()
| 107 | } |
| 108 | |
| 109 | func (ldap *LdapService) connect() (*ldapgo.Conn, error) { |
| 110 | ldap.mutex.Lock() |
| 111 | defer ldap.mutex.Unlock() |
| 112 | |
| 113 | var conn *ldapgo.Conn |
| 114 | var err error |
| 115 | |
| 116 | // TODO: There's also STARTTLS (or SASL)-based mTLS authentication |
| 117 | // scenario, where we first connect to plain text port (389) and |
| 118 | // continue with a STARTTLS negotiation: |
| 119 | // 1. conn = ldap.DialURL("ldap://ldap.example.com:389") |
| 120 | // 2. conn.StartTLS(tlsConfig) |
| 121 | // 3. conn.externalBind() |
| 122 | if ldap.cert != nil { |
| 123 | conn, err = ldapgo.DialURL(ldap.config.Address, ldapgo.DialWithTLSConfig(&tls.Config{ |
| 124 | MinVersion: tls.VersionTLS12, |
| 125 | Certificates: []tls.Certificate{*ldap.cert}, |
| 126 | })) |
| 127 | } else { |
| 128 | conn, err = ldapgo.DialURL(ldap.config.Address, ldapgo.DialWithTLSConfig(&tls.Config{ |
| 129 | InsecureSkipVerify: ldap.config.Insecure, |
| 130 | MinVersion: tls.VersionTLS12, |
| 131 | })) |
| 132 | } |
| 133 | if err != nil { |
| 134 | return nil, err |
| 135 | } |
| 136 | |
| 137 | ldap.conn = conn |
| 138 | |
| 139 | err = ldap.BindService(false) |
| 140 | if err != nil { |
| 141 | return nil, err |
| 142 | } |
| 143 | return ldap.conn, nil |
| 144 | } |
| 145 | |
| 146 | func (ldap *LdapService) GetUserDN(username string) (string, error) { |
| 147 | // Escape the username to prevent LDAP injection |
no test coverage detected