main: Allow serving TLS connections

2020-08-23 19:35:21 -07:00 · 2020-08-23 19:35:21 -07:00 · 1c55b7d328
parent 6d4b4de38a
commit 1c55b7d328
3 changed files with 35 additions and 2 deletions
--- a/internal/ldap/ldap.go
+++ b/internal/ldap/ldap.go
@ -41,6 +41,16 @@ func (s *server) Serve(bind string) error {
 	return nil
 }

+// ServeTLS serves a TLS encrypted DSA on the provided bindstring
+// using a key/cert pair located at the paths provided.  Key and
+// certificate should be PEM encoded.
+func (s *server) ServeTLS(bind, keypath, certpath string) error {
+	chErr := make(chan error)
+	go s.ListenAndServeTLS(bind, certpath, keypath, chErr)
+	if err := <-chErr; err != nil {
+		s.l.Error("Error from main server thread", "error", err)
+		return err
+	}
 	return nil
 }

--- a/internal/ldap/search.go
+++ b/internal/ldap/search.go
@ -1,9 +1,9 @@
 package ldap

 import (
-	"fmt"
 	"context"
 	"errors"
+	"fmt"
 	"strconv"
 	"strings"

--- a/main.go
+++ b/main.go
@ -4,6 +4,7 @@ import (
 	"log"
 	"os"
 	"os/signal"
+	"strings"
 	"syscall"

 	"github.com/hashicorp/go-hclog"
@ -56,7 +57,29 @@ func main() {

 	ls.SetDomain(viper.GetString("ldap.domain"))

-	if err := ls.Serve(viper.GetString("ldap.bind")); err != nil {
+	if !viper.GetBool("ldap.tls") {
+		if !strings.HasPrefix(viper.GetString("ldap.bind"), "localhost") {
+			appLogger.Warn("===================================================================")
+			appLogger.Warn("  WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING  ")
+			appLogger.Warn("===================================================================")
+			appLogger.Warn("")
+			appLogger.Warn("You are launching this server in plaintext mode!  This is allowable")
+			appLogger.Warn("advisable when bound to localhost, and the bind configuration has")
+			appLogger.Warn("been detected as not being bound to localhost.")
+			appLogger.Warn("")
+			appLogger.Warn("===================================================================")
+			appLogger.Warn("  WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING  ")
+			appLogger.Warn("===================================================================")
+		}
+		err = ls.Serve(viper.GetString("ldap.bind"))
+	} else {
+		err = ls.ServeTLS(
+			viper.GetString("ldap.bind"),
+			viper.GetString("ldap.key"),
+			viper.GetString("ldap.cert"),
+		)
+	}
+	if err != nil {
 		appLogger.Error("Error serving", "error", err)
 		return
 	}