use ldap instead of ldaps internally

Signed-off-by: Christian Richter <c.richter@opencloud.eu>
2026-06-03 21:53:35 -04:00 · 2026-06-02 15:19:57 +02:00
parent 9915fc8ea7
commit d6c6340705
8 changed files with 17 additions and 38 deletions
--- a/services/auth-basic/pkg/config/defaults/defaultconfig.go
+++ b/services/auth-basic/pkg/config/defaults/defaultconfig.go
@@ -1,9 +1,6 @@
 package defaults

 import (
-	"path/filepath"
-
-	"github.com/opencloud-eu/opencloud/pkg/config/defaults"
 	"github.com/opencloud-eu/opencloud/pkg/shared"
 	"github.com/opencloud-eu/opencloud/pkg/structs"
 	"github.com/opencloud-eu/opencloud/services/auth-basic/pkg/config"
@@ -38,8 +35,7 @@ func DefaultConfig() *config.Config {
 		AuthProvider: "ldap",
 		AuthProviders: config.AuthProviders{
 			LDAP: config.LDAPProvider{
-				URI:                      "ldaps://localhost:9235",
-				CACert:                   filepath.Join(defaults.BaseDataPath(), "idm", "ldap.crt"),
+				URI:                      "ldap://localhost:9235",
 				Insecure:                 false,
 				UserBaseDN:               "ou=users,o=libregraph-idm",
 				GroupBaseDN:              "ou=groups,o=libregraph-idm",
--- a/services/graph/pkg/config/defaults/defaultconfig.go
+++ b/services/graph/pkg/config/defaults/defaultconfig.go
@@ -1,11 +1,9 @@
 package defaults

 import (
-	"path"
 	"strings"
 	"time"

-	"github.com/opencloud-eu/opencloud/pkg/config/defaults"
 	"github.com/opencloud-eu/opencloud/pkg/shared"
 	"github.com/opencloud-eu/opencloud/pkg/structs"
 	"github.com/opencloud-eu/opencloud/services/graph/pkg/config"
@@ -79,9 +77,8 @@ func DefaultConfig() *config.Config {
 		Identity: config.Identity{
 			Backend: "ldap",
 			LDAP: config.LDAP{
-				URI:                      "ldaps://localhost:9235",
+				URI:                      "ldap://localhost:9235",
 				Insecure:                 false,
-				CACert:                   path.Join(defaults.BaseDataPath(), "idm", "ldap.crt"),
 				BindDN:                   "uid=libregraph,ou=sysusers,o=libregraph-idm",
 				UseServerUUID:            false,
 				UsePasswordModExOp:       true,
--- a/services/groups/pkg/config/defaults/defaultconfig.go
+++ b/services/groups/pkg/config/defaults/defaultconfig.go
@@ -1,9 +1,6 @@
 package defaults

 import (
-	"path/filepath"
-
-	"github.com/opencloud-eu/opencloud/pkg/config/defaults"
 	"github.com/opencloud-eu/opencloud/pkg/shared"
 	"github.com/opencloud-eu/opencloud/pkg/structs"
 	"github.com/opencloud-eu/opencloud/services/groups/pkg/config"
@@ -38,8 +35,7 @@ func DefaultConfig() *config.Config {
 		Driver: "ldap",
 		Drivers: config.Drivers{
 			LDAP: config.LDAPDriver{
-				URI:                      "ldaps://localhost:9235",
-				CACert:                   filepath.Join(defaults.BaseDataPath(), "idm", "ldap.crt"),
+				URI:                      "ldap://localhost:9235",
 				Insecure:                 false,
 				UserBaseDN:               "ou=users,o=libregraph-idm",
 				GroupBaseDN:              "ou=groups,o=libregraph-idm",
--- a/services/idm/pkg/command/server.go
+++ b/services/idm/pkg/command/server.go
@@ -8,10 +8,11 @@ import (
 	"html/template"
 	"os"
 	"os/signal"
+	"path"
 	"strings"

 	"github.com/opencloud-eu/opencloud/pkg/config/configlog"
-	pkgcrypto "github.com/opencloud-eu/opencloud/pkg/crypto"
+	"github.com/opencloud-eu/opencloud/pkg/config/defaults"
 	"github.com/opencloud-eu/opencloud/pkg/log"
 	"github.com/opencloud-eu/opencloud/pkg/runner"
 	"github.com/opencloud-eu/opencloud/services/idm"
@@ -47,23 +48,19 @@ func Server(cfg *config.Config) *cobra.Command {
 			gr := runner.NewGroup()
 			{
 				servercfg := server.Config{
-					Logger:          log.LogrusWrap(logger.Logger),
-					LDAPHandler:     "boltdb",
-					LDAPSListenAddr: cfg.IDM.LDAPSAddr,
-					TLSCertFile:     cfg.IDM.Cert,
-					TLSKeyFile:      cfg.IDM.Key,
-					LDAPBaseDN:      "o=libregraph-idm",
-					LDAPAdminDN:     "uid=libregraph,ou=sysusers,o=libregraph-idm",
+					Logger:         log.LogrusWrap(logger.Logger),
+					LDAPHandler:    "boltdb",
+					LDAPListenAddr: cfg.IDM.LDAPAddr,
+					LDAPBaseDN:     "o=libregraph-idm",
+					LDAPAdminDN:    "uid=libregraph,ou=sysusers,o=libregraph-idm",

 					BoltDBFile: cfg.IDM.DatabasePath,
 				}

-				if cfg.IDM.LDAPSAddr != "" {
-					// Generate a self-signing cert if no certificate is present
-					if err := pkgcrypto.GenCert(cfg.IDM.Cert, cfg.IDM.Key, logger); err != nil {
-						logger.Fatal().Err(err).Msgf("Could not generate test-certificate")
-					}
+				if err := os.MkdirAll(path.Join(defaults.BaseDataPath(), "idm"), 0700); err != nil {
+					logger.Fatal().Err(err).Msgf("Could not create data directory for idm")
 				}
+
 				if _, err := os.Stat(servercfg.BoltDBFile); errors.Is(err, os.ErrNotExist) {
 					logger.Debug().Msg("Bootstrapping IDM database")
 					if err = bootstrap(logger, cfg, servercfg); err != nil {
--- a/services/idm/pkg/config/config.go
+++ b/services/idm/pkg/config/config.go
@@ -26,7 +26,7 @@ type Config struct {
 }

 type Settings struct {
-	LDAPSAddr    string `yaml:"ldaps_addr" env:"IDM_LDAPS_ADDR" desc:"Listen address for the LDAPS listener (ip-addr:port)." introductionVersion:"1.0.0"`
+	LDAPAddr     string `yaml:"ldaps_addr" env:"IDM_LDAPS_ADDR" desc:"Listen address for the LDAPS listener (ip-addr:port)." introductionVersion:"1.0.0"`
 	Cert         string `yaml:"cert" env:"IDM_LDAPS_CERT" desc:"File name of the TLS server certificate for the LDAPS listener. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idm." introductionVersion:"1.0.0"`
 	Key          string `yaml:"key" env:"IDM_LDAPS_KEY" desc:"File name for the TLS certificate key for the server certificate. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idm." introductionVersion:"1.0.0"`
 	DatabasePath string `yaml:"database" env:"IDM_DATABASE_PATH" desc:"Full path to the IDM backend database. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idm." introductionVersion:"1.0.0"`
--- a/services/idm/pkg/config/defaults/defaultconfig.go
+++ b/services/idm/pkg/config/defaults/defaultconfig.go
@@ -30,9 +30,7 @@ func DefaultConfig() *config.Config {
 		CreateDemoUsers:    false,
 		DemoUsersIssuerUrl: "https://localhost:9200",
 		IDM: config.Settings{
-			LDAPSAddr:    "127.0.0.1:9235",
-			Cert:         path.Join(defaults.BaseDataPath(), "idm", "ldap.crt"),
-			Key:          path.Join(defaults.BaseDataPath(), "idm", "ldap.key"),
+			LDAPAddr:     "127.0.0.1:9235",
 			DatabasePath: path.Join(defaults.BaseDataPath(), "idm", "idm.boltdb"),
 		},
 	}
--- a/services/idp/pkg/config/defaults/defaultconfig.go
+++ b/services/idp/pkg/config/defaults/defaultconfig.go
@@ -119,8 +119,7 @@ func DefaultConfig() *config.Config {
 			},
 		},
 		Ldap: config.Ldap{
-			URI:                  "ldaps://localhost:9235",
-			TLSCACert:            filepath.Join(defaults.BaseDataPath(), "idm", "ldap.crt"),
+			URI:                  "ldap://localhost:9235",
 			BindDN:               "uid=idp,ou=sysusers,o=libregraph-idm",
 			BaseDN:               "ou=users,o=libregraph-idm",
 			Scope:                "sub",
--- a/services/users/pkg/config/defaults/defaultconfig.go
+++ b/services/users/pkg/config/defaults/defaultconfig.go
@@ -1,9 +1,6 @@
 package defaults

 import (
-	"path/filepath"
-
-	"github.com/opencloud-eu/opencloud/pkg/config/defaults"
 	"github.com/opencloud-eu/opencloud/pkg/shared"
 	"github.com/opencloud-eu/opencloud/pkg/structs"
 	"github.com/opencloud-eu/opencloud/services/users/pkg/config"
@@ -38,8 +35,7 @@ func DefaultConfig() *config.Config {
 		Driver: "ldap",
 		Drivers: config.Drivers{
 			LDAP: config.LDAPDriver{
-				URI:                      "ldaps://localhost:9235",
-				CACert:                   filepath.Join(defaults.BaseDataPath(), "idm", "ldap.crt"),
+				URI:                      "ldap://localhost:9235",
 				Insecure:                 false,
 				UserBaseDN:               "ou=users,o=libregraph-idm",
 				GroupBaseDN:              "ou=groups,o=libregraph-idm",