support self-signed certificates ldap

Format ldap.go

Format ldap.go: with a space for golint

with a space

Rename clientCA is to clientCert

Update ldap.go

modified the ldap client certificate file comments.

modified load ldap client cert error.

modified load ldap client cert error: fmt.Errorf("ldap: load client cert failed: %v", err)
This commit is contained in:
veily 2018-09-22 12:15:11 +08:00
parent 316acbee03
commit 317f433a14
No known key found for this signature in database
GPG Key ID: 8636A9994342B69E

View File

@ -69,7 +69,10 @@ type Config struct {
// Path to a trusted root certificate file.
RootCA string `json:"rootCA"`
// Path to a client cert file generated by rootCA.
ClientCert string `json:"clientCert"`
// Path to a client private key file generated by rootCA.
ClientKey string `json:"clientKey"`
// Base64 encoded PEM data containing root CAs.
RootCAData []byte `json:"rootCAData"`
@ -104,7 +107,6 @@ type Config struct {
IDAttr string `json:"idAttr"` // Defaults to "uid"
EmailAttr string `json:"emailAttr"` // Defaults to "mail"
NameAttr string `json:"nameAttr"` // No default.
} `json:"userSearch"`
// Group search configuration.
@ -226,6 +228,14 @@ func (c *Config) openConnector(logger logrus.FieldLogger) (*ldapConnector, error
}
tlsConfig.RootCAs = rootCAs
}
if c.ClientKey != "" && c.ClientCert != "" {
cert, err := tls.LoadX509KeyPair(c.ClientCert, c.ClientKey)
if err != nil {
return nil, fmt.Errorf("ldap: load client cert failed: %v", err)
}
tlsConfig.Certificates = append(tlsConfig.Certificates, cert)
}
userSearchScope, ok := parseScope(c.UserSearch.Scope)
if !ok {
return nil, fmt.Errorf("userSearch.Scope unknown value %q", c.UserSearch.Scope)