forked from mystiq/dex
Merge pull request #668 from ericchiang/dev-ldap-conn
connector: accept base64 encoded CA and add convience open method
This commit is contained in:
commit
d11224f2bb
1 changed files with 24 additions and 4 deletions
|
@ -61,6 +61,9 @@ type Config struct {
|
|||
// Path to a trusted root certificate file.
|
||||
RootCA string `json:"rootCA"`
|
||||
|
||||
// Base64 encoded PEM data containing root CAs.
|
||||
RootCAData []byte `json:"rootCAData"`
|
||||
|
||||
// BindDN and BindPW for an application service account. The connector uses these
|
||||
// credentials to search for users and groups.
|
||||
BindDN string `json:"bindDN"`
|
||||
|
@ -167,6 +170,20 @@ func escapeFilter(s string) string {
|
|||
|
||||
// Open returns an authentication strategy using LDAP.
|
||||
func (c *Config) Open() (connector.Connector, error) {
|
||||
conn, err := c.OpenConnector()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return connector.Connector(conn), nil
|
||||
}
|
||||
|
||||
// OpenConnector is the same as Open but returns a type with all implemented connector interfaces.
|
||||
func (c *Config) OpenConnector() (interface {
|
||||
connector.Connector
|
||||
connector.PasswordConnector
|
||||
connector.GroupsConnector
|
||||
}, error) {
|
||||
|
||||
requiredFields := []struct {
|
||||
name string
|
||||
val string
|
||||
|
@ -196,11 +213,14 @@ func (c *Config) Open() (connector.Connector, error) {
|
|||
}
|
||||
|
||||
tlsConfig := new(tls.Config)
|
||||
if c.RootCA != "" {
|
||||
data, err := ioutil.ReadFile(c.RootCA)
|
||||
if err != nil {
|
||||
if c.RootCA != "" || len(c.RootCAData) != 0 {
|
||||
data := c.RootCAData
|
||||
if len(data) == 0 {
|
||||
var err error
|
||||
if data, err = ioutil.ReadFile(c.RootCA); err != nil {
|
||||
return nil, fmt.Errorf("ldap: read ca file: %v", err)
|
||||
}
|
||||
}
|
||||
rootCAs := x509.NewCertPool()
|
||||
if !rootCAs.AppendCertsFromPEM(data) {
|
||||
return nil, fmt.Errorf("ldap: no certs found in ca file")
|
||||
|
|
Loading…
Reference in a new issue