Skip to content

Commit 5ad0e71

Browse files
terrywbradyterrywbrady
committed
fix ldap crt init
1 parent df1940e commit 5ad0e71

File tree

2 files changed

+25
-3
lines changed

2 files changed

+25
-3
lines changed

app/config/mrt/ldap.lookup.yml

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,15 +23,19 @@ docker: &docker
2323
guest_password: guest
2424
guest_user: anonymous
2525
connect_timeout: 15
26+
2627
dockerlocal:
2728
<<: *docker
29+
2830
ecs-dev: &ecs-dev
2931
admin_password:
3032
val: password
3133
host:
3234
val: ldap
3335
port:
3436
val: 1636
37+
tls_ca_file:
38+
val: /etc/pki/ca-trust/source/anchors/ldap-ca.crt
3539
default_read:
3640
val: merritt-test, anonymous
3741
default_write:
@@ -44,17 +48,22 @@ ecs-dev: &ecs-dev
4448
val: simple_tls
4549
_fixed:
4650
<<: *fixed
51+
4752
ecs-dbsnapshot:
4853
<<: *ecs-dev
54+
4955
ecs-ephemeral:
5056
<<: *ecs-dev
57+
5158
ecs-stg:
5259
admin_password:
5360
ssm: /uc3/mrt/stg/ldap/admin-password
5461
host:
5562
env: HOST_LDAP
5663
port:
5764
val: 1636
65+
tls_ca_file:
66+
val: /etc/pki/ca-trust/source/anchors/ldap-ca.crt
5867
encryption:
5968
val: simple_tls
6069
default_read:
@@ -67,13 +76,16 @@ ecs-stg:
6776
ssm: /uc3/mrt/stg/ldap/default-admin
6877
_fixed:
6978
<<: *fixed
79+
7080
ecs-prd:
7181
admin_password:
7282
ssm: /uc3/mrt/prd/ldap/admin-password
7383
host:
7484
env: HOST_LDAP
7585
port:
7686
val: 1636
87+
tls_ca_file:
88+
val: /etc/pki/ca-trust/source/anchors/ldap-ca.crt
7789
encryption:
7890
val: simple_tls
7991
default_read:
@@ -86,5 +98,6 @@ ecs-prd:
8698
ssm: /uc3/mrt/prd/ldap/default-admin
8799
_fixed:
88100
<<: *fixed
101+
89102
default:
90103
<<: *docker

app/lib/client/ldap/ldap.rb

Lines changed: 12 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
# frozen_string_literal: true
22

33
require 'net/ldap'
4+
require 'openssl'
45

56
module UC3Ldap
67
# LDAP Client
@@ -33,11 +34,19 @@ def initialize
3334
connect_timeout: @ldapconf.fetch(:connect_timeout, '60').to_i
3435
}
3536
if @ldapconf.fetch(:encryption, '') == 'simple_tls'
37+
tls_options = {
38+
ssl_version: @ldapconf.fetch('tls', 'TLSv1_2')
39+
}
40+
41+
ca_file = @ldapconf.fetch(:tls_ca_file, '').to_s
42+
unless ca_file.empty?
43+
tls_options[:ca_file] = ca_file
44+
tls_options[:verify_mode] = OpenSSL::SSL::VERIFY_PEER
45+
end
46+
3647
@ldap_connect[:encryption] = {
3748
method: :simple_tls,
38-
tls_options: {
39-
ssl_version: @ldapconf.fetch('tls', 'TLSv1_2')
40-
}
49+
tls_options: tls_options
4150
}
4251
end
4352
@ldap = Net::LDAP.new(@ldap_connect)

0 commit comments

Comments
 (0)