From 668385259e103d84ba6ac3cd894bdbdf2d1c6fb9 Mon Sep 17 00:00:00 2001 From: Ralf Haferkamp Date: Fri, 29 Apr 2022 13:12:48 +0200 Subject: [PATCH] idp: Check if CA cert if present Upon first start with the default configurtation the idm service creates a server certificate, that might not be finished before the idp service is starting. Add a check to idp similar to what the user, group, and auth-providers implement. Fixes: #3623 --- extensions/idp/pkg/service/v0/service.go | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/extensions/idp/pkg/service/v0/service.go b/extensions/idp/pkg/service/v0/service.go index 1b1a8bf1d0b..d1cced86ef4 100644 --- a/extensions/idp/pkg/service/v0/service.go +++ b/extensions/idp/pkg/service/v0/service.go @@ -22,6 +22,7 @@ import ( "github.com/owncloud/ocis/extensions/idp/pkg/assets" "github.com/owncloud/ocis/extensions/idp/pkg/config" "github.com/owncloud/ocis/extensions/idp/pkg/middleware" + "github.com/owncloud/ocis/ocis-pkg/ldap" "github.com/owncloud/ocis/ocis-pkg/log" "stash.kopano.io/kgol/rndm" ) @@ -41,6 +42,14 @@ func NewService(opts ...Option) Service { assets.Config(options.Config), ) + if err := ldap.WaitForCA(options.Logger, options.Config.IDP.Insecure, options.Config.Ldap.TLSCACert); err != nil { + logger.Fatal().Err(err).Msg("The configured LDAP CA cert does not exist") + } + if options.Config.IDP.Insecure { + // force CACert to be empty to avoid lico try to load it + options.Config.Ldap.TLSCACert = "" + } + if err := initLicoInternalEnvVars(&options.Config.Ldap); err != nil { logger.Fatal().Err(err).Msg("could not initialize env vars") } @@ -56,7 +65,6 @@ func NewService(opts ...Option) Service { // https://play.golang.org/p/Mh8AVJCd593 idpSettings := bootstrap.Settings(options.Config.IDP) - bs, err := bootstrap.Boot(ctx, &idpSettings, &licoconfig.Config{ Logger: log.LogrusWrap(logger), })