Merge pull request #668 from ericchiang/dev-ldap-conn
connector: accept base64 encoded CA and add convience open method
This commit is contained in:
commit
d11224f2bb
@ -61,6 +61,9 @@ type Config struct {
|
|||||||
// Path to a trusted root certificate file.
|
// Path to a trusted root certificate file.
|
||||||
RootCA string `json:"rootCA"`
|
RootCA string `json:"rootCA"`
|
||||||
|
|
||||||
|
// Base64 encoded PEM data containing root CAs.
|
||||||
|
RootCAData []byte `json:"rootCAData"`
|
||||||
|
|
||||||
// BindDN and BindPW for an application service account. The connector uses these
|
// BindDN and BindPW for an application service account. The connector uses these
|
||||||
// credentials to search for users and groups.
|
// credentials to search for users and groups.
|
||||||
BindDN string `json:"bindDN"`
|
BindDN string `json:"bindDN"`
|
||||||
@ -167,6 +170,20 @@ func escapeFilter(s string) string {
|
|||||||
|
|
||||||
// Open returns an authentication strategy using LDAP.
|
// Open returns an authentication strategy using LDAP.
|
||||||
func (c *Config) Open() (connector.Connector, error) {
|
func (c *Config) Open() (connector.Connector, error) {
|
||||||
|
conn, err := c.OpenConnector()
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
return connector.Connector(conn), nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// OpenConnector is the same as Open but returns a type with all implemented connector interfaces.
|
||||||
|
func (c *Config) OpenConnector() (interface {
|
||||||
|
connector.Connector
|
||||||
|
connector.PasswordConnector
|
||||||
|
connector.GroupsConnector
|
||||||
|
}, error) {
|
||||||
|
|
||||||
requiredFields := []struct {
|
requiredFields := []struct {
|
||||||
name string
|
name string
|
||||||
val string
|
val string
|
||||||
@ -196,11 +213,14 @@ func (c *Config) Open() (connector.Connector, error) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
tlsConfig := new(tls.Config)
|
tlsConfig := new(tls.Config)
|
||||||
if c.RootCA != "" {
|
if c.RootCA != "" || len(c.RootCAData) != 0 {
|
||||||
data, err := ioutil.ReadFile(c.RootCA)
|
data := c.RootCAData
|
||||||
if err != nil {
|
if len(data) == 0 {
|
||||||
|
var err error
|
||||||
|
if data, err = ioutil.ReadFile(c.RootCA); err != nil {
|
||||||
return nil, fmt.Errorf("ldap: read ca file: %v", err)
|
return nil, fmt.Errorf("ldap: read ca file: %v", err)
|
||||||
}
|
}
|
||||||
|
}
|
||||||
rootCAs := x509.NewCertPool()
|
rootCAs := x509.NewCertPool()
|
||||||
if !rootCAs.AppendCertsFromPEM(data) {
|
if !rootCAs.AppendCertsFromPEM(data) {
|
||||||
return nil, fmt.Errorf("ldap: no certs found in ca file")
|
return nil, fmt.Errorf("ldap: no certs found in ca file")
|
||||||
|
Reference in New Issue
Block a user