From 0f31566b27084ca6e224954128b7db96d7f89bd2 Mon Sep 17 00:00:00 2001 From: Eric Chiang Date: Thu, 3 Nov 2016 16:28:23 -0700 Subject: [PATCH] connector: accept base64 encoded CA and add convience open method --- connector/ldap/ldap.go | 28 ++++++++++++++++++++++++---- 1 file changed, 24 insertions(+), 4 deletions(-) diff --git a/connector/ldap/ldap.go b/connector/ldap/ldap.go index dd45dd10..d2bce31b 100644 --- a/connector/ldap/ldap.go +++ b/connector/ldap/ldap.go @@ -61,6 +61,9 @@ type Config struct { // Path to a trusted root certificate file. RootCA string `json:"rootCA"` + // Base64 encoded PEM data containing root CAs. + RootCAData []byte `json:"rootCAData"` + // BindDN and BindPW for an application service account. The connector uses these // credentials to search for users and groups. BindDN string `json:"bindDN"` @@ -167,6 +170,20 @@ func escapeFilter(s string) string { // Open returns an authentication strategy using LDAP. func (c *Config) Open() (connector.Connector, error) { + conn, err := c.OpenConnector() + if err != nil { + return nil, err + } + return connector.Connector(conn), nil +} + +// OpenConnector is the same as Open but returns a type with all implemented connector interfaces. +func (c *Config) OpenConnector() (interface { + connector.Connector + connector.PasswordConnector + connector.GroupsConnector +}, error) { + requiredFields := []struct { name string val string @@ -196,10 +213,13 @@ func (c *Config) Open() (connector.Connector, error) { } tlsConfig := new(tls.Config) - if c.RootCA != "" { - data, err := ioutil.ReadFile(c.RootCA) - if err != nil { - return nil, fmt.Errorf("ldap: read ca file: %v", err) + if c.RootCA != "" || len(c.RootCAData) != 0 { + data := c.RootCAData + if len(data) == 0 { + var err error + if data, err = ioutil.ReadFile(c.RootCA); err != nil { + return nil, fmt.Errorf("ldap: read ca file: %v", err) + } } rootCAs := x509.NewCertPool() if !rootCAs.AppendCertsFromPEM(data) {