[server] Rename ldap.search => ldap.dn_lookup

2026-01-06 19:49:56 -06:00 · 2025-06-30 11:14:10 +05:30
parent f539e70f7a
commit 4831bd60eb
2 changed files with 22 additions and 22 deletions
--- a/server/internal/auth/ldap/ldap.go
+++ b/server/internal/auth/ldap/ldap.go
@@ -17,16 +17,16 @@ import (
 )

 type Config struct {
-	Debug          bool         `koanf:"debug"`
-	URL            string       `koanf:"url"`
-	StartTLS       bool         `koanf:"starttls"`
-	ConnectTimeout string       `koanf:"connect_timeout"`
-	RequestTimeout string       `koanf:"request_timeout"`
-	DNTemplate     string       `koanf:"dn_template"`
-	Search         SearchConfig `koanf:"search"`
+	Debug          bool           `koanf:"debug"`
+	URL            string         `koanf:"url"`
+	StartTLS       bool           `koanf:"starttls"`
+	ConnectTimeout string         `koanf:"connect_timeout"`
+	RequestTimeout string         `koanf:"request_timeout"`
+	DNTemplate     string         `koanf:"dn_template"`
+	DNLookup       DNLookupConfig `koanf:"dn_lookup"`
 }

-type SearchConfig struct {
+type DNLookupConfig struct {
 	BindDN         string `koanf:"bind_dn"`
 	BindPassword   string `koanf:"bind_password"`
 	BaseDN         string `koanf:"base_dn"`
@@ -43,7 +43,7 @@ type Auth struct {
 	connectTimeout time.Duration
 	readTimeout    time.Duration
 	dnTemplate     string
-	search         SearchConfig
+	search         DNLookupConfig
 }

 var a Auth
@@ -56,14 +56,14 @@ func NewAuth(cfg Config, log zerolog.Logger) (*Auth, error) {

 	info := a.log.Debug()
 	if cfg.DNTemplate == "" {
-		if cfg.Search.BaseDN == "" {
+		if cfg.DNLookup.BaseDN == "" {
 			return nil, errors.New("base DN not set")
 		}
-		if cfg.Search.FilterTemplate == "" {
+		if cfg.DNLookup.FilterTemplate == "" {
 			return nil, errors.New("filter template not set")
 		}
-		info = info.Str("base_dn", cfg.Search.BaseDN)
-		info = info.Str("filter_template", cfg.Search.FilterTemplate)
+		info = info.Str("base_dn", cfg.DNLookup.BaseDN)
+		info = info.Str("filter_template", cfg.DNLookup.FilterTemplate)
 	} else {
 		info = info.Str("dn_template", cfg.DNTemplate)
 	}
@@ -93,7 +93,7 @@ func NewAuth(cfg Config, log zerolog.Logger) (*Auth, error) {
 		a.readTimeout = d
 	}
 	a.dnTemplate = cfg.DNTemplate
-	a.search = cfg.Search
+	a.search = cfg.DNLookup

 	var err error
 	a.conn, err = a.newConn()
--- a/server/internal/command/config.defaults.yml
+++ b/server/internal/command/config.defaults.yml
@@ -43,16 +43,16 @@ auth:
      starttls: false
      connect_timeout: 30s
      request_timeout: 30s
-      dn_template: 
-      search:
-        bind_dn:
-        bind_password: 
-        base_dn:
-        filter_template:
+      # dn_template: cn={email},ou=people,dc=example,dc=com
+      # search:
+      #   bind_dn: cn=phylumbind,ou=people,dc=example,dc=com
+      #   bind_password: ldap_password_for_phylumbind_user
+      #   base_dn: dc=example,dc=com
+      #   filter_template: (mail={email})
  # openid:
  #   clients:
-  #     - id: google
-  #       name: Google
+  #     - id: google        # internal ID, prefer lower-kebab-case or lower_camel_case
+  #       name: Google      # to be displayed to the user as 'Log In with <name>'
  #       issuer_url: https://accounts.google.com
  #       client_id:
  #       client_secret: