.NewLDAPQueryOnAttribute(b.Config.AllUsersQuery, b.Config.UserUIDAttribute)
	if err != nil {
		return nil, err
	}
	return rfc2307.NewLDAPInterface(b.ClientConfig,
		groupQuery, b.Config.GroupNameAttributes, b.Config.GroupMembershipAttributes,
		userQuery, b.Config.UserNameAttributes), nil
}
Exemple #2
0
func (b *AugmentedADSyncBuilder) getAugmentedADLDAPInterface() (*ad.AugmentedADLDAPInterface, error) {
	if b.augmentedADLDAPInterface != nil {
		return b.augmentedADLDAPInterface, nil
	}

	userQuery, err := ldaputil.NewLDAPQuery(b.Config.AllUsersQuery)
	if err != nil {
		return nil, err
	}
	groupQuery, err := ldaputil.NewLDAPQueryOnAttribute(b.Config.AllGroupsQuery, b.Config.GroupUIDAttribute)
	if err != nil {
		return nil, err
	}
	return ad.NewAugmentedADLDAPInterface(b.ClientConfig,
		userQuery, b.Config.GroupMembershipAttributes, b.Config.UserNameAttributes,
		groupQuery, b.Config.GroupNameAttributes), nil
}
Exemple #3
0
// Run creates the GroupSyncer specified and runs it to sync groups
// the arguments are only here because its the only way to get the printer we need
func (o *SyncGroupsOptions) Run(cmd *cobra.Command, f *clientcmd.Factory) error {
	// In order to create the GroupSyncer, we need to build its' parts:
	// interpret user-provided configuration
	clientConfig, err := ldaputil.NewLDAPClientConfig(
		o.Config.URL,
		o.Config.BindDN,
		o.Config.BindPassword,
		o.Config.CA,
		o.Config.Insecure)
	if err != nil {
		return fmt.Errorf("could not determine LDAP client configuration: %v", err)
	}

	// populate schema-independent syncer fields
	syncer := LDAPGroupSyncer{
		Host:         clientConfig.Host,
		GroupClient:  o.GroupInterface,
		SyncExisting: o.SyncExisting,
	}

	if len(o.Config.LDAPGroupUIDToOpenShiftGroupNameMapping) > 0 {
		syncer.GroupNameMapper = NewUserDefinedGroupNameMapper(o.Config.LDAPGroupUIDToOpenShiftGroupNameMapping)
	}

	switch {
	case o.Config.RFC2307Config != nil:
		syncer.UserNameMapper = NewUserNameMapper(o.Config.RFC2307Config.UserNameAttributes)

		// config values are internalized
		groupQuery, err := ldaputil.NewLDAPQueryOnAttribute(o.Config.RFC2307Config.AllGroupsQuery, o.Config.RFC2307Config.GroupUIDAttribute)
		if err != nil {
			return err
		}

		userQuery, err := ldaputil.NewLDAPQueryOnAttribute(o.Config.RFC2307Config.AllUsersQuery, o.Config.RFC2307Config.UserUIDAttribute)
		if err != nil {
			return err
		}

		// the schema-specific ldapInterface is built from the config
		ldapInterface := rfc2307.NewLDAPInterface(clientConfig,
			groupQuery,
			o.Config.RFC2307Config.GroupNameAttributes,
			o.Config.RFC2307Config.GroupMembershipAttributes,
			userQuery,
			o.Config.RFC2307Config.UserNameAttributes)

		// The LDAPInterface knows how to extract group members
		syncer.GroupMemberExtractor = &ldapInterface

		// In order to build the GroupNameMapper, we need to know if the user defined a hard mapping
		// or one based on LDAP group entry attributes
		if syncer.GroupNameMapper == nil {
			if o.Config.RFC2307Config.GroupNameAttributes == nil {
				return errors.New("not enough information to build a group name mapper")
			}
			syncer.GroupNameMapper = NewEntryAttributeGroupNameMapper(o.Config.RFC2307Config.GroupNameAttributes, &ldapInterface)
		}

		// In order to build the groupLister, we need to know about the group sync scope and source:
		syncer.GroupLister = getGroupLister(o.Scope,
			o.Source,
			o.WhitelistContents,
			o.GroupInterface,
			clientConfig.Host,
			&ldapInterface)

	case o.Config.ActiveDirectoryConfig != nil:
		syncer.UserNameMapper = NewUserNameMapper(o.Config.ActiveDirectoryConfig.UserNameAttributes)

		// config values are internalized

		userQuery, err := ldaputil.NewLDAPQueryOnAttribute(o.Config.ActiveDirectoryConfig.AllUsersQuery, "dn")
		if err != nil {
			return err
		}

		// the schema-specific ldapInterface is built from the config
		ldapInterface := ad.NewLDAPInterface(clientConfig,
			userQuery,
			o.Config.ActiveDirectoryConfig.GroupMembershipAttributes,
			o.Config.ActiveDirectoryConfig.UserNameAttributes)

		// The LDAPInterface knows how to extract group members
		syncer.GroupMemberExtractor = &ldapInterface

		// In order to build the GroupNameMapper, we need to know if the user defined a hard mapping
		// or one based on LDAP group entry attributes
		if syncer.GroupNameMapper == nil {
			syncer.GroupNameMapper = &DNLDAPGroupNameMapper{}
		}

		// In order to build the groupLister, we need to know about the group sync scope and source:
		syncer.GroupLister = getGroupLister(o.Scope,
			o.Source,
			o.WhitelistContents,
			o.GroupInterface,
			clientConfig.Host,
			&ldapInterface)

	case o.Config.AugmentedActiveDirectoryConfig != nil:
		fallthrough
	default:
		return fmt.Errorf("invalid schema-specific query template type: %v", o.Config.RFC2307Config)
	}

	// Now we run the Syncer and report any errors
	if o.Confirm {
		syncErrors := syncer.Sync()
		return kerrs.NewAggregate(syncErrors)
	}

	openshiftGroups, errors := syncer.GetResultingGroups()
	list := &kapi.List{}
	for _, item := range openshiftGroups {
		list.Items = append(list.Items, item)
	}
	if err := f.Factory.PrintObject(cmd, list, o.Out); err != nil {
		return err
	}

	return kerrs.NewAggregate(errors)

}
Exemple #4
0
// Run creates the GroupSyncer specified and runs it to sync groups
func (o *SyncGroupsOptions) Run() error {
	// In order to create the GroupSyncer, we need to build its' parts:
	// interpret user-provided configuration
	clientConfig, err := ldaputil.NewLDAPClientConfig(
		o.Config.Host,
		o.Config.BindDN,
		o.Config.BindPassword,
		o.Config.CA,
		o.Config.Insecure)
	if err != nil {
		return fmt.Errorf("could not determine LDAP client configuration: %v", err)
	}

	// populate schema-independent syncer fields
	syncer := LDAPGroupSyncer{
		Host:         clientConfig.Host,
		GroupClient:  o.GroupInterface,
		SyncExisting: o.SyncExisting,
	}

	switch {
	case o.Config.RFC2307Config != nil:
		syncer.UserNameMapper = NewUserNameMapper(o.Config.RFC2307Config.UserNameAttributes)

		// config values are internalized
		groupQuery, err := ldaputil.NewLDAPQueryOnAttribute(o.Config.RFC2307Config.GroupQuery)
		if err != nil {
			return err
		}

		userQuery, err := ldaputil.NewLDAPQueryOnAttribute(o.Config.RFC2307Config.UserQuery)
		if err != nil {
			return err
		}

		// the schema-specific ldapInterface is built from the config
		ldapInterface := rfc2307.NewLDAPInterface(clientConfig,
			groupQuery,
			o.Config.RFC2307Config.GroupNameAttributes,
			o.Config.RFC2307Config.GroupMembershipAttributes,
			userQuery,
			o.Config.RFC2307Config.UserNameAttributes)

		// The LDAPInterface knows how to extract group members
		syncer.GroupMemberExtractor = &ldapInterface

		// In order to build the GroupNameMapper, we need to know if the user defined a hard mapping
		// or one based on LDAP group entry attributes
		syncer.GroupNameMapper = getGroupNameMapper(o.Config.LDAPGroupUIDToOpenShiftGroupNameMapping,
			o.Config.RFC2307Config.GroupNameAttributes,
			&ldapInterface)

		// In order to build the groupLister, we need to know about the group sync scope and source:
		syncer.GroupLister = getGroupLister(o.Scope,
			o.Source,
			o.WhitelistContents,
			o.GroupInterface,
			clientConfig.Host,
			&ldapInterface)

	case o.Config.ActiveDirectoryConfig != nil:
		fallthrough
	case o.Config.AugmentedActiveDirectoryConfig != nil:
		fallthrough
	default:
		return fmt.Errorf("invalid schema-specific query template type: %v", o.Config.RFC2307Config)
	}

	// Now we run the Syncer and report any errors
	syncErrors := syncer.Sync()
	return kerrs.NewAggregate(syncErrors)
}