Skip to content

Commit 49105ce

Browse files
RycochetRycochet
authored
feat: add ldap bind password file (#929)
1 parent 57c5735 commit 49105ce

2 files changed

Lines changed: 15 additions & 9 deletions

File tree

internal/model/config.go

Lines changed: 10 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -178,15 +178,16 @@ type UIConfig struct {
178178
}
179179

180180
type LDAPConfig struct {
181-
Address string `description:"LDAP server address." yaml:"address"`
182-
BindDN string `description:"Bind DN for LDAP authentication." yaml:"bindDn"`
183-
BindPassword string `description:"Bind password for LDAP authentication." yaml:"bindPassword"`
184-
BaseDN string `description:"Base DN for LDAP searches." yaml:"baseDn"`
185-
Insecure bool `description:"Allow insecure LDAP connections." yaml:"insecure"`
186-
SearchFilter string `description:"LDAP search filter." yaml:"searchFilter"`
187-
AuthCert string `description:"Certificate for mTLS authentication." yaml:"authCert"`
188-
AuthKey string `description:"Certificate key for mTLS authentication." yaml:"authKey"`
189-
GroupCacheTTL int `description:"Cache duration for LDAP group membership in seconds." yaml:"groupCacheTTL"`
181+
Address string `description:"LDAP server address." yaml:"address"`
182+
BindDN string `description:"Bind DN for LDAP authentication." yaml:"bindDn"`
183+
BindPassword string `description:"Bind password for LDAP authentication." yaml:"bindPassword"`
184+
BindPasswordFile string `description:"Path to the Bind password." yaml:"bindPasswordFile"`
185+
BaseDN string `description:"Base DN for LDAP searches." yaml:"baseDn"`
186+
Insecure bool `description:"Allow insecure LDAP connections." yaml:"insecure"`
187+
SearchFilter string `description:"LDAP search filter." yaml:"searchFilter"`
188+
AuthCert string `description:"Certificate for mTLS authentication." yaml:"authCert"`
189+
AuthKey string `description:"Certificate key for mTLS authentication." yaml:"authKey"`
190+
GroupCacheTTL int `description:"Cache duration for LDAP group membership in seconds." yaml:"groupCacheTTL"`
190191
}
191192

192193
type LogConfig struct {

internal/service/ldap_service.go

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@ import (
1111
ldapgo "github.com/go-ldap/ldap/v3"
1212
"github.com/steveiliop56/ding"
1313
"github.com/tinyauthapp/tinyauth/internal/model"
14+
"github.com/tinyauthapp/tinyauth/internal/utils"
1415
"github.com/tinyauthapp/tinyauth/internal/utils/logger"
1516
)
1617

@@ -32,6 +33,10 @@ func NewLdapService(
3233
return nil, nil
3334
}
3435

36+
secret := utils.GetSecret(config.LDAP.BindPassword, config.LDAP.BindPasswordFile)
37+
config.LDAP.BindPassword = secret
38+
config.LDAP.BindPasswordFile = ""
39+
3540
ldap := &LdapService{
3641
log: log,
3742
config: config,

0 commit comments

Comments
 (0)