%%-------------------------------------------------------------------- %% Copyright (c) 2020-2024 EMQ Technologies Co., Ltd. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. %% You may obtain a copy of the License at %% %% http://www.apache.org/licenses/LICENSE-2.0 %% %% Unless required by applicable law or agreed to in writing, software %% distributed under the License is distributed on an "AS IS" BASIS, %% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. %% See the License for the specific language governing permissions and %% limitations under the License. %%-------------------------------------------------------------------- -module(emqx_authn_ldap_schema). -behaviour(emqx_authn_schema). -export([ namespace/0, fields/1, desc/1, refs/0, select_union_member/1 ]). -include("emqx_auth_ldap.hrl"). -include_lib("hocon/include/hoconsc.hrl"). namespace() -> "authn". refs() -> [?R_REF(ldap), ?R_REF(ldap_deprecated)]. select_union_member(#{<<"mechanism">> := ?AUTHN_MECHANISM_BIN, <<"backend">> := ?AUTHN_BACKEND_BIN}) -> refs(); select_union_member(#{<<"backend">> := ?AUTHN_BACKEND_BIN}) -> throw(#{ reason => "unknown_mechanism", expected => ?AUTHN_MECHANISM }); select_union_member(_) -> undefined. fields(ldap_deprecated) -> common_fields() ++ [ {password_attribute, password_attribute()}, {is_superuser_attribute, is_superuser_attribute()} ]; fields(ldap) -> common_fields() ++ [ {method, ?HOCON( hoconsc:union(fun method_union_member_selector/1), #{desc => ?DESC(method)} )} ]; fields(hash_method) -> [ {type, method_type(hash)}, {password_attribute, password_attribute()}, {is_superuser_attribute, is_superuser_attribute()} ]; fields(bind_method) -> [{type, method_type(bind)}] ++ emqx_ldap:fields(bind_opts). common_fields() -> [ {mechanism, emqx_authn_schema:mechanism(?AUTHN_MECHANISM)}, {backend, emqx_authn_schema:backend(?AUTHN_BACKEND)}, {query_timeout, fun query_timeout/1} ] ++ emqx_authn_schema:common_fields() ++ emqx_ldap:fields(config). desc(ldap) -> ?DESC(ldap); desc(ldap_deprecated) -> ?DESC(ldap_deprecated); desc(hash_method) -> ?DESC(hash_method); desc(bind_method) -> ?DESC(bind_method); desc(_) -> undefined. method_union_member_selector(all_union_members) -> [?R_REF(hash_method), ?R_REF(bind_method)]; method_union_member_selector({value, Val}) -> Val2 = case is_map(Val) of true -> emqx_utils_maps:binary_key_map(Val); false -> Val end, case Val2 of #{<<"type">> := <<"bind">>} -> [?R_REF(bind_method)]; #{<<"type">> := <<"hash">>} -> [?R_REF(hash_method)]; _ -> throw(#{ field_name => method, expected => [bind_method, hash_method] }) end. method_type(Type) -> ?HOCON(?ENUM([Type]), #{desc => ?DESC(?FUNCTION_NAME), default => Type}). password_attribute() -> ?HOCON( string(), #{ desc => ?DESC(?FUNCTION_NAME), default => <<"userPassword">> } ). is_superuser_attribute() -> ?HOCON( string(), #{ desc => ?DESC(?FUNCTION_NAME), default => <<"isSuperuser">> } ). query_timeout(type) -> emqx_schema:timeout_duration_ms(); query_timeout(desc) -> ?DESC(?FUNCTION_NAME); query_timeout(default) -> <<"5s">>; query_timeout(_) -> undefined.