Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support TLS #8

Merged
merged 5 commits into from
Jun 13, 2023
Merged

Support TLS #8

merged 5 commits into from
Jun 13, 2023

Conversation

Makonike
Copy link
Contributor

@Makonike Makonike commented Jun 11, 2023
edited
Loading

Relate issues #6.

what my pull request does

The following options have been added to support LDAP TLS connection:

  • tls, boolean, default false:

Set this option to true if the LDAP server should utilize an encrypted TLS connection, either with StartTLS or regular TLS.

  • startTLS, boolean, default false:

When this option is set to true, it instructs the filter to issue a StartTLS request during the initialization of the connection with the LDAP server. If the startTLS setting is enabled, it is crucial to ensure that the tls setting is also enabled.

  • insecureSkipVerify, boolean, default false:

When TLS is enabled, the connection to the LDAP server is typically verified for security. However, this option allows the filter to proceed and operate even for server connections that may otherwise be considered insecure.

  • certificateAuthority, string, default "":

The certificateAuthority option should contain one or more PEM-encoded certificates to use to establish a connection with the LDAP server if the connection uses TLS but that the certificate was signed by a custom Certificate Authority.

doujiang24
doujiang24 reviewed Jun 12, 2023
View reviewed changes
README.md Show resolved Hide resolved
README.md Outdated Show resolved Hide resolved
README.md Outdated Show resolved Hide resolved
filter.go Show resolved Hide resolved
@Makonike Makonike requested a review from doujiang24 June 12, 2023 12:17
doujiang24
doujiang24 approved these changes Jun 13, 2023
View reviewed changes
example/envoy-tls.yaml
@@ -0,0 +1,79 @@
static_resources:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we could consider a go test framework, that may be used in a simple go test command.

in that go test framework, we can start a envoy process with a piece of envoy config, by using Go.

yep, it could be done in a seperate PR.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK. I will do it later.

@doujiang24 doujiang24 merged commit 78b4c31 into mosn:main Jun 13, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@doujiang24 doujiang24 doujiang24 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Makonike @doujiang24