mirror of
https://github.com/minio/minio.git
synced 2025-11-07 21:02:58 -05:00
LDAP/OpenID must be initialized IAM Init() (#15491)
This allows for LDAP/OpenID to be non-blocking, allowing for unreachable Identity targets to be initialized in IAM.
This commit is contained in:
Harshavardhana
GitHub
@@ -208,25 +208,29 @@ func (l *Config) Connect() (ldapConn *ldap.Conn, err error) {
|
||||
l.ServerAddr = net.JoinHostPort(l.ServerAddr, "636")
|
||||
}
|
||||
|
||||
if l.serverInsecure {
|
||||
return ldap.Dial("tcp", l.ServerAddr)
|
||||
}
|
||||
|
||||
tlsConfig := &tls.Config{
|
||||
InsecureSkipVerify: l.tlsSkipVerify,
|
||||
RootCAs: l.rootCAs,
|
||||
}
|
||||
|
||||
if l.serverStartTLS {
|
||||
conn, err := ldap.Dial("tcp", l.ServerAddr)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
if l.serverInsecure {
|
||||
ldapConn, err = ldap.Dial("tcp", l.ServerAddr)
|
||||
} else {
|
||||
if l.serverStartTLS {
|
||||
ldapConn, err = ldap.Dial("tcp", l.ServerAddr)
|
||||
} else {
|
||||
ldapConn, err = ldap.DialTLS("tcp", l.ServerAddr, tlsConfig)
|
||||
}
|
||||
err = conn.StartTLS(tlsConfig)
|
||||
return conn, err
|
||||
}
|
||||
|
||||
return ldap.DialTLS("tcp", l.ServerAddr, tlsConfig)
|
||||
if ldapConn != nil {
|
||||
ldapConn.SetTimeout(30 * time.Second) // Change default timeout to 30 seconds.
|
||||
if l.serverStartTLS {
|
||||
err = ldapConn.StartTLS(tlsConfig)
|
||||
}
|
||||
}
|
||||
|
||||
return ldapConn, err
|
||||
}
|
||||
|
||||
// GetExpiryDuration - return parsed expiry duration.
|
||||
|
||||
@@ -55,7 +55,7 @@ type Config struct {
|
||||
ProxyURL *xnet.URL `json:"proxy_url"`
|
||||
|
||||
// Transport configured with proxy_url if set optionally.
|
||||
transport *http.Transport
|
||||
transport http.RoundTripper
|
||||
}
|
||||
|
||||
// LookupConfig - lookup config and override with valid environment settings if any.
|
||||
@@ -83,11 +83,13 @@ func LookupConfig(kvs config.KVS, transport http.RoundTripper) (cfg Config, err
|
||||
}
|
||||
|
||||
// Make sure to clone the transport before editing the ProxyURL
|
||||
ctransport := transport.(*http.Transport).Clone()
|
||||
if cfg.ProxyURL != nil {
|
||||
ctransport := transport.(*http.Transport).Clone()
|
||||
ctransport.Proxy = http.ProxyURL((*url.URL)(cfg.ProxyURL))
|
||||
cfg.transport = ctransport
|
||||
} else {
|
||||
cfg.transport = transport
|
||||
}
|
||||
cfg.transport = ctransport
|
||||
|
||||
return cfg, nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user