Skip to content

Commit

Permalink
Merge pull request #48 from wiltonsr/improve-conn
Browse files Browse the repository at this point in the history
Improve connections
  • Loading branch information
fcinqmars authored Aug 7, 2023
2 parents dc9837b + 2b37093 commit 946801a
Show file tree
Hide file tree
Showing 7 changed files with 238 additions and 53 deletions.
40 changes: 40 additions & 0 deletions examples/conf-from-tls-toml-file.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
version: "3.3"

services:

traefik:
# build:
# context: .
image: traefik:v2.10.0
container_name: "traefik"
command:
#- "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker=true"
- "--entrypoints.web.address=:80"
# Load ldapAuth from local private plugins format ===============================#
# https://github.com/traefik/traefik/pull/8224 #
# "A plugin must be declared in the static configuration" #
# https://doc.traefik.io/traefik-pilot/plugins/overview/#installing-plugins #
- "--experimental.localPlugins.ldapAuth.moduleName=github.com/wiltonsr/ldapAuth" #
# ===============================================================================#
# Load ldapAuth Dynamic conf from file ==========================================#
# https://doc.traefik.io/traefik/providers/file/#filename #
- "--providers.file.filename=/dynamic-conf/ldapAuth-tls-conf.toml" #
# ===============================================================================#
ports:
- "80:80"
- "8080:8080"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "../../ldapAuth:/plugins-local/src/github.com/wiltonsr/ldapAuth:ro"
- "./dynamic-conf/ldapAuth-tls-conf.toml:/dynamic-conf/ldapAuth-tls-conf.toml:ro"

whoami:
image: "traefik/whoami"
container_name: "whoami"
labels:
- "traefik.http.routers.whoami.rule=Host(`whoami.localhost`)"
- "traefik.http.routers.whoami.entrypoints=web"
# Enable LDAP Auth Middleware defined in ldapAuth-tls-conf.toml
- "traefik.http.routers.whoami.middlewares=my-ldapAuth@file"
40 changes: 40 additions & 0 deletions examples/conf-from-tls-yml-file.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
version: "3.3"

services:

traefik:
# build:
# context: .
image: traefik:v2.10.0
container_name: "traefik"
command:
#- "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker=true"
- "--entrypoints.web.address=:80"
# Load ldapAuth from local private plugins format ===============================#
# https://github.com/traefik/traefik/pull/8224 #
# "A plugin must be declared in the static configuration" #
# https://doc.traefik.io/traefik-pilot/plugins/overview/#installing-plugins #
- "--experimental.localPlugins.ldapAuth.moduleName=github.com/wiltonsr/ldapAuth" #
# ===============================================================================#
# Load ldapAuth Dynamic conf from file ==========================================#
# https://doc.traefik.io/traefik/providers/file/#filename #
- "--providers.file.filename=/dynamic-conf/ldapAuth-tls-conf.yml" #
# ===============================================================================#
ports:
- "80:80"
- "8080:8080"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "../../ldapAuth:/plugins-local/src/github.com/wiltonsr/ldapAuth:ro"
- "./dynamic-conf/ldapAuth-tls-conf.yml:/dynamic-conf/ldapAuth-tls-conf.yml:ro"

whoami:
image: "traefik/whoami"
container_name: "whoami"
labels:
- "traefik.http.routers.whoami.rule=Host(`whoami.localhost`)"
- "traefik.http.routers.whoami.entrypoints=web"
# Enable LDAP Auth Middleware defined in ldapAuth-tls-conf.yml
- "traefik.http.routers.whoami.middlewares=my-ldapAuth@file"
2 changes: 1 addition & 1 deletion examples/conf-from-toml-file.yml
Original file line number Diff line number Diff line change
Expand Up @@ -36,5 +36,5 @@ services:
labels:
- "traefik.http.routers.whoami.rule=Host(`whoami.localhost`)"
- "traefik.http.routers.whoami.entrypoints=web"
# Enable LDAP Auth Middleware defined in ldapAuth-conf.yml
# Enable LDAP Auth Middleware defined in ldapAuth-conf.toml
- "traefik.http.routers.whoami.middlewares=my-ldapAuth@file"
68 changes: 68 additions & 0 deletions examples/dynamic-conf/ldapAuth-tls-conf.toml
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
[http.middlewares]
[http.middlewares.my-ldapAuth.plugin.ldapAuth]
Attribute = "uid"
BaseDN = "cn=users,cn=accounts,dc=demo1,dc=freeipa,dc=org"
Enabled = true
LogLevel = "DEBUG"
Port = "636"
Url = "ldaps://ipa.demo1.freeipa.org"
CertificateAuthority = '''
-----BEGIN CERTIFICATE-----
MIIFWzCCA8OgAwIBAgIBCDANBgkqhkiG9w0BAQsFADA8MRowGAYDVQQKDBFERU1P
MS5GUkVFSVBBLk9SRzEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X
DTIzMDQyMDEzMzYxNFoXDTI1MDQyMDEzMzYxNFowPDEaMBgGA1UECgwRREVNTzEu
RlJFRUlQQS5PUkcxHjAcBgNVBAMMFWlwYS5kZW1vMS5mcmVlaXBhLm9yZzCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMEzBE9i2gqOMM2HKyNnM7Ih5+mv
duVmE5D+5raJtqA1eNZkNrQmSaKwS9cnHGX+2/zSY1FDkZnIhGXySPf0/7fxCuG/
J9MvRlecGnJTWOCvPIVhkvd5PyTKkClmsk4ojx2IwCU6q2nvy0zvSxhhzd2UpOL6
y7fNtS3VBYYZjWNEv0K7F+pGtW40MauGDotsP1zQmyVW5J1IszDDlRgTLC6azdBs
+RP0vYCyKkgh1tpWLYfFnQhNVOlja79QcnlKdvnZu4sFdDSvOqext28mBJuCm8ib
HLnQQcxTqg2jMx8AW2zh9F8sMoEsn/mjDHI41oGGsHeZt3j5a8Ab7jtlz8MCAwEA
AaOCAeYwggHiMB8GA1UdIwQYMBaAFKFAgcvZmgX3tnFhcPQ5i4jZ+xE9MEMGCCsG
AQUFBwEBBDcwNTAzBggrBgEFBQcwAYYnaHR0cDovL2lwYS1jYS5kZW1vMS5mcmVl
aXBhLm9yZy9jYS9vY3NwMA4GA1UdDwEB/wQEAwIE8DAdBgNVHSUEFjAUBggrBgEF
BQcDAQYIKwYBBQUHAwIwfAYDVR0fBHUwczBxoDmgN4Y1aHR0cDovL2lwYS1jYS5k
ZW1vMS5mcmVlaXBhLm9yZy9pcGEvY3JsL01hc3RlckNSTC5iaW6iNKQyMDAxDjAM
BgNVBAoMBWlwYWNhMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHQYD
VR0OBBYEFGsje2irExO4AvvLW6jv2oEkrZfSMIGtBgNVHREEgaUwgaKCFWlwYS5k
ZW1vMS5mcmVlaXBhLm9yZ6A8BgorBgEEAYI3FAIDoC4MLGxkYXAvaXBhLmRlbW8x
LmZyZWVpcGEub3JnQERFTU8xLkZSRUVJUEEuT1JHoEsGBisGAQUCAqBBMD+gExsR
REVNTzEuRlJFRUlQQS5PUkehKDAmoAMCAQGhHzAdGwRsZGFwGxVpcGEuZGVtbzEu
ZnJlZWlwYS5vcmcwDQYJKoZIhvcNAQELBQADggGBADO5SovCVFoVJQOKxrePdh5y
VIQ45UQSjmfXT+FlzbzlX47ejpvdqDKDl0yj5JBUKtKxv3Mj6natUQAVnveRcXlo
mjzEOQsozCaWcCrtnIW8AOny78DjxnSdwPqd/TRV4r2/T2cRndd0GCg6LrQxEdTf
VNKJAMAYin6xmopsarpXwVJVd7YweFUMd7Tu5Tvpde1oubnBtb7ZEGixb6AB200g
lHQroWz6s+a/d7BxsyM0DA5bOk728LqroIJ8m/9xIbnACoyeVdmM5BF/1/cUsX4N
RkRJIfcITNB3zr/4WUldKsM/7bfEA5S0GQUjTd4njt5r7d8j2r6V88maN9ANgXZ4
Vf1RbjmTOw4OovwGXtRu8DkQ4kSqnyd1COelH48EfGxtOYbzqNNgnip+95mmMoFr
3BkxKP8G/lQ3kGOYqBIQ+1ICtvx29Smllo87RkJ3KltHy7RKVMZry7inLTqCNBAA
uIdew6R5uJhBBrfjmXGyGjba9wtxDPiPoTa9gGAu7w==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEnTCCAwWgAwIBAgIBATANBgkqhkiG9w0BAQsFADA8MRowGAYDVQQKDBFERU1P
MS5GUkVFSVBBLk9SRzEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X
DTIzMDQyMDEzMzM1NFoXDTQzMDQyMDEzMzM1NFowPDEaMBgGA1UECgwRREVNTzEu
RlJFRUlQQS5PUkcxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTCCAaIw
DQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBALLzV665748bW3Da/ZVTZ4BVHrCW
RuuT+7bgT6CZOUMri8F+KuQ6sT+o3hQuyrp4qWn0sU3bO9TCXjkQ4B8uo8ZR3RvR
+2FXENtUQukI4PTXXoKjqJkGrgWVyISfkvNZvsl/bOEtVJ6nh3DBLhYM0HEENccL
0b1SALdntQwGFJfWkRD0FbjBo7CPxePm7L2VViDMY0cYeUdgETcqc9Zw90gUEqTt
keHqPmBkiOUVk09f3qtdoukRqAvx3nKhUu7vHEf+DJJoQtr3ilUXZQZ/6lKkYl9k
mdwjt+9YeCaKV0s7RI4G+25xo1ZSB3IfMMGISGf/0mOyg4LgWyuuDF/ip5+gI46b
Ol85DrhJAfeYoFbjx+zsoY9mn0kiMBnxg+NkvJitsb5EFexXtqfLLeGjFTu2a9rw
bB6mM3GKmMszwif/i9uO/NeK1LlmN6g1vy07HtjQWh2LUa9AbeIp6s1UUcruCGem
FSzLRmcOY4wi0gGm8Vwg9MRtS6sUe7bfM7uPXwIDAQABo4GpMIGmMB8GA1UdIwQY
MBaAFKFAgcvZmgX3tnFhcPQ5i4jZ+xE9MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgHGMB0GA1UdDgQWBBShQIHL2ZoF97ZxYXD0OYuI2fsRPTBDBggrBgEF
BQcBAQQ3MDUwMwYIKwYBBQUHMAGGJ2h0dHA6Ly9pcGEtY2EuZGVtbzEuZnJlZWlw
YS5vcmcvY2Evb2NzcDANBgkqhkiG9w0BAQsFAAOCAYEAH0du998ux4CkH/W9/2l0
GnnHE5GbBBcGd4zEIxxoe0kYm7MKJjXL9gDRZ3RMseEhy0mAX8cixA7xmg/IFgM9
TFHoHbTUNgEzLZtOYl5Qccp48ZV1XLrzfK1DorEH6tgza0X2rNJ7RU25sq9i687Y
S0Tt6W3CNkOnQed7blDbxfZJOq7gvqiTFy09a5OXv2AxpkmRrLwFWd/+4Whbsji1
wiwTD+t7gDTGizqINEsJ3lT+2dDp+mAxPKTd4XiTE4aBPVc4LBxHDnMzqFxa1qzG
v/BL+aa3FkahD/zMm6/B70iApFOFeCrng/1Q7DxUsBWWuzS+oVdm8MEUWtHxANC5
VG91hbzs4jBAig6AY1hGe49oOabkM1IGhp/TIySAaogA4BFS9DNV1TyNZ4Y9PO61
JZHjzfXOLIdSlluwsBJem4Lj6Xdw8epzANA0CVnEQ5R1Aql0uRlSsAuhcsleCYJC
4gbTjx3PDQLm4BUvsNZ62knVDJPvjAX4nOybumpLAVKg
-----END CERTIFICATE-----
'''
70 changes: 70 additions & 0 deletions examples/dynamic-conf/ldapAuth-tls-conf.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,70 @@
http:
middlewares:
my-ldapAuth:
plugin:
ldapAuth:
Enabled: true
LogLevel: "DEBUG"
Url: "ldaps://ipa.demo1.freeipa.org"
Port: 636
BaseDN: "cn=users,cn=accounts,dc=demo1,dc=freeipa,dc=org"
Attribute: "uid"
CertificateAuthority: |-
-----BEGIN CERTIFICATE-----
MIIFWzCCA8OgAwIBAgIBCDANBgkqhkiG9w0BAQsFADA8MRowGAYDVQQKDBFERU1P
MS5GUkVFSVBBLk9SRzEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X
DTIzMDQyMDEzMzYxNFoXDTI1MDQyMDEzMzYxNFowPDEaMBgGA1UECgwRREVNTzEu
RlJFRUlQQS5PUkcxHjAcBgNVBAMMFWlwYS5kZW1vMS5mcmVlaXBhLm9yZzCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMEzBE9i2gqOMM2HKyNnM7Ih5+mv
duVmE5D+5raJtqA1eNZkNrQmSaKwS9cnHGX+2/zSY1FDkZnIhGXySPf0/7fxCuG/
J9MvRlecGnJTWOCvPIVhkvd5PyTKkClmsk4ojx2IwCU6q2nvy0zvSxhhzd2UpOL6
y7fNtS3VBYYZjWNEv0K7F+pGtW40MauGDotsP1zQmyVW5J1IszDDlRgTLC6azdBs
+RP0vYCyKkgh1tpWLYfFnQhNVOlja79QcnlKdvnZu4sFdDSvOqext28mBJuCm8ib
HLnQQcxTqg2jMx8AW2zh9F8sMoEsn/mjDHI41oGGsHeZt3j5a8Ab7jtlz8MCAwEA
AaOCAeYwggHiMB8GA1UdIwQYMBaAFKFAgcvZmgX3tnFhcPQ5i4jZ+xE9MEMGCCsG
AQUFBwEBBDcwNTAzBggrBgEFBQcwAYYnaHR0cDovL2lwYS1jYS5kZW1vMS5mcmVl
aXBhLm9yZy9jYS9vY3NwMA4GA1UdDwEB/wQEAwIE8DAdBgNVHSUEFjAUBggrBgEF
BQcDAQYIKwYBBQUHAwIwfAYDVR0fBHUwczBxoDmgN4Y1aHR0cDovL2lwYS1jYS5k
ZW1vMS5mcmVlaXBhLm9yZy9pcGEvY3JsL01hc3RlckNSTC5iaW6iNKQyMDAxDjAM
BgNVBAoMBWlwYWNhMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHQYD
VR0OBBYEFGsje2irExO4AvvLW6jv2oEkrZfSMIGtBgNVHREEgaUwgaKCFWlwYS5k
ZW1vMS5mcmVlaXBhLm9yZ6A8BgorBgEEAYI3FAIDoC4MLGxkYXAvaXBhLmRlbW8x
LmZyZWVpcGEub3JnQERFTU8xLkZSRUVJUEEuT1JHoEsGBisGAQUCAqBBMD+gExsR
REVNTzEuRlJFRUlQQS5PUkehKDAmoAMCAQGhHzAdGwRsZGFwGxVpcGEuZGVtbzEu
ZnJlZWlwYS5vcmcwDQYJKoZIhvcNAQELBQADggGBADO5SovCVFoVJQOKxrePdh5y
VIQ45UQSjmfXT+FlzbzlX47ejpvdqDKDl0yj5JBUKtKxv3Mj6natUQAVnveRcXlo
mjzEOQsozCaWcCrtnIW8AOny78DjxnSdwPqd/TRV4r2/T2cRndd0GCg6LrQxEdTf
VNKJAMAYin6xmopsarpXwVJVd7YweFUMd7Tu5Tvpde1oubnBtb7ZEGixb6AB200g
lHQroWz6s+a/d7BxsyM0DA5bOk728LqroIJ8m/9xIbnACoyeVdmM5BF/1/cUsX4N
RkRJIfcITNB3zr/4WUldKsM/7bfEA5S0GQUjTd4njt5r7d8j2r6V88maN9ANgXZ4
Vf1RbjmTOw4OovwGXtRu8DkQ4kSqnyd1COelH48EfGxtOYbzqNNgnip+95mmMoFr
3BkxKP8G/lQ3kGOYqBIQ+1ICtvx29Smllo87RkJ3KltHy7RKVMZry7inLTqCNBAA
uIdew6R5uJhBBrfjmXGyGjba9wtxDPiPoTa9gGAu7w==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEnTCCAwWgAwIBAgIBATANBgkqhkiG9w0BAQsFADA8MRowGAYDVQQKDBFERU1P
MS5GUkVFSVBBLk9SRzEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X
DTIzMDQyMDEzMzM1NFoXDTQzMDQyMDEzMzM1NFowPDEaMBgGA1UECgwRREVNTzEu
RlJFRUlQQS5PUkcxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTCCAaIw
DQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBALLzV665748bW3Da/ZVTZ4BVHrCW
RuuT+7bgT6CZOUMri8F+KuQ6sT+o3hQuyrp4qWn0sU3bO9TCXjkQ4B8uo8ZR3RvR
+2FXENtUQukI4PTXXoKjqJkGrgWVyISfkvNZvsl/bOEtVJ6nh3DBLhYM0HEENccL
0b1SALdntQwGFJfWkRD0FbjBo7CPxePm7L2VViDMY0cYeUdgETcqc9Zw90gUEqTt
keHqPmBkiOUVk09f3qtdoukRqAvx3nKhUu7vHEf+DJJoQtr3ilUXZQZ/6lKkYl9k
mdwjt+9YeCaKV0s7RI4G+25xo1ZSB3IfMMGISGf/0mOyg4LgWyuuDF/ip5+gI46b
Ol85DrhJAfeYoFbjx+zsoY9mn0kiMBnxg+NkvJitsb5EFexXtqfLLeGjFTu2a9rw
bB6mM3GKmMszwif/i9uO/NeK1LlmN6g1vy07HtjQWh2LUa9AbeIp6s1UUcruCGem
FSzLRmcOY4wi0gGm8Vwg9MRtS6sUe7bfM7uPXwIDAQABo4GpMIGmMB8GA1UdIwQY
MBaAFKFAgcvZmgX3tnFhcPQ5i4jZ+xE9MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgHGMB0GA1UdDgQWBBShQIHL2ZoF97ZxYXD0OYuI2fsRPTBDBggrBgEF
BQcBAQQ3MDUwMwYIKwYBBQUHMAGGJ2h0dHA6Ly9pcGEtY2EuZGVtbzEuZnJlZWlw
YS5vcmcvY2Evb2NzcDANBgkqhkiG9w0BAQsFAAOCAYEAH0du998ux4CkH/W9/2l0
GnnHE5GbBBcGd4zEIxxoe0kYm7MKJjXL9gDRZ3RMseEhy0mAX8cixA7xmg/IFgM9
TFHoHbTUNgEzLZtOYl5Qccp48ZV1XLrzfK1DorEH6tgza0X2rNJ7RU25sq9i687Y
S0Tt6W3CNkOnQed7blDbxfZJOq7gvqiTFy09a5OXv2AxpkmRrLwFWd/+4Whbsji1
wiwTD+t7gDTGizqINEsJ3lT+2dDp+mAxPKTd4XiTE4aBPVc4LBxHDnMzqFxa1qzG
v/BL+aa3FkahD/zMm6/B70iApFOFeCrng/1Q7DxUsBWWuzS+oVdm8MEUWtHxANC5
VG91hbzs4jBAig6AY1hGe49oOabkM1IGhp/TIySAaogA4BFS9DNV1TyNZ4Y9PO61
JZHjzfXOLIdSlluwsBJem4Lj6Xdw8epzANA0CVnEQ5R1Aql0uRlSsAuhcsleCYJC
4gbTjx3PDQLm4BUvsNZ62knVDJPvjAX4nOybumpLAVKg
-----END CERTIFICATE-----
62 changes: 17 additions & 45 deletions ldapauth.go
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,6 @@ type Config struct {
CacheCookiePath string `json:"cacheCookiePath,omitempty" yaml:"cacheCookiePath,omitempty"`
CacheCookieSecure bool `json:"cacheCookieSecure,omitempty" yaml:"cacheCookieSecure,omitempty"`
CacheKey string `json:"cacheKey,omitempty" yaml:"cacheKey,omitempty"`
UseTLS bool `json:"useTls,omitempty" yaml:"useTls,omitempty"`
StartTLS bool `json:"startTls,omitempty" yaml:"startTls,omitempty"`
CertificateAuthority string `json:"certificateAuthority,omitempty" yaml:"certificateAuthority,omitempty"`
InsecureSkipVerify bool `json:"insecureSkipVerify,omitempty" yaml:"insecureSkipVerify,omitempty"`
Expand Down Expand Up @@ -79,7 +78,6 @@ func CreateConfig() *Config {
CacheCookiePath: "",
CacheCookieSecure: false,
CacheKey: "super-secret-key",
UseTLS: false,
StartTLS: false,
CertificateAuthority: "",
InsecureSkipVerify: false,
Expand Down Expand Up @@ -180,7 +178,7 @@ func (la *LdapAuth) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
certPool.AppendCertsFromPEM([]byte(la.config.CertificateAuthority))
}

conn, err := Connect(la.config.URL, la.config.Port, la.config.UseTLS, la.config.StartTLS, la.config.InsecureSkipVerify, certPool)
conn, err := Connect(la.config.URL, la.config.Port, la.config.StartTLS, la.config.InsecureSkipVerify, certPool)
if err != nil {
LoggerERROR.Printf("%s", err)
RequireAuth(rw, req, la.config, err)
Expand Down Expand Up @@ -399,11 +397,11 @@ func RequireAuth(w http.ResponseWriter, req *http.Request, config *Config, err .
}

// Connect return a LDAP Connection.
func Connect(addr string, port uint16, useTLS bool, startTLS bool, skipVerify bool, ca *x509.CertPool) (*ldap.Conn, error) {
func Connect(addr string, port uint16, startTLS bool, skipVerify bool, ca *x509.CertPool) (*ldap.Conn, error) {
var conn *ldap.Conn = nil
var err error = nil
u, err := url.Parse(addr)

u, err := url.Parse(addr)
if err != nil {
return nil, err
}
Expand All @@ -413,58 +411,32 @@ func Connect(addr string, port uint16, useTLS bool, startTLS bool, skipVerify bo
// we assume that error is due to missing port.
host = u.Host
}
LoggerDEBUG.Printf("Host: %s ", host)

address := net.JoinHostPort(host, strconv.FormatUint(uint64(port), 10))
address := u.Scheme + "://" + net.JoinHostPort(host, strconv.FormatUint(uint64(port), 10))
LoggerDEBUG.Printf("Connect Address: '%s'", address)

LoggerDEBUG.Printf("Connect Address: %s ", address)
tlsCfg := &tls.Config{
InsecureSkipVerify: skipVerify,
ServerName: host,
RootCAs: ca,
}

if useTLS {
tlsCfg := &tls.Config{
InsecureSkipVerify: skipVerify,
ServerName: host,
RootCAs: ca,
}
if startTLS {
conn, err = dial("tcp", address)
if err == nil {
err = conn.StartTLS(tlsCfg)
}
} else {
conn, err = dialTLS("tcp", address, tlsCfg)
if u.Scheme == "ldap" && startTLS {
conn, err = ldap.DialURL(address)
if err == nil {
err = conn.StartTLS(tlsCfg)
}
} else if u.Scheme == "ldaps" {
conn, err = ldap.DialURL(address, ldap.DialWithTLSConfig(tlsCfg))
} else {
conn, err = dial("tcp", address)
conn, err = ldap.DialURL(address)
}

if err != nil {
return nil, err
}

return conn, nil

}

// dial applies connects to the given address on the given network using net.Dial.
func dial(network, addr string) (*ldap.Conn, error) {
c, err := net.Dial(network, addr)
if err != nil {
return nil, err
}
conn := ldap.NewConn(c, false)
conn.Start()
return conn, nil
}

// dialTLS connects to the given address on the given network using tls.Dial.
func dialTLS(network, addr string, config *tls.Config) (*ldap.Conn, error) {
c, err := tls.Dial(network, addr, config)
if err != nil {
return nil, err
}
conn := ldap.NewConn(c, true)
conn.Start()
return conn, nil
}

// SearchMode make search to LDAP and return results.
Expand Down
9 changes: 2 additions & 7 deletions readme.md
Original file line number Diff line number Diff line change
Expand Up @@ -162,15 +162,10 @@ _Optional, Default: `super-secret-key`_

The key used to encrypt session cookie information. You `must` use a strong value here.

##### `useTLS`
_Optional, Default: `false`_

Set to true if LDAP server should use an encrypted TLS connection, either with STARTTLS or LDAPS.

##### `startTLS`
_Optional, Default: `false`_

If set to true, instruct `ldapAuth` to issue a `StartTLS` request when initializing the connection with the LDAP server. This is not used if the `useTLS` option is set to `false`.
If set to true, instruct `ldapAuth` to issue a `StartTLS` request when initializing the connection with the LDAP server.

##### `certificateAuthority`
_Optional, Default: `""`_
Expand Down Expand Up @@ -199,7 +194,7 @@ Example:
##### `insecureSkipVerify`
_Optional, Default: `false`_

When `useTLS` is enabled, the connection to the LDAP server is verified to be secure. This option allows `ldapAuth` to proceed and operate even for server connections otherwise considered insecure.
When connecting to a `ldaps` server or `startTLS` is enabled, the connection to the LDAP server is verified to be secure. This option allows `ldapAuth` to proceed and operate even for server connections otherwise considered insecure.

##### `attribute`

Expand Down

0 comments on commit 946801a

Please sign in to comment.