feat(ldap): adding root ca option to ldap config (#9292)

# Which Problems Are Solved Adding ability to add a root CA to LDAP configs # Additional Context - Closes https://github.com/zitadel/zitadel/issues/7888 --------- Co-authored-by: Iraq Jaber <IraqJaber@gmail.com>
2025-08-11 21:37:32 +00:00 · 2025-02-18 10:06:50 +00:00
parent d7332d1ac4
commit 5bbb953ffb
27 changed files with 418 additions and 243 deletions
--- a/internal/query/idp_template.go
+++ b/internal/query/idp_template.go
@@ -142,6 +142,7 @@ type LDAPIDPTemplate struct {
 	UserObjectClasses []string
 	UserFilters       []string
 	Timeout           time.Duration
+	RootCA            []byte
 	idp.LDAPAttributes
 }

@@ -580,6 +581,10 @@ var (
 		name:  projection.LDAPTimeoutCol,
 		table: ldapIdpTemplateTable,
 	}
+	LDAPRootCACol = Column{
+		name:  projection.LDAPRootCACol,
+		table: ldapIdpTemplateTable,
+	}
 	LDAPIDAttributeCol = Column{
 		name:  projection.LDAPIDAttributeCol,
 		table: ldapIdpTemplateTable,
@@ -943,6 +948,7 @@ func prepareIDPTemplateByIDQuery(ctx context.Context, db prepareDatabase) (sq.Se
 			LDAPUserObjectClassesCol.identifier(),
 			LDAPUserFiltersCol.identifier(),
 			LDAPTimeoutCol.identifier(),
+			LDAPRootCACol.identifier(),
 			LDAPIDAttributeCol.identifier(),
 			LDAPFirstNameAttributeCol.identifier(),
 			LDAPLastNameAttributeCol.identifier(),
@@ -1059,6 +1065,7 @@ func prepareIDPTemplateByIDQuery(ctx context.Context, db prepareDatabase) (sq.Se
 			ldapUserObjectClasses := database.TextArray[string]{}
 			ldapUserFilters := database.TextArray[string]{}
 			ldapTimeout := sql.NullInt64{}
+			var ldapRootCA []byte
 			ldapIDAttribute := sql.NullString{}
 			ldapFirstNameAttribute := sql.NullString{}
 			ldapLastNameAttribute := sql.NullString{}
@@ -1173,6 +1180,7 @@ func prepareIDPTemplateByIDQuery(ctx context.Context, db prepareDatabase) (sq.Se
 				&ldapUserObjectClasses,
 				&ldapUserFilters,
 				&ldapTimeout,
+				&ldapRootCA,
 				&ldapIDAttribute,
 				&ldapFirstNameAttribute,
 				&ldapLastNameAttribute,
@@ -1312,6 +1320,7 @@ func prepareIDPTemplateByIDQuery(ctx context.Context, db prepareDatabase) (sq.Se
 					UserObjectClasses: ldapUserObjectClasses,
 					UserFilters:       ldapUserFilters,
 					Timeout:           time.Duration(ldapTimeout.Int64),
+					RootCA:            ldapRootCA,
 					LDAPAttributes: idp.LDAPAttributes{
 						IDAttribute:                ldapIDAttribute.String,
 						FirstNameAttribute:         ldapFirstNameAttribute.String,
@@ -1438,6 +1447,7 @@ func prepareIDPTemplatesQuery(ctx context.Context, db prepareDatabase) (sq.Selec
 			LDAPUserObjectClassesCol.identifier(),
 			LDAPUserFiltersCol.identifier(),
 			LDAPTimeoutCol.identifier(),
+			LDAPRootCACol.identifier(),
 			LDAPIDAttributeCol.identifier(),
 			LDAPFirstNameAttributeCol.identifier(),
 			LDAPLastNameAttributeCol.identifier(),
@@ -1559,6 +1569,7 @@ func prepareIDPTemplatesQuery(ctx context.Context, db prepareDatabase) (sq.Selec
 				ldapUserObjectClasses := database.TextArray[string]{}
 				ldapUserFilters := database.TextArray[string]{}
 				ldapTimeout := sql.NullInt64{}
+				var ldapRootCA []byte
 				ldapIDAttribute := sql.NullString{}
 				ldapFirstNameAttribute := sql.NullString{}
 				ldapLastNameAttribute := sql.NullString{}
@@ -1673,6 +1684,7 @@ func prepareIDPTemplatesQuery(ctx context.Context, db prepareDatabase) (sq.Selec
 					&ldapUserObjectClasses,
 					&ldapUserFilters,
 					&ldapTimeout,
+					&ldapRootCA,
 					&ldapIDAttribute,
 					&ldapFirstNameAttribute,
 					&ldapLastNameAttribute,
@@ -1811,6 +1823,7 @@ func prepareIDPTemplatesQuery(ctx context.Context, db prepareDatabase) (sq.Selec
 						UserObjectClasses: ldapUserObjectClasses,
 						UserFilters:       ldapUserFilters,
 						Timeout:           time.Duration(ldapTimeout.Int64),
+						RootCA:            ldapRootCA,
 						LDAPAttributes: idp.LDAPAttributes{
 							IDAttribute:                ldapIDAttribute.String,
 							FirstNameAttribute:         ldapFirstNameAttribute.String,