| 57 | } |
| 58 | |
| 59 | func (ldap *LdapService) Init() error { |
| 60 | if ldap.config.Address == "" { |
| 61 | ldap.isConfigured = false |
| 62 | return nil |
| 63 | } |
| 64 | |
| 65 | ldap.isConfigured = true |
| 66 | |
| 67 | // Check whether authentication with client certificate is possible |
| 68 | if ldap.config.AuthCert != "" && ldap.config.AuthKey != "" { |
| 69 | cert, err := tls.LoadX509KeyPair(ldap.config.AuthCert, ldap.config.AuthKey) |
| 70 | if err != nil { |
| 71 | return fmt.Errorf("failed to initialize LDAP with mTLS authentication: %w", err) |
| 72 | } |
| 73 | ldap.cert = &cert |
| 74 | tlog.App.Info().Msg("Using LDAP with mTLS authentication") |
| 75 | |
| 76 | // TODO: Add optional extra CA certificates, instead of `InsecureSkipVerify` |
| 77 | /* |
| 78 | caCert, _ := ioutil.ReadFile(*caFile) |
| 79 | caCertPool := x509.NewCertPool() |
| 80 | caCertPool.AppendCertsFromPEM(caCert) |
| 81 | tlsConfig := &tls.Config{ |
| 82 | ... |
| 83 | RootCAs: caCertPool, |
| 84 | } |
| 85 | */ |
| 86 | } |
| 87 | _, err := ldap.connect() |
| 88 | if err != nil { |
| 89 | return fmt.Errorf("failed to connect to LDAP server: %w", err) |
| 90 | } |
| 91 | |
| 92 | go func() { |
| 93 | for range time.Tick(time.Duration(5) * time.Minute) { |
| 94 | err := ldap.heartbeat() |
| 95 | if err != nil { |
| 96 | tlog.App.Error().Err(err).Msg("LDAP connection heartbeat failed") |
| 97 | if reconnectErr := ldap.reconnect(); reconnectErr != nil { |
| 98 | tlog.App.Error().Err(reconnectErr).Msg("Failed to reconnect to LDAP server") |
| 99 | continue |
| 100 | } |
| 101 | tlog.App.Info().Msg("Successfully reconnected to LDAP server") |
| 102 | } |
| 103 | } |
| 104 | }() |
| 105 | |
| 106 | return nil |
| 107 | } |
| 108 | |
| 109 | func (ldap *LdapService) connect() (*ldapgo.Conn, error) { |
| 110 | ldap.mutex.Lock() |