From 1c55b7d3287e56d425104f68cdbeed30b507005c Mon Sep 17 00:00:00 2001 From: Michael Aldridge Date: Sun, 23 Aug 2020 19:35:21 -0700 Subject: [PATCH] main: Allow serving TLS connections --- internal/ldap/ldap.go | 10 ++++++++++ internal/ldap/search.go | 2 +- main.go | 25 ++++++++++++++++++++++++- 3 files changed, 35 insertions(+), 2 deletions(-) diff --git a/internal/ldap/ldap.go b/internal/ldap/ldap.go index 46771bb..7731c0e 100644 --- a/internal/ldap/ldap.go +++ b/internal/ldap/ldap.go @@ -41,6 +41,16 @@ func (s *server) Serve(bind string) error { return nil } +// ServeTLS serves a TLS encrypted DSA on the provided bindstring +// using a key/cert pair located at the paths provided. Key and +// certificate should be PEM encoded. +func (s *server) ServeTLS(bind, keypath, certpath string) error { + chErr := make(chan error) + go s.ListenAndServeTLS(bind, certpath, keypath, chErr) + if err := <-chErr; err != nil { + s.l.Error("Error from main server thread", "error", err) + return err + } return nil } diff --git a/internal/ldap/search.go b/internal/ldap/search.go index 48b36e5..24a6dc4 100644 --- a/internal/ldap/search.go +++ b/internal/ldap/search.go @@ -1,9 +1,9 @@ package ldap import ( - "fmt" "context" "errors" + "fmt" "strconv" "strings" diff --git a/main.go b/main.go index b139e5d..14c51c2 100644 --- a/main.go +++ b/main.go @@ -4,6 +4,7 @@ import ( "log" "os" "os/signal" + "strings" "syscall" "github.com/hashicorp/go-hclog" @@ -56,7 +57,29 @@ func main() { ls.SetDomain(viper.GetString("ldap.domain")) - if err := ls.Serve(viper.GetString("ldap.bind")); err != nil { + if !viper.GetBool("ldap.tls") { + if !strings.HasPrefix(viper.GetString("ldap.bind"), "localhost") { + appLogger.Warn("===================================================================") + appLogger.Warn(" WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING ") + appLogger.Warn("===================================================================") + appLogger.Warn("") + appLogger.Warn("You are launching this server in plaintext mode! This is allowable") + appLogger.Warn("advisable when bound to localhost, and the bind configuration has") + appLogger.Warn("been detected as not being bound to localhost.") + appLogger.Warn("") + appLogger.Warn("===================================================================") + appLogger.Warn(" WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING ") + appLogger.Warn("===================================================================") + } + err = ls.Serve(viper.GetString("ldap.bind")) + } else { + err = ls.ServeTLS( + viper.GetString("ldap.bind"), + viper.GetString("ldap.key"), + viper.GetString("ldap.cert"), + ) + } + if err != nil { appLogger.Error("Error serving", "error", err) return }