Merge pull request #1278 from veily/master

Support used self-signed certificates LDAP.
This commit is contained in:
Stephan Renatus 2018-09-22 18:05:26 +02:00 committed by GitHub
commit ff70c0453f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -69,7 +69,10 @@ type Config struct {
// Path to a trusted root certificate file.
RootCA string `json:"rootCA"`
// Path to a client cert file generated by rootCA.
ClientCert string `json:"clientCert"`
// Path to a client private key file generated by rootCA.
ClientKey string `json:"clientKey"`
// Base64 encoded PEM data containing root CAs.
RootCAData []byte `json:"rootCAData"`
@ -104,7 +107,6 @@ type Config struct {
IDAttr string `json:"idAttr"` // Defaults to "uid"
EmailAttr string `json:"emailAttr"` // Defaults to "mail"
NameAttr string `json:"nameAttr"` // No default.
} `json:"userSearch"`
// Group search configuration.
@ -226,6 +228,14 @@ func (c *Config) openConnector(logger logrus.FieldLogger) (*ldapConnector, error
}
tlsConfig.RootCAs = rootCAs
}
if c.ClientKey != "" && c.ClientCert != "" {
cert, err := tls.LoadX509KeyPair(c.ClientCert, c.ClientKey)
if err != nil {
return nil, fmt.Errorf("ldap: load client cert failed: %v", err)
}
tlsConfig.Certificates = append(tlsConfig.Certificates, cert)
}
userSearchScope, ok := parseScope(c.UserSearch.Scope)
if !ok {
return nil, fmt.Errorf("userSearch.Scope unknown value %q", c.UserSearch.Scope)