Merge pull request #1278 from veily/master
Support used self-signed certificates LDAP.
This commit is contained in:
commit
ff70c0453f
1 changed files with 12 additions and 2 deletions
|
@ -69,7 +69,10 @@ type Config struct {
|
|||
|
||||
// Path to a trusted root certificate file.
|
||||
RootCA string `json:"rootCA"`
|
||||
|
||||
// Path to a client cert file generated by rootCA.
|
||||
ClientCert string `json:"clientCert"`
|
||||
// Path to a client private key file generated by rootCA.
|
||||
ClientKey string `json:"clientKey"`
|
||||
// Base64 encoded PEM data containing root CAs.
|
||||
RootCAData []byte `json:"rootCAData"`
|
||||
|
||||
|
@ -104,7 +107,6 @@ type Config struct {
|
|||
IDAttr string `json:"idAttr"` // Defaults to "uid"
|
||||
EmailAttr string `json:"emailAttr"` // Defaults to "mail"
|
||||
NameAttr string `json:"nameAttr"` // No default.
|
||||
|
||||
} `json:"userSearch"`
|
||||
|
||||
// Group search configuration.
|
||||
|
@ -226,6 +228,14 @@ func (c *Config) openConnector(logger logrus.FieldLogger) (*ldapConnector, error
|
|||
}
|
||||
tlsConfig.RootCAs = rootCAs
|
||||
}
|
||||
|
||||
if c.ClientKey != "" && c.ClientCert != "" {
|
||||
cert, err := tls.LoadX509KeyPair(c.ClientCert, c.ClientKey)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("ldap: load client cert failed: %v", err)
|
||||
}
|
||||
tlsConfig.Certificates = append(tlsConfig.Certificates, cert)
|
||||
}
|
||||
userSearchScope, ok := parseScope(c.UserSearch.Scope)
|
||||
if !ok {
|
||||
return nil, fmt.Errorf("userSearch.Scope unknown value %q", c.UserSearch.Scope)
|
||||
|
|
Reference in a new issue