ldap: fixing merge conflict

This commit is contained in:
Armon Dadgar 2015-06-30 09:40:43 -07:00
commit b1f7e2f0ea

View file

@ -7,9 +7,9 @@ import (
"net/url"
"strings"
"github.com/go-ldap/ldap"
"github.com/hashicorp/vault/logical"
"github.com/hashicorp/vault/logical/framework"
"github.com/go-ldap/ldap"
)
func pathConfig(b *backend) *framework.Path {
@ -32,6 +32,10 @@ func pathConfig(b *backend) *framework.Path {
Type: framework.TypeString,
Description: "Attribute used for users (default: cn)",
},
"insecure_tls": &framework.FieldSchema{
Type: framework.TypeBool,
Description: "Skip LDAP server SSL Certificate verification - VERY insecure",
},
},
Callbacks: map[logical.Operation]framework.OperationFunc{
@ -73,10 +77,11 @@ func (b *backend) pathConfigRead(
return &logical.Response{
Data: map[string]interface{}{
"url": cfg.Url,
"userdn": cfg.UserDN,
"groupdn": cfg.GroupDN,
"userattr": cfg.UserAttr,
"url": cfg.Url,
"userdn": cfg.UserDN,
"groupdn": cfg.GroupDN,
"userattr": cfg.UserAttr,
"insecure_tls": cfg.InsecureTLS,
},
}, nil
}
@ -101,6 +106,10 @@ func (b *backend) pathConfigWrite(
if groupdn != "" {
cfg.GroupDN = groupdn
}
insecureTLS := d.Get("insecure_tls").(bool)
if insecureTLS {
cfg.InsecureTLS = insecureTLS
}
// Try to connect to the LDAP server, to validate the URL configuration
// We can also check the URL at this stage, as anything else would probably
@ -123,10 +132,11 @@ func (b *backend) pathConfigWrite(
}
type ConfigEntry struct {
Url string
UserDN string
GroupDN string
UserAttr string
Url string
UserDN string
GroupDN string
UserAttr string
InsecureTLS bool
}
func (c *ConfigEntry) DialLDAP() (*ldap.Conn, error) {
@ -151,8 +161,14 @@ func (c *ConfigEntry) DialLDAP() (*ldap.Conn, error) {
if port == "" {
port = "636"
}
conn, err = ldap.DialTLS(
"tcp", host+":"+port, &tls.Config{ServerName: host})
tlsConfig := tls.Config{
ServerName: host,
InsecureSkipVerify: false,
}
if c.InsecureTLS {
tlsConfig.InsecureSkipVerify = true
}
conn, err = ldap.DialTLS("tcp", host+":"+port, &tlsConfig)
default:
return nil, fmt.Errorf("invalid LDAP scheme")
}