Safe Haskell	Safe-Inferred
Language	Haskell2010

LdapScimBridge

Synopsis

data LdapConf = LdapConf {
- ldapHost :: Host
- ldapPort :: PortNumber
- ldapDn :: Dn
- ldapPassword :: Password
- ldapSearch :: LdapSearch
- ldapCodec :: Codec
- ldapDeleteOnAttribute :: Maybe LdapFilterAttr
- ldapDeleteFromDirectory :: Maybe LdapSearch
}
data LdapFilterAttr = LdapFilterAttr {
- key :: Text
- value :: Text
}
data LdapSearch = LdapSearch {
- ldapSearchBase :: Dn
- ldapSearchObjectClass :: Text
- ldapSearchExtra :: [LdapFilterAttr]
}
data Codec
- = Utf8
- | Latin1
data ScimConf = ScimConf {
- scimTls :: Bool
- scimHost :: String
- scimPort :: Int
- scimPath :: String
- scimToken :: Text
}
data BridgeConf = BridgeConf {
- ldapSource :: LdapConf
- scimTarget :: ScimConf
- mapping :: Mapping
- logLevel :: PhantomParent Level
}
newtype PhantomParent a = PhantomParent {
- unPhantomParent :: a
}
data MappingError
- = MissingMandatoryValue Text Text
- | WrongNumberOfAttrValues Text Text String Int
- | CouldNotParseEmail Text Text Text String
renderMappingError :: MappingError -> String
renderSearchError :: [(SearchEntry, MappingError)] -> String
data FieldMapping = FieldMapping {
- fieldMappingLabel :: Text
- fieldMappingFun :: [Text] -> Either MappingError (User ScimTag -> User ScimTag)
}
data ScimTag
newtype Mapping = Mapping {
- fromMapping :: Map Text [FieldMapping]
}
type LdapResult a = IO (Either LdapError a)
ldapObjectClassFilter :: Text -> Filter
ldapFilterAttrToFilter :: LdapFilterAttr -> Filter
listLdapUsers :: LdapConf -> LdapSearch -> LdapResult [SearchEntry]
type User = User ScimTag
type StoredUser = StoredUser ScimTag
emptyScimUser :: User
scimSchemas :: [Schema]
data RequireUserName
- = Lenient
- | Strict
ldapToScim :: forall m. m ~ Either [(SearchEntry, MappingError)] => RequireUserName -> BridgeConf -> SearchEntry -> m (SearchEntry, User)
connectScim :: Logger -> ScimConf -> IO ClientEnv
isDeletee :: LdapConf -> SearchEntry -> Bool
updateScimPeer :: Logger -> BridgeConf -> IO ()
lookupScimByExternalId :: ClientEnv -> Maybe Text -> User tag -> IO (Maybe StoredUser)
updateScimPeerPostPut :: Logger -> ClientEnv -> Maybe (AuthData ScimTag) -> [User] -> IO ()
updateScimPeerPostPutStep :: Logger -> ClientEnv -> Maybe Text -> User ScimTag -> Text -> IO ()
updateScimPeerDelete :: Logger -> ClientEnv -> Maybe (AuthData ScimTag) -> [User] -> IO ()
parseCli :: IO BridgeConf
type Logger = Level -> Text -> IO ()
mkLogger :: Level -> IO Logger
main :: IO ()

Documentation

data LdapConf Source #

Constructors

LdapConf

Fields

ldapHost :: Host
eg. Ldap.Tls (host conf) Ldap.defaultTlsSettings
ldapPort :: PortNumber
usually 389 for plaintext or 636 for TLS.
ldapDn :: Dn
`$ slapcat | grep ^modifiersName`, eg. Dn "cn=admin,dc=nodomain".
ldapPassword :: Password
ldapSearch :: LdapSearch
ldapCodec :: Codec
anything from Data.Text.Encoding.
ldapDeleteOnAttribute :: Maybe LdapFilterAttr
ldapDeleteFromDirectory :: Maybe LdapSearch

Instances

Instances details

FromJSON LdapConf Source #
Instance details Defined in LdapScimBridge Methods parseJSON :: Value -> Parser LdapConf # parseJSONList :: Value -> Parser [LdapConf] #
Show LdapConf Source #
Instance details Defined in LdapScimBridge Methods showsPrec :: Int -> LdapConf -> ShowS # show :: LdapConf -> String # showList :: [LdapConf] -> ShowS #

data LdapFilterAttr Source #

Constructors

LdapFilterAttr
Fields key :: Text value :: Text

Instances

Instances details

FromJSON LdapFilterAttr Source #
Instance details Defined in LdapScimBridge Methods parseJSON :: Value -> Parser LdapFilterAttr # parseJSONList :: Value -> Parser [LdapFilterAttr] #
Generic LdapFilterAttr Source #
Instance details Defined in LdapScimBridge Associated Types type Rep LdapFilterAttr :: Type -> Type # Methods from :: LdapFilterAttr -> Rep LdapFilterAttr x # to :: Rep LdapFilterAttr x -> LdapFilterAttr #
Show LdapFilterAttr Source #
Instance details Defined in LdapScimBridge Methods showsPrec :: Int -> LdapFilterAttr -> ShowS # show :: LdapFilterAttr -> String # showList :: [LdapFilterAttr] -> ShowS #
Eq LdapFilterAttr Source #
Instance details Defined in LdapScimBridge Methods (==) :: LdapFilterAttr -> LdapFilterAttr -> Bool # (/=) :: LdapFilterAttr -> LdapFilterAttr -> Bool #
type Rep LdapFilterAttr Source #
Instance details Defined in LdapScimBridge type Rep LdapFilterAttr = D1 ('MetaData "LdapFilterAttr" "LdapScimBridge" "ldap-scim-bridge-0.10-inplace" 'False) (C1 ('MetaCons "LdapFilterAttr" 'PrefixI 'True) (S1 ('MetaSel ('Just "key") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedLazy) (Rec0 Text) :*: S1 ('MetaSel ('Just "value") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedLazy) (Rec0 Text)))

data LdapSearch Source #

Constructors

LdapSearch
Fields ldapSearchBase :: Dn `$ slapcat \| grep ^dn`, eg. `Dn "dc=nodomain"`. ldapSearchObjectClass :: Text eg. `"account"` ldapSearchExtra :: [LdapFilterAttr] eg. @[LdapFilterAttr "memberOf" "team red", LdapFilterAttr "hairColor" "yellow"]

Instances

Instances details

FromJSON LdapSearch Source #
Instance details Defined in LdapScimBridge Methods parseJSON :: Value -> Parser LdapSearch # parseJSONList :: Value -> Parser [LdapSearch] #
Show LdapSearch Source #
Instance details Defined in LdapScimBridge Methods showsPrec :: Int -> LdapSearch -> ShowS # show :: LdapSearch -> String # showList :: [LdapSearch] -> ShowS #
Eq LdapSearch Source #
Instance details Defined in LdapScimBridge Methods (==) :: LdapSearch -> LdapSearch -> Bool # (/=) :: LdapSearch -> LdapSearch -> Bool #

data Codec Source #

Constructors

Utf8
Latin1

Instances

Instances details

Show Codec Source #
Instance details Defined in LdapScimBridge Methods showsPrec :: Int -> Codec -> ShowS # show :: Codec -> String # showList :: [Codec] -> ShowS #
Eq Codec Source #
Instance details Defined in LdapScimBridge Methods (==) :: Codec -> Codec -> Bool # (/=) :: Codec -> Codec -> Bool #

data ScimConf Source #

Constructors

ScimConf
Fields scimTls :: Bool scimHost :: String scimPort :: Int scimPath :: String scimToken :: Text

Instances

Instances details

FromJSON ScimConf Source #
Instance details Defined in LdapScimBridge Methods parseJSON :: Value -> Parser ScimConf # parseJSONList :: Value -> Parser [ScimConf] #
Generic ScimConf Source #
Instance details Defined in LdapScimBridge Associated Types type Rep ScimConf :: Type -> Type # Methods from :: ScimConf -> Rep ScimConf x # to :: Rep ScimConf x -> ScimConf #
Show ScimConf Source #
Instance details Defined in LdapScimBridge Methods showsPrec :: Int -> ScimConf -> ShowS # show :: ScimConf -> String # showList :: [ScimConf] -> ShowS #
Eq ScimConf Source #
Instance details Defined in LdapScimBridge Methods (==) :: ScimConf -> ScimConf -> Bool # (/=) :: ScimConf -> ScimConf -> Bool #
type Rep ScimConf Source #
Instance details Defined in LdapScimBridge type Rep ScimConf = D1 ('MetaData "ScimConf" "LdapScimBridge" "ldap-scim-bridge-0.10-inplace" 'False) (C1 ('MetaCons "ScimConf" 'PrefixI 'True) ((S1 ('MetaSel ('Just "scimTls") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedLazy) (Rec0 Bool) :: S1 ('MetaSel ('Just "scimHost") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedLazy) (Rec0 String)) :: (S1 ('MetaSel ('Just "scimPort") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedLazy) (Rec0 Int) :: (S1 ('MetaSel ('Just "scimPath") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedLazy) (Rec0 String) :: S1 ('MetaSel ('Just "scimToken") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedLazy) (Rec0 Text)))))

data BridgeConf Source #

Constructors

BridgeConf
Fields ldapSource :: LdapConf scimTarget :: ScimConf mapping :: Mapping logLevel :: PhantomParent Level

Instances

Instances details

FromJSON BridgeConf Source #
Instance details Defined in LdapScimBridge Methods parseJSON :: Value -> Parser BridgeConf # parseJSONList :: Value -> Parser [BridgeConf] #
Generic BridgeConf Source #
Instance details Defined in LdapScimBridge Associated Types type Rep BridgeConf :: Type -> Type # Methods from :: BridgeConf -> Rep BridgeConf x # to :: Rep BridgeConf x -> BridgeConf #
Show BridgeConf Source #
Instance details Defined in LdapScimBridge Methods showsPrec :: Int -> BridgeConf -> ShowS # show :: BridgeConf -> String # showList :: [BridgeConf] -> ShowS #
type Rep BridgeConf Source #
Instance details Defined in LdapScimBridge type Rep BridgeConf = D1 ('MetaData "BridgeConf" "LdapScimBridge" "ldap-scim-bridge-0.10-inplace" 'False) (C1 ('MetaCons "BridgeConf" 'PrefixI 'True) ((S1 ('MetaSel ('Just "ldapSource") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedLazy) (Rec0 LdapConf) :: S1 ('MetaSel ('Just "scimTarget") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedLazy) (Rec0 ScimConf)) :: (S1 ('MetaSel ('Just "mapping") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedLazy) (Rec0 Mapping) :*: S1 ('MetaSel ('Just "logLevel") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedLazy) (Rec0 (PhantomParent Level)))))

newtype PhantomParent a Source #

Work around orphan instances. Might not be a phantom, but I like the name. :)

Constructors

PhantomParent
Fields unPhantomParent :: a

Instances

Instances details

FromJSON (PhantomParent Level) Source #
Instance details Defined in LdapScimBridge Methods parseJSON :: Value -> Parser (PhantomParent Level) # parseJSONList :: Value -> Parser [PhantomParent Level] #
Bounded a => Bounded (PhantomParent a) Source #
Instance details Defined in LdapScimBridge Methods minBound :: PhantomParent a # maxBound :: PhantomParent a #
Generic (PhantomParent a) Source #
Instance details Defined in LdapScimBridge Associated Types type Rep (PhantomParent a) :: Type -> Type # Methods from :: PhantomParent a -> Rep (PhantomParent a) x # to :: Rep (PhantomParent a) x -> PhantomParent a #
Show a => Show (PhantomParent a) Source #
Instance details Defined in LdapScimBridge Methods showsPrec :: Int -> PhantomParent a -> ShowS # show :: PhantomParent a -> String # showList :: [PhantomParent a] -> ShowS #
Eq a => Eq (PhantomParent a) Source #
Instance details Defined in LdapScimBridge Methods (==) :: PhantomParent a -> PhantomParent a -> Bool # (/=) :: PhantomParent a -> PhantomParent a -> Bool #
Ord a => Ord (PhantomParent a) Source #
Instance details Defined in LdapScimBridge Methods compare :: PhantomParent a -> PhantomParent a -> Ordering # (<) :: PhantomParent a -> PhantomParent a -> Bool # (<=) :: PhantomParent a -> PhantomParent a -> Bool # (>) :: PhantomParent a -> PhantomParent a -> Bool # (>=) :: PhantomParent a -> PhantomParent a -> Bool # max :: PhantomParent a -> PhantomParent a -> PhantomParent a # min :: PhantomParent a -> PhantomParent a -> PhantomParent a #
type Rep (PhantomParent a) Source #
Instance details Defined in LdapScimBridge type Rep (PhantomParent a) = D1 ('MetaData "PhantomParent" "LdapScimBridge" "ldap-scim-bridge-0.10-inplace" 'True) (C1 ('MetaCons "PhantomParent" 'PrefixI 'True) (S1 ('MetaSel ('Just "unPhantomParent") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedLazy) (Rec0 a)))

data MappingError Source #

Constructors

MissingMandatoryValue Text Text
WrongNumberOfAttrValues Text Text String Int
CouldNotParseEmail Text Text Text String

Instances

Instances details

Eq MappingError Source #
Instance details Defined in LdapScimBridge Methods (==) :: MappingError -> MappingError -> Bool # (/=) :: MappingError -> MappingError -> Bool #

renderMappingError :: MappingError -> String Source #

renderSearchError :: [(SearchEntry, MappingError)] -> String Source #

data FieldMapping Source #

Constructors

FieldMapping
Fields fieldMappingLabel :: Text This is the SCIM label (the LDAP label is in the key of the `Mapping`) fieldMappingFun :: [Text] -> Either MappingError (User ScimTag -> User ScimTag)

Instances

Instances details

Show FieldMapping Source #
Instance details Defined in LdapScimBridge Methods showsPrec :: Int -> FieldMapping -> ShowS # show :: FieldMapping -> String # showList :: [FieldMapping] -> ShowS #

data ScimTag Source #

Fill in the parameters for hscim User type with plausible defaults. (You may want to touch this if you're using the library for something new.)

Instances

Instances details

AuthTypes ScimTag Source #
Instance details Defined in LdapScimBridge Associated Types type AuthData ScimTag # type AuthInfo ScimTag #
GroupTypes ScimTag Source #
Instance details Defined in LdapScimBridge Associated Types type GroupId ScimTag #
UserTypes ScimTag Source #
Instance details Defined in LdapScimBridge Associated Types type UserId ScimTag # type UserExtra ScimTag # Methods supportedSchemas :: [Schema] #
type AuthData ScimTag Source #
Instance details Defined in LdapScimBridge type AuthData ScimTag = Text
type AuthInfo ScimTag Source #
Instance details Defined in LdapScimBridge type AuthInfo ScimTag = ()
type GroupId ScimTag Source #
Instance details Defined in LdapScimBridge type GroupId ScimTag = Text
type UserExtra ScimTag Source #
Instance details Defined in LdapScimBridge type UserExtra ScimTag = NoUserExtra
type UserId ScimTag Source #
Instance details Defined in LdapScimBridge type UserId ScimTag = Text

newtype Mapping Source #

Map attribute keys to functions from attribute values to changes to scim records. We'll start off with an empty scim record, and change it based on attributes we find that are listed in the mapping. Mappigns can fail, eg. if there is more than one attribute value for the attribute mapping to externalId.

Constructors

Mapping
Fields fromMapping :: Map Text [FieldMapping]

Instances

Instances details

FromJSON Mapping Source #
Instance details Defined in LdapScimBridge Methods parseJSON :: Value -> Parser Mapping # parseJSONList :: Value -> Parser [Mapping] #
Show Mapping Source #
Instance details Defined in LdapScimBridge Methods showsPrec :: Int -> Mapping -> ShowS # show :: Mapping -> String # showList :: [Mapping] -> ShowS #

type LdapResult a = IO (Either LdapError a) Source #

ldapObjectClassFilter :: Text -> Filter Source #

ldapFilterAttrToFilter :: LdapFilterAttr -> Filter Source #

listLdapUsers :: LdapConf -> LdapSearch -> LdapResult [SearchEntry] Source #

type User = User ScimTag Source #

type StoredUser = StoredUser ScimTag Source #

emptyScimUser :: User Source #

Note that the userName field is mandatory in SCIM, but we gloss over this by setting it to an empty Text here. See RequireUserName, ldapToScim if you wonder whether this is a good idea.

scimSchemas :: [Schema] Source #

data RequireUserName Source #

Constructors

Lenient
Strict

Instances

Instances details

Show RequireUserName Source #
Instance details Defined in LdapScimBridge Methods showsPrec :: Int -> RequireUserName -> ShowS # show :: RequireUserName -> String # showList :: [RequireUserName] -> ShowS #
Eq RequireUserName Source #
Instance details Defined in LdapScimBridge Methods (==) :: RequireUserName -> RequireUserName -> Bool # (/=) :: RequireUserName -> RequireUserName -> Bool #

ldapToScim :: forall m. m ~ Either [(SearchEntry, MappingError)] => RequireUserName -> BridgeConf -> SearchEntry -> m (SearchEntry, User) Source #

Translate an LDAP record into a SCIM record. If username is not provided in the LDAP record, behavior is defined by the first argument: if Lenient, just fill in an empty Text; if Strict, throw an error.

connectScim :: Logger -> ScimConf -> IO ClientEnv Source #

isDeletee :: LdapConf -> SearchEntry -> Bool Source #

updateScimPeer :: Logger -> BridgeConf -> IO () Source #

lookupScimByExternalId :: ClientEnv -> Maybe Text -> User tag -> IO (Maybe StoredUser) Source #

updateScimPeerPostPut :: Logger -> ClientEnv -> Maybe (AuthData ScimTag) -> [User] -> IO () Source #

updateScimPeerPostPutStep :: Logger -> ClientEnv -> Maybe Text -> User ScimTag -> Text -> IO () Source #

updateScimPeerDelete :: Logger -> ClientEnv -> Maybe (AuthData ScimTag) -> [User] -> IO () Source #

parseCli :: IO BridgeConf Source #

type Logger = Level -> Text -> IO () Source #

mkLogger :: Level -> IO Logger Source #

main :: IO () Source #