scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-04 04:28:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
18,722 Commits 2,630 Branches 341 Tags
auto-plugin-update/hashicorp/vault-plugin-database-elasticsearch/auto-dependency-upgrades
Commit Graph

37 Commits

Author SHA1 Message Date
Raymond Ho
25221fe012 downgrade go-ldap client to v3.4.4 due to race conditions in tests (#23103) 2023-09-14 23:18:20 +00:00
Raymond Ho
018e5675fe VAULT 18227/introduce cap ldap library (#22185) 2023-09-14 10:26:29 -07:00
Jason O'Donnell
4e963c4c5b Add worker pool for LDAP group lookup (#22659) 
* Add worker pool for LDAP group lookup

* changelog

* Add lock

* derefAliases disappeared
 2023-08-31 19:34:23 +00:00
Raymond Ho
f8dd46acb8 Address LDAP issues (#22249) 2023-08-08 13:49:26 -07:00
Luis (LT) Carbonell
21b3262e9f Correct Default for MaximumPageSize (#20453) 
* default max page size for config

* Add changelog

* update test int to *int

* add testing defaults

* update default to -1, i.e. dont paginate

* update test

* Add error message for invalid search

* Make 0 the default

* cleanup

* Add to known issues doc

* Update website/content/docs/upgrading/upgrade-to-1.13.x.mdx

* Update website/content/docs/upgrading/upgrade-to-1.11.x.mdx

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* Update website/content/docs/upgrading/upgrade-to-1.13.x.mdx

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* Update website/content/docs/upgrading/upgrade-to-1.12.x.mdx

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* Add workaround to docs

* Update changelog/20453.txt

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>

---------

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>
 2023-05-17 20:56:53 +00:00
Luis (LT) Carbonell
7f2deb1420 Add Configurable LDAP Max Page Size (#19032) 
* Add config flag for LDAP max page size

* Add changelog

* move changelog to correct file

* cleanup

* Default to non-paged searching for with -1

* Update website/content/api-docs/auth/ldap.mdx

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>

* Update website/content/docs/auth/ldap.mdx

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>

* Update tests

---------

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>
 2023-04-20 20:39:27 +00:00
Jason O'Donnell
d5584b614a sdk/ldap: update interface to use DialURL (#20200) 
* sdk/ldap: update interface to use DialURL

* Fix scheme

* Fix race condition

* Add tls config dialopt
 2023-04-17 16:34:10 -04:00
Jason O'Donnell
2f7f0d2db9 sdk/ldaputil: add connection_timeout configurable (#20144) 
* sdk/ldaputil: add connection_timeout configurable

* changelog

* Update doc

* Fix test

* Change default to 30s
 2023-04-13 12:43:28 -04:00
Hamid Ghaf
e55c18ed12 adding copyright header (#19555) 
* adding copyright header

* fix fmt and a test
 2023-03-15 09:00:52 -07:00
Austin Gebauer
4b9eb233ca ldaputil: adds comment on available text/template functions (#19469) 2023-03-06 19:38:42 -08:00
Jakob Beckmann
39f9e5e775 Allow alias dereferencing in LDAP searches (#18230) 
* impr(auth/ldap): allow to dereference aliases in searches

* docs: add documentation for LDAP alias dereferencing

* chore(auth/ldap): add changelog entry for PR 18230

* chore: run formatter

* fix: update default LDAP configuration with new default

* Update website/content/docs/auth/ldap.mdx

Co-authored-by: tjperry07 <tjperry07@users.noreply.github.com>

* docs(ldap): add alias dereferencing to API docs for LDAP

---------

Co-authored-by: tjperry07 <tjperry07@users.noreply.github.com>
 2023-02-24 13:49:17 -05:00
Luis (LT) Carbonell
cc570c11bb Add Paging Interface for LDAP Connection (#17640) 2022-10-26 14:05:53 -05:00
Rémi Lapeyre
03d923c14c Fix handling of username_as_alias during LDAP authentication (#15525) 
* Fix handling of username_as_alias during LDAP authentication

There is a bug that was introduced in the LDAP authentication method by https://github.com/hashicorp/vault/pull/11000.
It was thought to be backward compatible but has broken a number of users. Later
a new parameter `username_as_alias` was introduced in https://github.com/hashicorp/vault/pull/14324
to make it possible for operators to restore the previous behavior.
The way it is currently working is not completely backward compatible thought
because when username_as_alias is set, a call to GetUserAliasAttributeValue() will
first be made, then this value is completely discarded in pathLogin() and replaced
by the username as expected.

This is an issue because it makes useless calls to the LDAP server and will break
backward compatibility if one of the constraints in GetUserAliasAttributeValue()
is not respected, even though the resulting value will be discarded anyway.

In order to maintain backward compatibility here we have to only call
GetUserAliasAttributeValue() if necessary.

Since this change of behavior was introduced in 1.9, this fix will need to be
backported to the 1.9, 1.10 and 1.11 branches.

* Add changelog

* Add tests

* Format code

* Update builtin/credential/ldap/backend.go

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>

* Format and fix declaration

* Reword changelog

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>
 2022-05-20 14:17:26 -07:00
Jason O'Donnell
b064da37fc auth/ldap: add username_as_alias config flag (#14324) 2022-03-15 10:21:40 -04:00
Vinny Mannello
eadbe96507 EscapeLDAPValue - catch trailing escape character (#13452) 
* [VAULT-4018] - EscapeLDAPValue catch trailing escape character
 2021-12-15 13:17:07 -08:00
John-Michael Faircloth
fcc5b4abe1 ensure errors are checked (#12989) 2021-11-01 13:34:51 -05:00
Guillaume
4cc2673651 Added support for a LDAP user search filter. Documentation, tests and UI included (#11000) 2021-10-26 10:39:12 -07:00
John-Michael Faircloth
64f317e0aa fix struct tags and test in ldaputil (#12376) 
* fix struct tags and test in ldaputil

* update test to include ClientTLSCert and ClientTLSKey

* add cert and key to TestConfig test case
 2021-08-30 14:09:03 -05:00
Jeff Mitchell
861454e0ed Migrate to sdk/internalshared libs in go-secure-stdlib (#12090) 
* Swap sdk/helper libs to go-secure-stdlib

* Migrate to go-secure-stdlib reloadutil

* Migrate to go-secure-stdlib kv-builder

* Migrate to go-secure-stdlib gatedwriter
 2021-07-15 20:17:31 -04:00
John-Michael Faircloth
de13b64143 [ldap] auth method fix request_timeout (#11975) 
* [ldap] auth method fix request_timeout

* add changelog

* Update sdk/helper/ldaputil/config_test.go

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>

* Update sdk/helper/ldaputil/config_test.go

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>

* Update changelog/11975.txt

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>
 2021-07-01 13:33:01 -05:00
Brian Kassouf
a24653cc5c Run a more strict formatter over the code (#11312) 
* Update tooling

* Run gofumpt

* go mod vendor
 2021-04-08 09:43:39 -07:00
Brian Kassouf
2df57a0418 Fix a few static analysis findings (#11307) 2021-04-07 16:48:40 -07:00
Michael Golowka
3c477d49a7 Add 'Add' and 'Del' functions to LDAP interface (#10692) 2021-01-20 16:59:29 -07:00
ncabatoff
4e7c2ebfb0 Restore the original code used for setting userDN based on the result of our query. (#9041) 2020-05-20 14:47:59 -04:00
Jerry Aldrich
72071016e4 Fix error interpolation in LDAP client (#8426) 
Signed-off-by: jerryaldrichiii <jerryaldrichiii@gmail.com>
 2020-03-24 13:22:06 -07:00
Jorge Heleno
6eba9c0766 Add LDAP anonymous group search and client certs (#8365) 2020-03-06 10:27:09 -08:00
Gerardo Di Giacomo
0e8c6c2171 enabling TLS 1.3 support for TCP listeners (#8305) 
* adding support for TLS 1.3 for TCP listeners

* removed test as CI uses go 1.12

* removed Cassandra support, added deprecation notice

* re-added TestTCPListener_tls13
 2020-02-15 11:40:18 -08:00
Michel Vocks
348b04ecb4 Fix ldap client upndomain (#8333) 2020-02-14 10:26:30 -08:00
Becca Petrin
39455f38a8 Avoid potential panic in LDAP client (#8047) 
* fix potential panic

* add comment

* vendor the ldap update

* use localhost in test
 2019-12-17 16:33:59 -08:00
Calvin Leung Huang
6191cfaf91 sdk/ldaputil: add request_timeout configuration option (#7909) 
* sdk/ldaputil: add request_timeout configuration option

* go mod vendor
 2019-11-20 11:26:13 -08:00
Jeff Mitchell
82f2b55710 Bump go-ldap 
Closes https://github.com/hashicorp/vault/pull/7780

Changes to other parts of Vault have to come piece by piece, that's
next.
 2019-11-08 11:18:36 -05:00
Jeff Mitchell
7932afafe2 Port LDAP getCN changes to 1.2 branch (#7209) 2019-07-29 15:43:34 -04:00
Jeff Mitchell
dc51c00991 Update ldaputil to allow for modifying an existing config (#7038) 2019-07-01 16:12:32 -04:00
Madalyn
3c25b19aac update OpenAPI output to use DisplayAttributes struct (#6928) 2019-06-21 11:08:08 -04:00
Patrick Hayes
b9f054d8ab Maximum typo in Vault UI (#6743) 2019-05-16 08:44:34 +02:00
Jeff Mitchell
278bdd1f4e Switch to go modules (#6585) 
* Switch to go modules

* Make fmt
 2019-04-13 03:44:06 -04:00
Jeff Mitchell
f95571a361 Move ldaputil and tlsutil over to sdk 2019-04-12 18:26:54 -04:00