connector: accept base64 encoded CA and add convience open method

This commit is contained in:
Eric Chiang 2016-11-03 16:28:23 -07:00
parent 53852d4e42
commit 0f31566b27

View file

@ -61,6 +61,9 @@ type Config struct {
// Path to a trusted root certificate file.
RootCA string `json:"rootCA"`
// Base64 encoded PEM data containing root CAs.
RootCAData []byte `json:"rootCAData"`
// BindDN and BindPW for an application service account. The connector uses these
// credentials to search for users and groups.
BindDN string `json:"bindDN"`
@ -167,6 +170,20 @@ func escapeFilter(s string) string {
// Open returns an authentication strategy using LDAP.
func (c *Config) Open() (connector.Connector, error) {
conn, err := c.OpenConnector()
if err != nil {
return nil, err
}
return connector.Connector(conn), nil
}
// OpenConnector is the same as Open but returns a type with all implemented connector interfaces.
func (c *Config) OpenConnector() (interface {
connector.Connector
connector.PasswordConnector
connector.GroupsConnector
}, error) {
requiredFields := []struct {
name string
val string
@ -196,10 +213,13 @@ func (c *Config) Open() (connector.Connector, error) {
}
tlsConfig := new(tls.Config)
if c.RootCA != "" {
data, err := ioutil.ReadFile(c.RootCA)
if err != nil {
return nil, fmt.Errorf("ldap: read ca file: %v", err)
if c.RootCA != "" || len(c.RootCAData) != 0 {
data := c.RootCAData
if len(data) == 0 {
var err error
if data, err = ioutil.ReadFile(c.RootCA); err != nil {
return nil, fmt.Errorf("ldap: read ca file: %v", err)
}
}
rootCAs := x509.NewCertPool()
if !rootCAs.AppendCertsFromPEM(data) {