feat(ldap): adding root ca option to ldap config (#9292)

# Which Problems Are Solved Adding ability to add a root CA to LDAP configs # Additional Context - Closes https://github.com/zitadel/zitadel/issues/7888 --------- Co-authored-by: Iraq Jaber <IraqJaber@gmail.com>
2025-08-12 00:27:31 +00:00 · 2025-02-18 10:06:50 +00:00
parent d7332d1ac4
commit 5bbb953ffb
27 changed files with 418 additions and 243 deletions
--- a/internal/command/idp_model.go
+++ b/internal/command/idp_model.go
@@ -1,6 +1,7 @@
 package command

 import (
+	"bytes"
 	"net/http"
 	"reflect"
 	"slices"
@@ -1366,6 +1367,7 @@ type LDAPIDPWriteModel struct {
 	UserObjectClasses []string
 	UserFilters       []string
 	Timeout           time.Duration
+	RootCA            []byte
 	idp.LDAPAttributes
 	idp.Options

@@ -1406,6 +1408,7 @@ func (wm *LDAPIDPWriteModel) reduceAddedEvent(e *idp.LDAPIDPAddedEvent) {
 	wm.UserObjectClasses = e.UserObjectClasses
 	wm.UserFilters = e.UserFilters
 	wm.Timeout = e.Timeout
+	wm.RootCA = e.RootCA
 	wm.LDAPAttributes = e.LDAPAttributes
 	wm.Options = e.Options
 	wm.State = domain.IDPStateActive
@@ -1460,6 +1463,7 @@ func (wm *LDAPIDPWriteModel) NewChanges(
 	userObjectClasses []string,
 	userFilters []string,
 	timeout time.Duration,
+	rootCA []byte,
 	secretCrypto crypto.EncryptionAlgorithm,
 	attributes idp.LDAPAttributes,
 	options idp.Options,
@@ -1501,6 +1505,9 @@ func (wm *LDAPIDPWriteModel) NewChanges(
 	if wm.Timeout != timeout {
 		changes = append(changes, idp.ChangeLDAPTimeout(timeout))
 	}
+	if !bytes.Equal(wm.RootCA, rootCA) {
+		changes = append(changes, idp.ChangeLDAPRootCA(rootCA))
+	}
 	attrs := wm.LDAPAttributes.Changes(attributes)
 	if !attrs.IsZero() {
 		changes = append(changes, idp.ChangeLDAPAttributes(attrs))
@@ -1582,6 +1589,7 @@ func (wm *LDAPIDPWriteModel) ToProvider(callbackURL string, idpAlg crypto.Encryp
 		wm.UserObjectClasses,
 		wm.UserFilters,
 		wm.Timeout,
+		wm.RootCA,
 		callbackURL,
 		opts...,
 	), nil