Feat/ldap certificate connexion (#92)

* Give the way to connect against LDAP server with certificate and key * fix(ldap) Update cert variable name In order to be more explicit Co-authored-by: Alexis Aurin <alexis@so6.pw>
2025-12-15 11:06:17 +00:00 · 2022-03-15 22:46:00 +01:00
parent 5d4d06db81
commit cc50fcf8e6
4 changed files with 75 additions and 16 deletions
--- a/internal/ldap/ldap.go
+++ b/internal/ldap/ldap.go
@@ -2,6 +2,7 @@ package ldap

 import (
 	"crypto/tls"
+	"io/ioutil"

 	"github.com/go-ldap/ldap/v3"
 	"github.com/pkg/errors"
@@ -14,7 +15,33 @@ type RawLdapData struct {
 }

 func Open(cfg *Config) (*ldap.Conn, error) {
-	tlsConfig := &tls.Config{InsecureSkipVerify: !cfg.CertValidation}
+	var tlsConfig *tls.Config
+
+	if cfg.LdapCertConn {
+
+		cert_plain, err := ioutil.ReadFile(cfg.LdapTlsCert)
+		if err != nil {
+			return nil, errors.WithMessage(err, "failed to load the certificate")
+
+		}
+
+		key, err := ioutil.ReadFile(cfg.LdapTlsKey)
+		if err != nil {
+			return nil, errors.WithMessage(err, "failed to load the key")
+		}
+
+		cert_x509, err := tls.X509KeyPair(cert_plain, key)
+		if err != nil {
+			return nil, errors.WithMessage(err, "failed X509")
+
+		}
+		tlsConfig = &tls.Config{Certificates: []tls.Certificate{cert_x509}}
+
+	} else {
+
+		tlsConfig = &tls.Config{InsecureSkipVerify: !cfg.CertValidation}
+	}
+
 	conn, err := ldap.DialURL(cfg.URL, ldap.DialWithTLSConfig(tlsConfig))
 	if err != nil {
 		return nil, errors.Wrap(err, "failed to connect to LDAP")