LDAP: Add mTLS / client certificate authentication support (#509)

* ldap: Add mTLS authentication support to LDAP backend * ldap: Reuse BindService() for initial bind attempt * ldap: Make LdapService.config private Now that we have ldap.BindService(), we don't need to access any members of LdapService.config externally. * ldap: Add TODO note about STARTTLS/SASL authentication * ldap: Add TODO note about mTLS and extra CA certificates * chore: fix typo Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --------- Co-authored-by: Stavros <steveiliop56@gmail.com> Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
2026-01-01 04:52:29 +00:00 · 2025-12-31 18:01:21 +02:00
parent 1ec1f82dbd
commit f564032a11
4 changed files with 71 additions and 16 deletions
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -67,6 +67,8 @@ type LdapConfig struct {
 	BaseDN       string `description:"Base DN for LDAP searches." yaml:"baseDn"`
 	Insecure     bool   `description:"Allow insecure LDAP connections." yaml:"insecure"`
 	SearchFilter string `description:"LDAP search filter." yaml:"searchFilter"`
+	AuthCert     string `description:"Certificate for mTLS authentication." yaml:"authCert"`
+	AuthKey      string `description:"Certificate key for mTLS authentication." yaml:"authKey"`
 }

 type ExperimentalConfig struct {