diff --git a/changelog/unreleased/idp-cert-wait.md b/changelog/unreleased/idp-cert-wait.md new file mode 100644 index 00000000000..c324e360cef --- /dev/null +++ b/changelog/unreleased/idp-cert-wait.md @@ -0,0 +1,8 @@ +Bugfix: idp: Check if CA certificate if present + +Upon first start with the default configurtation the idm service creates +a server certificate, that might not be finished before the idp service +is starting. Add a check to idp similar to what the user, group, and +auth-providers implement. + +https://github.com/owncloud/ocis/issues/3623 diff --git a/extensions/idp/pkg/service/v0/service.go b/extensions/idp/pkg/service/v0/service.go index 1b1a8bf1d0b..d1cced86ef4 100644 --- a/extensions/idp/pkg/service/v0/service.go +++ b/extensions/idp/pkg/service/v0/service.go @@ -22,6 +22,7 @@ import ( "github.com/owncloud/ocis/extensions/idp/pkg/assets" "github.com/owncloud/ocis/extensions/idp/pkg/config" "github.com/owncloud/ocis/extensions/idp/pkg/middleware" + "github.com/owncloud/ocis/ocis-pkg/ldap" "github.com/owncloud/ocis/ocis-pkg/log" "stash.kopano.io/kgol/rndm" ) @@ -41,6 +42,14 @@ func NewService(opts ...Option) Service { assets.Config(options.Config), ) + if err := ldap.WaitForCA(options.Logger, options.Config.IDP.Insecure, options.Config.Ldap.TLSCACert); err != nil { + logger.Fatal().Err(err).Msg("The configured LDAP CA cert does not exist") + } + if options.Config.IDP.Insecure { + // force CACert to be empty to avoid lico try to load it + options.Config.Ldap.TLSCACert = "" + } + if err := initLicoInternalEnvVars(&options.Config.Ldap); err != nil { logger.Fatal().Err(err).Msg("could not initialize env vars") } @@ -56,7 +65,6 @@ func NewService(opts ...Option) Service { // https://play.golang.org/p/Mh8AVJCd593 idpSettings := bootstrap.Settings(options.Config.IDP) - bs, err := bootstrap.Boot(ctx, &idpSettings, &licoconfig.Config{ Logger: log.LogrusWrap(logger), })