mirror of
https://github.com/kanidm/kanidm.git
synced 2025-02-24 04:57:00 +01:00
deploy: bf53e4aff8
This commit is contained in:
Firstyear
parent
4cae8bceac
commit
e62544ab1c
|
|
@ -353,7 +353,29 @@ the interactive configuration generator. Alternately, you can set the following
|
|||
these to a group with a scope map due to Velociraptors high impact.</p>
|
||||
<pre><code># kanidm group create velociraptor_users
|
||||
# kanidm group add_members velociraptor_users ...
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email</code></pre>
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email
|
||||
</code></pre>
|
||||
<h3 id="vouch-proxy"><a class="header" href="#vouch-proxy">Vouch Proxy</a></h3>
|
||||
<p><em>You need to run at least the version 0.37.0</em>.</p>
|
||||
<p>Vouch Proxy supports multiple OAuth and OIDC login providers.
|
||||
To configure it you need to pass:</p>
|
||||
<pre><code class="language-yaml">oauth:
|
||||
auth_url: https://idm.wherekanidmruns.com/ui/oauth2
|
||||
callback_url: https://login.wherevouchproxyruns.com/auth
|
||||
client_id: <oauth2_rs_name> # Found in kanidm system oauth2 get XXXX (should be the same as XXXX)
|
||||
client_secret: <oauth2_rs_basic_secret> # Found in kanidm system oauth2 get XXXX
|
||||
code_challenge_method: S256
|
||||
provider: oidc
|
||||
scopes:
|
||||
- email # Important, vouch proxy requiers a username (but does not use the proper scope, sub) or an email see https://github.com/vouch/vouch-proxy/issues/309, 310
|
||||
token_url: https://idm.wherekanidmruns.com/oauth2/token
|
||||
user_info_url: https://idm.wherekanidmruns.com/oauth2/openid/<oauth2_rs_name>/userinfo
|
||||
</code></pre>
|
||||
<p>The <code>email</code> scope needs to be passed and thus the attribute needs to exist in
|
||||
the account:</p>
|
||||
<pre><code>kanidm login --name idm_admin
|
||||
kanidm account person extend YYYY --mail "YYYY@somedomain.com" --name idm_admin
|
||||
</code></pre>
|
||||
|
||||
</main>
|
||||
|
||||
|
|
|
|||
|
|
@ -1613,7 +1613,29 @@ the interactive configuration generator. Alternately, you can set the following
|
|||
these to a group with a scope map due to Velociraptors high impact.</p>
|
||||
<pre><code># kanidm group create velociraptor_users
|
||||
# kanidm group add_members velociraptor_users ...
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email</code></pre>
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email
|
||||
</code></pre>
|
||||
<h3 id="vouch-proxy"><a class="header" href="#vouch-proxy">Vouch Proxy</a></h3>
|
||||
<p><em>You need to run at least the version 0.37.0</em>.</p>
|
||||
<p>Vouch Proxy supports multiple OAuth and OIDC login providers.
|
||||
To configure it you need to pass:</p>
|
||||
<pre><code class="language-yaml">oauth:
|
||||
auth_url: https://idm.wherekanidmruns.com/ui/oauth2
|
||||
callback_url: https://login.wherevouchproxyruns.com/auth
|
||||
client_id: <oauth2_rs_name> # Found in kanidm system oauth2 get XXXX (should be the same as XXXX)
|
||||
client_secret: <oauth2_rs_basic_secret> # Found in kanidm system oauth2 get XXXX
|
||||
code_challenge_method: S256
|
||||
provider: oidc
|
||||
scopes:
|
||||
- email # Important, vouch proxy requiers a username (but does not use the proper scope, sub) or an email see https://github.com/vouch/vouch-proxy/issues/309, 310
|
||||
token_url: https://idm.wherekanidmruns.com/oauth2/token
|
||||
user_info_url: https://idm.wherekanidmruns.com/oauth2/openid/<oauth2_rs_name>/userinfo
|
||||
</code></pre>
|
||||
<p>The <code>email</code> scope needs to be passed and thus the attribute needs to exist in
|
||||
the account:</p>
|
||||
<pre><code>kanidm login --name idm_admin
|
||||
kanidm account person extend YYYY --mail "YYYY@somedomain.com" --name idm_admin
|
||||
</code></pre>
|
||||
<div style="break-before: page; page-break-before: always;"></div><h1 id="pam-and-nsswitch"><a class="header" href="#pam-and-nsswitch">PAM and nsswitch</a></h1>
|
||||
<p><a href="http://linux-pam.org">PAM</a> and <a href="https://en.wikipedia.org/wiki/Name_Service_Switch">nsswitch</a>
|
||||
are the core mechanisms used by Linux and BSD clients to resolve identities from an IDM service
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
|
@ -353,7 +353,29 @@ the interactive configuration generator. Alternately, you can set the following
|
|||
these to a group with a scope map due to Velociraptors high impact.</p>
|
||||
<pre><code># kanidm group create velociraptor_users
|
||||
# kanidm group add_members velociraptor_users ...
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email</code></pre>
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email
|
||||
</code></pre>
|
||||
<h3 id="vouch-proxy"><a class="header" href="#vouch-proxy">Vouch Proxy</a></h3>
|
||||
<p><em>You need to run at least the version 0.37.0</em>.</p>
|
||||
<p>Vouch Proxy supports multiple OAuth and OIDC login providers.
|
||||
To configure it you need to pass:</p>
|
||||
<pre><code class="language-yaml">oauth:
|
||||
auth_url: https://idm.wherekanidmruns.com/ui/oauth2
|
||||
callback_url: https://login.wherevouchproxyruns.com/auth
|
||||
client_id: <oauth2_rs_name> # Found in kanidm system oauth2 get XXXX (should be the same as XXXX)
|
||||
client_secret: <oauth2_rs_basic_secret> # Found in kanidm system oauth2 get XXXX
|
||||
code_challenge_method: S256
|
||||
provider: oidc
|
||||
scopes:
|
||||
- email # Important, vouch proxy requiers a username (but does not use the proper scope, sub) or an email see https://github.com/vouch/vouch-proxy/issues/309, 310
|
||||
token_url: https://idm.wherekanidmruns.com/oauth2/token
|
||||
user_info_url: https://idm.wherekanidmruns.com/oauth2/openid/<oauth2_rs_name>/userinfo
|
||||
</code></pre>
|
||||
<p>The <code>email</code> scope needs to be passed and thus the attribute needs to exist in
|
||||
the account:</p>
|
||||
<pre><code>kanidm login --name idm_admin
|
||||
kanidm account person extend YYYY --mail "YYYY@somedomain.com" --name idm_admin
|
||||
</code></pre>
|
||||
|
||||
</main>
|
||||
|
||||
|
|
|
|||
|
|
@ -1613,7 +1613,29 @@ the interactive configuration generator. Alternately, you can set the following
|
|||
these to a group with a scope map due to Velociraptors high impact.</p>
|
||||
<pre><code># kanidm group create velociraptor_users
|
||||
# kanidm group add_members velociraptor_users ...
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email</code></pre>
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email
|
||||
</code></pre>
|
||||
<h3 id="vouch-proxy"><a class="header" href="#vouch-proxy">Vouch Proxy</a></h3>
|
||||
<p><em>You need to run at least the version 0.37.0</em>.</p>
|
||||
<p>Vouch Proxy supports multiple OAuth and OIDC login providers.
|
||||
To configure it you need to pass:</p>
|
||||
<pre><code class="language-yaml">oauth:
|
||||
auth_url: https://idm.wherekanidmruns.com/ui/oauth2
|
||||
callback_url: https://login.wherevouchproxyruns.com/auth
|
||||
client_id: <oauth2_rs_name> # Found in kanidm system oauth2 get XXXX (should be the same as XXXX)
|
||||
client_secret: <oauth2_rs_basic_secret> # Found in kanidm system oauth2 get XXXX
|
||||
code_challenge_method: S256
|
||||
provider: oidc
|
||||
scopes:
|
||||
- email # Important, vouch proxy requiers a username (but does not use the proper scope, sub) or an email see https://github.com/vouch/vouch-proxy/issues/309, 310
|
||||
token_url: https://idm.wherekanidmruns.com/oauth2/token
|
||||
user_info_url: https://idm.wherekanidmruns.com/oauth2/openid/<oauth2_rs_name>/userinfo
|
||||
</code></pre>
|
||||
<p>The <code>email</code> scope needs to be passed and thus the attribute needs to exist in
|
||||
the account:</p>
|
||||
<pre><code>kanidm login --name idm_admin
|
||||
kanidm account person extend YYYY --mail "YYYY@somedomain.com" --name idm_admin
|
||||
</code></pre>
|
||||
<div style="break-before: page; page-break-before: always;"></div><h1 id="pam-and-nsswitch"><a class="header" href="#pam-and-nsswitch">PAM and nsswitch</a></h1>
|
||||
<p><a href="http://linux-pam.org">PAM</a> and <a href="https://en.wikipedia.org/wiki/Name_Service_Switch">nsswitch</a>
|
||||
are the core mechanisms used by Linux and BSD clients to resolve identities from an IDM service
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
|
@ -353,7 +353,29 @@ the interactive configuration generator. Alternately, you can set the following
|
|||
these to a group with a scope map due to Velociraptors high impact.</p>
|
||||
<pre><code># kanidm group create velociraptor_users
|
||||
# kanidm group add_members velociraptor_users ...
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email</code></pre>
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email
|
||||
</code></pre>
|
||||
<h3 id="vouch-proxy"><a class="header" href="#vouch-proxy">Vouch Proxy</a></h3>
|
||||
<p><em>You need to run at least the version 0.37.0</em>.</p>
|
||||
<p>Vouch Proxy supports multiple OAuth and OIDC login providers.
|
||||
To configure it you need to pass:</p>
|
||||
<pre><code class="language-yaml">oauth:
|
||||
auth_url: https://idm.wherekanidmruns.com/ui/oauth2
|
||||
callback_url: https://login.wherevouchproxyruns.com/auth
|
||||
client_id: <oauth2_rs_name> # Found in kanidm system oauth2 get XXXX (should be the same as XXXX)
|
||||
client_secret: <oauth2_rs_basic_secret> # Found in kanidm system oauth2 get XXXX
|
||||
code_challenge_method: S256
|
||||
provider: oidc
|
||||
scopes:
|
||||
- email # Important, vouch proxy requiers a username (but does not use the proper scope, sub) or an email see https://github.com/vouch/vouch-proxy/issues/309, 310
|
||||
token_url: https://idm.wherekanidmruns.com/oauth2/token
|
||||
user_info_url: https://idm.wherekanidmruns.com/oauth2/openid/<oauth2_rs_name>/userinfo
|
||||
</code></pre>
|
||||
<p>The <code>email</code> scope needs to be passed and thus the attribute needs to exist in
|
||||
the account:</p>
|
||||
<pre><code>kanidm login --name idm_admin
|
||||
kanidm account person extend YYYY --mail "YYYY@somedomain.com" --name idm_admin
|
||||
</code></pre>
|
||||
|
||||
</main>
|
||||
|
||||
|
|
|
|||
|
|
@ -1613,7 +1613,29 @@ the interactive configuration generator. Alternately, you can set the following
|
|||
these to a group with a scope map due to Velociraptors high impact.</p>
|
||||
<pre><code># kanidm group create velociraptor_users
|
||||
# kanidm group add_members velociraptor_users ...
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email</code></pre>
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email
|
||||
</code></pre>
|
||||
<h3 id="vouch-proxy"><a class="header" href="#vouch-proxy">Vouch Proxy</a></h3>
|
||||
<p><em>You need to run at least the version 0.37.0</em>.</p>
|
||||
<p>Vouch Proxy supports multiple OAuth and OIDC login providers.
|
||||
To configure it you need to pass:</p>
|
||||
<pre><code class="language-yaml">oauth:
|
||||
auth_url: https://idm.wherekanidmruns.com/ui/oauth2
|
||||
callback_url: https://login.wherevouchproxyruns.com/auth
|
||||
client_id: <oauth2_rs_name> # Found in kanidm system oauth2 get XXXX (should be the same as XXXX)
|
||||
client_secret: <oauth2_rs_basic_secret> # Found in kanidm system oauth2 get XXXX
|
||||
code_challenge_method: S256
|
||||
provider: oidc
|
||||
scopes:
|
||||
- email # Important, vouch proxy requiers a username (but does not use the proper scope, sub) or an email see https://github.com/vouch/vouch-proxy/issues/309, 310
|
||||
token_url: https://idm.wherekanidmruns.com/oauth2/token
|
||||
user_info_url: https://idm.wherekanidmruns.com/oauth2/openid/<oauth2_rs_name>/userinfo
|
||||
</code></pre>
|
||||
<p>The <code>email</code> scope needs to be passed and thus the attribute needs to exist in
|
||||
the account:</p>
|
||||
<pre><code>kanidm login --name idm_admin
|
||||
kanidm account person extend YYYY --mail "YYYY@somedomain.com" --name idm_admin
|
||||
</code></pre>
|
||||
<div style="break-before: page; page-break-before: always;"></div><h1 id="pam-and-nsswitch"><a class="header" href="#pam-and-nsswitch">PAM and nsswitch</a></h1>
|
||||
<p><a href="http://linux-pam.org">PAM</a> and <a href="https://en.wikipedia.org/wiki/Name_Service_Switch">nsswitch</a>
|
||||
are the core mechanisms used by Linux and BSD clients to resolve identities from an IDM service
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
|
@ -353,7 +353,29 @@ the interactive configuration generator. Alternately, you can set the following
|
|||
these to a group with a scope map due to Velociraptors high impact.</p>
|
||||
<pre><code># kanidm group create velociraptor_users
|
||||
# kanidm group add_members velociraptor_users ...
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email</code></pre>
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email
|
||||
</code></pre>
|
||||
<h3 id="vouch-proxy"><a class="header" href="#vouch-proxy">Vouch Proxy</a></h3>
|
||||
<p><em>You need to run at least the version 0.37.0</em>.</p>
|
||||
<p>Vouch Proxy supports multiple OAuth and OIDC login providers.
|
||||
To configure it you need to pass:</p>
|
||||
<pre><code class="language-yaml">oauth:
|
||||
auth_url: https://idm.wherekanidmruns.com/ui/oauth2
|
||||
callback_url: https://login.wherevouchproxyruns.com/auth
|
||||
client_id: <oauth2_rs_name> # Found in kanidm system oauth2 get XXXX (should be the same as XXXX)
|
||||
client_secret: <oauth2_rs_basic_secret> # Found in kanidm system oauth2 get XXXX
|
||||
code_challenge_method: S256
|
||||
provider: oidc
|
||||
scopes:
|
||||
- email # Important, vouch proxy requiers a username (but does not use the proper scope, sub) or an email see https://github.com/vouch/vouch-proxy/issues/309, 310
|
||||
token_url: https://idm.wherekanidmruns.com/oauth2/token
|
||||
user_info_url: https://idm.wherekanidmruns.com/oauth2/openid/<oauth2_rs_name>/userinfo
|
||||
</code></pre>
|
||||
<p>The <code>email</code> scope needs to be passed and thus the attribute needs to exist in
|
||||
the account:</p>
|
||||
<pre><code>kanidm login --name idm_admin
|
||||
kanidm account person extend YYYY --mail "YYYY@somedomain.com" --name idm_admin
|
||||
</code></pre>
|
||||
|
||||
</main>
|
||||
|
||||
|
|
|
|||
|
|
@ -1613,7 +1613,29 @@ the interactive configuration generator. Alternately, you can set the following
|
|||
these to a group with a scope map due to Velociraptors high impact.</p>
|
||||
<pre><code># kanidm group create velociraptor_users
|
||||
# kanidm group add_members velociraptor_users ...
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email</code></pre>
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email
|
||||
</code></pre>
|
||||
<h3 id="vouch-proxy"><a class="header" href="#vouch-proxy">Vouch Proxy</a></h3>
|
||||
<p><em>You need to run at least the version 0.37.0</em>.</p>
|
||||
<p>Vouch Proxy supports multiple OAuth and OIDC login providers.
|
||||
To configure it you need to pass:</p>
|
||||
<pre><code class="language-yaml">oauth:
|
||||
auth_url: https://idm.wherekanidmruns.com/ui/oauth2
|
||||
callback_url: https://login.wherevouchproxyruns.com/auth
|
||||
client_id: <oauth2_rs_name> # Found in kanidm system oauth2 get XXXX (should be the same as XXXX)
|
||||
client_secret: <oauth2_rs_basic_secret> # Found in kanidm system oauth2 get XXXX
|
||||
code_challenge_method: S256
|
||||
provider: oidc
|
||||
scopes:
|
||||
- email # Important, vouch proxy requiers a username (but does not use the proper scope, sub) or an email see https://github.com/vouch/vouch-proxy/issues/309, 310
|
||||
token_url: https://idm.wherekanidmruns.com/oauth2/token
|
||||
user_info_url: https://idm.wherekanidmruns.com/oauth2/openid/<oauth2_rs_name>/userinfo
|
||||
</code></pre>
|
||||
<p>The <code>email</code> scope needs to be passed and thus the attribute needs to exist in
|
||||
the account:</p>
|
||||
<pre><code>kanidm login --name idm_admin
|
||||
kanidm account person extend YYYY --mail "YYYY@somedomain.com" --name idm_admin
|
||||
</code></pre>
|
||||
<div style="break-before: page; page-break-before: always;"></div><h1 id="pam-and-nsswitch"><a class="header" href="#pam-and-nsswitch">PAM and nsswitch</a></h1>
|
||||
<p><a href="http://linux-pam.org">PAM</a> and <a href="https://en.wikipedia.org/wiki/Name_Service_Switch">nsswitch</a>
|
||||
are the core mechanisms used by Linux and BSD clients to resolve identities from an IDM service
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
|
@ -353,7 +353,29 @@ the interactive configuration generator. Alternately, you can set the following
|
|||
these to a group with a scope map due to Velociraptors high impact.</p>
|
||||
<pre><code># kanidm group create velociraptor_users
|
||||
# kanidm group add_members velociraptor_users ...
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email</code></pre>
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email
|
||||
</code></pre>
|
||||
<h3 id="vouch-proxy"><a class="header" href="#vouch-proxy">Vouch Proxy</a></h3>
|
||||
<p><em>You need to run at least the version 0.37.0</em>.</p>
|
||||
<p>Vouch Proxy supports multiple OAuth and OIDC login providers.
|
||||
To configure it you need to pass:</p>
|
||||
<pre><code class="language-yaml">oauth:
|
||||
auth_url: https://idm.wherekanidmruns.com/ui/oauth2
|
||||
callback_url: https://login.wherevouchproxyruns.com/auth
|
||||
client_id: <oauth2_rs_name> # Found in kanidm system oauth2 get XXXX (should be the same as XXXX)
|
||||
client_secret: <oauth2_rs_basic_secret> # Found in kanidm system oauth2 get XXXX
|
||||
code_challenge_method: S256
|
||||
provider: oidc
|
||||
scopes:
|
||||
- email # Important, vouch proxy requiers a username (but does not use the proper scope, sub) or an email see https://github.com/vouch/vouch-proxy/issues/309, 310
|
||||
token_url: https://idm.wherekanidmruns.com/oauth2/token
|
||||
user_info_url: https://idm.wherekanidmruns.com/oauth2/openid/<oauth2_rs_name>/userinfo
|
||||
</code></pre>
|
||||
<p>The <code>email</code> scope needs to be passed and thus the attribute needs to exist in
|
||||
the account:</p>
|
||||
<pre><code>kanidm login --name idm_admin
|
||||
kanidm account person extend YYYY --mail "YYYY@somedomain.com" --name idm_admin
|
||||
</code></pre>
|
||||
|
||||
</main>
|
||||
|
||||
|
|
|
|||
|
|
@ -1613,7 +1613,29 @@ the interactive configuration generator. Alternately, you can set the following
|
|||
these to a group with a scope map due to Velociraptors high impact.</p>
|
||||
<pre><code># kanidm group create velociraptor_users
|
||||
# kanidm group add_members velociraptor_users ...
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email</code></pre>
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email
|
||||
</code></pre>
|
||||
<h3 id="vouch-proxy"><a class="header" href="#vouch-proxy">Vouch Proxy</a></h3>
|
||||
<p><em>You need to run at least the version 0.37.0</em>.</p>
|
||||
<p>Vouch Proxy supports multiple OAuth and OIDC login providers.
|
||||
To configure it you need to pass:</p>
|
||||
<pre><code class="language-yaml">oauth:
|
||||
auth_url: https://idm.wherekanidmruns.com/ui/oauth2
|
||||
callback_url: https://login.wherevouchproxyruns.com/auth
|
||||
client_id: <oauth2_rs_name> # Found in kanidm system oauth2 get XXXX (should be the same as XXXX)
|
||||
client_secret: <oauth2_rs_basic_secret> # Found in kanidm system oauth2 get XXXX
|
||||
code_challenge_method: S256
|
||||
provider: oidc
|
||||
scopes:
|
||||
- email # Important, vouch proxy requiers a username (but does not use the proper scope, sub) or an email see https://github.com/vouch/vouch-proxy/issues/309, 310
|
||||
token_url: https://idm.wherekanidmruns.com/oauth2/token
|
||||
user_info_url: https://idm.wherekanidmruns.com/oauth2/openid/<oauth2_rs_name>/userinfo
|
||||
</code></pre>
|
||||
<p>The <code>email</code> scope needs to be passed and thus the attribute needs to exist in
|
||||
the account:</p>
|
||||
<pre><code>kanidm login --name idm_admin
|
||||
kanidm account person extend YYYY --mail "YYYY@somedomain.com" --name idm_admin
|
||||
</code></pre>
|
||||
<div style="break-before: page; page-break-before: always;"></div><h1 id="pam-and-nsswitch"><a class="header" href="#pam-and-nsswitch">PAM and nsswitch</a></h1>
|
||||
<p><a href="http://linux-pam.org">PAM</a> and <a href="https://en.wikipedia.org/wiki/Name_Service_Switch">nsswitch</a>
|
||||
are the core mechanisms used by Linux and BSD clients to resolve identities from an IDM service
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
|
@ -353,7 +353,29 @@ the interactive configuration generator. Alternately, you can set the following
|
|||
these to a group with a scope map due to Velociraptors high impact.</p>
|
||||
<pre><code># kanidm group create velociraptor_users
|
||||
# kanidm group add_members velociraptor_users ...
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email</code></pre>
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email
|
||||
</code></pre>
|
||||
<h3 id="vouch-proxy"><a class="header" href="#vouch-proxy">Vouch Proxy</a></h3>
|
||||
<p><em>You need to run at least the version 0.37.0</em>.</p>
|
||||
<p>Vouch Proxy supports multiple OAuth and OIDC login providers.
|
||||
To configure it you need to pass:</p>
|
||||
<pre><code class="language-yaml">oauth:
|
||||
auth_url: https://idm.wherekanidmruns.com/ui/oauth2
|
||||
callback_url: https://login.wherevouchproxyruns.com/auth
|
||||
client_id: <oauth2_rs_name> # Found in kanidm system oauth2 get XXXX (should be the same as XXXX)
|
||||
client_secret: <oauth2_rs_basic_secret> # Found in kanidm system oauth2 get XXXX
|
||||
code_challenge_method: S256
|
||||
provider: oidc
|
||||
scopes:
|
||||
- email # Important, vouch proxy requiers a username (but does not use the proper scope, sub) or an email see https://github.com/vouch/vouch-proxy/issues/309, 310
|
||||
token_url: https://idm.wherekanidmruns.com/oauth2/token
|
||||
user_info_url: https://idm.wherekanidmruns.com/oauth2/openid/<oauth2_rs_name>/userinfo
|
||||
</code></pre>
|
||||
<p>The <code>email</code> scope needs to be passed and thus the attribute needs to exist in
|
||||
the account:</p>
|
||||
<pre><code>kanidm login --name idm_admin
|
||||
kanidm account person extend YYYY --mail "YYYY@somedomain.com" --name idm_admin
|
||||
</code></pre>
|
||||
|
||||
</main>
|
||||
|
||||
|
|
|
|||
|
|
@ -1613,7 +1613,29 @@ the interactive configuration generator. Alternately, you can set the following
|
|||
these to a group with a scope map due to Velociraptors high impact.</p>
|
||||
<pre><code># kanidm group create velociraptor_users
|
||||
# kanidm group add_members velociraptor_users ...
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email</code></pre>
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email
|
||||
</code></pre>
|
||||
<h3 id="vouch-proxy"><a class="header" href="#vouch-proxy">Vouch Proxy</a></h3>
|
||||
<p><em>You need to run at least the version 0.37.0</em>.</p>
|
||||
<p>Vouch Proxy supports multiple OAuth and OIDC login providers.
|
||||
To configure it you need to pass:</p>
|
||||
<pre><code class="language-yaml">oauth:
|
||||
auth_url: https://idm.wherekanidmruns.com/ui/oauth2
|
||||
callback_url: https://login.wherevouchproxyruns.com/auth
|
||||
client_id: <oauth2_rs_name> # Found in kanidm system oauth2 get XXXX (should be the same as XXXX)
|
||||
client_secret: <oauth2_rs_basic_secret> # Found in kanidm system oauth2 get XXXX
|
||||
code_challenge_method: S256
|
||||
provider: oidc
|
||||
scopes:
|
||||
- email # Important, vouch proxy requiers a username (but does not use the proper scope, sub) or an email see https://github.com/vouch/vouch-proxy/issues/309, 310
|
||||
token_url: https://idm.wherekanidmruns.com/oauth2/token
|
||||
user_info_url: https://idm.wherekanidmruns.com/oauth2/openid/<oauth2_rs_name>/userinfo
|
||||
</code></pre>
|
||||
<p>The <code>email</code> scope needs to be passed and thus the attribute needs to exist in
|
||||
the account:</p>
|
||||
<pre><code>kanidm login --name idm_admin
|
||||
kanidm account person extend YYYY --mail "YYYY@somedomain.com" --name idm_admin
|
||||
</code></pre>
|
||||
<div style="break-before: page; page-break-before: always;"></div><h1 id="pam-and-nsswitch"><a class="header" href="#pam-and-nsswitch">PAM and nsswitch</a></h1>
|
||||
<p><a href="http://linux-pam.org">PAM</a> and <a href="https://en.wikipedia.org/wiki/Name_Service_Switch">nsswitch</a>
|
||||
are the core mechanisms used by Linux and BSD clients to resolve identities from an IDM service
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
|
@ -353,7 +353,29 @@ the interactive configuration generator. Alternately, you can set the following
|
|||
these to a group with a scope map due to Velociraptors high impact.</p>
|
||||
<pre><code># kanidm group create velociraptor_users
|
||||
# kanidm group add_members velociraptor_users ...
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email</code></pre>
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email
|
||||
</code></pre>
|
||||
<h3 id="vouch-proxy"><a class="header" href="#vouch-proxy">Vouch Proxy</a></h3>
|
||||
<p><em>You need to run at least the version 0.37.0</em>.</p>
|
||||
<p>Vouch Proxy supports multiple OAuth and OIDC login providers.
|
||||
To configure it you need to pass:</p>
|
||||
<pre><code class="language-yaml">oauth:
|
||||
auth_url: https://idm.wherekanidmruns.com/ui/oauth2
|
||||
callback_url: https://login.wherevouchproxyruns.com/auth
|
||||
client_id: <oauth2_rs_name> # Found in kanidm system oauth2 get XXXX (should be the same as XXXX)
|
||||
client_secret: <oauth2_rs_basic_secret> # Found in kanidm system oauth2 get XXXX
|
||||
code_challenge_method: S256
|
||||
provider: oidc
|
||||
scopes:
|
||||
- email # Important, vouch proxy requiers a username (but does not use the proper scope, sub) or an email see https://github.com/vouch/vouch-proxy/issues/309, 310
|
||||
token_url: https://idm.wherekanidmruns.com/oauth2/token
|
||||
user_info_url: https://idm.wherekanidmruns.com/oauth2/openid/<oauth2_rs_name>/userinfo
|
||||
</code></pre>
|
||||
<p>The <code>email</code> scope needs to be passed and thus the attribute needs to exist in
|
||||
the account:</p>
|
||||
<pre><code>kanidm login --name idm_admin
|
||||
kanidm account person extend YYYY --mail "YYYY@somedomain.com" --name idm_admin
|
||||
</code></pre>
|
||||
|
||||
</main>
|
||||
|
||||
|
|
|
|||
|
|
@ -1613,7 +1613,29 @@ the interactive configuration generator. Alternately, you can set the following
|
|||
these to a group with a scope map due to Velociraptors high impact.</p>
|
||||
<pre><code># kanidm group create velociraptor_users
|
||||
# kanidm group add_members velociraptor_users ...
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email</code></pre>
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email
|
||||
</code></pre>
|
||||
<h3 id="vouch-proxy"><a class="header" href="#vouch-proxy">Vouch Proxy</a></h3>
|
||||
<p><em>You need to run at least the version 0.37.0</em>.</p>
|
||||
<p>Vouch Proxy supports multiple OAuth and OIDC login providers.
|
||||
To configure it you need to pass:</p>
|
||||
<pre><code class="language-yaml">oauth:
|
||||
auth_url: https://idm.wherekanidmruns.com/ui/oauth2
|
||||
callback_url: https://login.wherevouchproxyruns.com/auth
|
||||
client_id: <oauth2_rs_name> # Found in kanidm system oauth2 get XXXX (should be the same as XXXX)
|
||||
client_secret: <oauth2_rs_basic_secret> # Found in kanidm system oauth2 get XXXX
|
||||
code_challenge_method: S256
|
||||
provider: oidc
|
||||
scopes:
|
||||
- email # Important, vouch proxy requiers a username (but does not use the proper scope, sub) or an email see https://github.com/vouch/vouch-proxy/issues/309, 310
|
||||
token_url: https://idm.wherekanidmruns.com/oauth2/token
|
||||
user_info_url: https://idm.wherekanidmruns.com/oauth2/openid/<oauth2_rs_name>/userinfo
|
||||
</code></pre>
|
||||
<p>The <code>email</code> scope needs to be passed and thus the attribute needs to exist in
|
||||
the account:</p>
|
||||
<pre><code>kanidm login --name idm_admin
|
||||
kanidm account person extend YYYY --mail "YYYY@somedomain.com" --name idm_admin
|
||||
</code></pre>
|
||||
<div style="break-before: page; page-break-before: always;"></div><h1 id="pam-and-nsswitch"><a class="header" href="#pam-and-nsswitch">PAM and nsswitch</a></h1>
|
||||
<p><a href="http://linux-pam.org">PAM</a> and <a href="https://en.wikipedia.org/wiki/Name_Service_Switch">nsswitch</a>
|
||||
are the core mechanisms used by Linux and BSD clients to resolve identities from an IDM service
|
||||
|
|
|
|||
|
|
@ -6,16 +6,16 @@
|
|||
</a><h2 class="location"><a href="#">ClientError</a></h2><div class="sidebar-elems"><section><div class="block"><h3 class="sidebar-title"><a href="#variants">Variants</a></h3><ul><li><a href="#variant.AuthenticationFailed">AuthenticationFailed</a></li><li><a href="#variant.EmptyResponse">EmptyResponse</a></li><li><a href="#variant.Http">Http</a></li><li><a href="#variant.JsonDecode">JsonDecode</a></li><li><a href="#variant.JsonEncode">JsonEncode</a></li><li><a href="#variant.SystemError">SystemError</a></li><li><a href="#variant.TotpInvalidSha1">TotpInvalidSha1</a></li><li><a href="#variant.TotpVerifyFailed">TotpVerifyFailed</a></li><li><a href="#variant.Transport">Transport</a></li><li><a href="#variant.Unauthorized">Unauthorized</a></li></ul></div><div class="block"><h3 class="sidebar-title"><a href="#trait-implementations">Trait Implementations</a></h3><ul><li><a href="#impl-Debug">Debug</a></li></ul></div><div class="block"><h3 class="sidebar-title"><a href="#synthetic-implementations">Auto Trait Implementations</a></h3><ul><li><a href="#impl-RefUnwindSafe">!RefUnwindSafe</a></li><li><a href="#impl-Send">Send</a></li><li><a href="#impl-Sync">Sync</a></li><li><a href="#impl-Unpin">Unpin</a></li><li><a href="#impl-UnwindSafe">!UnwindSafe</a></li></ul></div><div class="block"><h3 class="sidebar-title"><a href="#blanket-implementations">Blanket Implementations</a></h3><ul><li><a href="#impl-Any">Any</a></li><li><a href="#impl-Borrow%3CT%3E">Borrow<T></a></li><li><a href="#impl-BorrowMut%3CT%3E">BorrowMut<T></a></li><li><a href="#impl-From%3CT%3E">From<T></a></li><li><a href="#impl-Instrument">Instrument</a></li><li><a href="#impl-Into%3CU%3E">Into<U></a></li><li><a href="#impl-TryFrom%3CU%3E">TryFrom<U></a></li><li><a href="#impl-TryInto%3CU%3E">TryInto<U></a></li><li><a href="#impl-VZip%3CV%3E">VZip<V></a></li><li><a href="#impl-WithSubscriber">WithSubscriber</a></li></ul></div></section><h2 class="location"><a href="index.html">In kanidm_client</a></h2><div id="sidebar-vars" data-name="ClientError" data-ty="enum" data-relpath=""></div><script defer src="sidebar-items.js"></script></div></nav><main><div class="width-limiter"><div class="sub-container"><a class="sub-logo-container" href="../kanidm_client/index.html"><img class="rust-logo" src="../rust-logo.svg" alt="logo"></a><nav class="sub"><div class="theme-picker hidden"><button id="theme-picker" aria-label="Pick another theme!" aria-haspopup="menu" title="themes"><img width="22" height="22" alt="Pick another theme!" src="../brush.svg"></button><div id="theme-choices" role="menu"></div></div><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><button type="button" id="help-button" title="help">?</button><a id="settings-menu" href="../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../wheel.svg"></a></div></form></nav></div><section id="main-content" class="content"><div class="main-heading">
|
||||
<h1 class="fqn"><span class="in-band">Enum <a href="index.html">kanidm_client</a>::<wbr><a class="enum" href="#">ClientError</a><button id="copy-path" onclick="copy_path(this)" title="Copy item path to clipboard"><img src="../clipboard.svg" width="19" height="18" alt="Copy item path"></button></span></h1><span class="out-of-band"><a class="srclink" href="../src/kanidm_client/lib.rs.html#51-62">source</a> · <a id="toggle-all-docs" href="javascript:void(0)" title="collapse all docs">[<span class="inner">−</span>]</a></span></div><div class="docblock item-decl"><pre class="rust enum"><code>pub enum ClientError {
|
||||
Unauthorized,
|
||||
Http(<a class="struct" href="struct.StatusCode.html" title="struct kanidm_client::StatusCode">StatusCode</a>, <a class="enum" href="https://doc.rust-lang.org/1.61.0/core/option/enum.Option.html" title="enum core::option::Option">Option</a><<a class="enum" href="../kanidm_proto/v1/enum.OperationError.html" title="enum kanidm_proto::v1::OperationError">OperationError</a>>, <a class="struct" href="https://doc.rust-lang.org/1.61.0/alloc/string/struct.String.html" title="struct alloc::string::String">String</a>),
|
||||
Http(<a class="struct" href="struct.StatusCode.html" title="struct kanidm_client::StatusCode">StatusCode</a>, <a class="enum" href="https://doc.rust-lang.org/1.61.0/core/option/enum.Option.html" title="enum core::option::Option">Option</a><OperationError>, <a class="struct" href="https://doc.rust-lang.org/1.61.0/alloc/string/struct.String.html" title="struct alloc::string::String">String</a>),
|
||||
Transport(<a class="struct" href="https://docs.rs/reqwest/0.11.10/reqwest/error/struct.Error.html" title="struct reqwest::error::Error">Error</a>),
|
||||
AuthenticationFailed,
|
||||
EmptyResponse,
|
||||
TotpVerifyFailed(<a class="struct" href="https://docs.rs/uuid/1.1.2/uuid/struct.Uuid.html" title="struct uuid::Uuid">Uuid</a>, <a class="struct" href="../kanidm_proto/v1/struct.TotpSecret.html" title="struct kanidm_proto::v1::TotpSecret">TotpSecret</a>),
|
||||
TotpVerifyFailed(<a class="struct" href="https://docs.rs/uuid/1.1.2/uuid/struct.Uuid.html" title="struct uuid::Uuid">Uuid</a>, TotpSecret),
|
||||
TotpInvalidSha1(<a class="struct" href="https://docs.rs/uuid/1.1.2/uuid/struct.Uuid.html" title="struct uuid::Uuid">Uuid</a>),
|
||||
JsonDecode(<a class="struct" href="https://docs.rs/reqwest/0.11.10/reqwest/error/struct.Error.html" title="struct reqwest::error::Error">Error</a>, <a class="struct" href="https://doc.rust-lang.org/1.61.0/alloc/string/struct.String.html" title="struct alloc::string::String">String</a>),
|
||||
JsonEncode(<a class="struct" href="https://docs.rs/serde_json/1.0.81/serde_json/error/struct.Error.html" title="struct serde_json::error::Error">SerdeJsonError</a>),
|
||||
SystemError,
|
||||
}</code></pre></div><h2 id="variants" class="variants small-section-header">Variants<a href="#variants" class="anchor"></a></h2><h3 id="variant.Unauthorized" class="variant small-section-header"><a href="#variant.Unauthorized" class="anchor field"></a><code>Unauthorized</code></h3><h3 id="variant.Http" class="variant small-section-header"><a href="#variant.Http" class="anchor field"></a><code>Http(<a class="struct" href="struct.StatusCode.html" title="struct kanidm_client::StatusCode">StatusCode</a>, <a class="enum" href="https://doc.rust-lang.org/1.61.0/core/option/enum.Option.html" title="enum core::option::Option">Option</a><<a class="enum" href="../kanidm_proto/v1/enum.OperationError.html" title="enum kanidm_proto::v1::OperationError">OperationError</a>>, <a class="struct" href="https://doc.rust-lang.org/1.61.0/alloc/string/struct.String.html" title="struct alloc::string::String">String</a>)</code></h3><h3 id="variant.Transport" class="variant small-section-header"><a href="#variant.Transport" class="anchor field"></a><code>Transport(<a class="struct" href="https://docs.rs/reqwest/0.11.10/reqwest/error/struct.Error.html" title="struct reqwest::error::Error">Error</a>)</code></h3><h3 id="variant.AuthenticationFailed" class="variant small-section-header"><a href="#variant.AuthenticationFailed" class="anchor field"></a><code>AuthenticationFailed</code></h3><h3 id="variant.EmptyResponse" class="variant small-section-header"><a href="#variant.EmptyResponse" class="anchor field"></a><code>EmptyResponse</code></h3><h3 id="variant.TotpVerifyFailed" class="variant small-section-header"><a href="#variant.TotpVerifyFailed" class="anchor field"></a><code>TotpVerifyFailed(<a class="struct" href="https://docs.rs/uuid/1.1.2/uuid/struct.Uuid.html" title="struct uuid::Uuid">Uuid</a>, <a class="struct" href="../kanidm_proto/v1/struct.TotpSecret.html" title="struct kanidm_proto::v1::TotpSecret">TotpSecret</a>)</code></h3><h3 id="variant.TotpInvalidSha1" class="variant small-section-header"><a href="#variant.TotpInvalidSha1" class="anchor field"></a><code>TotpInvalidSha1(<a class="struct" href="https://docs.rs/uuid/1.1.2/uuid/struct.Uuid.html" title="struct uuid::Uuid">Uuid</a>)</code></h3><h3 id="variant.JsonDecode" class="variant small-section-header"><a href="#variant.JsonDecode" class="anchor field"></a><code>JsonDecode(<a class="struct" href="https://docs.rs/reqwest/0.11.10/reqwest/error/struct.Error.html" title="struct reqwest::error::Error">Error</a>, <a class="struct" href="https://doc.rust-lang.org/1.61.0/alloc/string/struct.String.html" title="struct alloc::string::String">String</a>)</code></h3><h3 id="variant.JsonEncode" class="variant small-section-header"><a href="#variant.JsonEncode" class="anchor field"></a><code>JsonEncode(<a class="struct" href="https://docs.rs/serde_json/1.0.81/serde_json/error/struct.Error.html" title="struct serde_json::error::Error">SerdeJsonError</a>)</code></h3><h3 id="variant.SystemError" class="variant small-section-header"><a href="#variant.SystemError" class="anchor field"></a><code>SystemError</code></h3><h2 id="trait-implementations" class="small-section-header">Trait Implementations<a href="#trait-implementations" class="anchor"></a></h2><div id="trait-implementations-list"><details class="rustdoc-toggle implementors-toggle" open><summary><section id="impl-Debug" class="impl has-srclink"><span class="rightside"><a class="srclink" href="../src/kanidm_client/lib.rs.html#50">source</a></span><a href="#impl-Debug" class="anchor"></a><h3 class="code-header in-band">impl <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/fmt/trait.Debug.html" title="trait core::fmt::Debug">Debug</a> for <a class="enum" href="enum.ClientError.html" title="enum kanidm_client::ClientError">ClientError</a></h3></section></summary><div class="impl-items"><details class="rustdoc-toggle method-toggle" open><summary><section id="method.fmt" class="method trait-impl has-srclink"><span class="rightside"><a class="srclink" href="../src/kanidm_client/lib.rs.html#50">source</a></span><a href="#method.fmt" class="anchor"></a><h4 class="code-header">fn <a href="https://doc.rust-lang.org/1.61.0/core/fmt/trait.Debug.html#tymethod.fmt" class="fnname">fmt</a>(&self, f: &mut <a class="struct" href="https://doc.rust-lang.org/1.61.0/core/fmt/struct.Formatter.html" title="struct core::fmt::Formatter">Formatter</a><'_>) -> <a class="type" href="https://doc.rust-lang.org/1.61.0/core/fmt/type.Result.html" title="type core::fmt::Result">Result</a></h4></section></summary><div class='docblock'><p>Formats the value using the given formatter. <a href="https://doc.rust-lang.org/1.61.0/core/fmt/trait.Debug.html#tymethod.fmt">Read more</a></p>
|
||||
}</code></pre></div><h2 id="variants" class="variants small-section-header">Variants<a href="#variants" class="anchor"></a></h2><h3 id="variant.Unauthorized" class="variant small-section-header"><a href="#variant.Unauthorized" class="anchor field"></a><code>Unauthorized</code></h3><h3 id="variant.Http" class="variant small-section-header"><a href="#variant.Http" class="anchor field"></a><code>Http(<a class="struct" href="struct.StatusCode.html" title="struct kanidm_client::StatusCode">StatusCode</a>, <a class="enum" href="https://doc.rust-lang.org/1.61.0/core/option/enum.Option.html" title="enum core::option::Option">Option</a><OperationError>, <a class="struct" href="https://doc.rust-lang.org/1.61.0/alloc/string/struct.String.html" title="struct alloc::string::String">String</a>)</code></h3><h3 id="variant.Transport" class="variant small-section-header"><a href="#variant.Transport" class="anchor field"></a><code>Transport(<a class="struct" href="https://docs.rs/reqwest/0.11.10/reqwest/error/struct.Error.html" title="struct reqwest::error::Error">Error</a>)</code></h3><h3 id="variant.AuthenticationFailed" class="variant small-section-header"><a href="#variant.AuthenticationFailed" class="anchor field"></a><code>AuthenticationFailed</code></h3><h3 id="variant.EmptyResponse" class="variant small-section-header"><a href="#variant.EmptyResponse" class="anchor field"></a><code>EmptyResponse</code></h3><h3 id="variant.TotpVerifyFailed" class="variant small-section-header"><a href="#variant.TotpVerifyFailed" class="anchor field"></a><code>TotpVerifyFailed(<a class="struct" href="https://docs.rs/uuid/1.1.2/uuid/struct.Uuid.html" title="struct uuid::Uuid">Uuid</a>, TotpSecret)</code></h3><h3 id="variant.TotpInvalidSha1" class="variant small-section-header"><a href="#variant.TotpInvalidSha1" class="anchor field"></a><code>TotpInvalidSha1(<a class="struct" href="https://docs.rs/uuid/1.1.2/uuid/struct.Uuid.html" title="struct uuid::Uuid">Uuid</a>)</code></h3><h3 id="variant.JsonDecode" class="variant small-section-header"><a href="#variant.JsonDecode" class="anchor field"></a><code>JsonDecode(<a class="struct" href="https://docs.rs/reqwest/0.11.10/reqwest/error/struct.Error.html" title="struct reqwest::error::Error">Error</a>, <a class="struct" href="https://doc.rust-lang.org/1.61.0/alloc/string/struct.String.html" title="struct alloc::string::String">String</a>)</code></h3><h3 id="variant.JsonEncode" class="variant small-section-header"><a href="#variant.JsonEncode" class="anchor field"></a><code>JsonEncode(<a class="struct" href="https://docs.rs/serde_json/1.0.81/serde_json/error/struct.Error.html" title="struct serde_json::error::Error">SerdeJsonError</a>)</code></h3><h3 id="variant.SystemError" class="variant small-section-header"><a href="#variant.SystemError" class="anchor field"></a><code>SystemError</code></h3><h2 id="trait-implementations" class="small-section-header">Trait Implementations<a href="#trait-implementations" class="anchor"></a></h2><div id="trait-implementations-list"><details class="rustdoc-toggle implementors-toggle" open><summary><section id="impl-Debug" class="impl has-srclink"><span class="rightside"><a class="srclink" href="../src/kanidm_client/lib.rs.html#50">source</a></span><a href="#impl-Debug" class="anchor"></a><h3 class="code-header in-band">impl <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/fmt/trait.Debug.html" title="trait core::fmt::Debug">Debug</a> for <a class="enum" href="enum.ClientError.html" title="enum kanidm_client::ClientError">ClientError</a></h3></section></summary><div class="impl-items"><details class="rustdoc-toggle method-toggle" open><summary><section id="method.fmt" class="method trait-impl has-srclink"><span class="rightside"><a class="srclink" href="../src/kanidm_client/lib.rs.html#50">source</a></span><a href="#method.fmt" class="anchor"></a><h4 class="code-header">fn <a href="https://doc.rust-lang.org/1.61.0/core/fmt/trait.Debug.html#tymethod.fmt" class="fnname">fmt</a>(&self, f: &mut <a class="struct" href="https://doc.rust-lang.org/1.61.0/core/fmt/struct.Formatter.html" title="struct core::fmt::Formatter">Formatter</a><'_>) -> <a class="type" href="https://doc.rust-lang.org/1.61.0/core/fmt/type.Result.html" title="type core::fmt::Result">Result</a></h4></section></summary><div class='docblock'><p>Formats the value using the given formatter. <a href="https://doc.rust-lang.org/1.61.0/core/fmt/trait.Debug.html#tymethod.fmt">Read more</a></p>
|
||||
</div></details></div></details></div><h2 id="synthetic-implementations" class="small-section-header">Auto Trait Implementations<a href="#synthetic-implementations" class="anchor"></a></h2><div id="synthetic-implementations-list"><section id="impl-RefUnwindSafe" class="impl has-srclink"><a href="#impl-RefUnwindSafe" class="anchor"></a><h3 class="code-header in-band">impl !<a class="trait" href="https://doc.rust-lang.org/1.61.0/core/panic/unwind_safe/trait.RefUnwindSafe.html" title="trait core::panic::unwind_safe::RefUnwindSafe">RefUnwindSafe</a> for <a class="enum" href="enum.ClientError.html" title="enum kanidm_client::ClientError">ClientError</a></h3></section><section id="impl-Send" class="impl has-srclink"><a href="#impl-Send" class="anchor"></a><h3 class="code-header in-band">impl <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/marker/trait.Send.html" title="trait core::marker::Send">Send</a> for <a class="enum" href="enum.ClientError.html" title="enum kanidm_client::ClientError">ClientError</a></h3></section><section id="impl-Sync" class="impl has-srclink"><a href="#impl-Sync" class="anchor"></a><h3 class="code-header in-band">impl <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/marker/trait.Sync.html" title="trait core::marker::Sync">Sync</a> for <a class="enum" href="enum.ClientError.html" title="enum kanidm_client::ClientError">ClientError</a></h3></section><section id="impl-Unpin" class="impl has-srclink"><a href="#impl-Unpin" class="anchor"></a><h3 class="code-header in-band">impl <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/marker/trait.Unpin.html" title="trait core::marker::Unpin">Unpin</a> for <a class="enum" href="enum.ClientError.html" title="enum kanidm_client::ClientError">ClientError</a></h3></section><section id="impl-UnwindSafe" class="impl has-srclink"><a href="#impl-UnwindSafe" class="anchor"></a><h3 class="code-header in-band">impl !<a class="trait" href="https://doc.rust-lang.org/1.61.0/core/panic/unwind_safe/trait.UnwindSafe.html" title="trait core::panic::unwind_safe::UnwindSafe">UnwindSafe</a> for <a class="enum" href="enum.ClientError.html" title="enum kanidm_client::ClientError">ClientError</a></h3></section></div><h2 id="blanket-implementations" class="small-section-header">Blanket Implementations<a href="#blanket-implementations" class="anchor"></a></h2><div id="blanket-implementations-list"><details class="rustdoc-toggle implementors-toggle"><summary><section id="impl-Any" class="impl has-srclink"><span class="rightside"><a class="srclink" href="https://doc.rust-lang.org/1.61.0/src/core/any.rs.html#132-136">source</a></span><a href="#impl-Any" class="anchor"></a><h3 class="code-header in-band">impl<T> <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/any/trait.Any.html" title="trait core::any::Any">Any</a> for T <span class="where fmt-newline">where<br> T: 'static + ?<a class="trait" href="https://doc.rust-lang.org/1.61.0/core/marker/trait.Sized.html" title="trait core::marker::Sized">Sized</a>, </span></h3></section></summary><div class="impl-items"><details class="rustdoc-toggle method-toggle" open><summary><section id="method.type_id" class="method trait-impl has-srclink"><span class="rightside"><a class="srclink" href="https://doc.rust-lang.org/1.61.0/src/core/any.rs.html#133">source</a></span><a href="#method.type_id" class="anchor"></a><h4 class="code-header">fn <a href="https://doc.rust-lang.org/1.61.0/core/any/trait.Any.html#tymethod.type_id" class="fnname">type_id</a>(&self) -> <a class="struct" href="https://doc.rust-lang.org/1.61.0/core/any/struct.TypeId.html" title="struct core::any::TypeId">TypeId</a></h4></section></summary><div class='docblock'><p>Gets the <code>TypeId</code> of <code>self</code>. <a href="https://doc.rust-lang.org/1.61.0/core/any/trait.Any.html#tymethod.type_id">Read more</a></p>
|
||||
</div></details></div></details><details class="rustdoc-toggle implementors-toggle"><summary><section id="impl-Borrow%3CT%3E" class="impl has-srclink"><span class="rightside"><a class="srclink" href="https://doc.rust-lang.org/1.61.0/src/core/borrow.rs.html#209-214">source</a></span><a href="#impl-Borrow%3CT%3E" class="anchor"></a><h3 class="code-header in-band">impl<T> <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/borrow/trait.Borrow.html" title="trait core::borrow::Borrow">Borrow</a><T> for T <span class="where fmt-newline">where<br> T: ?<a class="trait" href="https://doc.rust-lang.org/1.61.0/core/marker/trait.Sized.html" title="trait core::marker::Sized">Sized</a>, </span></h3></section></summary><div class="impl-items"><details class="rustdoc-toggle method-toggle" open><summary><section id="method.borrow" class="method trait-impl has-srclink"><span class="rightside"><span class="since" title="const unstable">const: <a href="https://github.com/rust-lang/rust/issues/91522" title="Tracking issue for const_borrow">unstable</a></span> · <a class="srclink" href="https://doc.rust-lang.org/1.61.0/src/core/borrow.rs.html#211">source</a></span><a href="#method.borrow" class="anchor"></a><h4 class="code-header">fn <a href="https://doc.rust-lang.org/1.61.0/core/borrow/trait.Borrow.html#tymethod.borrow" class="fnname">borrow</a>(&self) -> <a class="primitive" href="https://doc.rust-lang.org/1.61.0/std/primitive.reference.html">&</a>T</h4></section></summary><div class='docblock'><p>Immutably borrows from an owned value. <a href="https://doc.rust-lang.org/1.61.0/core/borrow/trait.Borrow.html#tymethod.borrow">Read more</a></p>
|
||||
</div></details></div></details><details class="rustdoc-toggle implementors-toggle"><summary><section id="impl-BorrowMut%3CT%3E" class="impl has-srclink"><span class="rightside"><a class="srclink" href="https://doc.rust-lang.org/1.61.0/src/core/borrow.rs.html#218-222">source</a></span><a href="#impl-BorrowMut%3CT%3E" class="anchor"></a><h3 class="code-header in-band">impl<T> <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/borrow/trait.BorrowMut.html" title="trait core::borrow::BorrowMut">BorrowMut</a><T> for T <span class="where fmt-newline">where<br> T: ?<a class="trait" href="https://doc.rust-lang.org/1.61.0/core/marker/trait.Sized.html" title="trait core::marker::Sized">Sized</a>, </span></h3></section></summary><div class="impl-items"><details class="rustdoc-toggle method-toggle" open><summary><section id="method.borrow_mut" class="method trait-impl has-srclink"><span class="rightside"><span class="since" title="const unstable">const: <a href="https://github.com/rust-lang/rust/issues/91522" title="Tracking issue for const_borrow">unstable</a></span> · <a class="srclink" href="https://doc.rust-lang.org/1.61.0/src/core/borrow.rs.html#219">source</a></span><a href="#method.borrow_mut" class="anchor"></a><h4 class="code-header">fn <a href="https://doc.rust-lang.org/1.61.0/core/borrow/trait.BorrowMut.html#tymethod.borrow_mut" class="fnname">borrow_mut</a>(&mut self) -> <a class="primitive" href="https://doc.rust-lang.org/1.61.0/std/primitive.reference.html">&mut </a>T</h4></section></summary><div class='docblock'><p>Mutably borrows from an owned value. <a href="https://doc.rust-lang.org/1.61.0/core/borrow/trait.BorrowMut.html#tymethod.borrow_mut">Read more</a></p>
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
|
@ -353,7 +353,29 @@ the interactive configuration generator. Alternately, you can set the following
|
|||
these to a group with a scope map due to Velociraptors high impact.</p>
|
||||
<pre><code># kanidm group create velociraptor_users
|
||||
# kanidm group add_members velociraptor_users ...
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email</code></pre>
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email
|
||||
</code></pre>
|
||||
<h3 id="vouch-proxy"><a class="header" href="#vouch-proxy">Vouch Proxy</a></h3>
|
||||
<p><em>You need to run at least the version 0.37.0</em>.</p>
|
||||
<p>Vouch Proxy supports multiple OAuth and OIDC login providers.
|
||||
To configure it you need to pass:</p>
|
||||
<pre><code class="language-yaml">oauth:
|
||||
auth_url: https://idm.wherekanidmruns.com/ui/oauth2
|
||||
callback_url: https://login.wherevouchproxyruns.com/auth
|
||||
client_id: <oauth2_rs_name> # Found in kanidm system oauth2 get XXXX (should be the same as XXXX)
|
||||
client_secret: <oauth2_rs_basic_secret> # Found in kanidm system oauth2 get XXXX
|
||||
code_challenge_method: S256
|
||||
provider: oidc
|
||||
scopes:
|
||||
- email # Important, vouch proxy requiers a username (but does not use the proper scope, sub) or an email see https://github.com/vouch/vouch-proxy/issues/309, 310
|
||||
token_url: https://idm.wherekanidmruns.com/oauth2/token
|
||||
user_info_url: https://idm.wherekanidmruns.com/oauth2/openid/<oauth2_rs_name>/userinfo
|
||||
</code></pre>
|
||||
<p>The <code>email</code> scope needs to be passed and thus the attribute needs to exist in
|
||||
the account:</p>
|
||||
<pre><code>kanidm login --name idm_admin
|
||||
kanidm account person extend YYYY --mail "YYYY@somedomain.com" --name idm_admin
|
||||
</code></pre>
|
||||
|
||||
</main>
|
||||
|
||||
|
|
|
|||
|
|
@ -1613,7 +1613,29 @@ the interactive configuration generator. Alternately, you can set the following
|
|||
these to a group with a scope map due to Velociraptors high impact.</p>
|
||||
<pre><code># kanidm group create velociraptor_users
|
||||
# kanidm group add_members velociraptor_users ...
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email</code></pre>
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email
|
||||
</code></pre>
|
||||
<h3 id="vouch-proxy"><a class="header" href="#vouch-proxy">Vouch Proxy</a></h3>
|
||||
<p><em>You need to run at least the version 0.37.0</em>.</p>
|
||||
<p>Vouch Proxy supports multiple OAuth and OIDC login providers.
|
||||
To configure it you need to pass:</p>
|
||||
<pre><code class="language-yaml">oauth:
|
||||
auth_url: https://idm.wherekanidmruns.com/ui/oauth2
|
||||
callback_url: https://login.wherevouchproxyruns.com/auth
|
||||
client_id: <oauth2_rs_name> # Found in kanidm system oauth2 get XXXX (should be the same as XXXX)
|
||||
client_secret: <oauth2_rs_basic_secret> # Found in kanidm system oauth2 get XXXX
|
||||
code_challenge_method: S256
|
||||
provider: oidc
|
||||
scopes:
|
||||
- email # Important, vouch proxy requiers a username (but does not use the proper scope, sub) or an email see https://github.com/vouch/vouch-proxy/issues/309, 310
|
||||
token_url: https://idm.wherekanidmruns.com/oauth2/token
|
||||
user_info_url: https://idm.wherekanidmruns.com/oauth2/openid/<oauth2_rs_name>/userinfo
|
||||
</code></pre>
|
||||
<p>The <code>email</code> scope needs to be passed and thus the attribute needs to exist in
|
||||
the account:</p>
|
||||
<pre><code>kanidm login --name idm_admin
|
||||
kanidm account person extend YYYY --mail "YYYY@somedomain.com" --name idm_admin
|
||||
</code></pre>
|
||||
<div style="break-before: page; page-break-before: always;"></div><h1 id="pam-and-nsswitch"><a class="header" href="#pam-and-nsswitch">PAM and nsswitch</a></h1>
|
||||
<p><a href="http://linux-pam.org">PAM</a> and <a href="https://en.wikipedia.org/wiki/Name_Service_Switch">nsswitch</a>
|
||||
are the core mechanisms used by Linux and BSD clients to resolve identities from an IDM service
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
|
@ -353,7 +353,29 @@ the interactive configuration generator. Alternately, you can set the following
|
|||
these to a group with a scope map due to Velociraptors high impact.</p>
|
||||
<pre><code># kanidm group create velociraptor_users
|
||||
# kanidm group add_members velociraptor_users ...
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email</code></pre>
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email
|
||||
</code></pre>
|
||||
<h3 id="vouch-proxy"><a class="header" href="#vouch-proxy">Vouch Proxy</a></h3>
|
||||
<p><em>You need to run at least the version 0.37.0</em>.</p>
|
||||
<p>Vouch Proxy supports multiple OAuth and OIDC login providers.
|
||||
To configure it you need to pass:</p>
|
||||
<pre><code class="language-yaml">oauth:
|
||||
auth_url: https://idm.wherekanidmruns.com/ui/oauth2
|
||||
callback_url: https://login.wherevouchproxyruns.com/auth
|
||||
client_id: <oauth2_rs_name> # Found in kanidm system oauth2 get XXXX (should be the same as XXXX)
|
||||
client_secret: <oauth2_rs_basic_secret> # Found in kanidm system oauth2 get XXXX
|
||||
code_challenge_method: S256
|
||||
provider: oidc
|
||||
scopes:
|
||||
- email # Important, vouch proxy requiers a username (but does not use the proper scope, sub) or an email see https://github.com/vouch/vouch-proxy/issues/309, 310
|
||||
token_url: https://idm.wherekanidmruns.com/oauth2/token
|
||||
user_info_url: https://idm.wherekanidmruns.com/oauth2/openid/<oauth2_rs_name>/userinfo
|
||||
</code></pre>
|
||||
<p>The <code>email</code> scope needs to be passed and thus the attribute needs to exist in
|
||||
the account:</p>
|
||||
<pre><code>kanidm login --name idm_admin
|
||||
kanidm account person extend YYYY --mail "YYYY@somedomain.com" --name idm_admin
|
||||
</code></pre>
|
||||
|
||||
</main>
|
||||
|
||||
|
|
|
|||
|
|
@ -1613,7 +1613,29 @@ the interactive configuration generator. Alternately, you can set the following
|
|||
these to a group with a scope map due to Velociraptors high impact.</p>
|
||||
<pre><code># kanidm group create velociraptor_users
|
||||
# kanidm group add_members velociraptor_users ...
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email</code></pre>
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email
|
||||
</code></pre>
|
||||
<h3 id="vouch-proxy"><a class="header" href="#vouch-proxy">Vouch Proxy</a></h3>
|
||||
<p><em>You need to run at least the version 0.37.0</em>.</p>
|
||||
<p>Vouch Proxy supports multiple OAuth and OIDC login providers.
|
||||
To configure it you need to pass:</p>
|
||||
<pre><code class="language-yaml">oauth:
|
||||
auth_url: https://idm.wherekanidmruns.com/ui/oauth2
|
||||
callback_url: https://login.wherevouchproxyruns.com/auth
|
||||
client_id: <oauth2_rs_name> # Found in kanidm system oauth2 get XXXX (should be the same as XXXX)
|
||||
client_secret: <oauth2_rs_basic_secret> # Found in kanidm system oauth2 get XXXX
|
||||
code_challenge_method: S256
|
||||
provider: oidc
|
||||
scopes:
|
||||
- email # Important, vouch proxy requiers a username (but does not use the proper scope, sub) or an email see https://github.com/vouch/vouch-proxy/issues/309, 310
|
||||
token_url: https://idm.wherekanidmruns.com/oauth2/token
|
||||
user_info_url: https://idm.wherekanidmruns.com/oauth2/openid/<oauth2_rs_name>/userinfo
|
||||
</code></pre>
|
||||
<p>The <code>email</code> scope needs to be passed and thus the attribute needs to exist in
|
||||
the account:</p>
|
||||
<pre><code>kanidm login --name idm_admin
|
||||
kanidm account person extend YYYY --mail "YYYY@somedomain.com" --name idm_admin
|
||||
</code></pre>
|
||||
<div style="break-before: page; page-break-before: always;"></div><h1 id="pam-and-nsswitch"><a class="header" href="#pam-and-nsswitch">PAM and nsswitch</a></h1>
|
||||
<p><a href="http://linux-pam.org">PAM</a> and <a href="https://en.wikipedia.org/wiki/Name_Service_Switch">nsswitch</a>
|
||||
are the core mechanisms used by Linux and BSD clients to resolve identities from an IDM service
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
|
@ -353,7 +353,29 @@ the interactive configuration generator. Alternately, you can set the following
|
|||
these to a group with a scope map due to Velociraptors high impact.</p>
|
||||
<pre><code># kanidm group create velociraptor_users
|
||||
# kanidm group add_members velociraptor_users ...
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email</code></pre>
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email
|
||||
</code></pre>
|
||||
<h3 id="vouch-proxy"><a class="header" href="#vouch-proxy">Vouch Proxy</a></h3>
|
||||
<p><em>You need to run at least the version 0.37.0</em>.</p>
|
||||
<p>Vouch Proxy supports multiple OAuth and OIDC login providers.
|
||||
To configure it you need to pass:</p>
|
||||
<pre><code class="language-yaml">oauth:
|
||||
auth_url: https://idm.wherekanidmruns.com/ui/oauth2
|
||||
callback_url: https://login.wherevouchproxyruns.com/auth
|
||||
client_id: <oauth2_rs_name> # Found in kanidm system oauth2 get XXXX (should be the same as XXXX)
|
||||
client_secret: <oauth2_rs_basic_secret> # Found in kanidm system oauth2 get XXXX
|
||||
code_challenge_method: S256
|
||||
provider: oidc
|
||||
scopes:
|
||||
- email # Important, vouch proxy requiers a username (but does not use the proper scope, sub) or an email see https://github.com/vouch/vouch-proxy/issues/309, 310
|
||||
token_url: https://idm.wherekanidmruns.com/oauth2/token
|
||||
user_info_url: https://idm.wherekanidmruns.com/oauth2/openid/<oauth2_rs_name>/userinfo
|
||||
</code></pre>
|
||||
<p>The <code>email</code> scope needs to be passed and thus the attribute needs to exist in
|
||||
the account:</p>
|
||||
<pre><code>kanidm login --name idm_admin
|
||||
kanidm account person extend YYYY --mail "YYYY@somedomain.com" --name idm_admin
|
||||
</code></pre>
|
||||
|
||||
</main>
|
||||
|
||||
|
|
|
|||
|
|
@ -1613,7 +1613,29 @@ the interactive configuration generator. Alternately, you can set the following
|
|||
these to a group with a scope map due to Velociraptors high impact.</p>
|
||||
<pre><code># kanidm group create velociraptor_users
|
||||
# kanidm group add_members velociraptor_users ...
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email</code></pre>
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email
|
||||
</code></pre>
|
||||
<h3 id="vouch-proxy"><a class="header" href="#vouch-proxy">Vouch Proxy</a></h3>
|
||||
<p><em>You need to run at least the version 0.37.0</em>.</p>
|
||||
<p>Vouch Proxy supports multiple OAuth and OIDC login providers.
|
||||
To configure it you need to pass:</p>
|
||||
<pre><code class="language-yaml">oauth:
|
||||
auth_url: https://idm.wherekanidmruns.com/ui/oauth2
|
||||
callback_url: https://login.wherevouchproxyruns.com/auth
|
||||
client_id: <oauth2_rs_name> # Found in kanidm system oauth2 get XXXX (should be the same as XXXX)
|
||||
client_secret: <oauth2_rs_basic_secret> # Found in kanidm system oauth2 get XXXX
|
||||
code_challenge_method: S256
|
||||
provider: oidc
|
||||
scopes:
|
||||
- email # Important, vouch proxy requiers a username (but does not use the proper scope, sub) or an email see https://github.com/vouch/vouch-proxy/issues/309, 310
|
||||
token_url: https://idm.wherekanidmruns.com/oauth2/token
|
||||
user_info_url: https://idm.wherekanidmruns.com/oauth2/openid/<oauth2_rs_name>/userinfo
|
||||
</code></pre>
|
||||
<p>The <code>email</code> scope needs to be passed and thus the attribute needs to exist in
|
||||
the account:</p>
|
||||
<pre><code>kanidm login --name idm_admin
|
||||
kanidm account person extend YYYY --mail "YYYY@somedomain.com" --name idm_admin
|
||||
</code></pre>
|
||||
<div style="break-before: page; page-break-before: always;"></div><h1 id="pam-and-nsswitch"><a class="header" href="#pam-and-nsswitch">PAM and nsswitch</a></h1>
|
||||
<p><a href="http://linux-pam.org">PAM</a> and <a href="https://en.wikipedia.org/wiki/Name_Service_Switch">nsswitch</a>
|
||||
are the core mechanisms used by Linux and BSD clients to resolve identities from an IDM service
|
||||
|
|
|
|||
|
|
@ -6,16 +6,16 @@
|
|||
</a><h2 class="location"><a href="#">ClientError</a></h2><div class="sidebar-elems"><section><div class="block"><h3 class="sidebar-title"><a href="#variants">Variants</a></h3><ul><li><a href="#variant.AuthenticationFailed">AuthenticationFailed</a></li><li><a href="#variant.EmptyResponse">EmptyResponse</a></li><li><a href="#variant.Http">Http</a></li><li><a href="#variant.JsonDecode">JsonDecode</a></li><li><a href="#variant.JsonEncode">JsonEncode</a></li><li><a href="#variant.SystemError">SystemError</a></li><li><a href="#variant.TotpInvalidSha1">TotpInvalidSha1</a></li><li><a href="#variant.TotpVerifyFailed">TotpVerifyFailed</a></li><li><a href="#variant.Transport">Transport</a></li><li><a href="#variant.Unauthorized">Unauthorized</a></li></ul></div><div class="block"><h3 class="sidebar-title"><a href="#trait-implementations">Trait Implementations</a></h3><ul><li><a href="#impl-Debug">Debug</a></li></ul></div><div class="block"><h3 class="sidebar-title"><a href="#synthetic-implementations">Auto Trait Implementations</a></h3><ul><li><a href="#impl-RefUnwindSafe">!RefUnwindSafe</a></li><li><a href="#impl-Send">Send</a></li><li><a href="#impl-Sync">Sync</a></li><li><a href="#impl-Unpin">Unpin</a></li><li><a href="#impl-UnwindSafe">!UnwindSafe</a></li></ul></div><div class="block"><h3 class="sidebar-title"><a href="#blanket-implementations">Blanket Implementations</a></h3><ul><li><a href="#impl-Any">Any</a></li><li><a href="#impl-Borrow%3CT%3E">Borrow<T></a></li><li><a href="#impl-BorrowMut%3CT%3E">BorrowMut<T></a></li><li><a href="#impl-From%3CT%3E">From<T></a></li><li><a href="#impl-Instrument">Instrument</a></li><li><a href="#impl-Into%3CU%3E">Into<U></a></li><li><a href="#impl-TryFrom%3CU%3E">TryFrom<U></a></li><li><a href="#impl-TryInto%3CU%3E">TryInto<U></a></li><li><a href="#impl-VZip%3CV%3E">VZip<V></a></li><li><a href="#impl-WithSubscriber">WithSubscriber</a></li></ul></div></section><h2 class="location"><a href="index.html">In kanidm_client</a></h2><div id="sidebar-vars" data-name="ClientError" data-ty="enum" data-relpath=""></div><script defer src="sidebar-items.js"></script></div></nav><main><div class="width-limiter"><div class="sub-container"><a class="sub-logo-container" href="../kanidm_client/index.html"><img class="rust-logo" src="../rust-logo.svg" alt="logo"></a><nav class="sub"><div class="theme-picker hidden"><button id="theme-picker" aria-label="Pick another theme!" aria-haspopup="menu" title="themes"><img width="22" height="22" alt="Pick another theme!" src="../brush.svg"></button><div id="theme-choices" role="menu"></div></div><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><button type="button" id="help-button" title="help">?</button><a id="settings-menu" href="../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../wheel.svg"></a></div></form></nav></div><section id="main-content" class="content"><div class="main-heading">
|
||||
<h1 class="fqn"><span class="in-band">Enum <a href="index.html">kanidm_client</a>::<wbr><a class="enum" href="#">ClientError</a><button id="copy-path" onclick="copy_path(this)" title="Copy item path to clipboard"><img src="../clipboard.svg" width="19" height="18" alt="Copy item path"></button></span></h1><span class="out-of-band"><a class="srclink" href="../src/kanidm_client/lib.rs.html#51-62">source</a> · <a id="toggle-all-docs" href="javascript:void(0)" title="collapse all docs">[<span class="inner">−</span>]</a></span></div><div class="docblock item-decl"><pre class="rust enum"><code>pub enum ClientError {
|
||||
Unauthorized,
|
||||
Http(<a class="struct" href="struct.StatusCode.html" title="struct kanidm_client::StatusCode">StatusCode</a>, <a class="enum" href="https://doc.rust-lang.org/1.61.0/core/option/enum.Option.html" title="enum core::option::Option">Option</a><<a class="enum" href="../kanidm_proto/v1/enum.OperationError.html" title="enum kanidm_proto::v1::OperationError">OperationError</a>>, <a class="struct" href="https://doc.rust-lang.org/1.61.0/alloc/string/struct.String.html" title="struct alloc::string::String">String</a>),
|
||||
Http(<a class="struct" href="struct.StatusCode.html" title="struct kanidm_client::StatusCode">StatusCode</a>, <a class="enum" href="https://doc.rust-lang.org/1.61.0/core/option/enum.Option.html" title="enum core::option::Option">Option</a><OperationError>, <a class="struct" href="https://doc.rust-lang.org/1.61.0/alloc/string/struct.String.html" title="struct alloc::string::String">String</a>),
|
||||
Transport(<a class="struct" href="https://docs.rs/reqwest/0.11.10/reqwest/error/struct.Error.html" title="struct reqwest::error::Error">Error</a>),
|
||||
AuthenticationFailed,
|
||||
EmptyResponse,
|
||||
TotpVerifyFailed(<a class="struct" href="https://docs.rs/uuid/1.1.2/uuid/struct.Uuid.html" title="struct uuid::Uuid">Uuid</a>, <a class="struct" href="../kanidm_proto/v1/struct.TotpSecret.html" title="struct kanidm_proto::v1::TotpSecret">TotpSecret</a>),
|
||||
TotpVerifyFailed(<a class="struct" href="https://docs.rs/uuid/1.1.2/uuid/struct.Uuid.html" title="struct uuid::Uuid">Uuid</a>, TotpSecret),
|
||||
TotpInvalidSha1(<a class="struct" href="https://docs.rs/uuid/1.1.2/uuid/struct.Uuid.html" title="struct uuid::Uuid">Uuid</a>),
|
||||
JsonDecode(<a class="struct" href="https://docs.rs/reqwest/0.11.10/reqwest/error/struct.Error.html" title="struct reqwest::error::Error">Error</a>, <a class="struct" href="https://doc.rust-lang.org/1.61.0/alloc/string/struct.String.html" title="struct alloc::string::String">String</a>),
|
||||
JsonEncode(<a class="struct" href="https://docs.rs/serde_json/1.0.81/serde_json/error/struct.Error.html" title="struct serde_json::error::Error">SerdeJsonError</a>),
|
||||
SystemError,
|
||||
}</code></pre></div><h2 id="variants" class="variants small-section-header">Variants<a href="#variants" class="anchor"></a></h2><h3 id="variant.Unauthorized" class="variant small-section-header"><a href="#variant.Unauthorized" class="anchor field"></a><code>Unauthorized</code></h3><h3 id="variant.Http" class="variant small-section-header"><a href="#variant.Http" class="anchor field"></a><code>Http(<a class="struct" href="struct.StatusCode.html" title="struct kanidm_client::StatusCode">StatusCode</a>, <a class="enum" href="https://doc.rust-lang.org/1.61.0/core/option/enum.Option.html" title="enum core::option::Option">Option</a><<a class="enum" href="../kanidm_proto/v1/enum.OperationError.html" title="enum kanidm_proto::v1::OperationError">OperationError</a>>, <a class="struct" href="https://doc.rust-lang.org/1.61.0/alloc/string/struct.String.html" title="struct alloc::string::String">String</a>)</code></h3><h3 id="variant.Transport" class="variant small-section-header"><a href="#variant.Transport" class="anchor field"></a><code>Transport(<a class="struct" href="https://docs.rs/reqwest/0.11.10/reqwest/error/struct.Error.html" title="struct reqwest::error::Error">Error</a>)</code></h3><h3 id="variant.AuthenticationFailed" class="variant small-section-header"><a href="#variant.AuthenticationFailed" class="anchor field"></a><code>AuthenticationFailed</code></h3><h3 id="variant.EmptyResponse" class="variant small-section-header"><a href="#variant.EmptyResponse" class="anchor field"></a><code>EmptyResponse</code></h3><h3 id="variant.TotpVerifyFailed" class="variant small-section-header"><a href="#variant.TotpVerifyFailed" class="anchor field"></a><code>TotpVerifyFailed(<a class="struct" href="https://docs.rs/uuid/1.1.2/uuid/struct.Uuid.html" title="struct uuid::Uuid">Uuid</a>, <a class="struct" href="../kanidm_proto/v1/struct.TotpSecret.html" title="struct kanidm_proto::v1::TotpSecret">TotpSecret</a>)</code></h3><h3 id="variant.TotpInvalidSha1" class="variant small-section-header"><a href="#variant.TotpInvalidSha1" class="anchor field"></a><code>TotpInvalidSha1(<a class="struct" href="https://docs.rs/uuid/1.1.2/uuid/struct.Uuid.html" title="struct uuid::Uuid">Uuid</a>)</code></h3><h3 id="variant.JsonDecode" class="variant small-section-header"><a href="#variant.JsonDecode" class="anchor field"></a><code>JsonDecode(<a class="struct" href="https://docs.rs/reqwest/0.11.10/reqwest/error/struct.Error.html" title="struct reqwest::error::Error">Error</a>, <a class="struct" href="https://doc.rust-lang.org/1.61.0/alloc/string/struct.String.html" title="struct alloc::string::String">String</a>)</code></h3><h3 id="variant.JsonEncode" class="variant small-section-header"><a href="#variant.JsonEncode" class="anchor field"></a><code>JsonEncode(<a class="struct" href="https://docs.rs/serde_json/1.0.81/serde_json/error/struct.Error.html" title="struct serde_json::error::Error">SerdeJsonError</a>)</code></h3><h3 id="variant.SystemError" class="variant small-section-header"><a href="#variant.SystemError" class="anchor field"></a><code>SystemError</code></h3><h2 id="trait-implementations" class="small-section-header">Trait Implementations<a href="#trait-implementations" class="anchor"></a></h2><div id="trait-implementations-list"><details class="rustdoc-toggle implementors-toggle" open><summary><section id="impl-Debug" class="impl has-srclink"><span class="rightside"><a class="srclink" href="../src/kanidm_client/lib.rs.html#50">source</a></span><a href="#impl-Debug" class="anchor"></a><h3 class="code-header in-band">impl <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/fmt/trait.Debug.html" title="trait core::fmt::Debug">Debug</a> for <a class="enum" href="enum.ClientError.html" title="enum kanidm_client::ClientError">ClientError</a></h3></section></summary><div class="impl-items"><details class="rustdoc-toggle method-toggle" open><summary><section id="method.fmt" class="method trait-impl has-srclink"><span class="rightside"><a class="srclink" href="../src/kanidm_client/lib.rs.html#50">source</a></span><a href="#method.fmt" class="anchor"></a><h4 class="code-header">fn <a href="https://doc.rust-lang.org/1.61.0/core/fmt/trait.Debug.html#tymethod.fmt" class="fnname">fmt</a>(&self, f: &mut <a class="struct" href="https://doc.rust-lang.org/1.61.0/core/fmt/struct.Formatter.html" title="struct core::fmt::Formatter">Formatter</a><'_>) -> <a class="type" href="https://doc.rust-lang.org/1.61.0/core/fmt/type.Result.html" title="type core::fmt::Result">Result</a></h4></section></summary><div class='docblock'><p>Formats the value using the given formatter. <a href="https://doc.rust-lang.org/1.61.0/core/fmt/trait.Debug.html#tymethod.fmt">Read more</a></p>
|
||||
}</code></pre></div><h2 id="variants" class="variants small-section-header">Variants<a href="#variants" class="anchor"></a></h2><h3 id="variant.Unauthorized" class="variant small-section-header"><a href="#variant.Unauthorized" class="anchor field"></a><code>Unauthorized</code></h3><h3 id="variant.Http" class="variant small-section-header"><a href="#variant.Http" class="anchor field"></a><code>Http(<a class="struct" href="struct.StatusCode.html" title="struct kanidm_client::StatusCode">StatusCode</a>, <a class="enum" href="https://doc.rust-lang.org/1.61.0/core/option/enum.Option.html" title="enum core::option::Option">Option</a><OperationError>, <a class="struct" href="https://doc.rust-lang.org/1.61.0/alloc/string/struct.String.html" title="struct alloc::string::String">String</a>)</code></h3><h3 id="variant.Transport" class="variant small-section-header"><a href="#variant.Transport" class="anchor field"></a><code>Transport(<a class="struct" href="https://docs.rs/reqwest/0.11.10/reqwest/error/struct.Error.html" title="struct reqwest::error::Error">Error</a>)</code></h3><h3 id="variant.AuthenticationFailed" class="variant small-section-header"><a href="#variant.AuthenticationFailed" class="anchor field"></a><code>AuthenticationFailed</code></h3><h3 id="variant.EmptyResponse" class="variant small-section-header"><a href="#variant.EmptyResponse" class="anchor field"></a><code>EmptyResponse</code></h3><h3 id="variant.TotpVerifyFailed" class="variant small-section-header"><a href="#variant.TotpVerifyFailed" class="anchor field"></a><code>TotpVerifyFailed(<a class="struct" href="https://docs.rs/uuid/1.1.2/uuid/struct.Uuid.html" title="struct uuid::Uuid">Uuid</a>, TotpSecret)</code></h3><h3 id="variant.TotpInvalidSha1" class="variant small-section-header"><a href="#variant.TotpInvalidSha1" class="anchor field"></a><code>TotpInvalidSha1(<a class="struct" href="https://docs.rs/uuid/1.1.2/uuid/struct.Uuid.html" title="struct uuid::Uuid">Uuid</a>)</code></h3><h3 id="variant.JsonDecode" class="variant small-section-header"><a href="#variant.JsonDecode" class="anchor field"></a><code>JsonDecode(<a class="struct" href="https://docs.rs/reqwest/0.11.10/reqwest/error/struct.Error.html" title="struct reqwest::error::Error">Error</a>, <a class="struct" href="https://doc.rust-lang.org/1.61.0/alloc/string/struct.String.html" title="struct alloc::string::String">String</a>)</code></h3><h3 id="variant.JsonEncode" class="variant small-section-header"><a href="#variant.JsonEncode" class="anchor field"></a><code>JsonEncode(<a class="struct" href="https://docs.rs/serde_json/1.0.81/serde_json/error/struct.Error.html" title="struct serde_json::error::Error">SerdeJsonError</a>)</code></h3><h3 id="variant.SystemError" class="variant small-section-header"><a href="#variant.SystemError" class="anchor field"></a><code>SystemError</code></h3><h2 id="trait-implementations" class="small-section-header">Trait Implementations<a href="#trait-implementations" class="anchor"></a></h2><div id="trait-implementations-list"><details class="rustdoc-toggle implementors-toggle" open><summary><section id="impl-Debug" class="impl has-srclink"><span class="rightside"><a class="srclink" href="../src/kanidm_client/lib.rs.html#50">source</a></span><a href="#impl-Debug" class="anchor"></a><h3 class="code-header in-band">impl <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/fmt/trait.Debug.html" title="trait core::fmt::Debug">Debug</a> for <a class="enum" href="enum.ClientError.html" title="enum kanidm_client::ClientError">ClientError</a></h3></section></summary><div class="impl-items"><details class="rustdoc-toggle method-toggle" open><summary><section id="method.fmt" class="method trait-impl has-srclink"><span class="rightside"><a class="srclink" href="../src/kanidm_client/lib.rs.html#50">source</a></span><a href="#method.fmt" class="anchor"></a><h4 class="code-header">fn <a href="https://doc.rust-lang.org/1.61.0/core/fmt/trait.Debug.html#tymethod.fmt" class="fnname">fmt</a>(&self, f: &mut <a class="struct" href="https://doc.rust-lang.org/1.61.0/core/fmt/struct.Formatter.html" title="struct core::fmt::Formatter">Formatter</a><'_>) -> <a class="type" href="https://doc.rust-lang.org/1.61.0/core/fmt/type.Result.html" title="type core::fmt::Result">Result</a></h4></section></summary><div class='docblock'><p>Formats the value using the given formatter. <a href="https://doc.rust-lang.org/1.61.0/core/fmt/trait.Debug.html#tymethod.fmt">Read more</a></p>
|
||||
</div></details></div></details></div><h2 id="synthetic-implementations" class="small-section-header">Auto Trait Implementations<a href="#synthetic-implementations" class="anchor"></a></h2><div id="synthetic-implementations-list"><section id="impl-RefUnwindSafe" class="impl has-srclink"><a href="#impl-RefUnwindSafe" class="anchor"></a><h3 class="code-header in-band">impl !<a class="trait" href="https://doc.rust-lang.org/1.61.0/core/panic/unwind_safe/trait.RefUnwindSafe.html" title="trait core::panic::unwind_safe::RefUnwindSafe">RefUnwindSafe</a> for <a class="enum" href="enum.ClientError.html" title="enum kanidm_client::ClientError">ClientError</a></h3></section><section id="impl-Send" class="impl has-srclink"><a href="#impl-Send" class="anchor"></a><h3 class="code-header in-band">impl <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/marker/trait.Send.html" title="trait core::marker::Send">Send</a> for <a class="enum" href="enum.ClientError.html" title="enum kanidm_client::ClientError">ClientError</a></h3></section><section id="impl-Sync" class="impl has-srclink"><a href="#impl-Sync" class="anchor"></a><h3 class="code-header in-band">impl <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/marker/trait.Sync.html" title="trait core::marker::Sync">Sync</a> for <a class="enum" href="enum.ClientError.html" title="enum kanidm_client::ClientError">ClientError</a></h3></section><section id="impl-Unpin" class="impl has-srclink"><a href="#impl-Unpin" class="anchor"></a><h3 class="code-header in-band">impl <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/marker/trait.Unpin.html" title="trait core::marker::Unpin">Unpin</a> for <a class="enum" href="enum.ClientError.html" title="enum kanidm_client::ClientError">ClientError</a></h3></section><section id="impl-UnwindSafe" class="impl has-srclink"><a href="#impl-UnwindSafe" class="anchor"></a><h3 class="code-header in-band">impl !<a class="trait" href="https://doc.rust-lang.org/1.61.0/core/panic/unwind_safe/trait.UnwindSafe.html" title="trait core::panic::unwind_safe::UnwindSafe">UnwindSafe</a> for <a class="enum" href="enum.ClientError.html" title="enum kanidm_client::ClientError">ClientError</a></h3></section></div><h2 id="blanket-implementations" class="small-section-header">Blanket Implementations<a href="#blanket-implementations" class="anchor"></a></h2><div id="blanket-implementations-list"><details class="rustdoc-toggle implementors-toggle"><summary><section id="impl-Any" class="impl has-srclink"><span class="rightside"><a class="srclink" href="https://doc.rust-lang.org/1.61.0/src/core/any.rs.html#132-136">source</a></span><a href="#impl-Any" class="anchor"></a><h3 class="code-header in-band">impl<T> <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/any/trait.Any.html" title="trait core::any::Any">Any</a> for T <span class="where fmt-newline">where<br> T: 'static + ?<a class="trait" href="https://doc.rust-lang.org/1.61.0/core/marker/trait.Sized.html" title="trait core::marker::Sized">Sized</a>, </span></h3></section></summary><div class="impl-items"><details class="rustdoc-toggle method-toggle" open><summary><section id="method.type_id" class="method trait-impl has-srclink"><span class="rightside"><a class="srclink" href="https://doc.rust-lang.org/1.61.0/src/core/any.rs.html#133">source</a></span><a href="#method.type_id" class="anchor"></a><h4 class="code-header">fn <a href="https://doc.rust-lang.org/1.61.0/core/any/trait.Any.html#tymethod.type_id" class="fnname">type_id</a>(&self) -> <a class="struct" href="https://doc.rust-lang.org/1.61.0/core/any/struct.TypeId.html" title="struct core::any::TypeId">TypeId</a></h4></section></summary><div class='docblock'><p>Gets the <code>TypeId</code> of <code>self</code>. <a href="https://doc.rust-lang.org/1.61.0/core/any/trait.Any.html#tymethod.type_id">Read more</a></p>
|
||||
</div></details></div></details><details class="rustdoc-toggle implementors-toggle"><summary><section id="impl-Borrow%3CT%3E" class="impl has-srclink"><span class="rightside"><a class="srclink" href="https://doc.rust-lang.org/1.61.0/src/core/borrow.rs.html#209-214">source</a></span><a href="#impl-Borrow%3CT%3E" class="anchor"></a><h3 class="code-header in-band">impl<T> <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/borrow/trait.Borrow.html" title="trait core::borrow::Borrow">Borrow</a><T> for T <span class="where fmt-newline">where<br> T: ?<a class="trait" href="https://doc.rust-lang.org/1.61.0/core/marker/trait.Sized.html" title="trait core::marker::Sized">Sized</a>, </span></h3></section></summary><div class="impl-items"><details class="rustdoc-toggle method-toggle" open><summary><section id="method.borrow" class="method trait-impl has-srclink"><span class="rightside"><span class="since" title="const unstable">const: <a href="https://github.com/rust-lang/rust/issues/91522" title="Tracking issue for const_borrow">unstable</a></span> · <a class="srclink" href="https://doc.rust-lang.org/1.61.0/src/core/borrow.rs.html#211">source</a></span><a href="#method.borrow" class="anchor"></a><h4 class="code-header">fn <a href="https://doc.rust-lang.org/1.61.0/core/borrow/trait.Borrow.html#tymethod.borrow" class="fnname">borrow</a>(&self) -> <a class="primitive" href="https://doc.rust-lang.org/1.61.0/std/primitive.reference.html">&</a>T</h4></section></summary><div class='docblock'><p>Immutably borrows from an owned value. <a href="https://doc.rust-lang.org/1.61.0/core/borrow/trait.Borrow.html#tymethod.borrow">Read more</a></p>
|
||||
</div></details></div></details><details class="rustdoc-toggle implementors-toggle"><summary><section id="impl-BorrowMut%3CT%3E" class="impl has-srclink"><span class="rightside"><a class="srclink" href="https://doc.rust-lang.org/1.61.0/src/core/borrow.rs.html#218-222">source</a></span><a href="#impl-BorrowMut%3CT%3E" class="anchor"></a><h3 class="code-header in-band">impl<T> <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/borrow/trait.BorrowMut.html" title="trait core::borrow::BorrowMut">BorrowMut</a><T> for T <span class="where fmt-newline">where<br> T: ?<a class="trait" href="https://doc.rust-lang.org/1.61.0/core/marker/trait.Sized.html" title="trait core::marker::Sized">Sized</a>, </span></h3></section></summary><div class="impl-items"><details class="rustdoc-toggle method-toggle" open><summary><section id="method.borrow_mut" class="method trait-impl has-srclink"><span class="rightside"><span class="since" title="const unstable">const: <a href="https://github.com/rust-lang/rust/issues/91522" title="Tracking issue for const_borrow">unstable</a></span> · <a class="srclink" href="https://doc.rust-lang.org/1.61.0/src/core/borrow.rs.html#219">source</a></span><a href="#method.borrow_mut" class="anchor"></a><h4 class="code-header">fn <a href="https://doc.rust-lang.org/1.61.0/core/borrow/trait.BorrowMut.html#tymethod.borrow_mut" class="fnname">borrow_mut</a>(&mut self) -> <a class="primitive" href="https://doc.rust-lang.org/1.61.0/std/primitive.reference.html">&mut </a>T</h4></section></summary><div class='docblock'><p>Mutably borrows from an owned value. <a href="https://doc.rust-lang.org/1.61.0/core/borrow/trait.BorrowMut.html#tymethod.borrow_mut">Read more</a></p>
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
|
@ -353,7 +353,29 @@ the interactive configuration generator. Alternately, you can set the following
|
|||
these to a group with a scope map due to Velociraptors high impact.</p>
|
||||
<pre><code># kanidm group create velociraptor_users
|
||||
# kanidm group add_members velociraptor_users ...
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email</code></pre>
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email
|
||||
</code></pre>
|
||||
<h3 id="vouch-proxy"><a class="header" href="#vouch-proxy">Vouch Proxy</a></h3>
|
||||
<p><em>You need to run at least the version 0.37.0</em>.</p>
|
||||
<p>Vouch Proxy supports multiple OAuth and OIDC login providers.
|
||||
To configure it you need to pass:</p>
|
||||
<pre><code class="language-yaml">oauth:
|
||||
auth_url: https://idm.wherekanidmruns.com/ui/oauth2
|
||||
callback_url: https://login.wherevouchproxyruns.com/auth
|
||||
client_id: <oauth2_rs_name> # Found in kanidm system oauth2 get XXXX (should be the same as XXXX)
|
||||
client_secret: <oauth2_rs_basic_secret> # Found in kanidm system oauth2 get XXXX
|
||||
code_challenge_method: S256
|
||||
provider: oidc
|
||||
scopes:
|
||||
- email # Important, vouch proxy requiers a username (but does not use the proper scope, sub) or an email see https://github.com/vouch/vouch-proxy/issues/309, 310
|
||||
token_url: https://idm.wherekanidmruns.com/oauth2/token
|
||||
user_info_url: https://idm.wherekanidmruns.com/oauth2/openid/<oauth2_rs_name>/userinfo
|
||||
</code></pre>
|
||||
<p>The <code>email</code> scope needs to be passed and thus the attribute needs to exist in
|
||||
the account:</p>
|
||||
<pre><code>kanidm login --name idm_admin
|
||||
kanidm account person extend YYYY --mail "YYYY@somedomain.com" --name idm_admin
|
||||
</code></pre>
|
||||
|
||||
</main>
|
||||
|
||||
|
|
|
|||
|
|
@ -1613,7 +1613,29 @@ the interactive configuration generator. Alternately, you can set the following
|
|||
these to a group with a scope map due to Velociraptors high impact.</p>
|
||||
<pre><code># kanidm group create velociraptor_users
|
||||
# kanidm group add_members velociraptor_users ...
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email</code></pre>
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email
|
||||
</code></pre>
|
||||
<h3 id="vouch-proxy"><a class="header" href="#vouch-proxy">Vouch Proxy</a></h3>
|
||||
<p><em>You need to run at least the version 0.37.0</em>.</p>
|
||||
<p>Vouch Proxy supports multiple OAuth and OIDC login providers.
|
||||
To configure it you need to pass:</p>
|
||||
<pre><code class="language-yaml">oauth:
|
||||
auth_url: https://idm.wherekanidmruns.com/ui/oauth2
|
||||
callback_url: https://login.wherevouchproxyruns.com/auth
|
||||
client_id: <oauth2_rs_name> # Found in kanidm system oauth2 get XXXX (should be the same as XXXX)
|
||||
client_secret: <oauth2_rs_basic_secret> # Found in kanidm system oauth2 get XXXX
|
||||
code_challenge_method: S256
|
||||
provider: oidc
|
||||
scopes:
|
||||
- email # Important, vouch proxy requiers a username (but does not use the proper scope, sub) or an email see https://github.com/vouch/vouch-proxy/issues/309, 310
|
||||
token_url: https://idm.wherekanidmruns.com/oauth2/token
|
||||
user_info_url: https://idm.wherekanidmruns.com/oauth2/openid/<oauth2_rs_name>/userinfo
|
||||
</code></pre>
|
||||
<p>The <code>email</code> scope needs to be passed and thus the attribute needs to exist in
|
||||
the account:</p>
|
||||
<pre><code>kanidm login --name idm_admin
|
||||
kanidm account person extend YYYY --mail "YYYY@somedomain.com" --name idm_admin
|
||||
</code></pre>
|
||||
<div style="break-before: page; page-break-before: always;"></div><h1 id="pam-and-nsswitch"><a class="header" href="#pam-and-nsswitch">PAM and nsswitch</a></h1>
|
||||
<p><a href="http://linux-pam.org">PAM</a> and <a href="https://en.wikipedia.org/wiki/Name_Service_Switch">nsswitch</a>
|
||||
are the core mechanisms used by Linux and BSD clients to resolve identities from an IDM service
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
|
@ -353,7 +353,29 @@ the interactive configuration generator. Alternately, you can set the following
|
|||
these to a group with a scope map due to Velociraptors high impact.</p>
|
||||
<pre><code># kanidm group create velociraptor_users
|
||||
# kanidm group add_members velociraptor_users ...
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email</code></pre>
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email
|
||||
</code></pre>
|
||||
<h3 id="vouch-proxy"><a class="header" href="#vouch-proxy">Vouch Proxy</a></h3>
|
||||
<p><em>You need to run at least the version 0.37.0</em>.</p>
|
||||
<p>Vouch Proxy supports multiple OAuth and OIDC login providers.
|
||||
To configure it you need to pass:</p>
|
||||
<pre><code class="language-yaml">oauth:
|
||||
auth_url: https://idm.wherekanidmruns.com/ui/oauth2
|
||||
callback_url: https://login.wherevouchproxyruns.com/auth
|
||||
client_id: <oauth2_rs_name> # Found in kanidm system oauth2 get XXXX (should be the same as XXXX)
|
||||
client_secret: <oauth2_rs_basic_secret> # Found in kanidm system oauth2 get XXXX
|
||||
code_challenge_method: S256
|
||||
provider: oidc
|
||||
scopes:
|
||||
- email # Important, vouch proxy requiers a username (but does not use the proper scope, sub) or an email see https://github.com/vouch/vouch-proxy/issues/309, 310
|
||||
token_url: https://idm.wherekanidmruns.com/oauth2/token
|
||||
user_info_url: https://idm.wherekanidmruns.com/oauth2/openid/<oauth2_rs_name>/userinfo
|
||||
</code></pre>
|
||||
<p>The <code>email</code> scope needs to be passed and thus the attribute needs to exist in
|
||||
the account:</p>
|
||||
<pre><code>kanidm login --name idm_admin
|
||||
kanidm account person extend YYYY --mail "YYYY@somedomain.com" --name idm_admin
|
||||
</code></pre>
|
||||
|
||||
</main>
|
||||
|
||||
|
|
|
|||
|
|
@ -1613,7 +1613,29 @@ the interactive configuration generator. Alternately, you can set the following
|
|||
these to a group with a scope map due to Velociraptors high impact.</p>
|
||||
<pre><code># kanidm group create velociraptor_users
|
||||
# kanidm group add_members velociraptor_users ...
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email</code></pre>
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email
|
||||
</code></pre>
|
||||
<h3 id="vouch-proxy"><a class="header" href="#vouch-proxy">Vouch Proxy</a></h3>
|
||||
<p><em>You need to run at least the version 0.37.0</em>.</p>
|
||||
<p>Vouch Proxy supports multiple OAuth and OIDC login providers.
|
||||
To configure it you need to pass:</p>
|
||||
<pre><code class="language-yaml">oauth:
|
||||
auth_url: https://idm.wherekanidmruns.com/ui/oauth2
|
||||
callback_url: https://login.wherevouchproxyruns.com/auth
|
||||
client_id: <oauth2_rs_name> # Found in kanidm system oauth2 get XXXX (should be the same as XXXX)
|
||||
client_secret: <oauth2_rs_basic_secret> # Found in kanidm system oauth2 get XXXX
|
||||
code_challenge_method: S256
|
||||
provider: oidc
|
||||
scopes:
|
||||
- email # Important, vouch proxy requiers a username (but does not use the proper scope, sub) or an email see https://github.com/vouch/vouch-proxy/issues/309, 310
|
||||
token_url: https://idm.wherekanidmruns.com/oauth2/token
|
||||
user_info_url: https://idm.wherekanidmruns.com/oauth2/openid/<oauth2_rs_name>/userinfo
|
||||
</code></pre>
|
||||
<p>The <code>email</code> scope needs to be passed and thus the attribute needs to exist in
|
||||
the account:</p>
|
||||
<pre><code>kanidm login --name idm_admin
|
||||
kanidm account person extend YYYY --mail "YYYY@somedomain.com" --name idm_admin
|
||||
</code></pre>
|
||||
<div style="break-before: page; page-break-before: always;"></div><h1 id="pam-and-nsswitch"><a class="header" href="#pam-and-nsswitch">PAM and nsswitch</a></h1>
|
||||
<p><a href="http://linux-pam.org">PAM</a> and <a href="https://en.wikipedia.org/wiki/Name_Service_Switch">nsswitch</a>
|
||||
are the core mechanisms used by Linux and BSD clients to resolve identities from an IDM service
|
||||
|
|
|
|||
|
|
@ -6,16 +6,16 @@
|
|||
</a><h2 class="location"><a href="#">ClientError</a></h2><div class="sidebar-elems"><section><div class="block"><h3 class="sidebar-title"><a href="#variants">Variants</a></h3><ul><li><a href="#variant.AuthenticationFailed">AuthenticationFailed</a></li><li><a href="#variant.EmptyResponse">EmptyResponse</a></li><li><a href="#variant.Http">Http</a></li><li><a href="#variant.JsonDecode">JsonDecode</a></li><li><a href="#variant.JsonEncode">JsonEncode</a></li><li><a href="#variant.SystemError">SystemError</a></li><li><a href="#variant.TotpInvalidSha1">TotpInvalidSha1</a></li><li><a href="#variant.TotpVerifyFailed">TotpVerifyFailed</a></li><li><a href="#variant.Transport">Transport</a></li><li><a href="#variant.Unauthorized">Unauthorized</a></li></ul></div><div class="block"><h3 class="sidebar-title"><a href="#trait-implementations">Trait Implementations</a></h3><ul><li><a href="#impl-Debug">Debug</a></li></ul></div><div class="block"><h3 class="sidebar-title"><a href="#synthetic-implementations">Auto Trait Implementations</a></h3><ul><li><a href="#impl-RefUnwindSafe">!RefUnwindSafe</a></li><li><a href="#impl-Send">Send</a></li><li><a href="#impl-Sync">Sync</a></li><li><a href="#impl-Unpin">Unpin</a></li><li><a href="#impl-UnwindSafe">!UnwindSafe</a></li></ul></div><div class="block"><h3 class="sidebar-title"><a href="#blanket-implementations">Blanket Implementations</a></h3><ul><li><a href="#impl-Any">Any</a></li><li><a href="#impl-Borrow%3CT%3E">Borrow<T></a></li><li><a href="#impl-BorrowMut%3CT%3E">BorrowMut<T></a></li><li><a href="#impl-From%3CT%3E">From<T></a></li><li><a href="#impl-Instrument">Instrument</a></li><li><a href="#impl-Into%3CU%3E">Into<U></a></li><li><a href="#impl-TryFrom%3CU%3E">TryFrom<U></a></li><li><a href="#impl-TryInto%3CU%3E">TryInto<U></a></li><li><a href="#impl-VZip%3CV%3E">VZip<V></a></li><li><a href="#impl-WithSubscriber">WithSubscriber</a></li></ul></div></section><h2 class="location"><a href="index.html">In kanidm_client</a></h2><div id="sidebar-vars" data-name="ClientError" data-ty="enum" data-relpath=""></div><script defer src="sidebar-items.js"></script></div></nav><main><div class="width-limiter"><div class="sub-container"><a class="sub-logo-container" href="../kanidm_client/index.html"><img class="rust-logo" src="../rust-logo.svg" alt="logo"></a><nav class="sub"><div class="theme-picker hidden"><button id="theme-picker" aria-label="Pick another theme!" aria-haspopup="menu" title="themes"><img width="22" height="22" alt="Pick another theme!" src="../brush.svg"></button><div id="theme-choices" role="menu"></div></div><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><button type="button" id="help-button" title="help">?</button><a id="settings-menu" href="../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../wheel.svg"></a></div></form></nav></div><section id="main-content" class="content"><div class="main-heading">
|
||||
<h1 class="fqn"><span class="in-band">Enum <a href="index.html">kanidm_client</a>::<wbr><a class="enum" href="#">ClientError</a><button id="copy-path" onclick="copy_path(this)" title="Copy item path to clipboard"><img src="../clipboard.svg" width="19" height="18" alt="Copy item path"></button></span></h1><span class="out-of-band"><a class="srclink" href="../src/kanidm_client/lib.rs.html#51-62">source</a> · <a id="toggle-all-docs" href="javascript:void(0)" title="collapse all docs">[<span class="inner">−</span>]</a></span></div><div class="docblock item-decl"><pre class="rust enum"><code>pub enum ClientError {
|
||||
Unauthorized,
|
||||
Http(<a class="struct" href="struct.StatusCode.html" title="struct kanidm_client::StatusCode">StatusCode</a>, <a class="enum" href="https://doc.rust-lang.org/1.61.0/core/option/enum.Option.html" title="enum core::option::Option">Option</a><<a class="enum" href="../kanidm_proto/v1/enum.OperationError.html" title="enum kanidm_proto::v1::OperationError">OperationError</a>>, <a class="struct" href="https://doc.rust-lang.org/1.61.0/alloc/string/struct.String.html" title="struct alloc::string::String">String</a>),
|
||||
Http(<a class="struct" href="struct.StatusCode.html" title="struct kanidm_client::StatusCode">StatusCode</a>, <a class="enum" href="https://doc.rust-lang.org/1.61.0/core/option/enum.Option.html" title="enum core::option::Option">Option</a><OperationError>, <a class="struct" href="https://doc.rust-lang.org/1.61.0/alloc/string/struct.String.html" title="struct alloc::string::String">String</a>),
|
||||
Transport(<a class="struct" href="https://docs.rs/reqwest/0.11.10/reqwest/error/struct.Error.html" title="struct reqwest::error::Error">Error</a>),
|
||||
AuthenticationFailed,
|
||||
EmptyResponse,
|
||||
TotpVerifyFailed(<a class="struct" href="https://docs.rs/uuid/1.1.2/uuid/struct.Uuid.html" title="struct uuid::Uuid">Uuid</a>, <a class="struct" href="../kanidm_proto/v1/struct.TotpSecret.html" title="struct kanidm_proto::v1::TotpSecret">TotpSecret</a>),
|
||||
TotpVerifyFailed(<a class="struct" href="https://docs.rs/uuid/1.1.2/uuid/struct.Uuid.html" title="struct uuid::Uuid">Uuid</a>, TotpSecret),
|
||||
TotpInvalidSha1(<a class="struct" href="https://docs.rs/uuid/1.1.2/uuid/struct.Uuid.html" title="struct uuid::Uuid">Uuid</a>),
|
||||
JsonDecode(<a class="struct" href="https://docs.rs/reqwest/0.11.10/reqwest/error/struct.Error.html" title="struct reqwest::error::Error">Error</a>, <a class="struct" href="https://doc.rust-lang.org/1.61.0/alloc/string/struct.String.html" title="struct alloc::string::String">String</a>),
|
||||
JsonEncode(<a class="struct" href="https://docs.rs/serde_json/1.0.81/serde_json/error/struct.Error.html" title="struct serde_json::error::Error">SerdeJsonError</a>),
|
||||
SystemError,
|
||||
}</code></pre></div><h2 id="variants" class="variants small-section-header">Variants<a href="#variants" class="anchor"></a></h2><h3 id="variant.Unauthorized" class="variant small-section-header"><a href="#variant.Unauthorized" class="anchor field"></a><code>Unauthorized</code></h3><h3 id="variant.Http" class="variant small-section-header"><a href="#variant.Http" class="anchor field"></a><code>Http(<a class="struct" href="struct.StatusCode.html" title="struct kanidm_client::StatusCode">StatusCode</a>, <a class="enum" href="https://doc.rust-lang.org/1.61.0/core/option/enum.Option.html" title="enum core::option::Option">Option</a><<a class="enum" href="../kanidm_proto/v1/enum.OperationError.html" title="enum kanidm_proto::v1::OperationError">OperationError</a>>, <a class="struct" href="https://doc.rust-lang.org/1.61.0/alloc/string/struct.String.html" title="struct alloc::string::String">String</a>)</code></h3><h3 id="variant.Transport" class="variant small-section-header"><a href="#variant.Transport" class="anchor field"></a><code>Transport(<a class="struct" href="https://docs.rs/reqwest/0.11.10/reqwest/error/struct.Error.html" title="struct reqwest::error::Error">Error</a>)</code></h3><h3 id="variant.AuthenticationFailed" class="variant small-section-header"><a href="#variant.AuthenticationFailed" class="anchor field"></a><code>AuthenticationFailed</code></h3><h3 id="variant.EmptyResponse" class="variant small-section-header"><a href="#variant.EmptyResponse" class="anchor field"></a><code>EmptyResponse</code></h3><h3 id="variant.TotpVerifyFailed" class="variant small-section-header"><a href="#variant.TotpVerifyFailed" class="anchor field"></a><code>TotpVerifyFailed(<a class="struct" href="https://docs.rs/uuid/1.1.2/uuid/struct.Uuid.html" title="struct uuid::Uuid">Uuid</a>, <a class="struct" href="../kanidm_proto/v1/struct.TotpSecret.html" title="struct kanidm_proto::v1::TotpSecret">TotpSecret</a>)</code></h3><h3 id="variant.TotpInvalidSha1" class="variant small-section-header"><a href="#variant.TotpInvalidSha1" class="anchor field"></a><code>TotpInvalidSha1(<a class="struct" href="https://docs.rs/uuid/1.1.2/uuid/struct.Uuid.html" title="struct uuid::Uuid">Uuid</a>)</code></h3><h3 id="variant.JsonDecode" class="variant small-section-header"><a href="#variant.JsonDecode" class="anchor field"></a><code>JsonDecode(<a class="struct" href="https://docs.rs/reqwest/0.11.10/reqwest/error/struct.Error.html" title="struct reqwest::error::Error">Error</a>, <a class="struct" href="https://doc.rust-lang.org/1.61.0/alloc/string/struct.String.html" title="struct alloc::string::String">String</a>)</code></h3><h3 id="variant.JsonEncode" class="variant small-section-header"><a href="#variant.JsonEncode" class="anchor field"></a><code>JsonEncode(<a class="struct" href="https://docs.rs/serde_json/1.0.81/serde_json/error/struct.Error.html" title="struct serde_json::error::Error">SerdeJsonError</a>)</code></h3><h3 id="variant.SystemError" class="variant small-section-header"><a href="#variant.SystemError" class="anchor field"></a><code>SystemError</code></h3><h2 id="trait-implementations" class="small-section-header">Trait Implementations<a href="#trait-implementations" class="anchor"></a></h2><div id="trait-implementations-list"><details class="rustdoc-toggle implementors-toggle" open><summary><section id="impl-Debug" class="impl has-srclink"><span class="rightside"><a class="srclink" href="../src/kanidm_client/lib.rs.html#50">source</a></span><a href="#impl-Debug" class="anchor"></a><h3 class="code-header in-band">impl <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/fmt/trait.Debug.html" title="trait core::fmt::Debug">Debug</a> for <a class="enum" href="enum.ClientError.html" title="enum kanidm_client::ClientError">ClientError</a></h3></section></summary><div class="impl-items"><details class="rustdoc-toggle method-toggle" open><summary><section id="method.fmt" class="method trait-impl has-srclink"><span class="rightside"><a class="srclink" href="../src/kanidm_client/lib.rs.html#50">source</a></span><a href="#method.fmt" class="anchor"></a><h4 class="code-header">fn <a href="https://doc.rust-lang.org/1.61.0/core/fmt/trait.Debug.html#tymethod.fmt" class="fnname">fmt</a>(&self, f: &mut <a class="struct" href="https://doc.rust-lang.org/1.61.0/core/fmt/struct.Formatter.html" title="struct core::fmt::Formatter">Formatter</a><'_>) -> <a class="type" href="https://doc.rust-lang.org/1.61.0/core/fmt/type.Result.html" title="type core::fmt::Result">Result</a></h4></section></summary><div class='docblock'><p>Formats the value using the given formatter. <a href="https://doc.rust-lang.org/1.61.0/core/fmt/trait.Debug.html#tymethod.fmt">Read more</a></p>
|
||||
}</code></pre></div><h2 id="variants" class="variants small-section-header">Variants<a href="#variants" class="anchor"></a></h2><h3 id="variant.Unauthorized" class="variant small-section-header"><a href="#variant.Unauthorized" class="anchor field"></a><code>Unauthorized</code></h3><h3 id="variant.Http" class="variant small-section-header"><a href="#variant.Http" class="anchor field"></a><code>Http(<a class="struct" href="struct.StatusCode.html" title="struct kanidm_client::StatusCode">StatusCode</a>, <a class="enum" href="https://doc.rust-lang.org/1.61.0/core/option/enum.Option.html" title="enum core::option::Option">Option</a><OperationError>, <a class="struct" href="https://doc.rust-lang.org/1.61.0/alloc/string/struct.String.html" title="struct alloc::string::String">String</a>)</code></h3><h3 id="variant.Transport" class="variant small-section-header"><a href="#variant.Transport" class="anchor field"></a><code>Transport(<a class="struct" href="https://docs.rs/reqwest/0.11.10/reqwest/error/struct.Error.html" title="struct reqwest::error::Error">Error</a>)</code></h3><h3 id="variant.AuthenticationFailed" class="variant small-section-header"><a href="#variant.AuthenticationFailed" class="anchor field"></a><code>AuthenticationFailed</code></h3><h3 id="variant.EmptyResponse" class="variant small-section-header"><a href="#variant.EmptyResponse" class="anchor field"></a><code>EmptyResponse</code></h3><h3 id="variant.TotpVerifyFailed" class="variant small-section-header"><a href="#variant.TotpVerifyFailed" class="anchor field"></a><code>TotpVerifyFailed(<a class="struct" href="https://docs.rs/uuid/1.1.2/uuid/struct.Uuid.html" title="struct uuid::Uuid">Uuid</a>, TotpSecret)</code></h3><h3 id="variant.TotpInvalidSha1" class="variant small-section-header"><a href="#variant.TotpInvalidSha1" class="anchor field"></a><code>TotpInvalidSha1(<a class="struct" href="https://docs.rs/uuid/1.1.2/uuid/struct.Uuid.html" title="struct uuid::Uuid">Uuid</a>)</code></h3><h3 id="variant.JsonDecode" class="variant small-section-header"><a href="#variant.JsonDecode" class="anchor field"></a><code>JsonDecode(<a class="struct" href="https://docs.rs/reqwest/0.11.10/reqwest/error/struct.Error.html" title="struct reqwest::error::Error">Error</a>, <a class="struct" href="https://doc.rust-lang.org/1.61.0/alloc/string/struct.String.html" title="struct alloc::string::String">String</a>)</code></h3><h3 id="variant.JsonEncode" class="variant small-section-header"><a href="#variant.JsonEncode" class="anchor field"></a><code>JsonEncode(<a class="struct" href="https://docs.rs/serde_json/1.0.81/serde_json/error/struct.Error.html" title="struct serde_json::error::Error">SerdeJsonError</a>)</code></h3><h3 id="variant.SystemError" class="variant small-section-header"><a href="#variant.SystemError" class="anchor field"></a><code>SystemError</code></h3><h2 id="trait-implementations" class="small-section-header">Trait Implementations<a href="#trait-implementations" class="anchor"></a></h2><div id="trait-implementations-list"><details class="rustdoc-toggle implementors-toggle" open><summary><section id="impl-Debug" class="impl has-srclink"><span class="rightside"><a class="srclink" href="../src/kanidm_client/lib.rs.html#50">source</a></span><a href="#impl-Debug" class="anchor"></a><h3 class="code-header in-band">impl <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/fmt/trait.Debug.html" title="trait core::fmt::Debug">Debug</a> for <a class="enum" href="enum.ClientError.html" title="enum kanidm_client::ClientError">ClientError</a></h3></section></summary><div class="impl-items"><details class="rustdoc-toggle method-toggle" open><summary><section id="method.fmt" class="method trait-impl has-srclink"><span class="rightside"><a class="srclink" href="../src/kanidm_client/lib.rs.html#50">source</a></span><a href="#method.fmt" class="anchor"></a><h4 class="code-header">fn <a href="https://doc.rust-lang.org/1.61.0/core/fmt/trait.Debug.html#tymethod.fmt" class="fnname">fmt</a>(&self, f: &mut <a class="struct" href="https://doc.rust-lang.org/1.61.0/core/fmt/struct.Formatter.html" title="struct core::fmt::Formatter">Formatter</a><'_>) -> <a class="type" href="https://doc.rust-lang.org/1.61.0/core/fmt/type.Result.html" title="type core::fmt::Result">Result</a></h4></section></summary><div class='docblock'><p>Formats the value using the given formatter. <a href="https://doc.rust-lang.org/1.61.0/core/fmt/trait.Debug.html#tymethod.fmt">Read more</a></p>
|
||||
</div></details></div></details></div><h2 id="synthetic-implementations" class="small-section-header">Auto Trait Implementations<a href="#synthetic-implementations" class="anchor"></a></h2><div id="synthetic-implementations-list"><section id="impl-RefUnwindSafe" class="impl has-srclink"><a href="#impl-RefUnwindSafe" class="anchor"></a><h3 class="code-header in-band">impl !<a class="trait" href="https://doc.rust-lang.org/1.61.0/core/panic/unwind_safe/trait.RefUnwindSafe.html" title="trait core::panic::unwind_safe::RefUnwindSafe">RefUnwindSafe</a> for <a class="enum" href="enum.ClientError.html" title="enum kanidm_client::ClientError">ClientError</a></h3></section><section id="impl-Send" class="impl has-srclink"><a href="#impl-Send" class="anchor"></a><h3 class="code-header in-band">impl <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/marker/trait.Send.html" title="trait core::marker::Send">Send</a> for <a class="enum" href="enum.ClientError.html" title="enum kanidm_client::ClientError">ClientError</a></h3></section><section id="impl-Sync" class="impl has-srclink"><a href="#impl-Sync" class="anchor"></a><h3 class="code-header in-band">impl <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/marker/trait.Sync.html" title="trait core::marker::Sync">Sync</a> for <a class="enum" href="enum.ClientError.html" title="enum kanidm_client::ClientError">ClientError</a></h3></section><section id="impl-Unpin" class="impl has-srclink"><a href="#impl-Unpin" class="anchor"></a><h3 class="code-header in-band">impl <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/marker/trait.Unpin.html" title="trait core::marker::Unpin">Unpin</a> for <a class="enum" href="enum.ClientError.html" title="enum kanidm_client::ClientError">ClientError</a></h3></section><section id="impl-UnwindSafe" class="impl has-srclink"><a href="#impl-UnwindSafe" class="anchor"></a><h3 class="code-header in-band">impl !<a class="trait" href="https://doc.rust-lang.org/1.61.0/core/panic/unwind_safe/trait.UnwindSafe.html" title="trait core::panic::unwind_safe::UnwindSafe">UnwindSafe</a> for <a class="enum" href="enum.ClientError.html" title="enum kanidm_client::ClientError">ClientError</a></h3></section></div><h2 id="blanket-implementations" class="small-section-header">Blanket Implementations<a href="#blanket-implementations" class="anchor"></a></h2><div id="blanket-implementations-list"><details class="rustdoc-toggle implementors-toggle"><summary><section id="impl-Any" class="impl has-srclink"><span class="rightside"><a class="srclink" href="https://doc.rust-lang.org/1.61.0/src/core/any.rs.html#132-136">source</a></span><a href="#impl-Any" class="anchor"></a><h3 class="code-header in-band">impl<T> <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/any/trait.Any.html" title="trait core::any::Any">Any</a> for T <span class="where fmt-newline">where<br> T: 'static + ?<a class="trait" href="https://doc.rust-lang.org/1.61.0/core/marker/trait.Sized.html" title="trait core::marker::Sized">Sized</a>, </span></h3></section></summary><div class="impl-items"><details class="rustdoc-toggle method-toggle" open><summary><section id="method.type_id" class="method trait-impl has-srclink"><span class="rightside"><a class="srclink" href="https://doc.rust-lang.org/1.61.0/src/core/any.rs.html#133">source</a></span><a href="#method.type_id" class="anchor"></a><h4 class="code-header">fn <a href="https://doc.rust-lang.org/1.61.0/core/any/trait.Any.html#tymethod.type_id" class="fnname">type_id</a>(&self) -> <a class="struct" href="https://doc.rust-lang.org/1.61.0/core/any/struct.TypeId.html" title="struct core::any::TypeId">TypeId</a></h4></section></summary><div class='docblock'><p>Gets the <code>TypeId</code> of <code>self</code>. <a href="https://doc.rust-lang.org/1.61.0/core/any/trait.Any.html#tymethod.type_id">Read more</a></p>
|
||||
</div></details></div></details><details class="rustdoc-toggle implementors-toggle"><summary><section id="impl-Borrow%3CT%3E" class="impl has-srclink"><span class="rightside"><a class="srclink" href="https://doc.rust-lang.org/1.61.0/src/core/borrow.rs.html#209-214">source</a></span><a href="#impl-Borrow%3CT%3E" class="anchor"></a><h3 class="code-header in-band">impl<T> <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/borrow/trait.Borrow.html" title="trait core::borrow::Borrow">Borrow</a><T> for T <span class="where fmt-newline">where<br> T: ?<a class="trait" href="https://doc.rust-lang.org/1.61.0/core/marker/trait.Sized.html" title="trait core::marker::Sized">Sized</a>, </span></h3></section></summary><div class="impl-items"><details class="rustdoc-toggle method-toggle" open><summary><section id="method.borrow" class="method trait-impl has-srclink"><span class="rightside"><span class="since" title="const unstable">const: <a href="https://github.com/rust-lang/rust/issues/91522" title="Tracking issue for const_borrow">unstable</a></span> · <a class="srclink" href="https://doc.rust-lang.org/1.61.0/src/core/borrow.rs.html#211">source</a></span><a href="#method.borrow" class="anchor"></a><h4 class="code-header">fn <a href="https://doc.rust-lang.org/1.61.0/core/borrow/trait.Borrow.html#tymethod.borrow" class="fnname">borrow</a>(&self) -> <a class="primitive" href="https://doc.rust-lang.org/1.61.0/std/primitive.reference.html">&</a>T</h4></section></summary><div class='docblock'><p>Immutably borrows from an owned value. <a href="https://doc.rust-lang.org/1.61.0/core/borrow/trait.Borrow.html#tymethod.borrow">Read more</a></p>
|
||||
</div></details></div></details><details class="rustdoc-toggle implementors-toggle"><summary><section id="impl-BorrowMut%3CT%3E" class="impl has-srclink"><span class="rightside"><a class="srclink" href="https://doc.rust-lang.org/1.61.0/src/core/borrow.rs.html#218-222">source</a></span><a href="#impl-BorrowMut%3CT%3E" class="anchor"></a><h3 class="code-header in-band">impl<T> <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/borrow/trait.BorrowMut.html" title="trait core::borrow::BorrowMut">BorrowMut</a><T> for T <span class="where fmt-newline">where<br> T: ?<a class="trait" href="https://doc.rust-lang.org/1.61.0/core/marker/trait.Sized.html" title="trait core::marker::Sized">Sized</a>, </span></h3></section></summary><div class="impl-items"><details class="rustdoc-toggle method-toggle" open><summary><section id="method.borrow_mut" class="method trait-impl has-srclink"><span class="rightside"><span class="since" title="const unstable">const: <a href="https://github.com/rust-lang/rust/issues/91522" title="Tracking issue for const_borrow">unstable</a></span> · <a class="srclink" href="https://doc.rust-lang.org/1.61.0/src/core/borrow.rs.html#219">source</a></span><a href="#method.borrow_mut" class="anchor"></a><h4 class="code-header">fn <a href="https://doc.rust-lang.org/1.61.0/core/borrow/trait.BorrowMut.html#tymethod.borrow_mut" class="fnname">borrow_mut</a>(&mut self) -> <a class="primitive" href="https://doc.rust-lang.org/1.61.0/std/primitive.reference.html">&mut </a>T</h4></section></summary><div class='docblock'><p>Mutably borrows from an owned value. <a href="https://doc.rust-lang.org/1.61.0/core/borrow/trait.BorrowMut.html#tymethod.borrow_mut">Read more</a></p>
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
|
@ -353,7 +353,29 @@ the interactive configuration generator. Alternately, you can set the following
|
|||
these to a group with a scope map due to Velociraptors high impact.</p>
|
||||
<pre><code># kanidm group create velociraptor_users
|
||||
# kanidm group add_members velociraptor_users ...
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email</code></pre>
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email
|
||||
</code></pre>
|
||||
<h3 id="vouch-proxy"><a class="header" href="#vouch-proxy">Vouch Proxy</a></h3>
|
||||
<p><em>You need to run at least the version 0.37.0</em>.</p>
|
||||
<p>Vouch Proxy supports multiple OAuth and OIDC login providers.
|
||||
To configure it you need to pass:</p>
|
||||
<pre><code class="language-yaml">oauth:
|
||||
auth_url: https://idm.wherekanidmruns.com/ui/oauth2
|
||||
callback_url: https://login.wherevouchproxyruns.com/auth
|
||||
client_id: <oauth2_rs_name> # Found in kanidm system oauth2 get XXXX (should be the same as XXXX)
|
||||
client_secret: <oauth2_rs_basic_secret> # Found in kanidm system oauth2 get XXXX
|
||||
code_challenge_method: S256
|
||||
provider: oidc
|
||||
scopes:
|
||||
- email # Important, vouch proxy requiers a username (but does not use the proper scope, sub) or an email see https://github.com/vouch/vouch-proxy/issues/309, 310
|
||||
token_url: https://idm.wherekanidmruns.com/oauth2/token
|
||||
user_info_url: https://idm.wherekanidmruns.com/oauth2/openid/<oauth2_rs_name>/userinfo
|
||||
</code></pre>
|
||||
<p>The <code>email</code> scope needs to be passed and thus the attribute needs to exist in
|
||||
the account:</p>
|
||||
<pre><code>kanidm login --name idm_admin
|
||||
kanidm account person extend YYYY --mail "YYYY@somedomain.com" --name idm_admin
|
||||
</code></pre>
|
||||
|
||||
</main>
|
||||
|
||||
|
|
|
|||
|
|
@ -1613,7 +1613,29 @@ the interactive configuration generator. Alternately, you can set the following
|
|||
these to a group with a scope map due to Velociraptors high impact.</p>
|
||||
<pre><code># kanidm group create velociraptor_users
|
||||
# kanidm group add_members velociraptor_users ...
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email</code></pre>
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email
|
||||
</code></pre>
|
||||
<h3 id="vouch-proxy"><a class="header" href="#vouch-proxy">Vouch Proxy</a></h3>
|
||||
<p><em>You need to run at least the version 0.37.0</em>.</p>
|
||||
<p>Vouch Proxy supports multiple OAuth and OIDC login providers.
|
||||
To configure it you need to pass:</p>
|
||||
<pre><code class="language-yaml">oauth:
|
||||
auth_url: https://idm.wherekanidmruns.com/ui/oauth2
|
||||
callback_url: https://login.wherevouchproxyruns.com/auth
|
||||
client_id: <oauth2_rs_name> # Found in kanidm system oauth2 get XXXX (should be the same as XXXX)
|
||||
client_secret: <oauth2_rs_basic_secret> # Found in kanidm system oauth2 get XXXX
|
||||
code_challenge_method: S256
|
||||
provider: oidc
|
||||
scopes:
|
||||
- email # Important, vouch proxy requiers a username (but does not use the proper scope, sub) or an email see https://github.com/vouch/vouch-proxy/issues/309, 310
|
||||
token_url: https://idm.wherekanidmruns.com/oauth2/token
|
||||
user_info_url: https://idm.wherekanidmruns.com/oauth2/openid/<oauth2_rs_name>/userinfo
|
||||
</code></pre>
|
||||
<p>The <code>email</code> scope needs to be passed and thus the attribute needs to exist in
|
||||
the account:</p>
|
||||
<pre><code>kanidm login --name idm_admin
|
||||
kanidm account person extend YYYY --mail "YYYY@somedomain.com" --name idm_admin
|
||||
</code></pre>
|
||||
<div style="break-before: page; page-break-before: always;"></div><h1 id="pam-and-nsswitch"><a class="header" href="#pam-and-nsswitch">PAM and nsswitch</a></h1>
|
||||
<p><a href="http://linux-pam.org">PAM</a> and <a href="https://en.wikipedia.org/wiki/Name_Service_Switch">nsswitch</a>
|
||||
are the core mechanisms used by Linux and BSD clients to resolve identities from an IDM service
|
||||
|
|
|
|||
|
|
@ -6,16 +6,16 @@
|
|||
</a><h2 class="location"><a href="#">ClientError</a></h2><div class="sidebar-elems"><section><div class="block"><h3 class="sidebar-title"><a href="#variants">Variants</a></h3><ul><li><a href="#variant.AuthenticationFailed">AuthenticationFailed</a></li><li><a href="#variant.EmptyResponse">EmptyResponse</a></li><li><a href="#variant.Http">Http</a></li><li><a href="#variant.JsonDecode">JsonDecode</a></li><li><a href="#variant.JsonEncode">JsonEncode</a></li><li><a href="#variant.SystemError">SystemError</a></li><li><a href="#variant.TotpInvalidSha1">TotpInvalidSha1</a></li><li><a href="#variant.TotpVerifyFailed">TotpVerifyFailed</a></li><li><a href="#variant.Transport">Transport</a></li><li><a href="#variant.Unauthorized">Unauthorized</a></li></ul></div><div class="block"><h3 class="sidebar-title"><a href="#trait-implementations">Trait Implementations</a></h3><ul><li><a href="#impl-Debug">Debug</a></li></ul></div><div class="block"><h3 class="sidebar-title"><a href="#synthetic-implementations">Auto Trait Implementations</a></h3><ul><li><a href="#impl-RefUnwindSafe">!RefUnwindSafe</a></li><li><a href="#impl-Send">Send</a></li><li><a href="#impl-Sync">Sync</a></li><li><a href="#impl-Unpin">Unpin</a></li><li><a href="#impl-UnwindSafe">!UnwindSafe</a></li></ul></div><div class="block"><h3 class="sidebar-title"><a href="#blanket-implementations">Blanket Implementations</a></h3><ul><li><a href="#impl-Any">Any</a></li><li><a href="#impl-Borrow%3CT%3E">Borrow<T></a></li><li><a href="#impl-BorrowMut%3CT%3E">BorrowMut<T></a></li><li><a href="#impl-From%3CT%3E">From<T></a></li><li><a href="#impl-Instrument">Instrument</a></li><li><a href="#impl-Into%3CU%3E">Into<U></a></li><li><a href="#impl-TryFrom%3CU%3E">TryFrom<U></a></li><li><a href="#impl-TryInto%3CU%3E">TryInto<U></a></li><li><a href="#impl-VZip%3CV%3E">VZip<V></a></li><li><a href="#impl-WithSubscriber">WithSubscriber</a></li></ul></div></section><h2 class="location"><a href="index.html">In kanidm_client</a></h2><div id="sidebar-vars" data-name="ClientError" data-ty="enum" data-relpath=""></div><script defer src="sidebar-items.js"></script></div></nav><main><div class="width-limiter"><div class="sub-container"><a class="sub-logo-container" href="../kanidm_client/index.html"><img class="rust-logo" src="../rust-logo.svg" alt="logo"></a><nav class="sub"><div class="theme-picker hidden"><button id="theme-picker" aria-label="Pick another theme!" aria-haspopup="menu" title="themes"><img width="22" height="22" alt="Pick another theme!" src="../brush.svg"></button><div id="theme-choices" role="menu"></div></div><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><button type="button" id="help-button" title="help">?</button><a id="settings-menu" href="../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../wheel.svg"></a></div></form></nav></div><section id="main-content" class="content"><div class="main-heading">
|
||||
<h1 class="fqn"><span class="in-band">Enum <a href="index.html">kanidm_client</a>::<wbr><a class="enum" href="#">ClientError</a><button id="copy-path" onclick="copy_path(this)" title="Copy item path to clipboard"><img src="../clipboard.svg" width="19" height="18" alt="Copy item path"></button></span></h1><span class="out-of-band"><a class="srclink" href="../src/kanidm_client/lib.rs.html#51-62">source</a> · <a id="toggle-all-docs" href="javascript:void(0)" title="collapse all docs">[<span class="inner">−</span>]</a></span></div><div class="docblock item-decl"><pre class="rust enum"><code>pub enum ClientError {
|
||||
Unauthorized,
|
||||
Http(<a class="struct" href="struct.StatusCode.html" title="struct kanidm_client::StatusCode">StatusCode</a>, <a class="enum" href="https://doc.rust-lang.org/1.61.0/core/option/enum.Option.html" title="enum core::option::Option">Option</a><<a class="enum" href="../kanidm_proto/v1/enum.OperationError.html" title="enum kanidm_proto::v1::OperationError">OperationError</a>>, <a class="struct" href="https://doc.rust-lang.org/1.61.0/alloc/string/struct.String.html" title="struct alloc::string::String">String</a>),
|
||||
Http(<a class="struct" href="struct.StatusCode.html" title="struct kanidm_client::StatusCode">StatusCode</a>, <a class="enum" href="https://doc.rust-lang.org/1.61.0/core/option/enum.Option.html" title="enum core::option::Option">Option</a><OperationError>, <a class="struct" href="https://doc.rust-lang.org/1.61.0/alloc/string/struct.String.html" title="struct alloc::string::String">String</a>),
|
||||
Transport(<a class="struct" href="https://docs.rs/reqwest/0.11.10/reqwest/error/struct.Error.html" title="struct reqwest::error::Error">Error</a>),
|
||||
AuthenticationFailed,
|
||||
EmptyResponse,
|
||||
TotpVerifyFailed(<a class="struct" href="https://docs.rs/uuid/1.1.2/uuid/struct.Uuid.html" title="struct uuid::Uuid">Uuid</a>, <a class="struct" href="../kanidm_proto/v1/struct.TotpSecret.html" title="struct kanidm_proto::v1::TotpSecret">TotpSecret</a>),
|
||||
TotpVerifyFailed(<a class="struct" href="https://docs.rs/uuid/1.1.2/uuid/struct.Uuid.html" title="struct uuid::Uuid">Uuid</a>, TotpSecret),
|
||||
TotpInvalidSha1(<a class="struct" href="https://docs.rs/uuid/1.1.2/uuid/struct.Uuid.html" title="struct uuid::Uuid">Uuid</a>),
|
||||
JsonDecode(<a class="struct" href="https://docs.rs/reqwest/0.11.10/reqwest/error/struct.Error.html" title="struct reqwest::error::Error">Error</a>, <a class="struct" href="https://doc.rust-lang.org/1.61.0/alloc/string/struct.String.html" title="struct alloc::string::String">String</a>),
|
||||
JsonEncode(<a class="struct" href="https://docs.rs/serde_json/1.0.81/serde_json/error/struct.Error.html" title="struct serde_json::error::Error">SerdeJsonError</a>),
|
||||
SystemError,
|
||||
}</code></pre></div><h2 id="variants" class="variants small-section-header">Variants<a href="#variants" class="anchor"></a></h2><h3 id="variant.Unauthorized" class="variant small-section-header"><a href="#variant.Unauthorized" class="anchor field"></a><code>Unauthorized</code></h3><h3 id="variant.Http" class="variant small-section-header"><a href="#variant.Http" class="anchor field"></a><code>Http(<a class="struct" href="struct.StatusCode.html" title="struct kanidm_client::StatusCode">StatusCode</a>, <a class="enum" href="https://doc.rust-lang.org/1.61.0/core/option/enum.Option.html" title="enum core::option::Option">Option</a><<a class="enum" href="../kanidm_proto/v1/enum.OperationError.html" title="enum kanidm_proto::v1::OperationError">OperationError</a>>, <a class="struct" href="https://doc.rust-lang.org/1.61.0/alloc/string/struct.String.html" title="struct alloc::string::String">String</a>)</code></h3><h3 id="variant.Transport" class="variant small-section-header"><a href="#variant.Transport" class="anchor field"></a><code>Transport(<a class="struct" href="https://docs.rs/reqwest/0.11.10/reqwest/error/struct.Error.html" title="struct reqwest::error::Error">Error</a>)</code></h3><h3 id="variant.AuthenticationFailed" class="variant small-section-header"><a href="#variant.AuthenticationFailed" class="anchor field"></a><code>AuthenticationFailed</code></h3><h3 id="variant.EmptyResponse" class="variant small-section-header"><a href="#variant.EmptyResponse" class="anchor field"></a><code>EmptyResponse</code></h3><h3 id="variant.TotpVerifyFailed" class="variant small-section-header"><a href="#variant.TotpVerifyFailed" class="anchor field"></a><code>TotpVerifyFailed(<a class="struct" href="https://docs.rs/uuid/1.1.2/uuid/struct.Uuid.html" title="struct uuid::Uuid">Uuid</a>, <a class="struct" href="../kanidm_proto/v1/struct.TotpSecret.html" title="struct kanidm_proto::v1::TotpSecret">TotpSecret</a>)</code></h3><h3 id="variant.TotpInvalidSha1" class="variant small-section-header"><a href="#variant.TotpInvalidSha1" class="anchor field"></a><code>TotpInvalidSha1(<a class="struct" href="https://docs.rs/uuid/1.1.2/uuid/struct.Uuid.html" title="struct uuid::Uuid">Uuid</a>)</code></h3><h3 id="variant.JsonDecode" class="variant small-section-header"><a href="#variant.JsonDecode" class="anchor field"></a><code>JsonDecode(<a class="struct" href="https://docs.rs/reqwest/0.11.10/reqwest/error/struct.Error.html" title="struct reqwest::error::Error">Error</a>, <a class="struct" href="https://doc.rust-lang.org/1.61.0/alloc/string/struct.String.html" title="struct alloc::string::String">String</a>)</code></h3><h3 id="variant.JsonEncode" class="variant small-section-header"><a href="#variant.JsonEncode" class="anchor field"></a><code>JsonEncode(<a class="struct" href="https://docs.rs/serde_json/1.0.81/serde_json/error/struct.Error.html" title="struct serde_json::error::Error">SerdeJsonError</a>)</code></h3><h3 id="variant.SystemError" class="variant small-section-header"><a href="#variant.SystemError" class="anchor field"></a><code>SystemError</code></h3><h2 id="trait-implementations" class="small-section-header">Trait Implementations<a href="#trait-implementations" class="anchor"></a></h2><div id="trait-implementations-list"><details class="rustdoc-toggle implementors-toggle" open><summary><section id="impl-Debug" class="impl has-srclink"><span class="rightside"><a class="srclink" href="../src/kanidm_client/lib.rs.html#50">source</a></span><a href="#impl-Debug" class="anchor"></a><h3 class="code-header in-band">impl <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/fmt/trait.Debug.html" title="trait core::fmt::Debug">Debug</a> for <a class="enum" href="enum.ClientError.html" title="enum kanidm_client::ClientError">ClientError</a></h3></section></summary><div class="impl-items"><details class="rustdoc-toggle method-toggle" open><summary><section id="method.fmt" class="method trait-impl has-srclink"><span class="rightside"><a class="srclink" href="../src/kanidm_client/lib.rs.html#50">source</a></span><a href="#method.fmt" class="anchor"></a><h4 class="code-header">fn <a href="https://doc.rust-lang.org/1.61.0/core/fmt/trait.Debug.html#tymethod.fmt" class="fnname">fmt</a>(&self, f: &mut <a class="struct" href="https://doc.rust-lang.org/1.61.0/core/fmt/struct.Formatter.html" title="struct core::fmt::Formatter">Formatter</a><'_>) -> <a class="type" href="https://doc.rust-lang.org/1.61.0/core/fmt/type.Result.html" title="type core::fmt::Result">Result</a></h4></section></summary><div class='docblock'><p>Formats the value using the given formatter. <a href="https://doc.rust-lang.org/1.61.0/core/fmt/trait.Debug.html#tymethod.fmt">Read more</a></p>
|
||||
}</code></pre></div><h2 id="variants" class="variants small-section-header">Variants<a href="#variants" class="anchor"></a></h2><h3 id="variant.Unauthorized" class="variant small-section-header"><a href="#variant.Unauthorized" class="anchor field"></a><code>Unauthorized</code></h3><h3 id="variant.Http" class="variant small-section-header"><a href="#variant.Http" class="anchor field"></a><code>Http(<a class="struct" href="struct.StatusCode.html" title="struct kanidm_client::StatusCode">StatusCode</a>, <a class="enum" href="https://doc.rust-lang.org/1.61.0/core/option/enum.Option.html" title="enum core::option::Option">Option</a><OperationError>, <a class="struct" href="https://doc.rust-lang.org/1.61.0/alloc/string/struct.String.html" title="struct alloc::string::String">String</a>)</code></h3><h3 id="variant.Transport" class="variant small-section-header"><a href="#variant.Transport" class="anchor field"></a><code>Transport(<a class="struct" href="https://docs.rs/reqwest/0.11.10/reqwest/error/struct.Error.html" title="struct reqwest::error::Error">Error</a>)</code></h3><h3 id="variant.AuthenticationFailed" class="variant small-section-header"><a href="#variant.AuthenticationFailed" class="anchor field"></a><code>AuthenticationFailed</code></h3><h3 id="variant.EmptyResponse" class="variant small-section-header"><a href="#variant.EmptyResponse" class="anchor field"></a><code>EmptyResponse</code></h3><h3 id="variant.TotpVerifyFailed" class="variant small-section-header"><a href="#variant.TotpVerifyFailed" class="anchor field"></a><code>TotpVerifyFailed(<a class="struct" href="https://docs.rs/uuid/1.1.2/uuid/struct.Uuid.html" title="struct uuid::Uuid">Uuid</a>, TotpSecret)</code></h3><h3 id="variant.TotpInvalidSha1" class="variant small-section-header"><a href="#variant.TotpInvalidSha1" class="anchor field"></a><code>TotpInvalidSha1(<a class="struct" href="https://docs.rs/uuid/1.1.2/uuid/struct.Uuid.html" title="struct uuid::Uuid">Uuid</a>)</code></h3><h3 id="variant.JsonDecode" class="variant small-section-header"><a href="#variant.JsonDecode" class="anchor field"></a><code>JsonDecode(<a class="struct" href="https://docs.rs/reqwest/0.11.10/reqwest/error/struct.Error.html" title="struct reqwest::error::Error">Error</a>, <a class="struct" href="https://doc.rust-lang.org/1.61.0/alloc/string/struct.String.html" title="struct alloc::string::String">String</a>)</code></h3><h3 id="variant.JsonEncode" class="variant small-section-header"><a href="#variant.JsonEncode" class="anchor field"></a><code>JsonEncode(<a class="struct" href="https://docs.rs/serde_json/1.0.81/serde_json/error/struct.Error.html" title="struct serde_json::error::Error">SerdeJsonError</a>)</code></h3><h3 id="variant.SystemError" class="variant small-section-header"><a href="#variant.SystemError" class="anchor field"></a><code>SystemError</code></h3><h2 id="trait-implementations" class="small-section-header">Trait Implementations<a href="#trait-implementations" class="anchor"></a></h2><div id="trait-implementations-list"><details class="rustdoc-toggle implementors-toggle" open><summary><section id="impl-Debug" class="impl has-srclink"><span class="rightside"><a class="srclink" href="../src/kanidm_client/lib.rs.html#50">source</a></span><a href="#impl-Debug" class="anchor"></a><h3 class="code-header in-band">impl <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/fmt/trait.Debug.html" title="trait core::fmt::Debug">Debug</a> for <a class="enum" href="enum.ClientError.html" title="enum kanidm_client::ClientError">ClientError</a></h3></section></summary><div class="impl-items"><details class="rustdoc-toggle method-toggle" open><summary><section id="method.fmt" class="method trait-impl has-srclink"><span class="rightside"><a class="srclink" href="../src/kanidm_client/lib.rs.html#50">source</a></span><a href="#method.fmt" class="anchor"></a><h4 class="code-header">fn <a href="https://doc.rust-lang.org/1.61.0/core/fmt/trait.Debug.html#tymethod.fmt" class="fnname">fmt</a>(&self, f: &mut <a class="struct" href="https://doc.rust-lang.org/1.61.0/core/fmt/struct.Formatter.html" title="struct core::fmt::Formatter">Formatter</a><'_>) -> <a class="type" href="https://doc.rust-lang.org/1.61.0/core/fmt/type.Result.html" title="type core::fmt::Result">Result</a></h4></section></summary><div class='docblock'><p>Formats the value using the given formatter. <a href="https://doc.rust-lang.org/1.61.0/core/fmt/trait.Debug.html#tymethod.fmt">Read more</a></p>
|
||||
</div></details></div></details></div><h2 id="synthetic-implementations" class="small-section-header">Auto Trait Implementations<a href="#synthetic-implementations" class="anchor"></a></h2><div id="synthetic-implementations-list"><section id="impl-RefUnwindSafe" class="impl has-srclink"><a href="#impl-RefUnwindSafe" class="anchor"></a><h3 class="code-header in-band">impl !<a class="trait" href="https://doc.rust-lang.org/1.61.0/core/panic/unwind_safe/trait.RefUnwindSafe.html" title="trait core::panic::unwind_safe::RefUnwindSafe">RefUnwindSafe</a> for <a class="enum" href="enum.ClientError.html" title="enum kanidm_client::ClientError">ClientError</a></h3></section><section id="impl-Send" class="impl has-srclink"><a href="#impl-Send" class="anchor"></a><h3 class="code-header in-band">impl <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/marker/trait.Send.html" title="trait core::marker::Send">Send</a> for <a class="enum" href="enum.ClientError.html" title="enum kanidm_client::ClientError">ClientError</a></h3></section><section id="impl-Sync" class="impl has-srclink"><a href="#impl-Sync" class="anchor"></a><h3 class="code-header in-band">impl <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/marker/trait.Sync.html" title="trait core::marker::Sync">Sync</a> for <a class="enum" href="enum.ClientError.html" title="enum kanidm_client::ClientError">ClientError</a></h3></section><section id="impl-Unpin" class="impl has-srclink"><a href="#impl-Unpin" class="anchor"></a><h3 class="code-header in-band">impl <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/marker/trait.Unpin.html" title="trait core::marker::Unpin">Unpin</a> for <a class="enum" href="enum.ClientError.html" title="enum kanidm_client::ClientError">ClientError</a></h3></section><section id="impl-UnwindSafe" class="impl has-srclink"><a href="#impl-UnwindSafe" class="anchor"></a><h3 class="code-header in-band">impl !<a class="trait" href="https://doc.rust-lang.org/1.61.0/core/panic/unwind_safe/trait.UnwindSafe.html" title="trait core::panic::unwind_safe::UnwindSafe">UnwindSafe</a> for <a class="enum" href="enum.ClientError.html" title="enum kanidm_client::ClientError">ClientError</a></h3></section></div><h2 id="blanket-implementations" class="small-section-header">Blanket Implementations<a href="#blanket-implementations" class="anchor"></a></h2><div id="blanket-implementations-list"><details class="rustdoc-toggle implementors-toggle"><summary><section id="impl-Any" class="impl has-srclink"><span class="rightside"><a class="srclink" href="https://doc.rust-lang.org/1.61.0/src/core/any.rs.html#132-136">source</a></span><a href="#impl-Any" class="anchor"></a><h3 class="code-header in-band">impl<T> <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/any/trait.Any.html" title="trait core::any::Any">Any</a> for T <span class="where fmt-newline">where<br> T: 'static + ?<a class="trait" href="https://doc.rust-lang.org/1.61.0/core/marker/trait.Sized.html" title="trait core::marker::Sized">Sized</a>, </span></h3></section></summary><div class="impl-items"><details class="rustdoc-toggle method-toggle" open><summary><section id="method.type_id" class="method trait-impl has-srclink"><span class="rightside"><a class="srclink" href="https://doc.rust-lang.org/1.61.0/src/core/any.rs.html#133">source</a></span><a href="#method.type_id" class="anchor"></a><h4 class="code-header">fn <a href="https://doc.rust-lang.org/1.61.0/core/any/trait.Any.html#tymethod.type_id" class="fnname">type_id</a>(&self) -> <a class="struct" href="https://doc.rust-lang.org/1.61.0/core/any/struct.TypeId.html" title="struct core::any::TypeId">TypeId</a></h4></section></summary><div class='docblock'><p>Gets the <code>TypeId</code> of <code>self</code>. <a href="https://doc.rust-lang.org/1.61.0/core/any/trait.Any.html#tymethod.type_id">Read more</a></p>
|
||||
</div></details></div></details><details class="rustdoc-toggle implementors-toggle"><summary><section id="impl-Borrow%3CT%3E" class="impl has-srclink"><span class="rightside"><a class="srclink" href="https://doc.rust-lang.org/1.61.0/src/core/borrow.rs.html#209-214">source</a></span><a href="#impl-Borrow%3CT%3E" class="anchor"></a><h3 class="code-header in-band">impl<T> <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/borrow/trait.Borrow.html" title="trait core::borrow::Borrow">Borrow</a><T> for T <span class="where fmt-newline">where<br> T: ?<a class="trait" href="https://doc.rust-lang.org/1.61.0/core/marker/trait.Sized.html" title="trait core::marker::Sized">Sized</a>, </span></h3></section></summary><div class="impl-items"><details class="rustdoc-toggle method-toggle" open><summary><section id="method.borrow" class="method trait-impl has-srclink"><span class="rightside"><span class="since" title="const unstable">const: <a href="https://github.com/rust-lang/rust/issues/91522" title="Tracking issue for const_borrow">unstable</a></span> · <a class="srclink" href="https://doc.rust-lang.org/1.61.0/src/core/borrow.rs.html#211">source</a></span><a href="#method.borrow" class="anchor"></a><h4 class="code-header">fn <a href="https://doc.rust-lang.org/1.61.0/core/borrow/trait.Borrow.html#tymethod.borrow" class="fnname">borrow</a>(&self) -> <a class="primitive" href="https://doc.rust-lang.org/1.61.0/std/primitive.reference.html">&</a>T</h4></section></summary><div class='docblock'><p>Immutably borrows from an owned value. <a href="https://doc.rust-lang.org/1.61.0/core/borrow/trait.Borrow.html#tymethod.borrow">Read more</a></p>
|
||||
</div></details></div></details><details class="rustdoc-toggle implementors-toggle"><summary><section id="impl-BorrowMut%3CT%3E" class="impl has-srclink"><span class="rightside"><a class="srclink" href="https://doc.rust-lang.org/1.61.0/src/core/borrow.rs.html#218-222">source</a></span><a href="#impl-BorrowMut%3CT%3E" class="anchor"></a><h3 class="code-header in-band">impl<T> <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/borrow/trait.BorrowMut.html" title="trait core::borrow::BorrowMut">BorrowMut</a><T> for T <span class="where fmt-newline">where<br> T: ?<a class="trait" href="https://doc.rust-lang.org/1.61.0/core/marker/trait.Sized.html" title="trait core::marker::Sized">Sized</a>, </span></h3></section></summary><div class="impl-items"><details class="rustdoc-toggle method-toggle" open><summary><section id="method.borrow_mut" class="method trait-impl has-srclink"><span class="rightside"><span class="since" title="const unstable">const: <a href="https://github.com/rust-lang/rust/issues/91522" title="Tracking issue for const_borrow">unstable</a></span> · <a class="srclink" href="https://doc.rust-lang.org/1.61.0/src/core/borrow.rs.html#219">source</a></span><a href="#method.borrow_mut" class="anchor"></a><h4 class="code-header">fn <a href="https://doc.rust-lang.org/1.61.0/core/borrow/trait.BorrowMut.html#tymethod.borrow_mut" class="fnname">borrow_mut</a>(&mut self) -> <a class="primitive" href="https://doc.rust-lang.org/1.61.0/std/primitive.reference.html">&mut </a>T</h4></section></summary><div class='docblock'><p>Mutably borrows from an owned value. <a href="https://doc.rust-lang.org/1.61.0/core/borrow/trait.BorrowMut.html#tymethod.borrow_mut">Read more</a></p>
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
|
@ -353,7 +353,29 @@ the interactive configuration generator. Alternately, you can set the following
|
|||
these to a group with a scope map due to Velociraptors high impact.</p>
|
||||
<pre><code># kanidm group create velociraptor_users
|
||||
# kanidm group add_members velociraptor_users ...
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email</code></pre>
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email
|
||||
</code></pre>
|
||||
<h3 id="vouch-proxy"><a class="header" href="#vouch-proxy">Vouch Proxy</a></h3>
|
||||
<p><em>You need to run at least the version 0.37.0</em>.</p>
|
||||
<p>Vouch Proxy supports multiple OAuth and OIDC login providers.
|
||||
To configure it you need to pass:</p>
|
||||
<pre><code class="language-yaml">oauth:
|
||||
auth_url: https://idm.wherekanidmruns.com/ui/oauth2
|
||||
callback_url: https://login.wherevouchproxyruns.com/auth
|
||||
client_id: <oauth2_rs_name> # Found in kanidm system oauth2 get XXXX (should be the same as XXXX)
|
||||
client_secret: <oauth2_rs_basic_secret> # Found in kanidm system oauth2 get XXXX
|
||||
code_challenge_method: S256
|
||||
provider: oidc
|
||||
scopes:
|
||||
- email # Important, vouch proxy requiers a username (but does not use the proper scope, sub) or an email see https://github.com/vouch/vouch-proxy/issues/309, 310
|
||||
token_url: https://idm.wherekanidmruns.com/oauth2/token
|
||||
user_info_url: https://idm.wherekanidmruns.com/oauth2/openid/<oauth2_rs_name>/userinfo
|
||||
</code></pre>
|
||||
<p>The <code>email</code> scope needs to be passed and thus the attribute needs to exist in
|
||||
the account:</p>
|
||||
<pre><code>kanidm login --name idm_admin
|
||||
kanidm account person extend YYYY --mail "YYYY@somedomain.com" --name idm_admin
|
||||
</code></pre>
|
||||
|
||||
</main>
|
||||
|
||||
|
|
|
|||
|
|
@ -1613,7 +1613,29 @@ the interactive configuration generator. Alternately, you can set the following
|
|||
these to a group with a scope map due to Velociraptors high impact.</p>
|
||||
<pre><code># kanidm group create velociraptor_users
|
||||
# kanidm group add_members velociraptor_users ...
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email</code></pre>
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email
|
||||
</code></pre>
|
||||
<h3 id="vouch-proxy"><a class="header" href="#vouch-proxy">Vouch Proxy</a></h3>
|
||||
<p><em>You need to run at least the version 0.37.0</em>.</p>
|
||||
<p>Vouch Proxy supports multiple OAuth and OIDC login providers.
|
||||
To configure it you need to pass:</p>
|
||||
<pre><code class="language-yaml">oauth:
|
||||
auth_url: https://idm.wherekanidmruns.com/ui/oauth2
|
||||
callback_url: https://login.wherevouchproxyruns.com/auth
|
||||
client_id: <oauth2_rs_name> # Found in kanidm system oauth2 get XXXX (should be the same as XXXX)
|
||||
client_secret: <oauth2_rs_basic_secret> # Found in kanidm system oauth2 get XXXX
|
||||
code_challenge_method: S256
|
||||
provider: oidc
|
||||
scopes:
|
||||
- email # Important, vouch proxy requiers a username (but does not use the proper scope, sub) or an email see https://github.com/vouch/vouch-proxy/issues/309, 310
|
||||
token_url: https://idm.wherekanidmruns.com/oauth2/token
|
||||
user_info_url: https://idm.wherekanidmruns.com/oauth2/openid/<oauth2_rs_name>/userinfo
|
||||
</code></pre>
|
||||
<p>The <code>email</code> scope needs to be passed and thus the attribute needs to exist in
|
||||
the account:</p>
|
||||
<pre><code>kanidm login --name idm_admin
|
||||
kanidm account person extend YYYY --mail "YYYY@somedomain.com" --name idm_admin
|
||||
</code></pre>
|
||||
<div style="break-before: page; page-break-before: always;"></div><h1 id="pam-and-nsswitch"><a class="header" href="#pam-and-nsswitch">PAM and nsswitch</a></h1>
|
||||
<p><a href="http://linux-pam.org">PAM</a> and <a href="https://en.wikipedia.org/wiki/Name_Service_Switch">nsswitch</a>
|
||||
are the core mechanisms used by Linux and BSD clients to resolve identities from an IDM service
|
||||
|
|
|
|||
|
|
@ -6,16 +6,16 @@
|
|||
</a><h2 class="location"><a href="#">ClientError</a></h2><div class="sidebar-elems"><section><div class="block"><h3 class="sidebar-title"><a href="#variants">Variants</a></h3><ul><li><a href="#variant.AuthenticationFailed">AuthenticationFailed</a></li><li><a href="#variant.EmptyResponse">EmptyResponse</a></li><li><a href="#variant.Http">Http</a></li><li><a href="#variant.JsonDecode">JsonDecode</a></li><li><a href="#variant.JsonEncode">JsonEncode</a></li><li><a href="#variant.SystemError">SystemError</a></li><li><a href="#variant.TotpInvalidSha1">TotpInvalidSha1</a></li><li><a href="#variant.TotpVerifyFailed">TotpVerifyFailed</a></li><li><a href="#variant.Transport">Transport</a></li><li><a href="#variant.Unauthorized">Unauthorized</a></li></ul></div><div class="block"><h3 class="sidebar-title"><a href="#trait-implementations">Trait Implementations</a></h3><ul><li><a href="#impl-Debug">Debug</a></li></ul></div><div class="block"><h3 class="sidebar-title"><a href="#synthetic-implementations">Auto Trait Implementations</a></h3><ul><li><a href="#impl-RefUnwindSafe">!RefUnwindSafe</a></li><li><a href="#impl-Send">Send</a></li><li><a href="#impl-Sync">Sync</a></li><li><a href="#impl-Unpin">Unpin</a></li><li><a href="#impl-UnwindSafe">!UnwindSafe</a></li></ul></div><div class="block"><h3 class="sidebar-title"><a href="#blanket-implementations">Blanket Implementations</a></h3><ul><li><a href="#impl-Any">Any</a></li><li><a href="#impl-Borrow%3CT%3E">Borrow<T></a></li><li><a href="#impl-BorrowMut%3CT%3E">BorrowMut<T></a></li><li><a href="#impl-From%3CT%3E">From<T></a></li><li><a href="#impl-Instrument">Instrument</a></li><li><a href="#impl-Into%3CU%3E">Into<U></a></li><li><a href="#impl-TryFrom%3CU%3E">TryFrom<U></a></li><li><a href="#impl-TryInto%3CU%3E">TryInto<U></a></li><li><a href="#impl-VZip%3CV%3E">VZip<V></a></li><li><a href="#impl-WithSubscriber">WithSubscriber</a></li></ul></div></section><h2 class="location"><a href="index.html">In kanidm_client</a></h2><div id="sidebar-vars" data-name="ClientError" data-ty="enum" data-relpath=""></div><script defer src="sidebar-items.js"></script></div></nav><main><div class="width-limiter"><div class="sub-container"><a class="sub-logo-container" href="../kanidm_client/index.html"><img class="rust-logo" src="../rust-logo.svg" alt="logo"></a><nav class="sub"><div class="theme-picker hidden"><button id="theme-picker" aria-label="Pick another theme!" aria-haspopup="menu" title="themes"><img width="22" height="22" alt="Pick another theme!" src="../brush.svg"></button><div id="theme-choices" role="menu"></div></div><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><button type="button" id="help-button" title="help">?</button><a id="settings-menu" href="../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../wheel.svg"></a></div></form></nav></div><section id="main-content" class="content"><div class="main-heading">
|
||||
<h1 class="fqn"><span class="in-band">Enum <a href="index.html">kanidm_client</a>::<wbr><a class="enum" href="#">ClientError</a><button id="copy-path" onclick="copy_path(this)" title="Copy item path to clipboard"><img src="../clipboard.svg" width="19" height="18" alt="Copy item path"></button></span></h1><span class="out-of-band"><a class="srclink" href="../src/kanidm_client/lib.rs.html#51-62">source</a> · <a id="toggle-all-docs" href="javascript:void(0)" title="collapse all docs">[<span class="inner">−</span>]</a></span></div><div class="docblock item-decl"><pre class="rust enum"><code>pub enum ClientError {
|
||||
Unauthorized,
|
||||
Http(<a class="struct" href="struct.StatusCode.html" title="struct kanidm_client::StatusCode">StatusCode</a>, <a class="enum" href="https://doc.rust-lang.org/1.61.0/core/option/enum.Option.html" title="enum core::option::Option">Option</a><<a class="enum" href="../kanidm_proto/v1/enum.OperationError.html" title="enum kanidm_proto::v1::OperationError">OperationError</a>>, <a class="struct" href="https://doc.rust-lang.org/1.61.0/alloc/string/struct.String.html" title="struct alloc::string::String">String</a>),
|
||||
Http(<a class="struct" href="struct.StatusCode.html" title="struct kanidm_client::StatusCode">StatusCode</a>, <a class="enum" href="https://doc.rust-lang.org/1.61.0/core/option/enum.Option.html" title="enum core::option::Option">Option</a><OperationError>, <a class="struct" href="https://doc.rust-lang.org/1.61.0/alloc/string/struct.String.html" title="struct alloc::string::String">String</a>),
|
||||
Transport(<a class="struct" href="https://docs.rs/reqwest/0.11.10/reqwest/error/struct.Error.html" title="struct reqwest::error::Error">Error</a>),
|
||||
AuthenticationFailed,
|
||||
EmptyResponse,
|
||||
TotpVerifyFailed(<a class="struct" href="https://docs.rs/uuid/1.1.2/uuid/struct.Uuid.html" title="struct uuid::Uuid">Uuid</a>, <a class="struct" href="../kanidm_proto/v1/struct.TotpSecret.html" title="struct kanidm_proto::v1::TotpSecret">TotpSecret</a>),
|
||||
TotpVerifyFailed(<a class="struct" href="https://docs.rs/uuid/1.1.2/uuid/struct.Uuid.html" title="struct uuid::Uuid">Uuid</a>, TotpSecret),
|
||||
TotpInvalidSha1(<a class="struct" href="https://docs.rs/uuid/1.1.2/uuid/struct.Uuid.html" title="struct uuid::Uuid">Uuid</a>),
|
||||
JsonDecode(<a class="struct" href="https://docs.rs/reqwest/0.11.10/reqwest/error/struct.Error.html" title="struct reqwest::error::Error">Error</a>, <a class="struct" href="https://doc.rust-lang.org/1.61.0/alloc/string/struct.String.html" title="struct alloc::string::String">String</a>),
|
||||
JsonEncode(<a class="struct" href="https://docs.rs/serde_json/1.0.81/serde_json/error/struct.Error.html" title="struct serde_json::error::Error">SerdeJsonError</a>),
|
||||
SystemError,
|
||||
}</code></pre></div><h2 id="variants" class="variants small-section-header">Variants<a href="#variants" class="anchor"></a></h2><h3 id="variant.Unauthorized" class="variant small-section-header"><a href="#variant.Unauthorized" class="anchor field"></a><code>Unauthorized</code></h3><h3 id="variant.Http" class="variant small-section-header"><a href="#variant.Http" class="anchor field"></a><code>Http(<a class="struct" href="struct.StatusCode.html" title="struct kanidm_client::StatusCode">StatusCode</a>, <a class="enum" href="https://doc.rust-lang.org/1.61.0/core/option/enum.Option.html" title="enum core::option::Option">Option</a><<a class="enum" href="../kanidm_proto/v1/enum.OperationError.html" title="enum kanidm_proto::v1::OperationError">OperationError</a>>, <a class="struct" href="https://doc.rust-lang.org/1.61.0/alloc/string/struct.String.html" title="struct alloc::string::String">String</a>)</code></h3><h3 id="variant.Transport" class="variant small-section-header"><a href="#variant.Transport" class="anchor field"></a><code>Transport(<a class="struct" href="https://docs.rs/reqwest/0.11.10/reqwest/error/struct.Error.html" title="struct reqwest::error::Error">Error</a>)</code></h3><h3 id="variant.AuthenticationFailed" class="variant small-section-header"><a href="#variant.AuthenticationFailed" class="anchor field"></a><code>AuthenticationFailed</code></h3><h3 id="variant.EmptyResponse" class="variant small-section-header"><a href="#variant.EmptyResponse" class="anchor field"></a><code>EmptyResponse</code></h3><h3 id="variant.TotpVerifyFailed" class="variant small-section-header"><a href="#variant.TotpVerifyFailed" class="anchor field"></a><code>TotpVerifyFailed(<a class="struct" href="https://docs.rs/uuid/1.1.2/uuid/struct.Uuid.html" title="struct uuid::Uuid">Uuid</a>, <a class="struct" href="../kanidm_proto/v1/struct.TotpSecret.html" title="struct kanidm_proto::v1::TotpSecret">TotpSecret</a>)</code></h3><h3 id="variant.TotpInvalidSha1" class="variant small-section-header"><a href="#variant.TotpInvalidSha1" class="anchor field"></a><code>TotpInvalidSha1(<a class="struct" href="https://docs.rs/uuid/1.1.2/uuid/struct.Uuid.html" title="struct uuid::Uuid">Uuid</a>)</code></h3><h3 id="variant.JsonDecode" class="variant small-section-header"><a href="#variant.JsonDecode" class="anchor field"></a><code>JsonDecode(<a class="struct" href="https://docs.rs/reqwest/0.11.10/reqwest/error/struct.Error.html" title="struct reqwest::error::Error">Error</a>, <a class="struct" href="https://doc.rust-lang.org/1.61.0/alloc/string/struct.String.html" title="struct alloc::string::String">String</a>)</code></h3><h3 id="variant.JsonEncode" class="variant small-section-header"><a href="#variant.JsonEncode" class="anchor field"></a><code>JsonEncode(<a class="struct" href="https://docs.rs/serde_json/1.0.81/serde_json/error/struct.Error.html" title="struct serde_json::error::Error">SerdeJsonError</a>)</code></h3><h3 id="variant.SystemError" class="variant small-section-header"><a href="#variant.SystemError" class="anchor field"></a><code>SystemError</code></h3><h2 id="trait-implementations" class="small-section-header">Trait Implementations<a href="#trait-implementations" class="anchor"></a></h2><div id="trait-implementations-list"><details class="rustdoc-toggle implementors-toggle" open><summary><section id="impl-Debug" class="impl has-srclink"><span class="rightside"><a class="srclink" href="../src/kanidm_client/lib.rs.html#50">source</a></span><a href="#impl-Debug" class="anchor"></a><h3 class="code-header in-band">impl <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/fmt/trait.Debug.html" title="trait core::fmt::Debug">Debug</a> for <a class="enum" href="enum.ClientError.html" title="enum kanidm_client::ClientError">ClientError</a></h3></section></summary><div class="impl-items"><details class="rustdoc-toggle method-toggle" open><summary><section id="method.fmt" class="method trait-impl has-srclink"><span class="rightside"><a class="srclink" href="../src/kanidm_client/lib.rs.html#50">source</a></span><a href="#method.fmt" class="anchor"></a><h4 class="code-header">fn <a href="https://doc.rust-lang.org/1.61.0/core/fmt/trait.Debug.html#tymethod.fmt" class="fnname">fmt</a>(&self, f: &mut <a class="struct" href="https://doc.rust-lang.org/1.61.0/core/fmt/struct.Formatter.html" title="struct core::fmt::Formatter">Formatter</a><'_>) -> <a class="type" href="https://doc.rust-lang.org/1.61.0/core/fmt/type.Result.html" title="type core::fmt::Result">Result</a></h4></section></summary><div class='docblock'><p>Formats the value using the given formatter. <a href="https://doc.rust-lang.org/1.61.0/core/fmt/trait.Debug.html#tymethod.fmt">Read more</a></p>
|
||||
}</code></pre></div><h2 id="variants" class="variants small-section-header">Variants<a href="#variants" class="anchor"></a></h2><h3 id="variant.Unauthorized" class="variant small-section-header"><a href="#variant.Unauthorized" class="anchor field"></a><code>Unauthorized</code></h3><h3 id="variant.Http" class="variant small-section-header"><a href="#variant.Http" class="anchor field"></a><code>Http(<a class="struct" href="struct.StatusCode.html" title="struct kanidm_client::StatusCode">StatusCode</a>, <a class="enum" href="https://doc.rust-lang.org/1.61.0/core/option/enum.Option.html" title="enum core::option::Option">Option</a><OperationError>, <a class="struct" href="https://doc.rust-lang.org/1.61.0/alloc/string/struct.String.html" title="struct alloc::string::String">String</a>)</code></h3><h3 id="variant.Transport" class="variant small-section-header"><a href="#variant.Transport" class="anchor field"></a><code>Transport(<a class="struct" href="https://docs.rs/reqwest/0.11.10/reqwest/error/struct.Error.html" title="struct reqwest::error::Error">Error</a>)</code></h3><h3 id="variant.AuthenticationFailed" class="variant small-section-header"><a href="#variant.AuthenticationFailed" class="anchor field"></a><code>AuthenticationFailed</code></h3><h3 id="variant.EmptyResponse" class="variant small-section-header"><a href="#variant.EmptyResponse" class="anchor field"></a><code>EmptyResponse</code></h3><h3 id="variant.TotpVerifyFailed" class="variant small-section-header"><a href="#variant.TotpVerifyFailed" class="anchor field"></a><code>TotpVerifyFailed(<a class="struct" href="https://docs.rs/uuid/1.1.2/uuid/struct.Uuid.html" title="struct uuid::Uuid">Uuid</a>, TotpSecret)</code></h3><h3 id="variant.TotpInvalidSha1" class="variant small-section-header"><a href="#variant.TotpInvalidSha1" class="anchor field"></a><code>TotpInvalidSha1(<a class="struct" href="https://docs.rs/uuid/1.1.2/uuid/struct.Uuid.html" title="struct uuid::Uuid">Uuid</a>)</code></h3><h3 id="variant.JsonDecode" class="variant small-section-header"><a href="#variant.JsonDecode" class="anchor field"></a><code>JsonDecode(<a class="struct" href="https://docs.rs/reqwest/0.11.10/reqwest/error/struct.Error.html" title="struct reqwest::error::Error">Error</a>, <a class="struct" href="https://doc.rust-lang.org/1.61.0/alloc/string/struct.String.html" title="struct alloc::string::String">String</a>)</code></h3><h3 id="variant.JsonEncode" class="variant small-section-header"><a href="#variant.JsonEncode" class="anchor field"></a><code>JsonEncode(<a class="struct" href="https://docs.rs/serde_json/1.0.81/serde_json/error/struct.Error.html" title="struct serde_json::error::Error">SerdeJsonError</a>)</code></h3><h3 id="variant.SystemError" class="variant small-section-header"><a href="#variant.SystemError" class="anchor field"></a><code>SystemError</code></h3><h2 id="trait-implementations" class="small-section-header">Trait Implementations<a href="#trait-implementations" class="anchor"></a></h2><div id="trait-implementations-list"><details class="rustdoc-toggle implementors-toggle" open><summary><section id="impl-Debug" class="impl has-srclink"><span class="rightside"><a class="srclink" href="../src/kanidm_client/lib.rs.html#50">source</a></span><a href="#impl-Debug" class="anchor"></a><h3 class="code-header in-band">impl <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/fmt/trait.Debug.html" title="trait core::fmt::Debug">Debug</a> for <a class="enum" href="enum.ClientError.html" title="enum kanidm_client::ClientError">ClientError</a></h3></section></summary><div class="impl-items"><details class="rustdoc-toggle method-toggle" open><summary><section id="method.fmt" class="method trait-impl has-srclink"><span class="rightside"><a class="srclink" href="../src/kanidm_client/lib.rs.html#50">source</a></span><a href="#method.fmt" class="anchor"></a><h4 class="code-header">fn <a href="https://doc.rust-lang.org/1.61.0/core/fmt/trait.Debug.html#tymethod.fmt" class="fnname">fmt</a>(&self, f: &mut <a class="struct" href="https://doc.rust-lang.org/1.61.0/core/fmt/struct.Formatter.html" title="struct core::fmt::Formatter">Formatter</a><'_>) -> <a class="type" href="https://doc.rust-lang.org/1.61.0/core/fmt/type.Result.html" title="type core::fmt::Result">Result</a></h4></section></summary><div class='docblock'><p>Formats the value using the given formatter. <a href="https://doc.rust-lang.org/1.61.0/core/fmt/trait.Debug.html#tymethod.fmt">Read more</a></p>
|
||||
</div></details></div></details></div><h2 id="synthetic-implementations" class="small-section-header">Auto Trait Implementations<a href="#synthetic-implementations" class="anchor"></a></h2><div id="synthetic-implementations-list"><section id="impl-RefUnwindSafe" class="impl has-srclink"><a href="#impl-RefUnwindSafe" class="anchor"></a><h3 class="code-header in-band">impl !<a class="trait" href="https://doc.rust-lang.org/1.61.0/core/panic/unwind_safe/trait.RefUnwindSafe.html" title="trait core::panic::unwind_safe::RefUnwindSafe">RefUnwindSafe</a> for <a class="enum" href="enum.ClientError.html" title="enum kanidm_client::ClientError">ClientError</a></h3></section><section id="impl-Send" class="impl has-srclink"><a href="#impl-Send" class="anchor"></a><h3 class="code-header in-band">impl <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/marker/trait.Send.html" title="trait core::marker::Send">Send</a> for <a class="enum" href="enum.ClientError.html" title="enum kanidm_client::ClientError">ClientError</a></h3></section><section id="impl-Sync" class="impl has-srclink"><a href="#impl-Sync" class="anchor"></a><h3 class="code-header in-band">impl <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/marker/trait.Sync.html" title="trait core::marker::Sync">Sync</a> for <a class="enum" href="enum.ClientError.html" title="enum kanidm_client::ClientError">ClientError</a></h3></section><section id="impl-Unpin" class="impl has-srclink"><a href="#impl-Unpin" class="anchor"></a><h3 class="code-header in-band">impl <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/marker/trait.Unpin.html" title="trait core::marker::Unpin">Unpin</a> for <a class="enum" href="enum.ClientError.html" title="enum kanidm_client::ClientError">ClientError</a></h3></section><section id="impl-UnwindSafe" class="impl has-srclink"><a href="#impl-UnwindSafe" class="anchor"></a><h3 class="code-header in-band">impl !<a class="trait" href="https://doc.rust-lang.org/1.61.0/core/panic/unwind_safe/trait.UnwindSafe.html" title="trait core::panic::unwind_safe::UnwindSafe">UnwindSafe</a> for <a class="enum" href="enum.ClientError.html" title="enum kanidm_client::ClientError">ClientError</a></h3></section></div><h2 id="blanket-implementations" class="small-section-header">Blanket Implementations<a href="#blanket-implementations" class="anchor"></a></h2><div id="blanket-implementations-list"><details class="rustdoc-toggle implementors-toggle"><summary><section id="impl-Any" class="impl has-srclink"><span class="rightside"><a class="srclink" href="https://doc.rust-lang.org/1.61.0/src/core/any.rs.html#132-136">source</a></span><a href="#impl-Any" class="anchor"></a><h3 class="code-header in-band">impl<T> <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/any/trait.Any.html" title="trait core::any::Any">Any</a> for T <span class="where fmt-newline">where<br> T: 'static + ?<a class="trait" href="https://doc.rust-lang.org/1.61.0/core/marker/trait.Sized.html" title="trait core::marker::Sized">Sized</a>, </span></h3></section></summary><div class="impl-items"><details class="rustdoc-toggle method-toggle" open><summary><section id="method.type_id" class="method trait-impl has-srclink"><span class="rightside"><a class="srclink" href="https://doc.rust-lang.org/1.61.0/src/core/any.rs.html#133">source</a></span><a href="#method.type_id" class="anchor"></a><h4 class="code-header">fn <a href="https://doc.rust-lang.org/1.61.0/core/any/trait.Any.html#tymethod.type_id" class="fnname">type_id</a>(&self) -> <a class="struct" href="https://doc.rust-lang.org/1.61.0/core/any/struct.TypeId.html" title="struct core::any::TypeId">TypeId</a></h4></section></summary><div class='docblock'><p>Gets the <code>TypeId</code> of <code>self</code>. <a href="https://doc.rust-lang.org/1.61.0/core/any/trait.Any.html#tymethod.type_id">Read more</a></p>
|
||||
</div></details></div></details><details class="rustdoc-toggle implementors-toggle"><summary><section id="impl-Borrow%3CT%3E" class="impl has-srclink"><span class="rightside"><a class="srclink" href="https://doc.rust-lang.org/1.61.0/src/core/borrow.rs.html#209-214">source</a></span><a href="#impl-Borrow%3CT%3E" class="anchor"></a><h3 class="code-header in-band">impl<T> <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/borrow/trait.Borrow.html" title="trait core::borrow::Borrow">Borrow</a><T> for T <span class="where fmt-newline">where<br> T: ?<a class="trait" href="https://doc.rust-lang.org/1.61.0/core/marker/trait.Sized.html" title="trait core::marker::Sized">Sized</a>, </span></h3></section></summary><div class="impl-items"><details class="rustdoc-toggle method-toggle" open><summary><section id="method.borrow" class="method trait-impl has-srclink"><span class="rightside"><span class="since" title="const unstable">const: <a href="https://github.com/rust-lang/rust/issues/91522" title="Tracking issue for const_borrow">unstable</a></span> · <a class="srclink" href="https://doc.rust-lang.org/1.61.0/src/core/borrow.rs.html#211">source</a></span><a href="#method.borrow" class="anchor"></a><h4 class="code-header">fn <a href="https://doc.rust-lang.org/1.61.0/core/borrow/trait.Borrow.html#tymethod.borrow" class="fnname">borrow</a>(&self) -> <a class="primitive" href="https://doc.rust-lang.org/1.61.0/std/primitive.reference.html">&</a>T</h4></section></summary><div class='docblock'><p>Immutably borrows from an owned value. <a href="https://doc.rust-lang.org/1.61.0/core/borrow/trait.Borrow.html#tymethod.borrow">Read more</a></p>
|
||||
</div></details></div></details><details class="rustdoc-toggle implementors-toggle"><summary><section id="impl-BorrowMut%3CT%3E" class="impl has-srclink"><span class="rightside"><a class="srclink" href="https://doc.rust-lang.org/1.61.0/src/core/borrow.rs.html#218-222">source</a></span><a href="#impl-BorrowMut%3CT%3E" class="anchor"></a><h3 class="code-header in-band">impl<T> <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/borrow/trait.BorrowMut.html" title="trait core::borrow::BorrowMut">BorrowMut</a><T> for T <span class="where fmt-newline">where<br> T: ?<a class="trait" href="https://doc.rust-lang.org/1.61.0/core/marker/trait.Sized.html" title="trait core::marker::Sized">Sized</a>, </span></h3></section></summary><div class="impl-items"><details class="rustdoc-toggle method-toggle" open><summary><section id="method.borrow_mut" class="method trait-impl has-srclink"><span class="rightside"><span class="since" title="const unstable">const: <a href="https://github.com/rust-lang/rust/issues/91522" title="Tracking issue for const_borrow">unstable</a></span> · <a class="srclink" href="https://doc.rust-lang.org/1.61.0/src/core/borrow.rs.html#219">source</a></span><a href="#method.borrow_mut" class="anchor"></a><h4 class="code-header">fn <a href="https://doc.rust-lang.org/1.61.0/core/borrow/trait.BorrowMut.html#tymethod.borrow_mut" class="fnname">borrow_mut</a>(&mut self) -> <a class="primitive" href="https://doc.rust-lang.org/1.61.0/std/primitive.reference.html">&mut </a>T</h4></section></summary><div class='docblock'><p>Mutably borrows from an owned value. <a href="https://doc.rust-lang.org/1.61.0/core/borrow/trait.BorrowMut.html#tymethod.borrow_mut">Read more</a></p>
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
|
@ -353,7 +353,29 @@ the interactive configuration generator. Alternately, you can set the following
|
|||
these to a group with a scope map due to Velociraptors high impact.</p>
|
||||
<pre><code># kanidm group create velociraptor_users
|
||||
# kanidm group add_members velociraptor_users ...
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email</code></pre>
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email
|
||||
</code></pre>
|
||||
<h3 id="vouch-proxy"><a class="header" href="#vouch-proxy">Vouch Proxy</a></h3>
|
||||
<p><em>You need to run at least the version 0.37.0</em>.</p>
|
||||
<p>Vouch Proxy supports multiple OAuth and OIDC login providers.
|
||||
To configure it you need to pass:</p>
|
||||
<pre><code class="language-yaml">oauth:
|
||||
auth_url: https://idm.wherekanidmruns.com/ui/oauth2
|
||||
callback_url: https://login.wherevouchproxyruns.com/auth
|
||||
client_id: <oauth2_rs_name> # Found in kanidm system oauth2 get XXXX (should be the same as XXXX)
|
||||
client_secret: <oauth2_rs_basic_secret> # Found in kanidm system oauth2 get XXXX
|
||||
code_challenge_method: S256
|
||||
provider: oidc
|
||||
scopes:
|
||||
- email # Important, vouch proxy requiers a username (but does not use the proper scope, sub) or an email see https://github.com/vouch/vouch-proxy/issues/309, 310
|
||||
token_url: https://idm.wherekanidmruns.com/oauth2/token
|
||||
user_info_url: https://idm.wherekanidmruns.com/oauth2/openid/<oauth2_rs_name>/userinfo
|
||||
</code></pre>
|
||||
<p>The <code>email</code> scope needs to be passed and thus the attribute needs to exist in
|
||||
the account:</p>
|
||||
<pre><code>kanidm login --name idm_admin
|
||||
kanidm account person extend YYYY --mail "YYYY@somedomain.com" --name idm_admin
|
||||
</code></pre>
|
||||
|
||||
</main>
|
||||
|
||||
|
|
|
|||
|
|
@ -1613,7 +1613,29 @@ the interactive configuration generator. Alternately, you can set the following
|
|||
these to a group with a scope map due to Velociraptors high impact.</p>
|
||||
<pre><code># kanidm group create velociraptor_users
|
||||
# kanidm group add_members velociraptor_users ...
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email</code></pre>
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email
|
||||
</code></pre>
|
||||
<h3 id="vouch-proxy"><a class="header" href="#vouch-proxy">Vouch Proxy</a></h3>
|
||||
<p><em>You need to run at least the version 0.37.0</em>.</p>
|
||||
<p>Vouch Proxy supports multiple OAuth and OIDC login providers.
|
||||
To configure it you need to pass:</p>
|
||||
<pre><code class="language-yaml">oauth:
|
||||
auth_url: https://idm.wherekanidmruns.com/ui/oauth2
|
||||
callback_url: https://login.wherevouchproxyruns.com/auth
|
||||
client_id: <oauth2_rs_name> # Found in kanidm system oauth2 get XXXX (should be the same as XXXX)
|
||||
client_secret: <oauth2_rs_basic_secret> # Found in kanidm system oauth2 get XXXX
|
||||
code_challenge_method: S256
|
||||
provider: oidc
|
||||
scopes:
|
||||
- email # Important, vouch proxy requiers a username (but does not use the proper scope, sub) or an email see https://github.com/vouch/vouch-proxy/issues/309, 310
|
||||
token_url: https://idm.wherekanidmruns.com/oauth2/token
|
||||
user_info_url: https://idm.wherekanidmruns.com/oauth2/openid/<oauth2_rs_name>/userinfo
|
||||
</code></pre>
|
||||
<p>The <code>email</code> scope needs to be passed and thus the attribute needs to exist in
|
||||
the account:</p>
|
||||
<pre><code>kanidm login --name idm_admin
|
||||
kanidm account person extend YYYY --mail "YYYY@somedomain.com" --name idm_admin
|
||||
</code></pre>
|
||||
<div style="break-before: page; page-break-before: always;"></div><h1 id="pam-and-nsswitch"><a class="header" href="#pam-and-nsswitch">PAM and nsswitch</a></h1>
|
||||
<p><a href="http://linux-pam.org">PAM</a> and <a href="https://en.wikipedia.org/wiki/Name_Service_Switch">nsswitch</a>
|
||||
are the core mechanisms used by Linux and BSD clients to resolve identities from an IDM service
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
|
@ -353,7 +353,29 @@ the interactive configuration generator. Alternately, you can set the following
|
|||
these to a group with a scope map due to Velociraptors high impact.</p>
|
||||
<pre><code># kanidm group create velociraptor_users
|
||||
# kanidm group add_members velociraptor_users ...
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email</code></pre>
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email
|
||||
</code></pre>
|
||||
<h3 id="vouch-proxy"><a class="header" href="#vouch-proxy">Vouch Proxy</a></h3>
|
||||
<p><em>You need to run at least the version 0.37.0</em>.</p>
|
||||
<p>Vouch Proxy supports multiple OAuth and OIDC login providers.
|
||||
To configure it you need to pass:</p>
|
||||
<pre><code class="language-yaml">oauth:
|
||||
auth_url: https://idm.wherekanidmruns.com/ui/oauth2
|
||||
callback_url: https://login.wherevouchproxyruns.com/auth
|
||||
client_id: <oauth2_rs_name> # Found in kanidm system oauth2 get XXXX (should be the same as XXXX)
|
||||
client_secret: <oauth2_rs_basic_secret> # Found in kanidm system oauth2 get XXXX
|
||||
code_challenge_method: S256
|
||||
provider: oidc
|
||||
scopes:
|
||||
- email # Important, vouch proxy requiers a username (but does not use the proper scope, sub) or an email see https://github.com/vouch/vouch-proxy/issues/309, 310
|
||||
token_url: https://idm.wherekanidmruns.com/oauth2/token
|
||||
user_info_url: https://idm.wherekanidmruns.com/oauth2/openid/<oauth2_rs_name>/userinfo
|
||||
</code></pre>
|
||||
<p>The <code>email</code> scope needs to be passed and thus the attribute needs to exist in
|
||||
the account:</p>
|
||||
<pre><code>kanidm login --name idm_admin
|
||||
kanidm account person extend YYYY --mail "YYYY@somedomain.com" --name idm_admin
|
||||
</code></pre>
|
||||
|
||||
</main>
|
||||
|
||||
|
|
|
|||
|
|
@ -1613,7 +1613,29 @@ the interactive configuration generator. Alternately, you can set the following
|
|||
these to a group with a scope map due to Velociraptors high impact.</p>
|
||||
<pre><code># kanidm group create velociraptor_users
|
||||
# kanidm group add_members velociraptor_users ...
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email</code></pre>
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email
|
||||
</code></pre>
|
||||
<h3 id="vouch-proxy"><a class="header" href="#vouch-proxy">Vouch Proxy</a></h3>
|
||||
<p><em>You need to run at least the version 0.37.0</em>.</p>
|
||||
<p>Vouch Proxy supports multiple OAuth and OIDC login providers.
|
||||
To configure it you need to pass:</p>
|
||||
<pre><code class="language-yaml">oauth:
|
||||
auth_url: https://idm.wherekanidmruns.com/ui/oauth2
|
||||
callback_url: https://login.wherevouchproxyruns.com/auth
|
||||
client_id: <oauth2_rs_name> # Found in kanidm system oauth2 get XXXX (should be the same as XXXX)
|
||||
client_secret: <oauth2_rs_basic_secret> # Found in kanidm system oauth2 get XXXX
|
||||
code_challenge_method: S256
|
||||
provider: oidc
|
||||
scopes:
|
||||
- email # Important, vouch proxy requiers a username (but does not use the proper scope, sub) or an email see https://github.com/vouch/vouch-proxy/issues/309, 310
|
||||
token_url: https://idm.wherekanidmruns.com/oauth2/token
|
||||
user_info_url: https://idm.wherekanidmruns.com/oauth2/openid/<oauth2_rs_name>/userinfo
|
||||
</code></pre>
|
||||
<p>The <code>email</code> scope needs to be passed and thus the attribute needs to exist in
|
||||
the account:</p>
|
||||
<pre><code>kanidm login --name idm_admin
|
||||
kanidm account person extend YYYY --mail "YYYY@somedomain.com" --name idm_admin
|
||||
</code></pre>
|
||||
<div style="break-before: page; page-break-before: always;"></div><h1 id="pam-and-nsswitch"><a class="header" href="#pam-and-nsswitch">PAM and nsswitch</a></h1>
|
||||
<p><a href="http://linux-pam.org">PAM</a> and <a href="https://en.wikipedia.org/wiki/Name_Service_Switch">nsswitch</a>
|
||||
are the core mechanisms used by Linux and BSD clients to resolve identities from an IDM service
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
|
@ -353,7 +353,29 @@ the interactive configuration generator. Alternately, you can set the following
|
|||
these to a group with a scope map due to Velociraptors high impact.</p>
|
||||
<pre><code># kanidm group create velociraptor_users
|
||||
# kanidm group add_members velociraptor_users ...
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email</code></pre>
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email
|
||||
</code></pre>
|
||||
<h3 id="vouch-proxy"><a class="header" href="#vouch-proxy">Vouch Proxy</a></h3>
|
||||
<p><em>You need to run at least the version 0.37.0</em>.</p>
|
||||
<p>Vouch Proxy supports multiple OAuth and OIDC login providers.
|
||||
To configure it you need to pass:</p>
|
||||
<pre><code class="language-yaml">oauth:
|
||||
auth_url: https://idm.wherekanidmruns.com/ui/oauth2
|
||||
callback_url: https://login.wherevouchproxyruns.com/auth
|
||||
client_id: <oauth2_rs_name> # Found in kanidm system oauth2 get XXXX (should be the same as XXXX)
|
||||
client_secret: <oauth2_rs_basic_secret> # Found in kanidm system oauth2 get XXXX
|
||||
code_challenge_method: S256
|
||||
provider: oidc
|
||||
scopes:
|
||||
- email # Important, vouch proxy requiers a username (but does not use the proper scope, sub) or an email see https://github.com/vouch/vouch-proxy/issues/309, 310
|
||||
token_url: https://idm.wherekanidmruns.com/oauth2/token
|
||||
user_info_url: https://idm.wherekanidmruns.com/oauth2/openid/<oauth2_rs_name>/userinfo
|
||||
</code></pre>
|
||||
<p>The <code>email</code> scope needs to be passed and thus the attribute needs to exist in
|
||||
the account:</p>
|
||||
<pre><code>kanidm login --name idm_admin
|
||||
kanidm account person extend YYYY --mail "YYYY@somedomain.com" --name idm_admin
|
||||
</code></pre>
|
||||
|
||||
</main>
|
||||
|
||||
|
|
|
|||
|
|
@ -1613,7 +1613,29 @@ the interactive configuration generator. Alternately, you can set the following
|
|||
these to a group with a scope map due to Velociraptors high impact.</p>
|
||||
<pre><code># kanidm group create velociraptor_users
|
||||
# kanidm group add_members velociraptor_users ...
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email</code></pre>
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email
|
||||
</code></pre>
|
||||
<h3 id="vouch-proxy"><a class="header" href="#vouch-proxy">Vouch Proxy</a></h3>
|
||||
<p><em>You need to run at least the version 0.37.0</em>.</p>
|
||||
<p>Vouch Proxy supports multiple OAuth and OIDC login providers.
|
||||
To configure it you need to pass:</p>
|
||||
<pre><code class="language-yaml">oauth:
|
||||
auth_url: https://idm.wherekanidmruns.com/ui/oauth2
|
||||
callback_url: https://login.wherevouchproxyruns.com/auth
|
||||
client_id: <oauth2_rs_name> # Found in kanidm system oauth2 get XXXX (should be the same as XXXX)
|
||||
client_secret: <oauth2_rs_basic_secret> # Found in kanidm system oauth2 get XXXX
|
||||
code_challenge_method: S256
|
||||
provider: oidc
|
||||
scopes:
|
||||
- email # Important, vouch proxy requiers a username (but does not use the proper scope, sub) or an email see https://github.com/vouch/vouch-proxy/issues/309, 310
|
||||
token_url: https://idm.wherekanidmruns.com/oauth2/token
|
||||
user_info_url: https://idm.wherekanidmruns.com/oauth2/openid/<oauth2_rs_name>/userinfo
|
||||
</code></pre>
|
||||
<p>The <code>email</code> scope needs to be passed and thus the attribute needs to exist in
|
||||
the account:</p>
|
||||
<pre><code>kanidm login --name idm_admin
|
||||
kanidm account person extend YYYY --mail "YYYY@somedomain.com" --name idm_admin
|
||||
</code></pre>
|
||||
<div style="break-before: page; page-break-before: always;"></div><h1 id="pam-and-nsswitch"><a class="header" href="#pam-and-nsswitch">PAM and nsswitch</a></h1>
|
||||
<p><a href="http://linux-pam.org">PAM</a> and <a href="https://en.wikipedia.org/wiki/Name_Service_Switch">nsswitch</a>
|
||||
are the core mechanisms used by Linux and BSD clients to resolve identities from an IDM service
|
||||
|
|
|
|||
|
|
@ -6,16 +6,16 @@
|
|||
</a><h2 class="location"><a href="#">ClientError</a></h2><div class="sidebar-elems"><section><div class="block"><h3 class="sidebar-title"><a href="#variants">Variants</a></h3><ul><li><a href="#variant.AuthenticationFailed">AuthenticationFailed</a></li><li><a href="#variant.EmptyResponse">EmptyResponse</a></li><li><a href="#variant.Http">Http</a></li><li><a href="#variant.JsonDecode">JsonDecode</a></li><li><a href="#variant.JsonEncode">JsonEncode</a></li><li><a href="#variant.SystemError">SystemError</a></li><li><a href="#variant.TotpInvalidSha1">TotpInvalidSha1</a></li><li><a href="#variant.TotpVerifyFailed">TotpVerifyFailed</a></li><li><a href="#variant.Transport">Transport</a></li><li><a href="#variant.Unauthorized">Unauthorized</a></li></ul></div><div class="block"><h3 class="sidebar-title"><a href="#trait-implementations">Trait Implementations</a></h3><ul><li><a href="#impl-Debug">Debug</a></li></ul></div><div class="block"><h3 class="sidebar-title"><a href="#synthetic-implementations">Auto Trait Implementations</a></h3><ul><li><a href="#impl-RefUnwindSafe">!RefUnwindSafe</a></li><li><a href="#impl-Send">Send</a></li><li><a href="#impl-Sync">Sync</a></li><li><a href="#impl-Unpin">Unpin</a></li><li><a href="#impl-UnwindSafe">!UnwindSafe</a></li></ul></div><div class="block"><h3 class="sidebar-title"><a href="#blanket-implementations">Blanket Implementations</a></h3><ul><li><a href="#impl-Any">Any</a></li><li><a href="#impl-Borrow%3CT%3E">Borrow<T></a></li><li><a href="#impl-BorrowMut%3CT%3E">BorrowMut<T></a></li><li><a href="#impl-From%3CT%3E">From<T></a></li><li><a href="#impl-Instrument">Instrument</a></li><li><a href="#impl-Into%3CU%3E">Into<U></a></li><li><a href="#impl-TryFrom%3CU%3E">TryFrom<U></a></li><li><a href="#impl-TryInto%3CU%3E">TryInto<U></a></li><li><a href="#impl-VZip%3CV%3E">VZip<V></a></li><li><a href="#impl-WithSubscriber">WithSubscriber</a></li></ul></div></section><h2 class="location"><a href="index.html">In kanidm_client</a></h2><div id="sidebar-vars" data-name="ClientError" data-ty="enum" data-relpath=""></div><script defer src="sidebar-items.js"></script></div></nav><main><div class="width-limiter"><div class="sub-container"><a class="sub-logo-container" href="../kanidm_client/index.html"><img class="rust-logo" src="../rust-logo.svg" alt="logo"></a><nav class="sub"><div class="theme-picker hidden"><button id="theme-picker" aria-label="Pick another theme!" aria-haspopup="menu" title="themes"><img width="22" height="22" alt="Pick another theme!" src="../brush.svg"></button><div id="theme-choices" role="menu"></div></div><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><button type="button" id="help-button" title="help">?</button><a id="settings-menu" href="../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../wheel.svg"></a></div></form></nav></div><section id="main-content" class="content"><div class="main-heading">
|
||||
<h1 class="fqn"><span class="in-band">Enum <a href="index.html">kanidm_client</a>::<wbr><a class="enum" href="#">ClientError</a><button id="copy-path" onclick="copy_path(this)" title="Copy item path to clipboard"><img src="../clipboard.svg" width="19" height="18" alt="Copy item path"></button></span></h1><span class="out-of-band"><a class="srclink" href="../src/kanidm_client/lib.rs.html#51-62">source</a> · <a id="toggle-all-docs" href="javascript:void(0)" title="collapse all docs">[<span class="inner">−</span>]</a></span></div><div class="docblock item-decl"><pre class="rust enum"><code>pub enum ClientError {
|
||||
Unauthorized,
|
||||
Http(<a class="struct" href="struct.StatusCode.html" title="struct kanidm_client::StatusCode">StatusCode</a>, <a class="enum" href="https://doc.rust-lang.org/1.61.0/core/option/enum.Option.html" title="enum core::option::Option">Option</a><<a class="enum" href="../kanidm_proto/v1/enum.OperationError.html" title="enum kanidm_proto::v1::OperationError">OperationError</a>>, <a class="struct" href="https://doc.rust-lang.org/1.61.0/alloc/string/struct.String.html" title="struct alloc::string::String">String</a>),
|
||||
Http(<a class="struct" href="struct.StatusCode.html" title="struct kanidm_client::StatusCode">StatusCode</a>, <a class="enum" href="https://doc.rust-lang.org/1.61.0/core/option/enum.Option.html" title="enum core::option::Option">Option</a><OperationError>, <a class="struct" href="https://doc.rust-lang.org/1.61.0/alloc/string/struct.String.html" title="struct alloc::string::String">String</a>),
|
||||
Transport(<a class="struct" href="https://docs.rs/reqwest/0.11.10/reqwest/error/struct.Error.html" title="struct reqwest::error::Error">Error</a>),
|
||||
AuthenticationFailed,
|
||||
EmptyResponse,
|
||||
TotpVerifyFailed(<a class="struct" href="https://docs.rs/uuid/1.1.2/uuid/struct.Uuid.html" title="struct uuid::Uuid">Uuid</a>, <a class="struct" href="../kanidm_proto/v1/struct.TotpSecret.html" title="struct kanidm_proto::v1::TotpSecret">TotpSecret</a>),
|
||||
TotpVerifyFailed(<a class="struct" href="https://docs.rs/uuid/1.1.2/uuid/struct.Uuid.html" title="struct uuid::Uuid">Uuid</a>, TotpSecret),
|
||||
TotpInvalidSha1(<a class="struct" href="https://docs.rs/uuid/1.1.2/uuid/struct.Uuid.html" title="struct uuid::Uuid">Uuid</a>),
|
||||
JsonDecode(<a class="struct" href="https://docs.rs/reqwest/0.11.10/reqwest/error/struct.Error.html" title="struct reqwest::error::Error">Error</a>, <a class="struct" href="https://doc.rust-lang.org/1.61.0/alloc/string/struct.String.html" title="struct alloc::string::String">String</a>),
|
||||
JsonEncode(<a class="struct" href="https://docs.rs/serde_json/1.0.81/serde_json/error/struct.Error.html" title="struct serde_json::error::Error">SerdeJsonError</a>),
|
||||
SystemError,
|
||||
}</code></pre></div><h2 id="variants" class="variants small-section-header">Variants<a href="#variants" class="anchor"></a></h2><h3 id="variant.Unauthorized" class="variant small-section-header"><a href="#variant.Unauthorized" class="anchor field"></a><code>Unauthorized</code></h3><h3 id="variant.Http" class="variant small-section-header"><a href="#variant.Http" class="anchor field"></a><code>Http(<a class="struct" href="struct.StatusCode.html" title="struct kanidm_client::StatusCode">StatusCode</a>, <a class="enum" href="https://doc.rust-lang.org/1.61.0/core/option/enum.Option.html" title="enum core::option::Option">Option</a><<a class="enum" href="../kanidm_proto/v1/enum.OperationError.html" title="enum kanidm_proto::v1::OperationError">OperationError</a>>, <a class="struct" href="https://doc.rust-lang.org/1.61.0/alloc/string/struct.String.html" title="struct alloc::string::String">String</a>)</code></h3><h3 id="variant.Transport" class="variant small-section-header"><a href="#variant.Transport" class="anchor field"></a><code>Transport(<a class="struct" href="https://docs.rs/reqwest/0.11.10/reqwest/error/struct.Error.html" title="struct reqwest::error::Error">Error</a>)</code></h3><h3 id="variant.AuthenticationFailed" class="variant small-section-header"><a href="#variant.AuthenticationFailed" class="anchor field"></a><code>AuthenticationFailed</code></h3><h3 id="variant.EmptyResponse" class="variant small-section-header"><a href="#variant.EmptyResponse" class="anchor field"></a><code>EmptyResponse</code></h3><h3 id="variant.TotpVerifyFailed" class="variant small-section-header"><a href="#variant.TotpVerifyFailed" class="anchor field"></a><code>TotpVerifyFailed(<a class="struct" href="https://docs.rs/uuid/1.1.2/uuid/struct.Uuid.html" title="struct uuid::Uuid">Uuid</a>, <a class="struct" href="../kanidm_proto/v1/struct.TotpSecret.html" title="struct kanidm_proto::v1::TotpSecret">TotpSecret</a>)</code></h3><h3 id="variant.TotpInvalidSha1" class="variant small-section-header"><a href="#variant.TotpInvalidSha1" class="anchor field"></a><code>TotpInvalidSha1(<a class="struct" href="https://docs.rs/uuid/1.1.2/uuid/struct.Uuid.html" title="struct uuid::Uuid">Uuid</a>)</code></h3><h3 id="variant.JsonDecode" class="variant small-section-header"><a href="#variant.JsonDecode" class="anchor field"></a><code>JsonDecode(<a class="struct" href="https://docs.rs/reqwest/0.11.10/reqwest/error/struct.Error.html" title="struct reqwest::error::Error">Error</a>, <a class="struct" href="https://doc.rust-lang.org/1.61.0/alloc/string/struct.String.html" title="struct alloc::string::String">String</a>)</code></h3><h3 id="variant.JsonEncode" class="variant small-section-header"><a href="#variant.JsonEncode" class="anchor field"></a><code>JsonEncode(<a class="struct" href="https://docs.rs/serde_json/1.0.81/serde_json/error/struct.Error.html" title="struct serde_json::error::Error">SerdeJsonError</a>)</code></h3><h3 id="variant.SystemError" class="variant small-section-header"><a href="#variant.SystemError" class="anchor field"></a><code>SystemError</code></h3><h2 id="trait-implementations" class="small-section-header">Trait Implementations<a href="#trait-implementations" class="anchor"></a></h2><div id="trait-implementations-list"><details class="rustdoc-toggle implementors-toggle" open><summary><section id="impl-Debug" class="impl has-srclink"><span class="rightside"><a class="srclink" href="../src/kanidm_client/lib.rs.html#50">source</a></span><a href="#impl-Debug" class="anchor"></a><h3 class="code-header in-band">impl <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/fmt/trait.Debug.html" title="trait core::fmt::Debug">Debug</a> for <a class="enum" href="enum.ClientError.html" title="enum kanidm_client::ClientError">ClientError</a></h3></section></summary><div class="impl-items"><details class="rustdoc-toggle method-toggle" open><summary><section id="method.fmt" class="method trait-impl has-srclink"><span class="rightside"><a class="srclink" href="../src/kanidm_client/lib.rs.html#50">source</a></span><a href="#method.fmt" class="anchor"></a><h4 class="code-header">fn <a href="https://doc.rust-lang.org/1.61.0/core/fmt/trait.Debug.html#tymethod.fmt" class="fnname">fmt</a>(&self, f: &mut <a class="struct" href="https://doc.rust-lang.org/1.61.0/core/fmt/struct.Formatter.html" title="struct core::fmt::Formatter">Formatter</a><'_>) -> <a class="type" href="https://doc.rust-lang.org/1.61.0/core/fmt/type.Result.html" title="type core::fmt::Result">Result</a></h4></section></summary><div class='docblock'><p>Formats the value using the given formatter. <a href="https://doc.rust-lang.org/1.61.0/core/fmt/trait.Debug.html#tymethod.fmt">Read more</a></p>
|
||||
}</code></pre></div><h2 id="variants" class="variants small-section-header">Variants<a href="#variants" class="anchor"></a></h2><h3 id="variant.Unauthorized" class="variant small-section-header"><a href="#variant.Unauthorized" class="anchor field"></a><code>Unauthorized</code></h3><h3 id="variant.Http" class="variant small-section-header"><a href="#variant.Http" class="anchor field"></a><code>Http(<a class="struct" href="struct.StatusCode.html" title="struct kanidm_client::StatusCode">StatusCode</a>, <a class="enum" href="https://doc.rust-lang.org/1.61.0/core/option/enum.Option.html" title="enum core::option::Option">Option</a><OperationError>, <a class="struct" href="https://doc.rust-lang.org/1.61.0/alloc/string/struct.String.html" title="struct alloc::string::String">String</a>)</code></h3><h3 id="variant.Transport" class="variant small-section-header"><a href="#variant.Transport" class="anchor field"></a><code>Transport(<a class="struct" href="https://docs.rs/reqwest/0.11.10/reqwest/error/struct.Error.html" title="struct reqwest::error::Error">Error</a>)</code></h3><h3 id="variant.AuthenticationFailed" class="variant small-section-header"><a href="#variant.AuthenticationFailed" class="anchor field"></a><code>AuthenticationFailed</code></h3><h3 id="variant.EmptyResponse" class="variant small-section-header"><a href="#variant.EmptyResponse" class="anchor field"></a><code>EmptyResponse</code></h3><h3 id="variant.TotpVerifyFailed" class="variant small-section-header"><a href="#variant.TotpVerifyFailed" class="anchor field"></a><code>TotpVerifyFailed(<a class="struct" href="https://docs.rs/uuid/1.1.2/uuid/struct.Uuid.html" title="struct uuid::Uuid">Uuid</a>, TotpSecret)</code></h3><h3 id="variant.TotpInvalidSha1" class="variant small-section-header"><a href="#variant.TotpInvalidSha1" class="anchor field"></a><code>TotpInvalidSha1(<a class="struct" href="https://docs.rs/uuid/1.1.2/uuid/struct.Uuid.html" title="struct uuid::Uuid">Uuid</a>)</code></h3><h3 id="variant.JsonDecode" class="variant small-section-header"><a href="#variant.JsonDecode" class="anchor field"></a><code>JsonDecode(<a class="struct" href="https://docs.rs/reqwest/0.11.10/reqwest/error/struct.Error.html" title="struct reqwest::error::Error">Error</a>, <a class="struct" href="https://doc.rust-lang.org/1.61.0/alloc/string/struct.String.html" title="struct alloc::string::String">String</a>)</code></h3><h3 id="variant.JsonEncode" class="variant small-section-header"><a href="#variant.JsonEncode" class="anchor field"></a><code>JsonEncode(<a class="struct" href="https://docs.rs/serde_json/1.0.81/serde_json/error/struct.Error.html" title="struct serde_json::error::Error">SerdeJsonError</a>)</code></h3><h3 id="variant.SystemError" class="variant small-section-header"><a href="#variant.SystemError" class="anchor field"></a><code>SystemError</code></h3><h2 id="trait-implementations" class="small-section-header">Trait Implementations<a href="#trait-implementations" class="anchor"></a></h2><div id="trait-implementations-list"><details class="rustdoc-toggle implementors-toggle" open><summary><section id="impl-Debug" class="impl has-srclink"><span class="rightside"><a class="srclink" href="../src/kanidm_client/lib.rs.html#50">source</a></span><a href="#impl-Debug" class="anchor"></a><h3 class="code-header in-band">impl <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/fmt/trait.Debug.html" title="trait core::fmt::Debug">Debug</a> for <a class="enum" href="enum.ClientError.html" title="enum kanidm_client::ClientError">ClientError</a></h3></section></summary><div class="impl-items"><details class="rustdoc-toggle method-toggle" open><summary><section id="method.fmt" class="method trait-impl has-srclink"><span class="rightside"><a class="srclink" href="../src/kanidm_client/lib.rs.html#50">source</a></span><a href="#method.fmt" class="anchor"></a><h4 class="code-header">fn <a href="https://doc.rust-lang.org/1.61.0/core/fmt/trait.Debug.html#tymethod.fmt" class="fnname">fmt</a>(&self, f: &mut <a class="struct" href="https://doc.rust-lang.org/1.61.0/core/fmt/struct.Formatter.html" title="struct core::fmt::Formatter">Formatter</a><'_>) -> <a class="type" href="https://doc.rust-lang.org/1.61.0/core/fmt/type.Result.html" title="type core::fmt::Result">Result</a></h4></section></summary><div class='docblock'><p>Formats the value using the given formatter. <a href="https://doc.rust-lang.org/1.61.0/core/fmt/trait.Debug.html#tymethod.fmt">Read more</a></p>
|
||||
</div></details></div></details></div><h2 id="synthetic-implementations" class="small-section-header">Auto Trait Implementations<a href="#synthetic-implementations" class="anchor"></a></h2><div id="synthetic-implementations-list"><section id="impl-RefUnwindSafe" class="impl has-srclink"><a href="#impl-RefUnwindSafe" class="anchor"></a><h3 class="code-header in-band">impl !<a class="trait" href="https://doc.rust-lang.org/1.61.0/core/panic/unwind_safe/trait.RefUnwindSafe.html" title="trait core::panic::unwind_safe::RefUnwindSafe">RefUnwindSafe</a> for <a class="enum" href="enum.ClientError.html" title="enum kanidm_client::ClientError">ClientError</a></h3></section><section id="impl-Send" class="impl has-srclink"><a href="#impl-Send" class="anchor"></a><h3 class="code-header in-band">impl <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/marker/trait.Send.html" title="trait core::marker::Send">Send</a> for <a class="enum" href="enum.ClientError.html" title="enum kanidm_client::ClientError">ClientError</a></h3></section><section id="impl-Sync" class="impl has-srclink"><a href="#impl-Sync" class="anchor"></a><h3 class="code-header in-band">impl <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/marker/trait.Sync.html" title="trait core::marker::Sync">Sync</a> for <a class="enum" href="enum.ClientError.html" title="enum kanidm_client::ClientError">ClientError</a></h3></section><section id="impl-Unpin" class="impl has-srclink"><a href="#impl-Unpin" class="anchor"></a><h3 class="code-header in-band">impl <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/marker/trait.Unpin.html" title="trait core::marker::Unpin">Unpin</a> for <a class="enum" href="enum.ClientError.html" title="enum kanidm_client::ClientError">ClientError</a></h3></section><section id="impl-UnwindSafe" class="impl has-srclink"><a href="#impl-UnwindSafe" class="anchor"></a><h3 class="code-header in-band">impl !<a class="trait" href="https://doc.rust-lang.org/1.61.0/core/panic/unwind_safe/trait.UnwindSafe.html" title="trait core::panic::unwind_safe::UnwindSafe">UnwindSafe</a> for <a class="enum" href="enum.ClientError.html" title="enum kanidm_client::ClientError">ClientError</a></h3></section></div><h2 id="blanket-implementations" class="small-section-header">Blanket Implementations<a href="#blanket-implementations" class="anchor"></a></h2><div id="blanket-implementations-list"><details class="rustdoc-toggle implementors-toggle"><summary><section id="impl-Any" class="impl has-srclink"><span class="rightside"><a class="srclink" href="https://doc.rust-lang.org/1.61.0/src/core/any.rs.html#132-136">source</a></span><a href="#impl-Any" class="anchor"></a><h3 class="code-header in-band">impl<T> <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/any/trait.Any.html" title="trait core::any::Any">Any</a> for T <span class="where fmt-newline">where<br> T: 'static + ?<a class="trait" href="https://doc.rust-lang.org/1.61.0/core/marker/trait.Sized.html" title="trait core::marker::Sized">Sized</a>, </span></h3></section></summary><div class="impl-items"><details class="rustdoc-toggle method-toggle" open><summary><section id="method.type_id" class="method trait-impl has-srclink"><span class="rightside"><a class="srclink" href="https://doc.rust-lang.org/1.61.0/src/core/any.rs.html#133">source</a></span><a href="#method.type_id" class="anchor"></a><h4 class="code-header">fn <a href="https://doc.rust-lang.org/1.61.0/core/any/trait.Any.html#tymethod.type_id" class="fnname">type_id</a>(&self) -> <a class="struct" href="https://doc.rust-lang.org/1.61.0/core/any/struct.TypeId.html" title="struct core::any::TypeId">TypeId</a></h4></section></summary><div class='docblock'><p>Gets the <code>TypeId</code> of <code>self</code>. <a href="https://doc.rust-lang.org/1.61.0/core/any/trait.Any.html#tymethod.type_id">Read more</a></p>
|
||||
</div></details></div></details><details class="rustdoc-toggle implementors-toggle"><summary><section id="impl-Borrow%3CT%3E" class="impl has-srclink"><span class="rightside"><a class="srclink" href="https://doc.rust-lang.org/1.61.0/src/core/borrow.rs.html#209-214">source</a></span><a href="#impl-Borrow%3CT%3E" class="anchor"></a><h3 class="code-header in-band">impl<T> <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/borrow/trait.Borrow.html" title="trait core::borrow::Borrow">Borrow</a><T> for T <span class="where fmt-newline">where<br> T: ?<a class="trait" href="https://doc.rust-lang.org/1.61.0/core/marker/trait.Sized.html" title="trait core::marker::Sized">Sized</a>, </span></h3></section></summary><div class="impl-items"><details class="rustdoc-toggle method-toggle" open><summary><section id="method.borrow" class="method trait-impl has-srclink"><span class="rightside"><span class="since" title="const unstable">const: <a href="https://github.com/rust-lang/rust/issues/91522" title="Tracking issue for const_borrow">unstable</a></span> · <a class="srclink" href="https://doc.rust-lang.org/1.61.0/src/core/borrow.rs.html#211">source</a></span><a href="#method.borrow" class="anchor"></a><h4 class="code-header">fn <a href="https://doc.rust-lang.org/1.61.0/core/borrow/trait.Borrow.html#tymethod.borrow" class="fnname">borrow</a>(&self) -> <a class="primitive" href="https://doc.rust-lang.org/1.61.0/std/primitive.reference.html">&</a>T</h4></section></summary><div class='docblock'><p>Immutably borrows from an owned value. <a href="https://doc.rust-lang.org/1.61.0/core/borrow/trait.Borrow.html#tymethod.borrow">Read more</a></p>
|
||||
</div></details></div></details><details class="rustdoc-toggle implementors-toggle"><summary><section id="impl-BorrowMut%3CT%3E" class="impl has-srclink"><span class="rightside"><a class="srclink" href="https://doc.rust-lang.org/1.61.0/src/core/borrow.rs.html#218-222">source</a></span><a href="#impl-BorrowMut%3CT%3E" class="anchor"></a><h3 class="code-header in-band">impl<T> <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/borrow/trait.BorrowMut.html" title="trait core::borrow::BorrowMut">BorrowMut</a><T> for T <span class="where fmt-newline">where<br> T: ?<a class="trait" href="https://doc.rust-lang.org/1.61.0/core/marker/trait.Sized.html" title="trait core::marker::Sized">Sized</a>, </span></h3></section></summary><div class="impl-items"><details class="rustdoc-toggle method-toggle" open><summary><section id="method.borrow_mut" class="method trait-impl has-srclink"><span class="rightside"><span class="since" title="const unstable">const: <a href="https://github.com/rust-lang/rust/issues/91522" title="Tracking issue for const_borrow">unstable</a></span> · <a class="srclink" href="https://doc.rust-lang.org/1.61.0/src/core/borrow.rs.html#219">source</a></span><a href="#method.borrow_mut" class="anchor"></a><h4 class="code-header">fn <a href="https://doc.rust-lang.org/1.61.0/core/borrow/trait.BorrowMut.html#tymethod.borrow_mut" class="fnname">borrow_mut</a>(&mut self) -> <a class="primitive" href="https://doc.rust-lang.org/1.61.0/std/primitive.reference.html">&mut </a>T</h4></section></summary><div class='docblock'><p>Mutably borrows from an owned value. <a href="https://doc.rust-lang.org/1.61.0/core/borrow/trait.BorrowMut.html#tymethod.borrow_mut">Read more</a></p>
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
|
@ -353,7 +353,29 @@ the interactive configuration generator. Alternately, you can set the following
|
|||
these to a group with a scope map due to Velociraptors high impact.</p>
|
||||
<pre><code># kanidm group create velociraptor_users
|
||||
# kanidm group add_members velociraptor_users ...
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email</code></pre>
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email
|
||||
</code></pre>
|
||||
<h3 id="vouch-proxy"><a class="header" href="#vouch-proxy">Vouch Proxy</a></h3>
|
||||
<p><em>You need to run at least the version 0.37.0</em>.</p>
|
||||
<p>Vouch Proxy supports multiple OAuth and OIDC login providers.
|
||||
To configure it you need to pass:</p>
|
||||
<pre><code class="language-yaml">oauth:
|
||||
auth_url: https://idm.wherekanidmruns.com/ui/oauth2
|
||||
callback_url: https://login.wherevouchproxyruns.com/auth
|
||||
client_id: <oauth2_rs_name> # Found in kanidm system oauth2 get XXXX (should be the same as XXXX)
|
||||
client_secret: <oauth2_rs_basic_secret> # Found in kanidm system oauth2 get XXXX
|
||||
code_challenge_method: S256
|
||||
provider: oidc
|
||||
scopes:
|
||||
- email # Important, vouch proxy requiers a username (but does not use the proper scope, sub) or an email see https://github.com/vouch/vouch-proxy/issues/309, 310
|
||||
token_url: https://idm.wherekanidmruns.com/oauth2/token
|
||||
user_info_url: https://idm.wherekanidmruns.com/oauth2/openid/<oauth2_rs_name>/userinfo
|
||||
</code></pre>
|
||||
<p>The <code>email</code> scope needs to be passed and thus the attribute needs to exist in
|
||||
the account:</p>
|
||||
<pre><code>kanidm login --name idm_admin
|
||||
kanidm account person extend YYYY --mail "YYYY@somedomain.com" --name idm_admin
|
||||
</code></pre>
|
||||
|
||||
</main>
|
||||
|
||||
|
|
|
|||
|
|
@ -1613,7 +1613,29 @@ the interactive configuration generator. Alternately, you can set the following
|
|||
these to a group with a scope map due to Velociraptors high impact.</p>
|
||||
<pre><code># kanidm group create velociraptor_users
|
||||
# kanidm group add_members velociraptor_users ...
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email</code></pre>
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email
|
||||
</code></pre>
|
||||
<h3 id="vouch-proxy"><a class="header" href="#vouch-proxy">Vouch Proxy</a></h3>
|
||||
<p><em>You need to run at least the version 0.37.0</em>.</p>
|
||||
<p>Vouch Proxy supports multiple OAuth and OIDC login providers.
|
||||
To configure it you need to pass:</p>
|
||||
<pre><code class="language-yaml">oauth:
|
||||
auth_url: https://idm.wherekanidmruns.com/ui/oauth2
|
||||
callback_url: https://login.wherevouchproxyruns.com/auth
|
||||
client_id: <oauth2_rs_name> # Found in kanidm system oauth2 get XXXX (should be the same as XXXX)
|
||||
client_secret: <oauth2_rs_basic_secret> # Found in kanidm system oauth2 get XXXX
|
||||
code_challenge_method: S256
|
||||
provider: oidc
|
||||
scopes:
|
||||
- email # Important, vouch proxy requiers a username (but does not use the proper scope, sub) or an email see https://github.com/vouch/vouch-proxy/issues/309, 310
|
||||
token_url: https://idm.wherekanidmruns.com/oauth2/token
|
||||
user_info_url: https://idm.wherekanidmruns.com/oauth2/openid/<oauth2_rs_name>/userinfo
|
||||
</code></pre>
|
||||
<p>The <code>email</code> scope needs to be passed and thus the attribute needs to exist in
|
||||
the account:</p>
|
||||
<pre><code>kanidm login --name idm_admin
|
||||
kanidm account person extend YYYY --mail "YYYY@somedomain.com" --name idm_admin
|
||||
</code></pre>
|
||||
<div style="break-before: page; page-break-before: always;"></div><h1 id="pam-and-nsswitch"><a class="header" href="#pam-and-nsswitch">PAM and nsswitch</a></h1>
|
||||
<p><a href="http://linux-pam.org">PAM</a> and <a href="https://en.wikipedia.org/wiki/Name_Service_Switch">nsswitch</a>
|
||||
are the core mechanisms used by Linux and BSD clients to resolve identities from an IDM service
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
|
@ -353,7 +353,29 @@ the interactive configuration generator. Alternately, you can set the following
|
|||
these to a group with a scope map due to Velociraptors high impact.</p>
|
||||
<pre><code># kanidm group create velociraptor_users
|
||||
# kanidm group add_members velociraptor_users ...
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email</code></pre>
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email
|
||||
</code></pre>
|
||||
<h3 id="vouch-proxy"><a class="header" href="#vouch-proxy">Vouch Proxy</a></h3>
|
||||
<p><em>You need to run at least the version 0.37.0</em>.</p>
|
||||
<p>Vouch Proxy supports multiple OAuth and OIDC login providers.
|
||||
To configure it you need to pass:</p>
|
||||
<pre><code class="language-yaml">oauth:
|
||||
auth_url: https://idm.wherekanidmruns.com/ui/oauth2
|
||||
callback_url: https://login.wherevouchproxyruns.com/auth
|
||||
client_id: <oauth2_rs_name> # Found in kanidm system oauth2 get XXXX (should be the same as XXXX)
|
||||
client_secret: <oauth2_rs_basic_secret> # Found in kanidm system oauth2 get XXXX
|
||||
code_challenge_method: S256
|
||||
provider: oidc
|
||||
scopes:
|
||||
- email # Important, vouch proxy requiers a username (but does not use the proper scope, sub) or an email see https://github.com/vouch/vouch-proxy/issues/309, 310
|
||||
token_url: https://idm.wherekanidmruns.com/oauth2/token
|
||||
user_info_url: https://idm.wherekanidmruns.com/oauth2/openid/<oauth2_rs_name>/userinfo
|
||||
</code></pre>
|
||||
<p>The <code>email</code> scope needs to be passed and thus the attribute needs to exist in
|
||||
the account:</p>
|
||||
<pre><code>kanidm login --name idm_admin
|
||||
kanidm account person extend YYYY --mail "YYYY@somedomain.com" --name idm_admin
|
||||
</code></pre>
|
||||
|
||||
</main>
|
||||
|
||||
|
|
|
|||
|
|
@ -1613,7 +1613,29 @@ the interactive configuration generator. Alternately, you can set the following
|
|||
these to a group with a scope map due to Velociraptors high impact.</p>
|
||||
<pre><code># kanidm group create velociraptor_users
|
||||
# kanidm group add_members velociraptor_users ...
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email</code></pre>
|
||||
kanidm system oauth2 create_scope_map <resource server name> velociraptor_users openid email
|
||||
</code></pre>
|
||||
<h3 id="vouch-proxy"><a class="header" href="#vouch-proxy">Vouch Proxy</a></h3>
|
||||
<p><em>You need to run at least the version 0.37.0</em>.</p>
|
||||
<p>Vouch Proxy supports multiple OAuth and OIDC login providers.
|
||||
To configure it you need to pass:</p>
|
||||
<pre><code class="language-yaml">oauth:
|
||||
auth_url: https://idm.wherekanidmruns.com/ui/oauth2
|
||||
callback_url: https://login.wherevouchproxyruns.com/auth
|
||||
client_id: <oauth2_rs_name> # Found in kanidm system oauth2 get XXXX (should be the same as XXXX)
|
||||
client_secret: <oauth2_rs_basic_secret> # Found in kanidm system oauth2 get XXXX
|
||||
code_challenge_method: S256
|
||||
provider: oidc
|
||||
scopes:
|
||||
- email # Important, vouch proxy requiers a username (but does not use the proper scope, sub) or an email see https://github.com/vouch/vouch-proxy/issues/309, 310
|
||||
token_url: https://idm.wherekanidmruns.com/oauth2/token
|
||||
user_info_url: https://idm.wherekanidmruns.com/oauth2/openid/<oauth2_rs_name>/userinfo
|
||||
</code></pre>
|
||||
<p>The <code>email</code> scope needs to be passed and thus the attribute needs to exist in
|
||||
the account:</p>
|
||||
<pre><code>kanidm login --name idm_admin
|
||||
kanidm account person extend YYYY --mail "YYYY@somedomain.com" --name idm_admin
|
||||
</code></pre>
|
||||
<div style="break-before: page; page-break-before: always;"></div><h1 id="pam-and-nsswitch"><a class="header" href="#pam-and-nsswitch">PAM and nsswitch</a></h1>
|
||||
<p><a href="http://linux-pam.org">PAM</a> and <a href="https://en.wikipedia.org/wiki/Name_Service_Switch">nsswitch</a>
|
||||
are the core mechanisms used by Linux and BSD clients to resolve identities from an IDM service
|
||||
|
|
|
|||
|
|
@ -6,16 +6,16 @@
|
|||
</a><h2 class="location"><a href="#">ClientError</a></h2><div class="sidebar-elems"><section><div class="block"><h3 class="sidebar-title"><a href="#variants">Variants</a></h3><ul><li><a href="#variant.AuthenticationFailed">AuthenticationFailed</a></li><li><a href="#variant.EmptyResponse">EmptyResponse</a></li><li><a href="#variant.Http">Http</a></li><li><a href="#variant.JsonDecode">JsonDecode</a></li><li><a href="#variant.JsonEncode">JsonEncode</a></li><li><a href="#variant.SystemError">SystemError</a></li><li><a href="#variant.TotpInvalidSha1">TotpInvalidSha1</a></li><li><a href="#variant.TotpVerifyFailed">TotpVerifyFailed</a></li><li><a href="#variant.Transport">Transport</a></li><li><a href="#variant.Unauthorized">Unauthorized</a></li></ul></div><div class="block"><h3 class="sidebar-title"><a href="#trait-implementations">Trait Implementations</a></h3><ul><li><a href="#impl-Debug">Debug</a></li></ul></div><div class="block"><h3 class="sidebar-title"><a href="#synthetic-implementations">Auto Trait Implementations</a></h3><ul><li><a href="#impl-RefUnwindSafe">!RefUnwindSafe</a></li><li><a href="#impl-Send">Send</a></li><li><a href="#impl-Sync">Sync</a></li><li><a href="#impl-Unpin">Unpin</a></li><li><a href="#impl-UnwindSafe">!UnwindSafe</a></li></ul></div><div class="block"><h3 class="sidebar-title"><a href="#blanket-implementations">Blanket Implementations</a></h3><ul><li><a href="#impl-Any">Any</a></li><li><a href="#impl-Borrow%3CT%3E">Borrow<T></a></li><li><a href="#impl-BorrowMut%3CT%3E">BorrowMut<T></a></li><li><a href="#impl-From%3CT%3E">From<T></a></li><li><a href="#impl-Instrument">Instrument</a></li><li><a href="#impl-Into%3CU%3E">Into<U></a></li><li><a href="#impl-TryFrom%3CU%3E">TryFrom<U></a></li><li><a href="#impl-TryInto%3CU%3E">TryInto<U></a></li><li><a href="#impl-VZip%3CV%3E">VZip<V></a></li><li><a href="#impl-WithSubscriber">WithSubscriber</a></li></ul></div></section><h2 class="location"><a href="index.html">In kanidm_client</a></h2><div id="sidebar-vars" data-name="ClientError" data-ty="enum" data-relpath=""></div><script defer src="sidebar-items.js"></script></div></nav><main><div class="width-limiter"><div class="sub-container"><a class="sub-logo-container" href="../kanidm_client/index.html"><img class="rust-logo" src="../rust-logo.svg" alt="logo"></a><nav class="sub"><div class="theme-picker hidden"><button id="theme-picker" aria-label="Pick another theme!" aria-haspopup="menu" title="themes"><img width="22" height="22" alt="Pick another theme!" src="../brush.svg"></button><div id="theme-choices" role="menu"></div></div><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><button type="button" id="help-button" title="help">?</button><a id="settings-menu" href="../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../wheel.svg"></a></div></form></nav></div><section id="main-content" class="content"><div class="main-heading">
|
||||
<h1 class="fqn"><span class="in-band">Enum <a href="index.html">kanidm_client</a>::<wbr><a class="enum" href="#">ClientError</a><button id="copy-path" onclick="copy_path(this)" title="Copy item path to clipboard"><img src="../clipboard.svg" width="19" height="18" alt="Copy item path"></button></span></h1><span class="out-of-band"><a class="srclink" href="../src/kanidm_client/lib.rs.html#51-62">source</a> · <a id="toggle-all-docs" href="javascript:void(0)" title="collapse all docs">[<span class="inner">−</span>]</a></span></div><div class="docblock item-decl"><pre class="rust enum"><code>pub enum ClientError {
|
||||
Unauthorized,
|
||||
Http(<a class="struct" href="struct.StatusCode.html" title="struct kanidm_client::StatusCode">StatusCode</a>, <a class="enum" href="https://doc.rust-lang.org/1.61.0/core/option/enum.Option.html" title="enum core::option::Option">Option</a><<a class="enum" href="../kanidm_proto/v1/enum.OperationError.html" title="enum kanidm_proto::v1::OperationError">OperationError</a>>, <a class="struct" href="https://doc.rust-lang.org/1.61.0/alloc/string/struct.String.html" title="struct alloc::string::String">String</a>),
|
||||
Http(<a class="struct" href="struct.StatusCode.html" title="struct kanidm_client::StatusCode">StatusCode</a>, <a class="enum" href="https://doc.rust-lang.org/1.61.0/core/option/enum.Option.html" title="enum core::option::Option">Option</a><OperationError>, <a class="struct" href="https://doc.rust-lang.org/1.61.0/alloc/string/struct.String.html" title="struct alloc::string::String">String</a>),
|
||||
Transport(<a class="struct" href="https://docs.rs/reqwest/0.11.10/reqwest/error/struct.Error.html" title="struct reqwest::error::Error">Error</a>),
|
||||
AuthenticationFailed,
|
||||
EmptyResponse,
|
||||
TotpVerifyFailed(<a class="struct" href="https://docs.rs/uuid/1.1.2/uuid/struct.Uuid.html" title="struct uuid::Uuid">Uuid</a>, <a class="struct" href="../kanidm_proto/v1/struct.TotpSecret.html" title="struct kanidm_proto::v1::TotpSecret">TotpSecret</a>),
|
||||
TotpVerifyFailed(<a class="struct" href="https://docs.rs/uuid/1.1.2/uuid/struct.Uuid.html" title="struct uuid::Uuid">Uuid</a>, TotpSecret),
|
||||
TotpInvalidSha1(<a class="struct" href="https://docs.rs/uuid/1.1.2/uuid/struct.Uuid.html" title="struct uuid::Uuid">Uuid</a>),
|
||||
JsonDecode(<a class="struct" href="https://docs.rs/reqwest/0.11.10/reqwest/error/struct.Error.html" title="struct reqwest::error::Error">Error</a>, <a class="struct" href="https://doc.rust-lang.org/1.61.0/alloc/string/struct.String.html" title="struct alloc::string::String">String</a>),
|
||||
JsonEncode(<a class="struct" href="https://docs.rs/serde_json/1.0.81/serde_json/error/struct.Error.html" title="struct serde_json::error::Error">SerdeJsonError</a>),
|
||||
SystemError,
|
||||
}</code></pre></div><h2 id="variants" class="variants small-section-header">Variants<a href="#variants" class="anchor"></a></h2><h3 id="variant.Unauthorized" class="variant small-section-header"><a href="#variant.Unauthorized" class="anchor field"></a><code>Unauthorized</code></h3><h3 id="variant.Http" class="variant small-section-header"><a href="#variant.Http" class="anchor field"></a><code>Http(<a class="struct" href="struct.StatusCode.html" title="struct kanidm_client::StatusCode">StatusCode</a>, <a class="enum" href="https://doc.rust-lang.org/1.61.0/core/option/enum.Option.html" title="enum core::option::Option">Option</a><<a class="enum" href="../kanidm_proto/v1/enum.OperationError.html" title="enum kanidm_proto::v1::OperationError">OperationError</a>>, <a class="struct" href="https://doc.rust-lang.org/1.61.0/alloc/string/struct.String.html" title="struct alloc::string::String">String</a>)</code></h3><h3 id="variant.Transport" class="variant small-section-header"><a href="#variant.Transport" class="anchor field"></a><code>Transport(<a class="struct" href="https://docs.rs/reqwest/0.11.10/reqwest/error/struct.Error.html" title="struct reqwest::error::Error">Error</a>)</code></h3><h3 id="variant.AuthenticationFailed" class="variant small-section-header"><a href="#variant.AuthenticationFailed" class="anchor field"></a><code>AuthenticationFailed</code></h3><h3 id="variant.EmptyResponse" class="variant small-section-header"><a href="#variant.EmptyResponse" class="anchor field"></a><code>EmptyResponse</code></h3><h3 id="variant.TotpVerifyFailed" class="variant small-section-header"><a href="#variant.TotpVerifyFailed" class="anchor field"></a><code>TotpVerifyFailed(<a class="struct" href="https://docs.rs/uuid/1.1.2/uuid/struct.Uuid.html" title="struct uuid::Uuid">Uuid</a>, <a class="struct" href="../kanidm_proto/v1/struct.TotpSecret.html" title="struct kanidm_proto::v1::TotpSecret">TotpSecret</a>)</code></h3><h3 id="variant.TotpInvalidSha1" class="variant small-section-header"><a href="#variant.TotpInvalidSha1" class="anchor field"></a><code>TotpInvalidSha1(<a class="struct" href="https://docs.rs/uuid/1.1.2/uuid/struct.Uuid.html" title="struct uuid::Uuid">Uuid</a>)</code></h3><h3 id="variant.JsonDecode" class="variant small-section-header"><a href="#variant.JsonDecode" class="anchor field"></a><code>JsonDecode(<a class="struct" href="https://docs.rs/reqwest/0.11.10/reqwest/error/struct.Error.html" title="struct reqwest::error::Error">Error</a>, <a class="struct" href="https://doc.rust-lang.org/1.61.0/alloc/string/struct.String.html" title="struct alloc::string::String">String</a>)</code></h3><h3 id="variant.JsonEncode" class="variant small-section-header"><a href="#variant.JsonEncode" class="anchor field"></a><code>JsonEncode(<a class="struct" href="https://docs.rs/serde_json/1.0.81/serde_json/error/struct.Error.html" title="struct serde_json::error::Error">SerdeJsonError</a>)</code></h3><h3 id="variant.SystemError" class="variant small-section-header"><a href="#variant.SystemError" class="anchor field"></a><code>SystemError</code></h3><h2 id="trait-implementations" class="small-section-header">Trait Implementations<a href="#trait-implementations" class="anchor"></a></h2><div id="trait-implementations-list"><details class="rustdoc-toggle implementors-toggle" open><summary><section id="impl-Debug" class="impl has-srclink"><span class="rightside"><a class="srclink" href="../src/kanidm_client/lib.rs.html#50">source</a></span><a href="#impl-Debug" class="anchor"></a><h3 class="code-header in-band">impl <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/fmt/trait.Debug.html" title="trait core::fmt::Debug">Debug</a> for <a class="enum" href="enum.ClientError.html" title="enum kanidm_client::ClientError">ClientError</a></h3></section></summary><div class="impl-items"><details class="rustdoc-toggle method-toggle" open><summary><section id="method.fmt" class="method trait-impl has-srclink"><span class="rightside"><a class="srclink" href="../src/kanidm_client/lib.rs.html#50">source</a></span><a href="#method.fmt" class="anchor"></a><h4 class="code-header">fn <a href="https://doc.rust-lang.org/1.61.0/core/fmt/trait.Debug.html#tymethod.fmt" class="fnname">fmt</a>(&self, f: &mut <a class="struct" href="https://doc.rust-lang.org/1.61.0/core/fmt/struct.Formatter.html" title="struct core::fmt::Formatter">Formatter</a><'_>) -> <a class="type" href="https://doc.rust-lang.org/1.61.0/core/fmt/type.Result.html" title="type core::fmt::Result">Result</a></h4></section></summary><div class='docblock'><p>Formats the value using the given formatter. <a href="https://doc.rust-lang.org/1.61.0/core/fmt/trait.Debug.html#tymethod.fmt">Read more</a></p>
|
||||
}</code></pre></div><h2 id="variants" class="variants small-section-header">Variants<a href="#variants" class="anchor"></a></h2><h3 id="variant.Unauthorized" class="variant small-section-header"><a href="#variant.Unauthorized" class="anchor field"></a><code>Unauthorized</code></h3><h3 id="variant.Http" class="variant small-section-header"><a href="#variant.Http" class="anchor field"></a><code>Http(<a class="struct" href="struct.StatusCode.html" title="struct kanidm_client::StatusCode">StatusCode</a>, <a class="enum" href="https://doc.rust-lang.org/1.61.0/core/option/enum.Option.html" title="enum core::option::Option">Option</a><OperationError>, <a class="struct" href="https://doc.rust-lang.org/1.61.0/alloc/string/struct.String.html" title="struct alloc::string::String">String</a>)</code></h3><h3 id="variant.Transport" class="variant small-section-header"><a href="#variant.Transport" class="anchor field"></a><code>Transport(<a class="struct" href="https://docs.rs/reqwest/0.11.10/reqwest/error/struct.Error.html" title="struct reqwest::error::Error">Error</a>)</code></h3><h3 id="variant.AuthenticationFailed" class="variant small-section-header"><a href="#variant.AuthenticationFailed" class="anchor field"></a><code>AuthenticationFailed</code></h3><h3 id="variant.EmptyResponse" class="variant small-section-header"><a href="#variant.EmptyResponse" class="anchor field"></a><code>EmptyResponse</code></h3><h3 id="variant.TotpVerifyFailed" class="variant small-section-header"><a href="#variant.TotpVerifyFailed" class="anchor field"></a><code>TotpVerifyFailed(<a class="struct" href="https://docs.rs/uuid/1.1.2/uuid/struct.Uuid.html" title="struct uuid::Uuid">Uuid</a>, TotpSecret)</code></h3><h3 id="variant.TotpInvalidSha1" class="variant small-section-header"><a href="#variant.TotpInvalidSha1" class="anchor field"></a><code>TotpInvalidSha1(<a class="struct" href="https://docs.rs/uuid/1.1.2/uuid/struct.Uuid.html" title="struct uuid::Uuid">Uuid</a>)</code></h3><h3 id="variant.JsonDecode" class="variant small-section-header"><a href="#variant.JsonDecode" class="anchor field"></a><code>JsonDecode(<a class="struct" href="https://docs.rs/reqwest/0.11.10/reqwest/error/struct.Error.html" title="struct reqwest::error::Error">Error</a>, <a class="struct" href="https://doc.rust-lang.org/1.61.0/alloc/string/struct.String.html" title="struct alloc::string::String">String</a>)</code></h3><h3 id="variant.JsonEncode" class="variant small-section-header"><a href="#variant.JsonEncode" class="anchor field"></a><code>JsonEncode(<a class="struct" href="https://docs.rs/serde_json/1.0.81/serde_json/error/struct.Error.html" title="struct serde_json::error::Error">SerdeJsonError</a>)</code></h3><h3 id="variant.SystemError" class="variant small-section-header"><a href="#variant.SystemError" class="anchor field"></a><code>SystemError</code></h3><h2 id="trait-implementations" class="small-section-header">Trait Implementations<a href="#trait-implementations" class="anchor"></a></h2><div id="trait-implementations-list"><details class="rustdoc-toggle implementors-toggle" open><summary><section id="impl-Debug" class="impl has-srclink"><span class="rightside"><a class="srclink" href="../src/kanidm_client/lib.rs.html#50">source</a></span><a href="#impl-Debug" class="anchor"></a><h3 class="code-header in-band">impl <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/fmt/trait.Debug.html" title="trait core::fmt::Debug">Debug</a> for <a class="enum" href="enum.ClientError.html" title="enum kanidm_client::ClientError">ClientError</a></h3></section></summary><div class="impl-items"><details class="rustdoc-toggle method-toggle" open><summary><section id="method.fmt" class="method trait-impl has-srclink"><span class="rightside"><a class="srclink" href="../src/kanidm_client/lib.rs.html#50">source</a></span><a href="#method.fmt" class="anchor"></a><h4 class="code-header">fn <a href="https://doc.rust-lang.org/1.61.0/core/fmt/trait.Debug.html#tymethod.fmt" class="fnname">fmt</a>(&self, f: &mut <a class="struct" href="https://doc.rust-lang.org/1.61.0/core/fmt/struct.Formatter.html" title="struct core::fmt::Formatter">Formatter</a><'_>) -> <a class="type" href="https://doc.rust-lang.org/1.61.0/core/fmt/type.Result.html" title="type core::fmt::Result">Result</a></h4></section></summary><div class='docblock'><p>Formats the value using the given formatter. <a href="https://doc.rust-lang.org/1.61.0/core/fmt/trait.Debug.html#tymethod.fmt">Read more</a></p>
|
||||
</div></details></div></details></div><h2 id="synthetic-implementations" class="small-section-header">Auto Trait Implementations<a href="#synthetic-implementations" class="anchor"></a></h2><div id="synthetic-implementations-list"><section id="impl-RefUnwindSafe" class="impl has-srclink"><a href="#impl-RefUnwindSafe" class="anchor"></a><h3 class="code-header in-band">impl !<a class="trait" href="https://doc.rust-lang.org/1.61.0/core/panic/unwind_safe/trait.RefUnwindSafe.html" title="trait core::panic::unwind_safe::RefUnwindSafe">RefUnwindSafe</a> for <a class="enum" href="enum.ClientError.html" title="enum kanidm_client::ClientError">ClientError</a></h3></section><section id="impl-Send" class="impl has-srclink"><a href="#impl-Send" class="anchor"></a><h3 class="code-header in-band">impl <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/marker/trait.Send.html" title="trait core::marker::Send">Send</a> for <a class="enum" href="enum.ClientError.html" title="enum kanidm_client::ClientError">ClientError</a></h3></section><section id="impl-Sync" class="impl has-srclink"><a href="#impl-Sync" class="anchor"></a><h3 class="code-header in-band">impl <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/marker/trait.Sync.html" title="trait core::marker::Sync">Sync</a> for <a class="enum" href="enum.ClientError.html" title="enum kanidm_client::ClientError">ClientError</a></h3></section><section id="impl-Unpin" class="impl has-srclink"><a href="#impl-Unpin" class="anchor"></a><h3 class="code-header in-band">impl <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/marker/trait.Unpin.html" title="trait core::marker::Unpin">Unpin</a> for <a class="enum" href="enum.ClientError.html" title="enum kanidm_client::ClientError">ClientError</a></h3></section><section id="impl-UnwindSafe" class="impl has-srclink"><a href="#impl-UnwindSafe" class="anchor"></a><h3 class="code-header in-band">impl !<a class="trait" href="https://doc.rust-lang.org/1.61.0/core/panic/unwind_safe/trait.UnwindSafe.html" title="trait core::panic::unwind_safe::UnwindSafe">UnwindSafe</a> for <a class="enum" href="enum.ClientError.html" title="enum kanidm_client::ClientError">ClientError</a></h3></section></div><h2 id="blanket-implementations" class="small-section-header">Blanket Implementations<a href="#blanket-implementations" class="anchor"></a></h2><div id="blanket-implementations-list"><details class="rustdoc-toggle implementors-toggle"><summary><section id="impl-Any" class="impl has-srclink"><span class="rightside"><a class="srclink" href="https://doc.rust-lang.org/1.61.0/src/core/any.rs.html#132-136">source</a></span><a href="#impl-Any" class="anchor"></a><h3 class="code-header in-band">impl<T> <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/any/trait.Any.html" title="trait core::any::Any">Any</a> for T <span class="where fmt-newline">where<br> T: 'static + ?<a class="trait" href="https://doc.rust-lang.org/1.61.0/core/marker/trait.Sized.html" title="trait core::marker::Sized">Sized</a>, </span></h3></section></summary><div class="impl-items"><details class="rustdoc-toggle method-toggle" open><summary><section id="method.type_id" class="method trait-impl has-srclink"><span class="rightside"><a class="srclink" href="https://doc.rust-lang.org/1.61.0/src/core/any.rs.html#133">source</a></span><a href="#method.type_id" class="anchor"></a><h4 class="code-header">fn <a href="https://doc.rust-lang.org/1.61.0/core/any/trait.Any.html#tymethod.type_id" class="fnname">type_id</a>(&self) -> <a class="struct" href="https://doc.rust-lang.org/1.61.0/core/any/struct.TypeId.html" title="struct core::any::TypeId">TypeId</a></h4></section></summary><div class='docblock'><p>Gets the <code>TypeId</code> of <code>self</code>. <a href="https://doc.rust-lang.org/1.61.0/core/any/trait.Any.html#tymethod.type_id">Read more</a></p>
|
||||
</div></details></div></details><details class="rustdoc-toggle implementors-toggle"><summary><section id="impl-Borrow%3CT%3E" class="impl has-srclink"><span class="rightside"><a class="srclink" href="https://doc.rust-lang.org/1.61.0/src/core/borrow.rs.html#209-214">source</a></span><a href="#impl-Borrow%3CT%3E" class="anchor"></a><h3 class="code-header in-band">impl<T> <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/borrow/trait.Borrow.html" title="trait core::borrow::Borrow">Borrow</a><T> for T <span class="where fmt-newline">where<br> T: ?<a class="trait" href="https://doc.rust-lang.org/1.61.0/core/marker/trait.Sized.html" title="trait core::marker::Sized">Sized</a>, </span></h3></section></summary><div class="impl-items"><details class="rustdoc-toggle method-toggle" open><summary><section id="method.borrow" class="method trait-impl has-srclink"><span class="rightside"><span class="since" title="const unstable">const: <a href="https://github.com/rust-lang/rust/issues/91522" title="Tracking issue for const_borrow">unstable</a></span> · <a class="srclink" href="https://doc.rust-lang.org/1.61.0/src/core/borrow.rs.html#211">source</a></span><a href="#method.borrow" class="anchor"></a><h4 class="code-header">fn <a href="https://doc.rust-lang.org/1.61.0/core/borrow/trait.Borrow.html#tymethod.borrow" class="fnname">borrow</a>(&self) -> <a class="primitive" href="https://doc.rust-lang.org/1.61.0/std/primitive.reference.html">&</a>T</h4></section></summary><div class='docblock'><p>Immutably borrows from an owned value. <a href="https://doc.rust-lang.org/1.61.0/core/borrow/trait.Borrow.html#tymethod.borrow">Read more</a></p>
|
||||
</div></details></div></details><details class="rustdoc-toggle implementors-toggle"><summary><section id="impl-BorrowMut%3CT%3E" class="impl has-srclink"><span class="rightside"><a class="srclink" href="https://doc.rust-lang.org/1.61.0/src/core/borrow.rs.html#218-222">source</a></span><a href="#impl-BorrowMut%3CT%3E" class="anchor"></a><h3 class="code-header in-band">impl<T> <a class="trait" href="https://doc.rust-lang.org/1.61.0/core/borrow/trait.BorrowMut.html" title="trait core::borrow::BorrowMut">BorrowMut</a><T> for T <span class="where fmt-newline">where<br> T: ?<a class="trait" href="https://doc.rust-lang.org/1.61.0/core/marker/trait.Sized.html" title="trait core::marker::Sized">Sized</a>, </span></h3></section></summary><div class="impl-items"><details class="rustdoc-toggle method-toggle" open><summary><section id="method.borrow_mut" class="method trait-impl has-srclink"><span class="rightside"><span class="since" title="const unstable">const: <a href="https://github.com/rust-lang/rust/issues/91522" title="Tracking issue for const_borrow">unstable</a></span> · <a class="srclink" href="https://doc.rust-lang.org/1.61.0/src/core/borrow.rs.html#219">source</a></span><a href="#method.borrow_mut" class="anchor"></a><h4 class="code-header">fn <a href="https://doc.rust-lang.org/1.61.0/core/borrow/trait.BorrowMut.html#tymethod.borrow_mut" class="fnname">borrow_mut</a>(&mut self) -> <a class="primitive" href="https://doc.rust-lang.org/1.61.0/std/primitive.reference.html">&mut </a>T</h4></section></summary><div class='docblock'><p>Mutably borrows from an owned value. <a href="https://doc.rust-lang.org/1.61.0/core/borrow/trait.BorrowMut.html#tymethod.borrow_mut">Read more</a></p>
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
Loading…
Reference in a new issue