Skip to content

Commit b388bc0

Browse files
abhishek818abhishek818
committed
rename ldap' cli flag 'host' to 'host-list' and fix tests (#6898)
Signed-off-by: abhishek818 <[email protected]>
1 parent 789a871 commit b388bc0

File tree

4 files changed

+35
-31
lines changed

4 files changed

+35
-31
lines changed

cmd/admin_auth_ldap.go

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -46,8 +46,8 @@ var (
4646
Usage: "Disable TLS verification.",
4747
},
4848
&cli.StringFlag{
49-
Name: "host",
50-
Usage: "The address where the LDAP server can be reached.",
49+
Name: "host-list",
50+
Usage: "List of addresses where the LDAP server(s) can be reached.",
5151
},
5252
&cli.IntFlag{
5353
Name: "port",
@@ -206,8 +206,8 @@ func parseLdapConfig(c *cli.Context, config *ldap.Source) error {
206206
if c.IsSet("name") {
207207
config.Name = c.String("name")
208208
}
209-
if c.IsSet("host") {
210-
config.HostList = c.String("hostlist")
209+
if c.IsSet("host-list") {
210+
config.HostList = c.String("host-list")
211211
}
212212
if c.IsSet("port") {
213213
config.Port = c.Int("port")
@@ -308,7 +308,7 @@ func (a *authService) getAuthSource(ctx context.Context, c *cli.Context, authTyp
308308

309309
// addLdapBindDn adds a new LDAP via Bind DN authentication source.
310310
func (a *authService) addLdapBindDn(c *cli.Context) error {
311-
if err := argsSet(c, "name", "security-protocol", "host", "port", "user-search-base", "user-filter", "email-attribute"); err != nil {
311+
if err := argsSet(c, "name", "security-protocol", "host-list", "port", "user-search-base", "user-filter", "email-attribute"); err != nil {
312312
return err
313313
}
314314

@@ -359,7 +359,7 @@ func (a *authService) updateLdapBindDn(c *cli.Context) error {
359359

360360
// addLdapSimpleAuth adds a new LDAP (simple auth) authentication source.
361361
func (a *authService) addLdapSimpleAuth(c *cli.Context) error {
362-
if err := argsSet(c, "name", "security-protocol", "host", "port", "user-dn", "user-filter", "email-attribute"); err != nil {
362+
if err := argsSet(c, "name", "security-protocol", "host-list", "port", "user-dn", "user-filter", "email-attribute"); err != nil {
363363
return err
364364
}
365365

cmd/admin_auth_ldap_test.go

Lines changed: 23 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,7 @@ func TestAddLdapBindDn(t *testing.T) {
3434
"--not-active",
3535
"--security-protocol", "ldaps",
3636
"--skip-tls-verify",
37-
"--host", "ldap-bind-server full",
37+
"--host-list", "ldap-bind-server full",
3838
"--port", "9876",
3939
"--user-search-base", "ou=Users,dc=full-domain-bind,dc=org",
4040
"--user-filter", "(memberOf=cn=user-group,ou=example,dc=full-domain-bind,dc=org)",
@@ -87,7 +87,7 @@ func TestAddLdapBindDn(t *testing.T) {
8787
"ldap-test",
8888
"--name", "ldap (via Bind DN) source min",
8989
"--security-protocol", "unencrypted",
90-
"--host", "ldap-bind-server min",
90+
"--host-list", "ldap-bind-server min",
9191
"--port", "1234",
9292
"--user-search-base", "ou=Users,dc=min-domain-bind,dc=org",
9393
"--user-filter", "(memberOf=cn=user-group,ou=example,dc=min-domain-bind,dc=org)",
@@ -115,7 +115,7 @@ func TestAddLdapBindDn(t *testing.T) {
115115
"ldap-test",
116116
"--name", "ldap (via Bind DN) source",
117117
"--security-protocol", "zzzzz",
118-
"--host", "ldap-server",
118+
"--host-list", "ldap-server",
119119
"--port", "1234",
120120
"--user-search-base", "ou=Users,dc=domain,dc=org",
121121
"--user-filter", "(memberOf=cn=user-group,ou=example,dc=domain,dc=org)",
@@ -128,7 +128,7 @@ func TestAddLdapBindDn(t *testing.T) {
128128
args: []string{
129129
"ldap-test",
130130
"--security-protocol", "unencrypted",
131-
"--host", "ldap-server",
131+
"--host-list", "ldap-server",
132132
"--port", "1234",
133133
"--user-search-base", "ou=Users,dc=domain,dc=org",
134134
"--user-filter", "(memberOf=cn=user-group,ou=example,dc=domain,dc=org)",
@@ -141,7 +141,7 @@ func TestAddLdapBindDn(t *testing.T) {
141141
args: []string{
142142
"ldap-test",
143143
"--name", "ldap (via Bind DN) source",
144-
"--host", "ldap-server",
144+
"--host-list", "ldap-server",
145145
"--port", "1234",
146146
"--user-search-base", "ou=Users,dc=domain,dc=org",
147147
"--user-filter", "(memberOf=cn=user-group,ou=example,dc=domain,dc=org)",
@@ -160,15 +160,15 @@ func TestAddLdapBindDn(t *testing.T) {
160160
"--user-filter", "(memberOf=cn=user-group,ou=example,dc=domain,dc=org)",
161161
"--email-attribute", "mail",
162162
},
163-
errMsg: "host is not set",
163+
errMsg: "host-list is not set",
164164
},
165165
// case 6
166166
{
167167
args: []string{
168168
"ldap-test",
169169
"--name", "ldap (via Bind DN) source",
170170
"--security-protocol", "unencrypted",
171-
"--host", "ldap-server",
171+
"--host-list", "ldap-server",
172172
"--user-search-base", "ou=Users,dc=domain,dc=org",
173173
"--user-filter", "(memberOf=cn=user-group,ou=example,dc=domain,dc=org)",
174174
"--email-attribute", "mail",
@@ -181,7 +181,7 @@ func TestAddLdapBindDn(t *testing.T) {
181181
"ldap-test",
182182
"--name", "ldap (via Bind DN) source",
183183
"--security-protocol", "unencrypted",
184-
"--host", "ldap-server",
184+
"--host-list", "ldap-server",
185185
"--port", "1234",
186186
"--user-search-base", "ou=Users,dc=domain,dc=org",
187187
"--email-attribute", "mail",
@@ -194,7 +194,7 @@ func TestAddLdapBindDn(t *testing.T) {
194194
"ldap-test",
195195
"--name", "ldap (via Bind DN) source",
196196
"--security-protocol", "unencrypted",
197-
"--host", "ldap-server",
197+
"--host-list", "ldap-server",
198198
"--port", "1234",
199199
"--user-search-base", "ou=Users,dc=domain,dc=org",
200200
"--user-filter", "(memberOf=cn=user-group,ou=example,dc=domain,dc=org)",
@@ -260,7 +260,7 @@ func TestAddLdapSimpleAuth(t *testing.T) {
260260
"--not-active",
261261
"--security-protocol", "starttls",
262262
"--skip-tls-verify",
263-
"--host", "ldap-simple-server full",
263+
"--host-list", "ldap-simple-server full",
264264
"--port", "987",
265265
"--user-search-base", "ou=Users,dc=full-domain-simple,dc=org",
266266
"--user-filter", "(&(objectClass=posixAccount)(full-simple-cn=%s))",
@@ -305,7 +305,7 @@ func TestAddLdapSimpleAuth(t *testing.T) {
305305
"ldap-test",
306306
"--name", "ldap (simple auth) source min",
307307
"--security-protocol", "unencrypted",
308-
"--host", "ldap-simple-server min",
308+
"--host-list", "ldap-simple-server min",
309309
"--port", "123",
310310
"--user-filter", "(&(objectClass=posixAccount)(min-simple-cn=%s))",
311311
"--email-attribute", "mail-simple min",
@@ -333,7 +333,7 @@ func TestAddLdapSimpleAuth(t *testing.T) {
333333
"ldap-test",
334334
"--name", "ldap (simple auth) source",
335335
"--security-protocol", "zzzzz",
336-
"--host", "ldap-server",
336+
"--host-list", "ldap-server",
337337
"--port", "123",
338338
"--user-filter", "(&(objectClass=posixAccount)(cn=%s))",
339339
"--email-attribute", "mail",
@@ -346,7 +346,7 @@ func TestAddLdapSimpleAuth(t *testing.T) {
346346
args: []string{
347347
"ldap-test",
348348
"--security-protocol", "unencrypted",
349-
"--host", "ldap-server",
349+
"--host-list", "ldap-server",
350350
"--port", "123",
351351
"--user-filter", "(&(objectClass=posixAccount)(cn=%s))",
352352
"--email-attribute", "mail",
@@ -359,7 +359,7 @@ func TestAddLdapSimpleAuth(t *testing.T) {
359359
args: []string{
360360
"ldap-test",
361361
"--name", "ldap (simple auth) source",
362-
"--host", "ldap-server",
362+
"--host-list", "ldap-server",
363363
"--port", "123",
364364
"--user-filter", "(&(objectClass=posixAccount)(cn=%s))",
365365
"--email-attribute", "mail",
@@ -378,15 +378,15 @@ func TestAddLdapSimpleAuth(t *testing.T) {
378378
"--email-attribute", "mail",
379379
"--user-dn", "cn=%s,ou=Users,dc=domain,dc=org",
380380
},
381-
errMsg: "host is not set",
381+
errMsg: "host-list is not set",
382382
},
383383
// case 6
384384
{
385385
args: []string{
386386
"ldap-test",
387387
"--name", "ldap (simple auth) source",
388388
"--security-protocol", "unencrypted",
389-
"--host", "ldap-server",
389+
"--host-list", "ldap-server",
390390
"--user-filter", "(&(objectClass=posixAccount)(cn=%s))",
391391
"--email-attribute", "mail",
392392
"--user-dn", "cn=%s,ou=Users,dc=domain,dc=org",
@@ -399,7 +399,7 @@ func TestAddLdapSimpleAuth(t *testing.T) {
399399
"ldap-test",
400400
"--name", "ldap (simple auth) source",
401401
"--security-protocol", "unencrypted",
402-
"--host", "ldap-server",
402+
"--host-list", "ldap-server",
403403
"--port", "123",
404404
"--email-attribute", "mail",
405405
"--user-dn", "cn=%s,ou=Users,dc=domain,dc=org",
@@ -412,7 +412,7 @@ func TestAddLdapSimpleAuth(t *testing.T) {
412412
"ldap-test",
413413
"--name", "ldap (simple auth) source",
414414
"--security-protocol", "unencrypted",
415-
"--host", "ldap-server",
415+
"--host-list", "ldap-server",
416416
"--port", "123",
417417
"--user-filter", "(&(objectClass=posixAccount)(cn=%s))",
418418
"--user-dn", "cn=%s,ou=Users,dc=domain,dc=org",
@@ -425,7 +425,7 @@ func TestAddLdapSimpleAuth(t *testing.T) {
425425
"ldap-test",
426426
"--name", "ldap (simple auth) source",
427427
"--security-protocol", "unencrypted",
428-
"--host", "ldap-server",
428+
"--host-list", "ldap-server",
429429
"--port", "123",
430430
"--user-filter", "(&(objectClass=posixAccount)(cn=%s))",
431431
"--email-attribute", "mail",
@@ -494,7 +494,7 @@ func TestUpdateLdapBindDn(t *testing.T) {
494494
"--not-active",
495495
"--security-protocol", "LDAPS",
496496
"--skip-tls-verify",
497-
"--host", "ldap-bind-server full",
497+
"--host-list", "ldap-bind-server full",
498498
"--port", "9876",
499499
"--user-search-base", "ou=Users,dc=full-domain-bind,dc=org",
500500
"--user-filter", "(memberOf=cn=user-group,ou=example,dc=full-domain-bind,dc=org)",
@@ -625,7 +625,7 @@ func TestUpdateLdapBindDn(t *testing.T) {
625625
args: []string{
626626
"ldap-test",
627627
"--id", "1",
628-
"--host", "ldap-server",
628+
"--host-list", "ldap-server",
629629
},
630630
authSource: &auth.Source{
631631
Type: auth.LDAP,
@@ -957,7 +957,7 @@ func TestUpdateLdapSimpleAuth(t *testing.T) {
957957
"--not-active",
958958
"--security-protocol", "starttls",
959959
"--skip-tls-verify",
960-
"--host", "ldap-simple-server full",
960+
"--host-list", "ldap-simple-server full",
961961
"--port", "987",
962962
"--user-search-base", "ou=Users,dc=full-domain-simple,dc=org",
963963
"--user-filter", "(&(objectClass=posixAccount)(full-simple-cn=%s))",
@@ -1073,7 +1073,7 @@ func TestUpdateLdapSimpleAuth(t *testing.T) {
10731073
args: []string{
10741074
"ldap-test",
10751075
"--id", "1",
1076-
"--host", "ldap-server",
1076+
"--host-list", "ldap-server",
10771077
},
10781078
authSource: &auth.Source{
10791079
Type: auth.DLDAP,

services/auth/source/ldap/README.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,8 +32,9 @@ share the following fields:
3232
* A name to assign to the new method of authorization.
3333

3434
* Host **(required)**
35-
* The address where the LDAP server can be reached.
35+
* The list of addresses where the LDAP server(s) can be reached.
3636
* Example: mydomain.com
37+
* Example (with multiple server hosts): mydomain.com, myotherdomain.com, mytempdomain.com
3738

3839
* Port **(required)**
3940
* The port to use when connecting to the server.

services/auth/source/ldap/source_search.go

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -113,8 +113,11 @@ func dial(source *Source) (*ldap.Conn, error) {
113113
log.Trace("Dialing LDAP with security protocol (%v) without verifying: %v", source.SecurityProtocol, source.SkipVerify)
114114

115115
ldap.DefaultTimeout = time.Second * 15
116+
// Remove any extra spaces in HostList string
117+
tempHostList := strings.ReplaceAll(source.HostList, " ", "")
116118
// HostList is a list of hosts separated by commas
117-
hostList := strings.Split(source.HostList, ",")
119+
hostList := strings.Split(tempHostList, ",")
120+
// hostList := strings.Split(source.HostList, ",")
118121

119122
for _, host := range hostList {
120123
tlsConfig := &tls.Config{

0 commit comments

Comments
 (0)