Merge pull request #1278 from veily/master
Support used self-signed certificates LDAP.
This commit is contained in:
commit
ff70c0453f
@ -69,7 +69,10 @@ type Config struct {
|
|||||||
|
|
||||||
// Path to a trusted root certificate file.
|
// Path to a trusted root certificate file.
|
||||||
RootCA string `json:"rootCA"`
|
RootCA string `json:"rootCA"`
|
||||||
|
// Path to a client cert file generated by rootCA.
|
||||||
|
ClientCert string `json:"clientCert"`
|
||||||
|
// Path to a client private key file generated by rootCA.
|
||||||
|
ClientKey string `json:"clientKey"`
|
||||||
// Base64 encoded PEM data containing root CAs.
|
// Base64 encoded PEM data containing root CAs.
|
||||||
RootCAData []byte `json:"rootCAData"`
|
RootCAData []byte `json:"rootCAData"`
|
||||||
|
|
||||||
@ -104,7 +107,6 @@ type Config struct {
|
|||||||
IDAttr string `json:"idAttr"` // Defaults to "uid"
|
IDAttr string `json:"idAttr"` // Defaults to "uid"
|
||||||
EmailAttr string `json:"emailAttr"` // Defaults to "mail"
|
EmailAttr string `json:"emailAttr"` // Defaults to "mail"
|
||||||
NameAttr string `json:"nameAttr"` // No default.
|
NameAttr string `json:"nameAttr"` // No default.
|
||||||
|
|
||||||
} `json:"userSearch"`
|
} `json:"userSearch"`
|
||||||
|
|
||||||
// Group search configuration.
|
// Group search configuration.
|
||||||
@ -226,6 +228,14 @@ func (c *Config) openConnector(logger logrus.FieldLogger) (*ldapConnector, error
|
|||||||
}
|
}
|
||||||
tlsConfig.RootCAs = rootCAs
|
tlsConfig.RootCAs = rootCAs
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if c.ClientKey != "" && c.ClientCert != "" {
|
||||||
|
cert, err := tls.LoadX509KeyPair(c.ClientCert, c.ClientKey)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("ldap: load client cert failed: %v", err)
|
||||||
|
}
|
||||||
|
tlsConfig.Certificates = append(tlsConfig.Certificates, cert)
|
||||||
|
}
|
||||||
userSearchScope, ok := parseScope(c.UserSearch.Scope)
|
userSearchScope, ok := parseScope(c.UserSearch.Scope)
|
||||||
if !ok {
|
if !ok {
|
||||||
return nil, fmt.Errorf("userSearch.Scope unknown value %q", c.UserSearch.Scope)
|
return nil, fmt.Errorf("userSearch.Scope unknown value %q", c.UserSearch.Scope)
|
||||||
|
Reference in New Issue
Block a user