upstreamldap.New() now supports a StartTLS config option

- This enhances our LDAP client code to make it possible to optionally dial an LDAP server without TLS and then use StartTLS to upgrade the connection to TLS. - The controller for LDAPIdentityProviders is not using this option yet. That will come in a future commit.
2026-01-07 14:05:50 +00:00 · 2021-05-19 17:17:44 -07:00
parent 94d6b76958
commit 025b37f839
5 changed files with 332 additions and 73 deletions
--- a/internal/controller/supervisorconfig/ldapupstreamwatcher/ldap_upstream_watcher.go
+++ b/internal/controller/supervisorconfig/ldapupstreamwatcher/ldap_upstream_watcher.go
@@ -152,8 +152,9 @@ func (c *ldapWatcherController) validateUpstream(ctx context.Context, upstream *
 	spec := upstream.Spec

 	config := &upstreamldap.ProviderConfig{
-		Name: upstream.Name,
-		Host: spec.Host,
+		Name:               upstream.Name,
+		Host:               spec.Host,
+		ConnectionProtocol: upstreamldap.TLS,
 		UserSearch: upstreamldap.UserSearchConfig{
 			Base:              spec.UserSearch.Base,
 			Filter:            spec.UserSearch.Filter,
--- a/internal/controller/supervisorconfig/ldapupstreamwatcher/ldap_upstream_watcher_test.go
+++ b/internal/controller/supervisorconfig/ldapupstreamwatcher/ldap_upstream_watcher_test.go
@@ -197,11 +197,12 @@ func TestLDAPUpstreamWatcherControllerSync(t *testing.T) {
 	}

 	providerConfigForValidUpstream := &upstreamldap.ProviderConfig{
-		Name:         testName,
-		Host:         testHost,
-		CABundle:     testCABundle,
-		BindUsername: testBindUsername,
-		BindPassword: testBindPassword,
+		Name:               testName,
+		Host:               testHost,
+		ConnectionProtocol: upstreamldap.TLS,
+		CABundle:           testCABundle,
+		BindUsername:       testBindUsername,
+		BindPassword:       testBindPassword,
 		UserSearch: upstreamldap.UserSearchConfig{
 			Base:              testUserSearchBase,
 			Filter:            testUserSearchFilter,
@@ -442,11 +443,12 @@ func TestLDAPUpstreamWatcherControllerSync(t *testing.T) {
 			},
 			wantResultingCache: []*upstreamldap.ProviderConfig{
 				{
-					Name:         testName,
-					Host:         testHost,
-					CABundle:     nil,
-					BindUsername: testBindUsername,
-					BindPassword: testBindPassword,
+					Name:               testName,
+					Host:               testHost,
+					ConnectionProtocol: upstreamldap.TLS,
+					CABundle:           nil,
+					BindUsername:       testBindUsername,
+					BindPassword:       testBindPassword,
 					UserSearch: upstreamldap.UserSearchConfig{
 						Base:              testUserSearchBase,
 						Filter:            testUserSearchFilter,
@@ -493,11 +495,12 @@ func TestLDAPUpstreamWatcherControllerSync(t *testing.T) {
 			},
 			wantResultingCache: []*upstreamldap.ProviderConfig{
 				{
-					Name:         testName,
-					Host:         testHost,
-					CABundle:     nil,
-					BindUsername: testBindUsername,
-					BindPassword: testBindPassword,
+					Name:               testName,
+					Host:               testHost,
+					ConnectionProtocol: upstreamldap.TLS,
+					CABundle:           nil,
+					BindUsername:       testBindUsername,
+					BindPassword:       testBindPassword,
 					UserSearch: upstreamldap.UserSearchConfig{
 						Base:              testUserSearchBase,
 						Filter:            testUserSearchFilter,