config

type API struct {
	Cert        string
	Enabled     bool
	Internals   bool
	Key         string
	Listen      string
	SecretToken string
	TLS         bool
}

type Backend struct {
	BaseDN                    string
	Datastore                 string
	Insecure                  bool     // For LDAP and owncloud backend only
	Servers                   []string // For LDAP and owncloud backend only
	NameFormat                string   // e.g. cn, ou, uid, or a comma separated list of them
	NameFormatAsArray         []string // we will explode NameFormat on commas
	GroupFormat               string   // e.g. cn, ou, gid, or a comma separated list of them
	GroupFormatAsArray        []string // we will explode GroupFormat on commas
	SSHKeyAttr                string
	UseGraphAPI               bool   // For ownCloud backend only
	Database                  string // For Database backends only
	DatabaseType              string // Type of database: sqlite, mysql, postgres (for database datastore)
	GroupWithSearchCapability string // For PamLinux backend only
	AnonymousDSE              bool   // For Config and Database backends only
}

type Behaviors struct {
	IgnoreCapabilities    bool
	LimitFailedBinds      bool
	NumberOfFailedBinds   int
	PeriodOfFailedBinds   time.Duration
	BlockFailedBindsFor   time.Duration
	PruneSourceTableEvery time.Duration
	PruneSourcesOlderThan time.Duration
	LegacyVersion         int
}

type Capability struct {
	Action string
	Object string
}

type Config struct {
	API                API
	Backend            Backend // Deprecated
	Backends           []Backend
	Helper             Helper
	Behaviors          Behaviors
	Debug              bool
	Syslog             bool
	StructuredLog      bool
	WatchConfig        bool
	YubikeyClientID    string
	YubikeySecret      string
	Frontend           Frontend
	LDAP               LDAP
	LDAPS              LDAPS
	Groups             []Group
	Users              []User
	Tracing            Tracing
	ConfigFile         string
	AwsAccessKeyId     string
	AwsSecretAccessKey string
	AwsRegion          string
}

type Frontend struct {
	AllowedBaseDNs []string // For LDAP backend only
	Listen         string
	Cert           string
	Key            string
	TLS            bool
}

type Group struct {
	Name          string
	UnixID        int // TODO: remove after deprecating UnixID on User and Group
	GIDNumber     int
	Capabilities  []Capability
	IncludeGroups []int
}

type Helper struct {
	Enabled   bool
	BaseDN    string
	Datastore string
	Database  string // For database backends only
}

type LDAP struct {
	Enabled bool
	Listen  string
	// StartTLS parameters
	TLS         bool
	TLSCert     string
	TLSKey      string
	TLSCertPath string
	TLSKeyPath  string
}

type LDAPS struct {
	Enabled bool
	Listen  string
	Cert    string
	Key     string
}

type Tracing struct {
	Enabled      bool
	GRPCEndpoint string
	HTTPEndpoint string
}

type User struct {
	Name          string
	OtherGroups   []int
	PassSHA256    string
	PassBcrypt    string
	PassAppSHA256 []string
	PassAppBcrypt []string
	PassAppCustom UserAuthenticator `toml:"-"`
	PrimaryGroup  int
	Capabilities  []Capability
	SSHKeys       []string
	OTPSecret     string
	Yubikey       string
	Disabled      bool
	UnixID        int // TODO: remove after deprecating UnixID on User and Group
	UIDNumber     int
	Mail          string
	LoginShell    string
	GivenName     string
	SN            string
	Homedir       string
	CustomAttrs   map[string]interface{}
}

type UserAuthenticator func(user *User, pw string) error