Member-only story
LDAPS integration in Golang
In my recent project work, I need to test out the integration with Microsoft AD through LDAPS (port 636). This story tracks the knowhow and caveat for my future references. Hopefully, it might be helpful to you also.
LDAP module
I am using the gopkg.in/ldap.v2 module to talk to the AD. The following connects to the AD through LDAPS on port 636.
ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ldapHost, 636), &tlsConfig)We need to construct the type of tls.Config for the secure connection.
Adding trust cert into root CA
Ignore the certificate verification by setting InsecureSkipVerify: true is not an option here. I need to validate the certificate.
The AD is load balanced behind a load balancer. I need to trust all the AD servers’ certificates. However, the AD is using self-signed cert and I can’t update the root CA in the system. Thankfully the tls module could take in a struct member of RootCAs that is able to add in the trusted certificate on the fly. The excerpt for constructing thetls.Config is listed below,
func ldapsConnect() (*ldap.Conn, error) {
rootCA, err := x509.SystemCertPool()
if err != nil {
log.Printf("Failed to load system cert:%v", err)
// return nil, err
}
