Merge pull request #668 from ericchiang/dev-ldap-conn

connector: accept base64 encoded CA and add convience open method
This commit is contained in:
Eric Chiang 2016-11-03 16:39:22 -07:00 committed by GitHub
commit d11224f2bb

View File

@ -61,6 +61,9 @@ type Config struct {
// Path to a trusted root certificate file. // Path to a trusted root certificate file.
RootCA string `json:"rootCA"` RootCA string `json:"rootCA"`
// Base64 encoded PEM data containing root CAs.
RootCAData []byte `json:"rootCAData"`
// BindDN and BindPW for an application service account. The connector uses these // BindDN and BindPW for an application service account. The connector uses these
// credentials to search for users and groups. // credentials to search for users and groups.
BindDN string `json:"bindDN"` BindDN string `json:"bindDN"`
@ -167,6 +170,20 @@ func escapeFilter(s string) string {
// Open returns an authentication strategy using LDAP. // Open returns an authentication strategy using LDAP.
func (c *Config) Open() (connector.Connector, error) { func (c *Config) Open() (connector.Connector, error) {
conn, err := c.OpenConnector()
if err != nil {
return nil, err
}
return connector.Connector(conn), nil
}
// OpenConnector is the same as Open but returns a type with all implemented connector interfaces.
func (c *Config) OpenConnector() (interface {
connector.Connector
connector.PasswordConnector
connector.GroupsConnector
}, error) {
requiredFields := []struct { requiredFields := []struct {
name string name string
val string val string
@ -196,11 +213,14 @@ func (c *Config) Open() (connector.Connector, error) {
} }
tlsConfig := new(tls.Config) tlsConfig := new(tls.Config)
if c.RootCA != "" { if c.RootCA != "" || len(c.RootCAData) != 0 {
data, err := ioutil.ReadFile(c.RootCA) data := c.RootCAData
if err != nil { if len(data) == 0 {
var err error
if data, err = ioutil.ReadFile(c.RootCA); err != nil {
return nil, fmt.Errorf("ldap: read ca file: %v", err) return nil, fmt.Errorf("ldap: read ca file: %v", err)
} }
}
rootCAs := x509.NewCertPool() rootCAs := x509.NewCertPool()
if !rootCAs.AppendCertsFromPEM(data) { if !rootCAs.AppendCertsFromPEM(data) {
return nil, fmt.Errorf("ldap: no certs found in ca file") return nil, fmt.Errorf("ldap: no certs found in ca file")