LdapManager.idl

/* SPDX-License-Identifier: BSD-3-Clause */
/*
 * Copyright 2010 Raritan Inc. All rights reserved.
 */
 
/** Local and Remote Authentication Management */
module auth {
 
    /** LDAP server configuration interface */
    interface LdapManager {
 
        /** LDAP server type */
        enumeration ServerType {
            ACTIVE_DIRECTORY,  ///< Active directory
            OPEN_LDAP          ///< OpenLDAP
        };
 
        /** LDAP server type */
        enumeration SecurityProtocol {
            SEC_PROTO_NONE,     ///< no security protocol
            SEC_PROTO_SSL,      ///< use SSL
            SEC_PROTO_STARTTLS  ///< use STARTTLS
        };
 
        /** Server settings */
        structure ServerSettings {
            string      id;                ///< Entry ID
            string      server;            ///< IP or name of ldap server
            string      adoptSettingsId;   ///< Use settings from LDAP server with <ID>
            ServerType  type;              ///< Type of LDAP server
            SecurityProtocol secProto;     ///< Security protocol
            int         port;              ///< Server port (only for SEC_PROT_NONE and SEC_PROT_STARTTLS)
            int         sslPort;           ///< SSL port (only for SEC_PROT_SSL)
            boolean     forceTrustedCert;  ///< Enforce trusted certificates
            boolean     allowOffTimeRangeCerts;  ///< allow expired and not yet valid certificates
            string      certificate;       ///< Certificates
            string      adsDomain;         ///< ADS domain
            boolean     useAnonymousBind;  ///< use anonymous bind
            string      bindDN;            ///< Bind DN
            string      bindPwd;           ///< Bind password
            string      searchBaseDN;      ///< Base DN for search
            string      loginNameAttr;     ///< Login name attribute
            string      userEntryObjClass; ///< User entry object class
            string      userSearchFilter;  ///< User search subfilter
            boolean     groupInfoInUserEntry; ///< Group membership info in user entry
            boolean     supportNestedGroups; ///< Support nested groups (only if groupInfoInUserEntry is \c true)
            string      groupMemberAttr;   ///< Group member attribute
            string      groupEntryObjClass; ///< Group entry object class
            string      groupSearchFilter;  ///< Group search subfilter
        };
 
        /**
         * Get a list of LDAP server settings
         *
         * @return list of ServerSettings
         */
        vector<ServerSettings> getLdapServers();
 
        constant int ERR_CYCLIC_DEP             = 1; ///< Cyclic dependency in server list
        constant int ERR_INVALID_CFG            = 2; ///< The server configuration is invalid
        /**
         * Sets a list of LDAP servers.
         * Any existing LDAP Server configuration will be cleared / overwritten.
         *
         * @return 0                            on success
         * @return \c ERR_CYCLIC_DEP            in case of cyclic dependency
         * @return \c ERR_INVALID_CFG           in case of invalid configuration
         */
        int setLdapServers(in vector<ServerSettings> serverList);
 
        constant int ERR_SERVER_UNSPECIFIED     = 1; ///< Unspecified error
        constant int ERR_SERVER_UNREACHABLE     = 3; ///< LDAP server could not be contacted
        constant int ERR_AUTHENTICATION_FAILED  = 4; ///< User could not be authenticated
        constant int ERR_NO_ROLES               = 5; ///< No roles are defined for the user
        constant int ERR_NO_KNOWN_ROLES         = 6; ///< No known rules are defined for the user
        /**
         * Tests an LDAP server configuration.
         *
         * @return 0                                    on success
         * @return \c ERR_SERVER_UNSPECIFIED            an unspecified error occurred
         * @return \c ERR_INVALID_CFG                   LDAP server configuration is invalid (reused from setLdapServers)
         * @return \c ERR_SERVER_UNREACHABLE            LDAP server could not be contacted
         * @return \c ERR_AUTHENTICATION_FAILED         user could not be authenticated
         * @return \c ERR_NO_ROLES                      no roles are defined for the user
         * @return \c ERR_NO_KNOWN_ROLES                no known roles are defined for the user
         */
        int testLdapServer(in string username, in string password, in ServerSettings settings, out string diagMsg);
 
    };
 
}