Support multiple space-separated LDAP hosts

Signed-off-by: Alex Bligh <alex@alex.org.uk>
2024-11-25 10:20:29 -06:00 · 2015-10-11 17:14:46 +01:00 · 2015-10-11 17:14:46 +01:00 · a906fa178a
commit a906fa178a
parent e873574e8c
2 changed files with 15 additions and 10 deletions
--- a/conf/ldap.toml
+++ b/conf/ldap.toml
@ -2,7 +2,7 @@
 verbose_logging = false

 [[servers]]
-# Ldap server host
+# Ldap server host (specify multiple hosts space separated)
 host = "127.0.0.1"
 # Default port is 389 or 636 if use_ssl = true
 port = 389
--- a/pkg/login/ldap.go
+++ b/pkg/login/ldap.go
@ -24,18 +24,23 @@ func NewLdapAuthenticator(server *LdapServerConf) *ldapAuther {
 }

 func (a *ldapAuther) Dial() error {
-	address := fmt.Sprintf("%s:%d", a.server.Host, a.server.Port)
 	var err error
-	if a.server.UseSSL {
-		tlsCfg := &tls.Config{
-			InsecureSkipVerify: a.server.SkipVerifySSL,
-			ServerName:         a.server.Host,
+	for _, host := range strings.Split(a.server.Host, " ") {
+		address := fmt.Sprintf("%s:%d", host, a.server.Port)
+		if a.server.UseSSL {
+			tlsCfg := &tls.Config{
+				InsecureSkipVerify: a.server.SkipVerifySSL,
+				ServerName:         host,
+			}
+			a.conn, err = ldap.DialTLS("tcp", address, tlsCfg)
+		} else {
+			a.conn, err = ldap.Dial("tcp", address)
 		}
-		a.conn, err = ldap.DialTLS("tcp", address, tlsCfg)
-	} else {
-		a.conn, err = ldap.Dial("tcp", address)
-	}

+		if err == nil {
+			return nil
+		}
+	}
 	return err
 }