Skip to content

Commit

Permalink
backport of commit d5584b6 (#20217)
Browse files Browse the repository at this point in the history
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
  • Loading branch information
1 parent fc83ff2 commit 6f95541
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 17 deletions.
25 changes: 18 additions & 7 deletions sdk/helper/ldaputil/client.go
Original file line number Diff line number Diff line change
Expand Up @@ -29,11 +29,6 @@ func (c *Client) DialLDAP(cfg *ConfigEntry) (Connection, error) {
var conn Connection
urls := strings.Split(cfg.Url, ",")

// Default timeout in the pacakge is 60 seconds, which we default to on our
// end. This is useful if you want to take advantage of the URL list to increase
// availability of LDAP.
ldap.DefaultTimeout = time.Duration(cfg.ConnectionTimeout) * time.Second

for _, uut := range urls {
u, err := url.Parse(uut)
if err != nil {
Expand All @@ -46,12 +41,20 @@ func (c *Client) DialLDAP(cfg *ConfigEntry) (Connection, error) {
}

var tlsConfig *tls.Config
dialer := net.Dialer{
Timeout: time.Duration(cfg.ConnectionTimeout) * time.Second,
}

switch u.Scheme {
case "ldap":
if port == "" {
port = "389"
}
conn, err = c.LDAP.Dial("tcp", net.JoinHostPort(host, port))

fullAddr := fmt.Sprintf("%s://%s", u.Scheme, net.JoinHostPort(host, port))
opt := ldap.DialWithDialer(&dialer)

conn, err = c.LDAP.DialURL(fullAddr, opt)
if err != nil {
break
}
Expand All @@ -74,7 +77,15 @@ func (c *Client) DialLDAP(cfg *ConfigEntry) (Connection, error) {
if err != nil {
break
}
conn, err = c.LDAP.DialTLS("tcp", net.JoinHostPort(host, port), tlsConfig)

fullAddr := fmt.Sprintf("%s://%s", u.Scheme, net.JoinHostPort(host, port))
opt := ldap.DialWithDialer(&dialer)
tls := ldap.DialWithTLSConfig(tlsConfig)

conn, err = c.LDAP.DialURL(fullAddr, opt, tls)
if err != nil {
break
}
default:
retErr = multierror.Append(retErr, fmt.Errorf("invalid LDAP scheme in url %q", net.JoinHostPort(host, port)))
continue
Expand Down
13 changes: 3 additions & 10 deletions sdk/helper/ldaputil/ldap.go
Original file line number Diff line number Diff line change
@@ -1,8 +1,6 @@
package ldaputil

import (
"crypto/tls"

"github.com/go-ldap/ldap/v3"
)

Expand All @@ -13,16 +11,11 @@ func NewLDAP() LDAP {
// LDAP provides ldap functionality, but through an interface
// rather than statically. This allows faking it for tests.
type LDAP interface {
Dial(network, addr string) (Connection, error)
DialTLS(network, addr string, config *tls.Config) (Connection, error)
DialURL(addr string, opts ...ldap.DialOpt) (Connection, error)
}

type ldapIfc struct{}

func (l *ldapIfc) Dial(network, addr string) (Connection, error) {
return ldap.Dial(network, addr)
}

func (l *ldapIfc) DialTLS(network, addr string, config *tls.Config) (Connection, error) {
return ldap.DialTLS(network, addr, config)
func (l *ldapIfc) DialURL(addr string, opts ...ldap.DialOpt) (Connection, error) {
return ldap.DialURL(addr, opts...)
}

0 comments on commit 6f95541

Please sign in to comment.