support self-signed certificates ldap

Format ldap.go Format ldap.go: with a space for golint with a space Rename clientCA is to clientCert Update ldap.go modified the ldap client certificate file comments. modified load ldap client cert error. modified load ldap client cert error: fmt.Errorf("ldap: load client cert failed: %v", err)
2018-09-22 12:15:11 +08:00 · 2018-09-22 12:15:11 +08:00 · 317f433a14
commit 317f433a14
parent 316acbee03
1 changed files with 12 additions and 2 deletions
--- a/connector/ldap/ldap.go
+++ b/connector/ldap/ldap.go
@ -69,7 +69,10 @@ type Config struct {
 	// Path to a trusted root certificate file.
 	RootCA string `json:"rootCA"`
-
+	// Path to a client cert file generated by rootCA.
 	ClientCert string `json:"clientCert"`
 	// Path to a client private key file generated by rootCA.
 	ClientKey string `json:"clientKey"`
 	// Base64 encoded PEM data containing root CAs.
 	RootCAData []byte `json:"rootCAData"`
@ -104,7 +107,6 @@ type Config struct {
 		IDAttr    string `json:"idAttr"`    // Defaults to "uid"
 		EmailAttr string `json:"emailAttr"` // Defaults to "mail"
 		NameAttr  string `json:"nameAttr"`  // No default.
 	} `json:"userSearch"`
 	// Group search configuration.
@ -226,6 +228,14 @@ func (c *Config) openConnector(logger logrus.FieldLogger) (*ldapConnector, error
 		}
 		tlsConfig.RootCAs = rootCAs
 	}
 	if c.ClientKey != "" && c.ClientCert != "" {
 		cert, err := tls.LoadX509KeyPair(c.ClientCert, c.ClientKey)
 		if err != nil {
 			return nil, fmt.Errorf("ldap: load client cert failed: %v", err)
 		}
 		tlsConfig.Certificates = append(tlsConfig.Certificates, cert)
 	}
 	userSearchScope, ok := parseScope(c.UserSearch.Scope)
 	if !ok {
 		return nil, fmt.Errorf("userSearch.Scope unknown value %q", c.UserSearch.Scope)