Bind password can be specified directly in the config file

041ffb0e · ale · 3560f4b2 · 041ffb0e
Commit 041ffb0e authored Jan 13, 2018 by ale
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 6 deletions

backend/ldap.go backend/ldap.go +11 -6

No files found.
--- a/backend/ldap.go
+++ b/backend/ldap.go
@@ -73,6 +73,7 @@ func (c *LDAPQueryConfig) searchRequest(username string, attrs ...string) *ldap.
 type LDAPConfig struct {
 	URI        string           `yaml:"uri"`
 	BindDN     string           `yaml:"bind_dn"`
+	BindPw     string           `yaml:"bind_pw"`
 	BindPwFile string           `yaml:"bind_pw_file"`
 	Query      *LDAPQueryConfig `yaml:"query"`
 }
@@ -85,8 +86,8 @@ func (c *LDAPConfig) Valid() error {
 	if c.BindDN == "" {
 		return errors.New("empty bind_dn")
 	}
-	if c.BindPwFile == "" {
-		return errors.New("empty bind_pw_file")
+	if (c.BindPwFile == "" && c.BindPw == "") || (c.BindPwFile != "" && c.BindPw != "") {
+		return errors.New("only one of bind_pw_file or bind_pw must be set")
 	}
 	if c.Query == nil {
 		return errors.New("missing query configuration")
@@ -106,13 +107,17 @@ func NewLDAPBackend(config *LDAPConfig) (*ldapBackend, error) {
 	}

 	// Read the bind password.
-	bindPw, err := ioutil.ReadFile(config.BindPwFile)
-	if err != nil {
-		return nil, err
+	bindPw := config.BindPw
+	if config.BindPwFile != "" {
+		pwData, err := ioutil.ReadFile(config.BindPwFile)
+		if err != nil {
+			return nil, err
+		}
+		bindPw = strings.TrimSpace(string(pwData))
 	}

 	// Connect.
-	pool, err := ldaputil.NewConnectionPool(config.URI, config.BindDN, strings.TrimSpace(string(bindPw)), 5)
+	pool, err := ldaputil.NewConnectionPool(config.URI, config.BindDN, bindPw, 5)
 	if err != nil {
 		return nil, err
 	}