Ensure the ldap service uses the correct value

Fixes #927

internal/bootstrap/service_bootstrap.go

@@ -8,7 +8,7 @@ import (
 )
 
 func (app *BootstrapApp) setupServices() error {
-	ldapService, err := service.NewLdapService(app.log, app.config, app.ctx, app.ding)
+	ldapService, err := service.NewLdapService(app.log, app.config, app.ding)
 
 	if err != nil {
 		app.log.App.Warn().Err(err).Msg("Failed to initialize LDAP connection, will continue without it")

internal/model/config.go

@@ -178,15 +178,16 @@ type UIConfig struct {
 }
 
 type LDAPConfig struct {
-	Address       string `description:"LDAP server address." yaml:"address"`
+	Address      	 string `description:"LDAP server address." yaml:"address"`
-	BindDN        string `description:"Bind DN for LDAP authentication." yaml:"bindDn"`
+	BindDN       	 string `description:"Bind DN for LDAP authentication." yaml:"bindDn"`
-	BindPassword  string `description:"Bind password for LDAP authentication." yaml:"bindPassword"`
+	BindPassword  	 string `description:"Bind password for LDAP authentication." yaml:"bindPassword"`
-	BaseDN        string `description:"Base DN for LDAP searches." yaml:"baseDn"`
+	BindPasswordFile string `description:"Path to the Bind password." yaml:"bindPasswordFile"`
-	Insecure      bool   `description:"Allow insecure LDAP connections." yaml:"insecure"`
+	BaseDN       	 string `description:"Base DN for LDAP searches." yaml:"baseDn"`
-	SearchFilter  string `description:"LDAP search filter." yaml:"searchFilter"`
+	Insecure     	 bool   `description:"Allow insecure LDAP connections." yaml:"insecure"`
-	AuthCert      string `description:"Certificate for mTLS authentication." yaml:"authCert"`
+	SearchFilter 	 string `description:"LDAP search filter." yaml:"searchFilter"`
-	AuthKey       string `description:"Certificate key for mTLS authentication." yaml:"authKey"`
+	AuthCert     	 string `description:"Certificate for mTLS authentication." yaml:"authCert"`
-	GroupCacheTTL int    `description:"Cache duration for LDAP group membership in seconds." yaml:"groupCacheTTL"`
+	AuthKey      	 string `description:"Certificate key for mTLS authentication." yaml:"authKey"`
+	GroupCacheTTL	 int    `description:"Cache duration for LDAP group membership in seconds." yaml:"groupCacheTTL"`
 }
 
 type LogConfig struct {

internal/service/ldap_service.go

@@ -11,13 +11,13 @@ import (
 	ldapgo "github.com/go-ldap/ldap/v3"
 	"github.com/steveiliop56/ding"
 	"github.com/tinyauthapp/tinyauth/internal/model"
+	"github.com/tinyauthapp/tinyauth/internal/utils"
 	"github.com/tinyauthapp/tinyauth/internal/utils/logger"
 )
 
 type LdapService struct {
 	log    *logger.Logger
 	config model.Config
-	ctx    context.Context
 
 	conn  *ldapgo.Conn
 	mutex sync.RWMutex
@@ -27,17 +27,19 @@ type LdapService struct {
 func NewLdapService(
 	log *logger.Logger,
 	config model.Config,
-	ctx context.Context,
 	dg *ding.Ding,
 ) (*LdapService, error) {
 	if config.LDAP.Address == "" {
 		return nil, nil
 	}
 
+	secret := utils.GetSecret(config.LDAP.BindPassword, config.LDAP.BindPasswordFile)
+	config.LDAP.BindPassword = secret
+	config.LDAP.BindPasswordFile = ""
+
 	ldap := &LdapService{
 		log:    log,
 		config: config,
-		ctx:    ctx,
 	}
 
 	// Check whether authentication with client certificate is possible
@@ -66,9 +68,7 @@ func NewLdapService(
 
 	_, err := ldap.connect()
 
-	// Warn: This will hang the tinyauth startup for a good 45 seconds until it fails
 	if err != nil {
-		err = ldap.reconnect(10 * time.Second)
 		return nil, fmt.Errorf("failed to connect to ldap server: %w", err)
 	}
 
@@ -84,7 +84,7 @@ func NewLdapService(
 				err := ldap.heartbeat()
 				if err != nil {
 					ldap.log.App.Warn().Err(err).Msg("LDAP connection heartbeat failed, attempting to reconnect")
-					if reconnectErr := ldap.reconnect(5 * time.Second); reconnectErr != nil {
+					if reconnectErr := ldap.reconnect(); reconnectErr != nil {
 						ldap.log.App.Error().Err(reconnectErr).Msg("Failed to reconnect to LDAP server")
 						continue
 					}
@@ -252,19 +252,17 @@ func (ldap *LdapService) heartbeat() error {
 	return nil
 }
 
-func (ldap *LdapService) reconnect(interval time.Duration) error {
+func (ldap *LdapService) reconnect() error {
 	ldap.log.App.Info().Msg("Attempting to reconnect to LDAP server")
 
 	exp := backoff.NewExponentialBackOff()
-	exp.InitialInterval = interval
+	exp.InitialInterval = 500 * time.Millisecond
 	exp.RandomizationFactor = 0.1
 	exp.Multiplier = 1.5
 	exp.Reset()
 
 	operation := func() (*ldapgo.Conn, error) {
-		if ldap.conn != nil {
+		ldap.conn.Close()
-			ldap.conn.Close()
-		}
 		conn, err := ldap.connect()
 		if err != nil {
 			return nil, err
@@ -272,7 +270,7 @@ func (ldap *LdapService) reconnect(interval time.Duration) error {
 		return conn, nil
 	}
 
-	_, err := backoff.Retry(ldap.ctx, operation, backoff.WithBackOff(exp), backoff.WithMaxTries(3))
+	_, err := backoff.Retry(context.TODO(), operation, backoff.WithBackOff(exp), backoff.WithMaxTries(3))
 
 	if err != nil {
 		return err