forked from openshift/origin
-
Notifications
You must be signed in to change notification settings - Fork 0
/
client.go
80 lines (68 loc) · 2.07 KB
/
client.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
package ldaputil
import (
"crypto/tls"
"fmt"
"net"
"github.com/go-ldap/ldap"
)
// NewLDAPClientConfig returns a new LDAPClientConfig
func NewLDAPClientConfig(url LDAPURL, insecure bool, tlsConfig *tls.Config) LDAPClientConfig {
return LDAPClientConfig{
Scheme: url.Scheme,
Host: url.Host,
Insecure: insecure,
TLSConfig: tlsConfig,
}
}
// LDAPClientConfig holds information for connecting to an LDAP server
type LDAPClientConfig struct {
// Scheme is ldap or ldaps
Scheme Scheme
// Host is the host:port of the LDAP server
Host string
// Insecure specifies if TLS is required for the connection. If true, either an ldap://... URL or
// StartTLS must be supported by the server
Insecure bool
// TLSConfig holds the TLS options. Only used when Insecure=false
TLSConfig *tls.Config
}
// Connect returns an established LDAP connection, or an error if the connection could not be made
// (or successfully upgraded to TLS). If no error is returned, the caller is responsible for closing
// the connection
func (l *LDAPClientConfig) Connect() (*ldap.Conn, error) {
tlsConfig := l.TLSConfig
// Ensure tlsConfig specifies the server we're connecting to
if tlsConfig != nil && !tlsConfig.InsecureSkipVerify && len(tlsConfig.ServerName) == 0 {
// Add to a copy of the tlsConfig to avoid mutating the original
c := *tlsConfig
if host, _, err := net.SplitHostPort(l.Host); err == nil {
c.ServerName = host
} else {
c.ServerName = l.Host
}
tlsConfig = &c
}
switch l.Scheme {
case SchemeLDAP:
con, err := ldap.Dial("tcp", l.Host)
if err != nil {
return nil, err
}
// If an insecure connection is desired, we're done
if l.Insecure {
return con, nil
}
// Attempt to upgrade to TLS
if err := con.StartTLS(tlsConfig); err != nil {
// We're returning an error on a successfully opened connection
// We are responsible for closing the open connection
con.Close()
return nil, err
}
return con, nil
case SchemeLDAPS:
return ldap.DialTLS("tcp", l.Host, tlsConfig)
default:
return nil, fmt.Errorf("unsupported scheme %q", l.Scheme)
}
}