mirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-09-22 22:21:13 +02:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

fix: LDAP TLS handshake fails with StartTLS and tls_skip_verify=off (#21582)
Some checks failed
VulnCheck / Analysis (push) Has been cancelled
Details

Browse Source 
Fixes #21581
This commit is contained in:
mosesdd 2025-09-17 09:58:27 +02:00 committed by GitHub
parent ae71d76901
commit 7a80ec1cce
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
internal/config/identity/ldap/config.go
View File

@ -21,6 +21,7 @@ import (
"crypto/tls" "crypto/tls"
"crypto/x509" "crypto/x509"
"errors" "errors"
"net"
"sort" "sort"
"time" "time"
@ -190,10 +191,18 @@ func Lookup(s config.Config, rootCAs *x509.CertPool) (l Config, err error) {
if ldapServer == "" { if ldapServer == "" {
return l, nil return l, nil
} }
// Set ServerName in TLS config for proper certificate validation
host, _, err := net.SplitHostPort(ldapServer)
if err != nil {
host = ldapServer
}
l.LDAP = ldap.Config{ l.LDAP = ldap.Config{
ServerAddr: ldapServer, ServerAddr: ldapServer,
SRVRecordName: getCfgVal(SRVRecordName), SRVRecordName: getCfgVal(SRVRecordName),
TLS: &tls.Config{ TLS: &tls.Config{
ServerName: host,
MinVersion: tls.VersionTLS12, MinVersion: tls.VersionTLS12,
NextProtos: []string{"h2", "http/1.1"}, NextProtos: []string{"h2", "http/1.1"},
ClientSessionCache: tls.NewLRUClientSessionCache(100), ClientSessionCache: tls.NewLRUClientSessionCache(100),