habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sources/ldap: add support for cert based auth (#5850)

Browse Source 
* ldap: support cert based auth

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ldap: default sni switch to off

* ldap: `get_info=NONE` on insufficient access error

* fix: Make file locale script

* ldap: add google ldap attribute mappings

* ldap: move google secure ldap blueprint to examples

Revert "ldap: add google ldap attribute mappings"

This reverts commit 8a861bb92c1bd763b6e7ec0513f73b3039a1adb4.

* ldap: remove `validate` for client cert auth

not strictly necessary

* ldap: write temp cert files more securely

* ldap: use first array value for sni when provided csv input

* don't specify tempdir

we set $TMPDIR in the dockerfile

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* limit API to only allow certificate key pairs with private key

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use maxsplit

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update locale

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
ChandonPierre
2023-06-12 09:41:44 -04:00
committed by GitHub
parent 8ddefb213f
commit 029395d08b
19 changed files with 680 additions and 121 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
web/xliff/pseudo-LOCALE.xlf
View File

@ -761,14 +761,6 @@
<trans-unit id="sb157267c85fdff30">
<source>Certificate</source>
</trans-unit>
<trans-unit id="s4eb524a2bb358f8b">
<source>Due to protocol limitations, this certificate is only used when the outpost has a single provider, or all providers use the same certificate.</source>
</trans-unit>
<trans-unit id="s73e9d580d6d96b02">
<source>If multiple providers share an outpost, a self-signed certificate is used.</source>
</trans-unit>
<trans-unit id="sac43cb9690260b86">
<source>UID start number</source>
@ -5973,6 +5965,27 @@ Bindings to groups/users are checked against the user of the event.</source>
</trans-unit>
<trans-unit id="s27976e94b05c6970">
<source>Activate</source>
</trans-unit>
<trans-unit id="s1024166475850a65">
<source>Use Server URI for SNI verification</source>
</trans-unit>
<trans-unit id="se65beb94fffc3c4b">
<source>Required for servers using TLS 1.3+</source>
</trans-unit>
<trans-unit id="s5506b35a1bceb141">
<source>Client certificate keypair to authenticate against the LDAP Server's Certificate.</source>
</trans-unit>
<trans-unit id="s4647b2c92638d6fd">
<source>The certificate for the above configured Base DN. As a fallback, the provider uses a self-signed certificate.</source>
</trans-unit>
<trans-unit id="scd247ffad6e04ac0">
<source>TLS Server name</source>
</trans-unit>
<trans-unit id="s2acef4f6ba39bf11">
<source>DNS name for which the above configured certificate should be used. The certificate cannot be detected based on the base DN, as the SSL/TLS negotiation happens before such data is exchanged.</source>
</trans-unit>
<trans-unit id="s000ee3e634868b3c">
<source>TLS Client authentication certificate</source>
</trans-unit>
</body>
</file>