This is an automated email from the ASF dual-hosted git repository.

rob pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-trafficcontrol.git

commit edc1f896cd5dfb89403789b529842a1e06af3818
Author: Dylan Volz <dylan_v...@comcast.com>
AuthorDate: Wed Mar 14 13:48:59 2018 -0600

    move more ldap options to the ldap config and refactor connection logic
---
 traffic_ops/app/conf/development/ldap.conf      |  9 +++++
 traffic_ops/app/conf/integration/ldap.conf      |  9 +++++
 traffic_ops/app/conf/production/ldap.conf       |  9 +++++
 traffic_ops/app/conf/test/ldap.conf             |  9 +++++
 traffic_ops/traffic_ops_golang/auth/ldap.go     | 48 ++++++++++++++++++++++---
 traffic_ops/traffic_ops_golang/config/config.go | 11 +++---
 6 files changed, 86 insertions(+), 9 deletions(-)

diff --git a/traffic_ops/app/conf/development/ldap.conf 
b/traffic_ops/app/conf/development/ldap.conf
new file mode 100644
index 0000000..9224ae2
--- /dev/null
+++ b/traffic_ops/app/conf/development/ldap.conf
@@ -0,0 +1,9 @@
+{
+   "admin_pass" : "password",
+   "search_base" : "dc=prefix,dc=domain,dc=suffix",
+   "admin_dn" : "user@prefix.domain.suffix",
+   "host" : "ldaps://host:[port]",
+   "search_query" : 
"(&(objectCategory=person)(objectClass=user)(userName=%s))",
+   "verify_tls" : "true",
+   "ldap_timeout_secs" : 20
+}
diff --git a/traffic_ops/app/conf/integration/ldap.conf 
b/traffic_ops/app/conf/integration/ldap.conf
new file mode 100644
index 0000000..9224ae2
--- /dev/null
+++ b/traffic_ops/app/conf/integration/ldap.conf
@@ -0,0 +1,9 @@
+{
+   "admin_pass" : "password",
+   "search_base" : "dc=prefix,dc=domain,dc=suffix",
+   "admin_dn" : "user@prefix.domain.suffix",
+   "host" : "ldaps://host:[port]",
+   "search_query" : 
"(&(objectCategory=person)(objectClass=user)(userName=%s))",
+   "verify_tls" : "true",
+   "ldap_timeout_secs" : 20
+}
diff --git a/traffic_ops/app/conf/production/ldap.conf 
b/traffic_ops/app/conf/production/ldap.conf
new file mode 100644
index 0000000..9224ae2
--- /dev/null
+++ b/traffic_ops/app/conf/production/ldap.conf
@@ -0,0 +1,9 @@
+{
+   "admin_pass" : "password",
+   "search_base" : "dc=prefix,dc=domain,dc=suffix",
+   "admin_dn" : "user@prefix.domain.suffix",
+   "host" : "ldaps://host:[port]",
+   "search_query" : 
"(&(objectCategory=person)(objectClass=user)(userName=%s))",
+   "verify_tls" : "true",
+   "ldap_timeout_secs" : 20
+}
diff --git a/traffic_ops/app/conf/test/ldap.conf 
b/traffic_ops/app/conf/test/ldap.conf
new file mode 100644
index 0000000..9224ae2
--- /dev/null
+++ b/traffic_ops/app/conf/test/ldap.conf
@@ -0,0 +1,9 @@
+{
+   "admin_pass" : "password",
+   "search_base" : "dc=prefix,dc=domain,dc=suffix",
+   "admin_dn" : "user@prefix.domain.suffix",
+   "host" : "ldaps://host:[port]",
+   "search_query" : 
"(&(objectCategory=person)(objectClass=user)(userName=%s))",
+   "verify_tls" : "true",
+   "ldap_timeout_secs" : 20
+}
diff --git a/traffic_ops/traffic_ops_golang/auth/ldap.go 
b/traffic_ops/traffic_ops_golang/auth/ldap.go
index 1903505..487d2ab 100644
--- a/traffic_ops/traffic_ops_golang/auth/ldap.go
+++ b/traffic_ops/traffic_ops_golang/auth/ldap.go
@@ -4,17 +4,56 @@ import (
        "crypto/tls"
        "errors"
        "fmt"
+       "time"
 
        "github.com/apache/incubator-trafficcontrol/lib/go-log"
        
"github.com/apache/incubator-trafficcontrol/traffic_ops/traffic_ops_golang/config"
 
+       "strings"
+
        "gopkg.in/ldap.v2"
 )
 
+var defaultSet bool
+
+func setLdapTimeoutDefault(duration time.Duration) {
+       if !defaultSet {
+               ldap.DefaultTimeout = duration
+               defaultSet = true
+       }
+}
+
+const (
+       LDAPWithTLS = "ldaps://"
+       LDAPNoTLS   = "ldap://";
+)
+
+func ConnectToLDAP(cfg *config.ConfigLDAP) (*ldap.Conn, error) {
+       setLdapTimeoutDefault(time.Duration(cfg.LDAPTimeoutSecs) * time.Second)
+       host := strings.ToLower(cfg.Host)
+       var l *ldap.Conn
+       var err error
+       if strings.HasPrefix(host, LDAPWithTLS) {
+               host = strings.TrimPrefix(host, LDAPWithTLS)
+               l, err = ldap.DialTLS("tcp", host, 
&tls.Config{InsecureSkipVerify: cfg.Insecure, ServerName: strings.Split(host, 
":")[0]})
+               if err != nil {
+                       log.Errorln("error dialing tls")
+                       return nil, err
+               }
+       } else if strings.HasPrefix(host, LDAPNoTLS) {
+               host = strings.TrimPrefix(host, LDAPNoTLS)
+               l, err = ldap.Dial("tcp", host)
+               if err != nil {
+                       log.Errorln("error dialing")
+                       return nil, err
+               }
+       }
+       return l, nil
+}
+
 func LookupUserDN(username string, cfg *config.ConfigLDAP) (string, bool, 
error) {
-       l, err := ldap.DialTLS("tcp", cfg.Host, &tls.Config{InsecureSkipVerify: 
true})
+       l, err := ConnectToLDAP(cfg)
        if err != nil {
-               log.Errorln("error dialing tls")
                return "", false, err
        }
        defer l.Close()
@@ -29,7 +68,7 @@ func LookupUserDN(username string, cfg *config.ConfigLDAP) 
(string, bool, error)
        searchRequest := ldap.NewSearchRequest(
                cfg.SearchBase,
                ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
-               
fmt.Sprintf("(&(objectCategory=person)(objectClass=user)(sAMAccountName=%s))", 
username),
+               fmt.Sprintf(cfg.SearchQuery, username),
                []string{"dn"},
                nil,
        )
@@ -48,9 +87,8 @@ func LookupUserDN(username string, cfg *config.ConfigLDAP) 
(string, bool, error)
 }
 
 func AuthenticateUserDN(userDN string, password string, cfg 
*config.ConfigLDAP) (bool, error) {
-       l, err := ldap.DialTLS("tcp", cfg.Host, &tls.Config{InsecureSkipVerify: 
true})
+       l, err := ConnectToLDAP(cfg)
        if err != nil {
-               log.Errorln("error dialing tls")
                return false, err
        }
        defer l.Close()
diff --git a/traffic_ops/traffic_ops_golang/config/config.go 
b/traffic_ops/traffic_ops_golang/config/config.go
index 4864845..ca1f053 100644
--- a/traffic_ops/traffic_ops_golang/config/config.go
+++ b/traffic_ops/traffic_ops_golang/config/config.go
@@ -87,10 +87,13 @@ type ConfigDatabase struct {
 }
 
 type ConfigLDAP struct {
-       AdminPass  string `json:"admin_pass"`
-       SearchBase string `json:"search_base"`
-       AdminDN    string `json:"admin_dn"`
-       Host       string `json:"host"`
+       AdminPass       string `json:"admin_pass"`
+       SearchBase      string `json:"search_base"`
+       AdminDN         string `json:"admin_dn"`
+       Host            string `json:"host"`
+       SearchQuery     string `json:"search_query"`
+       Insecure        bool   `json:"insecure"`
+       LDAPTimeoutSecs int    `json:"ldap_timeout_secs"`
 }
 
 // ErrorLog - critical messages

-- 
To stop receiving notification emails like this one, please contact
r...@apache.org.

Reply via email to