Crate kanidmd_lib
source · [−]Expand description
The Kanidmd server library. This implements all of the internal components of the server which is used to process authentication, store identities and enforce access controls.
Modules
The backend. This contains the “low level” storage and query code, which is
implemented as a json-like kv document database. This has no rules about content
of the server, which are all enforced at higher levels. The role of the backend
is to persist content safely to disk, load that content, and execute queries
utilising indexes in the most effective way possible.
An
event
is a self contained module of data, that contains all of the
required information for any operation to proceed. While there are many
types of potential events, they all eventually lower to one of:Filter
s are one of the three foundational concepts of the design in kanidm.
They are used in nearly every aspect of the server to provide searching of
datasets and assertion of entry properties.Contains structures related to the Identity that initiated an
Event
in the
server. Generally this Identity is what will have access controls applied to
and this provides the set of Limits
to confine how many resources that the
identity may consume during operations to prevent denial-of-service.The Identity Management components that are layered ontop of the QueryServer. These allow
rich and expressive events and transformations that are lowered into the correct/relevant
actions in the QueryServer. Generally this is where “Identity Management” policy and code
is implemented.
LDAP specific operations handling components. This is where LDAP operations
are sent to for processing.
Modification expressions and validation. This is how
ModifyEvents
store and
express the series of Modifications that should be applied. These are expressed
as “states” on what attribute-values should appear as within the Entry
A prelude of imports that should be imported by all other Kanidm modules to
help make imports cleaner.
Schema
is one of the foundational concepts of the server. It provides a
set of rules to enforce that Entries
ava’s must be compliant to, to be
considered valid for commit to the database. This allows us to provide
requirements and structure as to what an Entry
must have and may contain
which enables many other parts to function.server
contains the query server, which is the main high level construction
to coordinate queries and operations in the server.An actor that shows the servers current status and statistics. (TODO).
Inside an entry, the key-value pairs are stored in these
Value
types. The components of
the Value
module allow storage and transformation of various types of input into strongly
typed values, allows their comparison, filtering and more. It also has the code for serialising
these into a form for the backend that can be persistent into the Backend
.