Add support to multiple LDAP Servers

- Add support to multiple LDAP Servers using ServerList option - Updating examples to use ServerList - Refactor print DEBUG params - Updating docs
wiltonsr · Oct 17, 2024 · c3941e8 · c3941e8
1 parent d626ff6
commit c3941e8
Show file tree

Hide file tree

Showing 7 changed files with 308 additions and 173 deletions.
diff --git a/examples/conf-from-labels.yml b/examples/conf-from-labels.yml
@@ -34,10 +34,14 @@ services:
       - traefik.http.routers.whoami.middlewares=ldap_auth
       # ldapAuth Options=================================================================================
       - traefik.http.middlewares.ldap_auth.plugin.ldapAuth.logLevel=DEBUG
-      - traefik.http.middlewares.ldap_auth.plugin.ldapAuth.url=ldap://ldap.forumsys.com
-      - traefik.http.middlewares.ldap_auth.plugin.ldapAuth.port=389
       - traefik.http.middlewares.ldap_auth.plugin.ldapAuth.baseDN=dc=example,dc=com
       - traefik.http.middlewares.ldap_auth.plugin.ldapAuth.attribute=uid
+      - traefik.http.middlewares.ldap_auth.plugin.ldapAuth.serverList[0].url=ldap://ldap.forumsys.com
+      - traefik.http.middlewares.ldap_auth.plugin.ldapAuth.serverList[0].port=389
+      - traefik.http.middlewares.ldap_auth.plugin.ldapAuth.serverList[0].weight=20
+      - traefik.http.middlewares.ldap_auth.plugin.ldapAuth.serverList[1].url=ldap://ldap2.forumsys.com
+      - traefik.http.middlewares.ldap_auth.plugin.ldapAuth.serverList[1].port=636
+      - traefik.http.middlewares.ldap_auth.plugin.ldapAuth.serverList[1].weight=10
       # AllowedGroups and AllowedUsers are not supported with labels, because multiple value labels are separated with commas
       # SearchFilter must not escape curly braces when using labels
       # - traefik.http.middlewares.ldap_auth.plugin.ldapAuth.searchFilter=({{.Attribute}}={{.Username}})

diff --git a/examples/dynamic-conf/ldapAuth-conf.toml b/examples/dynamic-conf/ldapAuth-conf.toml
@@ -1,13 +1,22 @@
 [http.middlewares]
 [http.middlewares.my-ldapAuth.plugin.ldapAuth]
-Attribute = "uid"
-BaseDN = "dc=example,dc=com"
 Enabled = "true"
 LogLevel = "DEBUG"
-Port = "389"
-Url = "ldap://ldap.forumsys.com"
-AllowedGroups = ["ou=mathematicians,dc=example,dc=com","ou=italians,ou=scientists,dc=example,dc=com"]
+Attribute = "uid"
+BaseDN = "dc=example,dc=com"
+AllowedGroups = [
+    "ou=mathematicians,dc=example,dc=com",
+    "ou=italians,ou=scientists,dc=example,dc=com",
+]
 AllowedUsers = ["euler", "uid=euclid,dc=example,dc=com"]
 # SearchFilter must escape curly braces when using toml file
 # https://toml.io/en/v1.0.0#string
 # SearchFilter = '''(\{\{.Attribute\}\}=\{\{.Username\}\})'''
+[[http.middlewares.my-ldapAuth.plugin.ldapAuth.ServerList]]
+Url = "ldaps://ldap2.forumsys.com"
+Port = "636"
+Weight = 10
+[[http.middlewares.my-ldapAuth.plugin.ldapAuth.ServerList]]
+Url = "ldap://ldap.forumsys.com"
+Port = "389"
+Weight = 5
diff --git a/examples/dynamic-conf/ldapAuth-conf.yml b/examples/dynamic-conf/ldapAuth-conf.yml
@@ -5,10 +5,8 @@ http:
         ldapAuth:
           Enabled: true
           LogLevel: "DEBUG"
-          Url: "ldap://ldap.forumsys.com"
-          Port: 389
-          BaseDN: "dc=example,dc=com"
           Attribute: "uid"
+          BaseDN: "dc=example,dc=com"
           AllowedGroups:
             - ou=mathematicians,dc=example,dc=com
             - ou=italians,ou=scientists,dc=example,dc=com
@@ -18,3 +16,16 @@ http:
           # SearchFilter must escape curly braces when using yml file
           # https://yaml.org/spec/1.1/#id872840
           # SearchFilter: (\{\{.Attribute\}\}=\{\{.Username\}\})
+          ServerList:
+            - Url: "ldap://ldap.forumsys.com"
+              Port: 389
+              Weight: 10
+            - Url: "ldap://ldap4.forumsys.com"
+              Port: 636
+              Weight: 9
+            - Url: "ldap://ldap3.forumsys.com"
+              Port: 389
+              Weight: 11
+            - Url: "ldap://ldap2.forumsys.com"
+              Port: 636
+              Weight: 12
diff --git a/examples/dynamic-conf/ldapAuth-tls-conf.toml b/examples/dynamic-conf/ldapAuth-tls-conf.toml
@@ -1,11 +1,15 @@
 [http.middlewares]
 [http.middlewares.my-ldapAuth.plugin.ldapAuth]
-Attribute = "uid"
-BaseDN = "cn=users,cn=accounts,dc=demo1,dc=freeipa,dc=org"
 Enabled = true
 LogLevel = "DEBUG"
-Port = "636"
+Attribute = "uid"
+BaseDN = "cn=users,cn=accounts,dc=demo1,dc=freeipa,dc=org"
+[[http.middlewares.my-ldapAuth.plugin.ldapAuth.ServerList]]
 Url = "ldaps://ipa.demo1.freeipa.org"
+Port = "636"
+Weight = 10
+MinVersionTLS = "tls.VersionTLS10"
+MaxVersionTLS = "tls.VersionTLS13"
 CertificateAuthority = '''
 -----BEGIN CERTIFICATE-----
 MIIFWzCCA8OgAwIBAgIBCDANBgkqhkiG9w0BAQsFADA8MRowGAYDVQQKDBFERU1P

diff --git a/examples/dynamic-conf/ldapAuth-tls-conf.yml b/examples/dynamic-conf/ldapAuth-tls-conf.yml
@@ -5,66 +5,70 @@ http:
         ldapAuth:
           Enabled: true
           LogLevel: "DEBUG"
-          Url: "ldaps://ipa.demo1.freeipa.org"
-          Port: 636
-          BaseDN: "cn=users,cn=accounts,dc=demo1,dc=freeipa,dc=org"
           Attribute: "uid"
-          CertificateAuthority: |-
-            -----BEGIN CERTIFICATE-----
-            MIIFWzCCA8OgAwIBAgIBCDANBgkqhkiG9w0BAQsFADA8MRowGAYDVQQKDBFERU1P
-            MS5GUkVFSVBBLk9SRzEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X
-            DTIzMDQyMDEzMzYxNFoXDTI1MDQyMDEzMzYxNFowPDEaMBgGA1UECgwRREVNTzEu
-            RlJFRUlQQS5PUkcxHjAcBgNVBAMMFWlwYS5kZW1vMS5mcmVlaXBhLm9yZzCCASIw
-            DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMEzBE9i2gqOMM2HKyNnM7Ih5+mv
-            duVmE5D+5raJtqA1eNZkNrQmSaKwS9cnHGX+2/zSY1FDkZnIhGXySPf0/7fxCuG/
-            J9MvRlecGnJTWOCvPIVhkvd5PyTKkClmsk4ojx2IwCU6q2nvy0zvSxhhzd2UpOL6
-            y7fNtS3VBYYZjWNEv0K7F+pGtW40MauGDotsP1zQmyVW5J1IszDDlRgTLC6azdBs
-            +RP0vYCyKkgh1tpWLYfFnQhNVOlja79QcnlKdvnZu4sFdDSvOqext28mBJuCm8ib
-            HLnQQcxTqg2jMx8AW2zh9F8sMoEsn/mjDHI41oGGsHeZt3j5a8Ab7jtlz8MCAwEA
-            AaOCAeYwggHiMB8GA1UdIwQYMBaAFKFAgcvZmgX3tnFhcPQ5i4jZ+xE9MEMGCCsG
-            AQUFBwEBBDcwNTAzBggrBgEFBQcwAYYnaHR0cDovL2lwYS1jYS5kZW1vMS5mcmVl
-            aXBhLm9yZy9jYS9vY3NwMA4GA1UdDwEB/wQEAwIE8DAdBgNVHSUEFjAUBggrBgEF
-            BQcDAQYIKwYBBQUHAwIwfAYDVR0fBHUwczBxoDmgN4Y1aHR0cDovL2lwYS1jYS5k
-            ZW1vMS5mcmVlaXBhLm9yZy9pcGEvY3JsL01hc3RlckNSTC5iaW6iNKQyMDAxDjAM
-            BgNVBAoMBWlwYWNhMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHQYD
-            VR0OBBYEFGsje2irExO4AvvLW6jv2oEkrZfSMIGtBgNVHREEgaUwgaKCFWlwYS5k
-            ZW1vMS5mcmVlaXBhLm9yZ6A8BgorBgEEAYI3FAIDoC4MLGxkYXAvaXBhLmRlbW8x
-            LmZyZWVpcGEub3JnQERFTU8xLkZSRUVJUEEuT1JHoEsGBisGAQUCAqBBMD+gExsR
-            REVNTzEuRlJFRUlQQS5PUkehKDAmoAMCAQGhHzAdGwRsZGFwGxVpcGEuZGVtbzEu
-            ZnJlZWlwYS5vcmcwDQYJKoZIhvcNAQELBQADggGBADO5SovCVFoVJQOKxrePdh5y
-            VIQ45UQSjmfXT+FlzbzlX47ejpvdqDKDl0yj5JBUKtKxv3Mj6natUQAVnveRcXlo
-            mjzEOQsozCaWcCrtnIW8AOny78DjxnSdwPqd/TRV4r2/T2cRndd0GCg6LrQxEdTf
-            VNKJAMAYin6xmopsarpXwVJVd7YweFUMd7Tu5Tvpde1oubnBtb7ZEGixb6AB200g
-            lHQroWz6s+a/d7BxsyM0DA5bOk728LqroIJ8m/9xIbnACoyeVdmM5BF/1/cUsX4N
-            RkRJIfcITNB3zr/4WUldKsM/7bfEA5S0GQUjTd4njt5r7d8j2r6V88maN9ANgXZ4
-            Vf1RbjmTOw4OovwGXtRu8DkQ4kSqnyd1COelH48EfGxtOYbzqNNgnip+95mmMoFr
-            3BkxKP8G/lQ3kGOYqBIQ+1ICtvx29Smllo87RkJ3KltHy7RKVMZry7inLTqCNBAA
-            uIdew6R5uJhBBrfjmXGyGjba9wtxDPiPoTa9gGAu7w==
-            -----END CERTIFICATE-----
-            -----BEGIN CERTIFICATE-----
-            MIIEnTCCAwWgAwIBAgIBATANBgkqhkiG9w0BAQsFADA8MRowGAYDVQQKDBFERU1P
-            MS5GUkVFSVBBLk9SRzEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X
-            DTIzMDQyMDEzMzM1NFoXDTQzMDQyMDEzMzM1NFowPDEaMBgGA1UECgwRREVNTzEu
-            RlJFRUlQQS5PUkcxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTCCAaIw
-            DQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBALLzV665748bW3Da/ZVTZ4BVHrCW
-            RuuT+7bgT6CZOUMri8F+KuQ6sT+o3hQuyrp4qWn0sU3bO9TCXjkQ4B8uo8ZR3RvR
-            +2FXENtUQukI4PTXXoKjqJkGrgWVyISfkvNZvsl/bOEtVJ6nh3DBLhYM0HEENccL
-            0b1SALdntQwGFJfWkRD0FbjBo7CPxePm7L2VViDMY0cYeUdgETcqc9Zw90gUEqTt
-            keHqPmBkiOUVk09f3qtdoukRqAvx3nKhUu7vHEf+DJJoQtr3ilUXZQZ/6lKkYl9k
-            mdwjt+9YeCaKV0s7RI4G+25xo1ZSB3IfMMGISGf/0mOyg4LgWyuuDF/ip5+gI46b
-            Ol85DrhJAfeYoFbjx+zsoY9mn0kiMBnxg+NkvJitsb5EFexXtqfLLeGjFTu2a9rw
-            bB6mM3GKmMszwif/i9uO/NeK1LlmN6g1vy07HtjQWh2LUa9AbeIp6s1UUcruCGem
-            FSzLRmcOY4wi0gGm8Vwg9MRtS6sUe7bfM7uPXwIDAQABo4GpMIGmMB8GA1UdIwQY
-            MBaAFKFAgcvZmgX3tnFhcPQ5i4jZ+xE9MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
-            AQH/BAQDAgHGMB0GA1UdDgQWBBShQIHL2ZoF97ZxYXD0OYuI2fsRPTBDBggrBgEF
-            BQcBAQQ3MDUwMwYIKwYBBQUHMAGGJ2h0dHA6Ly9pcGEtY2EuZGVtbzEuZnJlZWlw
-            YS5vcmcvY2Evb2NzcDANBgkqhkiG9w0BAQsFAAOCAYEAH0du998ux4CkH/W9/2l0
-            GnnHE5GbBBcGd4zEIxxoe0kYm7MKJjXL9gDRZ3RMseEhy0mAX8cixA7xmg/IFgM9
-            TFHoHbTUNgEzLZtOYl5Qccp48ZV1XLrzfK1DorEH6tgza0X2rNJ7RU25sq9i687Y
-            S0Tt6W3CNkOnQed7blDbxfZJOq7gvqiTFy09a5OXv2AxpkmRrLwFWd/+4Whbsji1
-            wiwTD+t7gDTGizqINEsJ3lT+2dDp+mAxPKTd4XiTE4aBPVc4LBxHDnMzqFxa1qzG
-            v/BL+aa3FkahD/zMm6/B70iApFOFeCrng/1Q7DxUsBWWuzS+oVdm8MEUWtHxANC5
-            VG91hbzs4jBAig6AY1hGe49oOabkM1IGhp/TIySAaogA4BFS9DNV1TyNZ4Y9PO61
-            JZHjzfXOLIdSlluwsBJem4Lj6Xdw8epzANA0CVnEQ5R1Aql0uRlSsAuhcsleCYJC
-            4gbTjx3PDQLm4BUvsNZ62knVDJPvjAX4nOybumpLAVKg
-            -----END CERTIFICATE-----
+          BaseDN: "cn=users,cn=accounts,dc=demo1,dc=freeipa,dc=org"
+          ServerList:
+            - Url: "ldaps://ipa.demo1.freeipa.org"
+              Port: 636
+              Weight: 10
+              MinVersionTLS: "tls.VersionTLS10"
+              MaxVersionTLS: "tls.VersionTLS13"
+              CertificateAuthority: |-
+                -----BEGIN CERTIFICATE-----
+                MIIFWzCCA8OgAwIBAgIBCDANBgkqhkiG9w0BAQsFADA8MRowGAYDVQQKDBFERU1P
+                MS5GUkVFSVBBLk9SRzEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X
+                DTIzMDQyMDEzMzYxNFoXDTI1MDQyMDEzMzYxNFowPDEaMBgGA1UECgwRREVNTzEu
+                RlJFRUlQQS5PUkcxHjAcBgNVBAMMFWlwYS5kZW1vMS5mcmVlaXBhLm9yZzCCASIw
+                DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMEzBE9i2gqOMM2HKyNnM7Ih5+mv
+                duVmE5D+5raJtqA1eNZkNrQmSaKwS9cnHGX+2/zSY1FDkZnIhGXySPf0/7fxCuG/
+                J9MvRlecGnJTWOCvPIVhkvd5PyTKkClmsk4ojx2IwCU6q2nvy0zvSxhhzd2UpOL6
+                y7fNtS3VBYYZjWNEv0K7F+pGtW40MauGDotsP1zQmyVW5J1IszDDlRgTLC6azdBs
+                +RP0vYCyKkgh1tpWLYfFnQhNVOlja79QcnlKdvnZu4sFdDSvOqext28mBJuCm8ib
+                HLnQQcxTqg2jMx8AW2zh9F8sMoEsn/mjDHI41oGGsHeZt3j5a8Ab7jtlz8MCAwEA
+                AaOCAeYwggHiMB8GA1UdIwQYMBaAFKFAgcvZmgX3tnFhcPQ5i4jZ+xE9MEMGCCsG
+                AQUFBwEBBDcwNTAzBggrBgEFBQcwAYYnaHR0cDovL2lwYS1jYS5kZW1vMS5mcmVl
+                aXBhLm9yZy9jYS9vY3NwMA4GA1UdDwEB/wQEAwIE8DAdBgNVHSUEFjAUBggrBgEF
+                BQcDAQYIKwYBBQUHAwIwfAYDVR0fBHUwczBxoDmgN4Y1aHR0cDovL2lwYS1jYS5k
+                ZW1vMS5mcmVlaXBhLm9yZy9pcGEvY3JsL01hc3RlckNSTC5iaW6iNKQyMDAxDjAM
+                BgNVBAoMBWlwYWNhMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHQYD
+                VR0OBBYEFGsje2irExO4AvvLW6jv2oEkrZfSMIGtBgNVHREEgaUwgaKCFWlwYS5k
+                ZW1vMS5mcmVlaXBhLm9yZ6A8BgorBgEEAYI3FAIDoC4MLGxkYXAvaXBhLmRlbW8x
+                LmZyZWVpcGEub3JnQERFTU8xLkZSRUVJUEEuT1JHoEsGBisGAQUCAqBBMD+gExsR
+                REVNTzEuRlJFRUlQQS5PUkehKDAmoAMCAQGhHzAdGwRsZGFwGxVpcGEuZGVtbzEu
+                ZnJlZWlwYS5vcmcwDQYJKoZIhvcNAQELBQADggGBADO5SovCVFoVJQOKxrePdh5y
+                VIQ45UQSjmfXT+FlzbzlX47ejpvdqDKDl0yj5JBUKtKxv3Mj6natUQAVnveRcXlo
+                mjzEOQsozCaWcCrtnIW8AOny78DjxnSdwPqd/TRV4r2/T2cRndd0GCg6LrQxEdTf
+                VNKJAMAYin6xmopsarpXwVJVd7YweFUMd7Tu5Tvpde1oubnBtb7ZEGixb6AB200g
+                lHQroWz6s+a/d7BxsyM0DA5bOk728LqroIJ8m/9xIbnACoyeVdmM5BF/1/cUsX4N
+                RkRJIfcITNB3zr/4WUldKsM/7bfEA5S0GQUjTd4njt5r7d8j2r6V88maN9ANgXZ4
+                Vf1RbjmTOw4OovwGXtRu8DkQ4kSqnyd1COelH48EfGxtOYbzqNNgnip+95mmMoFr
+                3BkxKP8G/lQ3kGOYqBIQ+1ICtvx29Smllo87RkJ3KltHy7RKVMZry7inLTqCNBAA
+                uIdew6R5uJhBBrfjmXGyGjba9wtxDPiPoTa9gGAu7w==
+                -----END CERTIFICATE-----
+                -----BEGIN CERTIFICATE-----
+                MIIEnTCCAwWgAwIBAgIBATANBgkqhkiG9w0BAQsFADA8MRowGAYDVQQKDBFERU1P
+                MS5GUkVFSVBBLk9SRzEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X
+                DTIzMDQyMDEzMzM1NFoXDTQzMDQyMDEzMzM1NFowPDEaMBgGA1UECgwRREVNTzEu
+                RlJFRUlQQS5PUkcxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTCCAaIw
+                DQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBALLzV665748bW3Da/ZVTZ4BVHrCW
+                RuuT+7bgT6CZOUMri8F+KuQ6sT+o3hQuyrp4qWn0sU3bO9TCXjkQ4B8uo8ZR3RvR
+                +2FXENtUQukI4PTXXoKjqJkGrgWVyISfkvNZvsl/bOEtVJ6nh3DBLhYM0HEENccL
+                0b1SALdntQwGFJfWkRD0FbjBo7CPxePm7L2VViDMY0cYeUdgETcqc9Zw90gUEqTt
+                keHqPmBkiOUVk09f3qtdoukRqAvx3nKhUu7vHEf+DJJoQtr3ilUXZQZ/6lKkYl9k
+                mdwjt+9YeCaKV0s7RI4G+25xo1ZSB3IfMMGISGf/0mOyg4LgWyuuDF/ip5+gI46b
+                Ol85DrhJAfeYoFbjx+zsoY9mn0kiMBnxg+NkvJitsb5EFexXtqfLLeGjFTu2a9rw
+                bB6mM3GKmMszwif/i9uO/NeK1LlmN6g1vy07HtjQWh2LUa9AbeIp6s1UUcruCGem
+                FSzLRmcOY4wi0gGm8Vwg9MRtS6sUe7bfM7uPXwIDAQABo4GpMIGmMB8GA1UdIwQY
+                MBaAFKFAgcvZmgX3tnFhcPQ5i4jZ+xE9MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
+                AQH/BAQDAgHGMB0GA1UdDgQWBBShQIHL2ZoF97ZxYXD0OYuI2fsRPTBDBggrBgEF
+                BQcBAQQ3MDUwMwYIKwYBBQUHMAGGJ2h0dHA6Ly9pcGEtY2EuZGVtbzEuZnJlZWlw
+                YS5vcmcvY2Evb2NzcDANBgkqhkiG9w0BAQsFAAOCAYEAH0du998ux4CkH/W9/2l0
+                GnnHE5GbBBcGd4zEIxxoe0kYm7MKJjXL9gDRZ3RMseEhy0mAX8cixA7xmg/IFgM9
+                TFHoHbTUNgEzLZtOYl5Qccp48ZV1XLrzfK1DorEH6tgza0X2rNJ7RU25sq9i687Y
+                S0Tt6W3CNkOnQed7blDbxfZJOq7gvqiTFy09a5OXv2AxpkmRrLwFWd/+4Whbsji1
+                wiwTD+t7gDTGizqINEsJ3lT+2dDp+mAxPKTd4XiTE4aBPVc4LBxHDnMzqFxa1qzG
+                v/BL+aa3FkahD/zMm6/B70iApFOFeCrng/1Q7DxUsBWWuzS+oVdm8MEUWtHxANC5
+                VG91hbzs4jBAig6AY1hGe49oOabkM1IGhp/TIySAaogA4BFS9DNV1TyNZ4Y9PO61
+                JZHjzfXOLIdSlluwsBJem4Lj6Xdw8epzANA0CVnEQ5R1Aql0uRlSsAuhcsleCYJC
+                4gbTjx3PDQLm4BUvsNZ62knVDJPvjAX4nOybumpLAVKg
+                -----END CERTIFICATE-----