Unverified Commit 317f433a authored by veily's avatar veily

support self-signed certificates ldap

Format ldap.go

Format ldap.go: with a space for golint

with a space

Rename clientCA is to clientCert

Update ldap.go

modified the ldap client certificate file comments.

modified load ldap client cert error.

modified load ldap client cert error: fmt.Errorf("ldap: load client cert failed: %v", err)
parent 316acbee
...@@ -69,7 +69,10 @@ type Config struct { ...@@ -69,7 +69,10 @@ type Config struct {
// Path to a trusted root certificate file. // Path to a trusted root certificate file.
RootCA string `json:"rootCA"` RootCA string `json:"rootCA"`
// Path to a client cert file generated by rootCA.
ClientCert string `json:"clientCert"`
// Path to a client private key file generated by rootCA.
ClientKey string `json:"clientKey"`
// Base64 encoded PEM data containing root CAs. // Base64 encoded PEM data containing root CAs.
RootCAData []byte `json:"rootCAData"` RootCAData []byte `json:"rootCAData"`
...@@ -104,7 +107,6 @@ type Config struct { ...@@ -104,7 +107,6 @@ type Config struct {
IDAttr string `json:"idAttr"` // Defaults to "uid" IDAttr string `json:"idAttr"` // Defaults to "uid"
EmailAttr string `json:"emailAttr"` // Defaults to "mail" EmailAttr string `json:"emailAttr"` // Defaults to "mail"
NameAttr string `json:"nameAttr"` // No default. NameAttr string `json:"nameAttr"` // No default.
} `json:"userSearch"` } `json:"userSearch"`
// Group search configuration. // Group search configuration.
...@@ -226,6 +228,14 @@ func (c *Config) openConnector(logger logrus.FieldLogger) (*ldapConnector, error ...@@ -226,6 +228,14 @@ func (c *Config) openConnector(logger logrus.FieldLogger) (*ldapConnector, error
} }
tlsConfig.RootCAs = rootCAs tlsConfig.RootCAs = rootCAs
} }
if c.ClientKey != "" && c.ClientCert != "" {
cert, err := tls.LoadX509KeyPair(c.ClientCert, c.ClientKey)
if err != nil {
return nil, fmt.Errorf("ldap: load client cert failed: %v", err)
}
tlsConfig.Certificates = append(tlsConfig.Certificates, cert)
}
userSearchScope, ok := parseScope(c.UserSearch.Scope) userSearchScope, ok := parseScope(c.UserSearch.Scope)
if !ok { if !ok {
return nil, fmt.Errorf("userSearch.Scope unknown value %q", c.UserSearch.Scope) return nil, fmt.Errorf("userSearch.Scope unknown value %q", c.UserSearch.Scope)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment