Commit Graph

13 Commits

Author SHA1 Message Date
Marcus Efraimsson
285ebd3413
Chore: Resolve random failure with golangci-lint (#21970) 2020-02-07 15:53:03 +01:00
Jon Gyllenswärd
cce5557145
LDAP: All LDAP servers should be tried even if one of them returns a connection error (#20077)
All ldap servers are now being tried and the first one that gives back an answer is used if a previous one is failing. Applies to login and syncing
2019-11-05 08:58:59 +01:00
gotjosh
279249ef56
Multi-LDAP: Do not fail-fast on invalid credentials (#19261)
* Multi-LDAP: Do not fail-fast on invalid credentials

When configuring LDAP authentication, it is very common to have multiple
servers configured. When using user bind (authenticating with LDAP using
the same credentials as the user authenticating to Grafana) we don't
expect all the users to be on all LDAP servers.

Because of this use-case, we should not fail-fast when authenticating on
multiple LDAP server configurations. Instead, we should continue to try
the credentials with the next LDAP server configured.

Fixes #19066
2019-09-23 13:34:05 +01:00
gotjosh
99c799e9b7
Close the connection only if we establish it. (#18897) 2019-09-16 14:13:35 +01:00
gotjosh
7c6dd1868b
LDAP: Add API endpoint to query the LDAP server(s) status (#18868)
* LDAP: Add API endpoint to query the LDAP server(s) status|

This endpoint returns the current status(es) of the configured LDAP server(s).

The status of each server is verified by dialling and if no error is returned we assume the server is operational.

This is the last piece I'll produce as an API before moving into #18759 and see the view come to life.
2019-09-04 15:29:14 +01:00
gotjosh
0cbbb43222
LDAP: Add API endpoint to debug user mapping from LDAP (#18833)
* Move the ReloadLDAPCfg function to the debug file

Appears to be a better suite place for this.

* LDAP: Return the server information when we find a specific user

We allow you to specify multiple LDAP servers as part of LDAP authentication integration. As part of searching for specific users, we need to understand from which server they come from. Returning the server configuration as part of the search will help us do two things:

- Understand in which server we found the user
- Have access the groups specified as part of the server configuration

* LDAP: Adds the /api/admin/ldap/:username endpoint

This endpoint returns a user found within the configured LDAP server(s). Moreso, it provides the mapping information for the user to help administrators understand how the users would be created within Grafana based on the current configuration.

No changes are executed or saved to the database, this is all an in-memory representation of how the final result would look like.
2019-09-03 18:34:44 +01:00
Oleg Gaidarenko
02af966964
LDAP: multildap + ldap integration (#18588)
It seems `ldap` module introduced new error type of which
multildap module didn't know about.

This broke the multildap login logic

Fixes #18491
Ref #18587
2019-08-19 00:52:32 +03:00
Leonard Gram
5d3a60d46e
LDAP: Adds bind before searching LDAP for non-login cases. (#18023) 2019-07-10 12:25:21 +02:00
Oleg Gaidarenko
1c08e58605
LDAP: small improvements to various LDAP parts (#17662)
* Add multildap config example

* Publicize mocks for multildap module
2019-06-19 15:46:04 +02:00
Oleg Gaidarenko
1b1d951495 LDAP: refactoring (#17479)
* LDAP: use only one struct

* Use only models.ExternalUserInfo

* Add additional helper method :/

* Move all the helpers to one module

* LDAP: refactoring

* Rename some of the public methods and change their behaviour

* Remove outdated methods

* Simplify logic

* More tests
  There is no and never were tests for settings.go, added tests for helper
  methods (cover is now about 100% for them). Added tests for the main
  LDAP logic, but there is some stuff to add. Dial() is not tested and not
  decoupled. It might be a challenge to do it properly

* Restructure tests:
   * they wouldn't depend on external modules
   * more consistent naming
   * logical division

* More guards for erroneous paths

* Login: make login service an explicit dependency

* LDAP: remove no longer needed test helper fns

* LDAP: remove useless import

* LDAP: Use new interface in multildap module

* LDAP: corrections for the groups of multiple users

* In case there is several users their groups weren't detected correctly

* Simplify helpers module
2019-06-13 16:47:51 +02:00
Oleg Gaidarenko
2316414786
Add tests for multildap (#17358)
That should get us to 100% coverage
2019-06-07 15:16:00 +03:00
Oleg Gaidarenko
de92c360a1
LDAP: reduce API and allow its extension (#17209)
* Removes Add/Remove methods

* Publicise necessary fields and methods so we could extend it

* Publicise mock API

* More comments and additional simplifications

* Sync with master

Still having low coverage :/ - should be addressed in #17208
2019-05-27 10:36:49 +03:00
Oleg Gaidarenko
35f227de11
Feature: LDAP refactoring (#16950)
* incapsulates multipleldap logic under one module

* abstracts users upsert and get logic

* changes some of the text error messages and import sort sequence

* heavily refactors the LDAP module – LDAP module now only deals with LDAP related behaviour

* integrates affected auth_proxy module and their tests

* refactoring of the auth_proxy logic
2019-05-17 14:57:26 +03:00