luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity

ldap: fixing merge conflict

Browse source
This commit is contained in:
Armon Dadgar 2015-06-30 09:40:43 -07:00
parent 5aa4537389 c0e1843263
commit b1f7e2f0ea
1 changed files with 27 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
builtin/credential/ldap/path_config.go
View file

@ -7,9 +7,9 @@ import (
"net/url" "net/url"
"strings" "strings"
"github.com/go-ldap/ldap"
"github.com/hashicorp/vault/logical" "github.com/hashicorp/vault/logical"
"github.com/hashicorp/vault/logical/framework" "github.com/hashicorp/vault/logical/framework"
"github.com/go-ldap/ldap"
) )
func pathConfig(b *backend) *framework.Path { func pathConfig(b *backend) *framework.Path {
@ -32,6 +32,10 @@ func pathConfig(b *backend) *framework.Path {
Type: framework.TypeString, Type: framework.TypeString,
Description: "Attribute used for users (default: cn)", Description: "Attribute used for users (default: cn)",
}, },
"insecure_tls": &framework.FieldSchema{
Type: framework.TypeBool,
Description: "Skip LDAP server SSL Certificate verification - VERY insecure",
},
}, },
Callbacks: map[logical.Operation]framework.OperationFunc{ Callbacks: map[logical.Operation]framework.OperationFunc{
@ -73,10 +77,11 @@ func (b *backend) pathConfigRead(
return &logical.Response{ return &logical.Response{
Data: map[string]interface{}{ Data: map[string]interface{}{
"url": cfg.Url, "url": cfg.Url,
"userdn": cfg.UserDN, "userdn": cfg.UserDN,
"groupdn": cfg.GroupDN, "groupdn": cfg.GroupDN,
"userattr": cfg.UserAttr, "userattr": cfg.UserAttr,
"insecure_tls": cfg.InsecureTLS,
}, },
}, nil }, nil
} }
@ -101,6 +106,10 @@ func (b *backend) pathConfigWrite(
if groupdn != "" { if groupdn != "" {
cfg.GroupDN = groupdn cfg.GroupDN = groupdn
} }
insecureTLS := d.Get("insecure_tls").(bool)
if insecureTLS {
cfg.InsecureTLS = insecureTLS
}
// Try to connect to the LDAP server, to validate the URL configuration // Try to connect to the LDAP server, to validate the URL configuration
// We can also check the URL at this stage, as anything else would probably // We can also check the URL at this stage, as anything else would probably
@ -123,10 +132,11 @@ func (b *backend) pathConfigWrite(
} }
type ConfigEntry struct { type ConfigEntry struct {
Url string Url string
UserDN string UserDN string
GroupDN string GroupDN string
UserAttr string UserAttr string
InsecureTLS bool
} }
func (c *ConfigEntry) DialLDAP() (*ldap.Conn, error) { func (c *ConfigEntry) DialLDAP() (*ldap.Conn, error) {
@ -151,8 +161,14 @@ func (c *ConfigEntry) DialLDAP() (*ldap.Conn, error) {
if port == "" { if port == "" {
port = "636" port = "636"
} }
conn, err = ldap.DialTLS( tlsConfig := tls.Config{
"tcp", host+":"+port, &tls.Config{ServerName: host}) ServerName: host,
InsecureSkipVerify: false,
}
if c.InsecureTLS {
tlsConfig.InsecureSkipVerify = true
}
conn, err = ldap.DialTLS("tcp", host+":"+port, &tlsConfig)
default: default:
return nil, fmt.Errorf("invalid LDAP scheme") return nil, fmt.Errorf("invalid LDAP scheme")
} }