feat(ldap): adding root ca option to ldap config (#9292)

# Which Problems Are Solved Adding ability to add a root CA to LDAP configs # Additional Context - Closes https://github.com/zitadel/zitadel/issues/7888 --------- Co-authored-by: Iraq Jaber <IraqJaber@gmail.com>
2025-08-12 01:37:31 +00:00 · 2025-02-18 10:06:50 +00:00
parent d7332d1ac4
commit 5bbb953ffb
27 changed files with 418 additions and 243 deletions
--- a/internal/query/projection/idp_template_test.go
+++ b/internal/query/projection/idp_template_test.go
@@ -2117,6 +2117,7 @@ func TestIDPTemplateProjection_reducesLDAP(t *testing.T) {
 	"userObjectClasses": ["object"],
 	"userFilters": ["filter"],
 	"timeout": 30000000000,
+	"rootcA": `+stringToJSONByte("certificate")+`,
 	"idAttribute": "id",
 	"firstNameAttribute": "first",
 	"lastNameAttribute": "last",
@@ -2165,7 +2166,7 @@ func TestIDPTemplateProjection_reducesLDAP(t *testing.T) {
 							},
 						},
 						{
-							expectedStmt: "INSERT INTO projections.idp_templates6_ldap2 (idp_id, instance_id, servers, start_tls, base_dn, bind_dn, bind_password, user_base, user_object_classes, user_filters, timeout, id_attribute, first_name_attribute, last_name_attribute, display_name_attribute, nick_name_attribute, preferred_username_attribute, email_attribute, email_verified, phone_attribute, phone_verified_attribute, preferred_language_attribute, avatar_url_attribute, profile_attribute) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15, $16, $17, $18, $19, $20, $21, $22, $23, $24)",
+							expectedStmt: "INSERT INTO projections.idp_templates6_ldap3 (idp_id, instance_id, servers, start_tls, base_dn, bind_dn, bind_password, user_base, user_object_classes, user_filters, timeout, rootCA, id_attribute, first_name_attribute, last_name_attribute, display_name_attribute, nick_name_attribute, preferred_username_attribute, email_attribute, email_verified, phone_attribute, phone_verified_attribute, preferred_language_attribute, avatar_url_attribute, profile_attribute) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15, $16, $17, $18, $19, $20, $21, $22, $23, $24, $25)",
 							expectedArgs: []interface{}{
 								"idp-id",
 								"instance-id",
@@ -2178,6 +2179,7 @@ func TestIDPTemplateProjection_reducesLDAP(t *testing.T) {
 								database.TextArray[string]{"object"},
 								database.TextArray[string]{"filter"},
 								time.Duration(30000000000),
+								[]byte("certificate"),
 								"id",
 								"first",
 								"last",
@@ -2220,6 +2222,7 @@ func TestIDPTemplateProjection_reducesLDAP(t *testing.T) {
 	"userObjectClasses": ["object"],
 	"userFilters": ["filter"],
 	"timeout": 30000000000,
+	"rootcA": `+stringToJSONByte("certificate")+`,
 	"idAttribute": "id",
 	"firstNameAttribute": "first",
 	"lastNameAttribute": "last",
@@ -2268,7 +2271,7 @@ func TestIDPTemplateProjection_reducesLDAP(t *testing.T) {
 							},
 						},
 						{
-							expectedStmt: "INSERT INTO projections.idp_templates6_ldap2 (idp_id, instance_id, servers, start_tls, base_dn, bind_dn, bind_password, user_base, user_object_classes, user_filters, timeout, id_attribute, first_name_attribute, last_name_attribute, display_name_attribute, nick_name_attribute, preferred_username_attribute, email_attribute, email_verified, phone_attribute, phone_verified_attribute, preferred_language_attribute, avatar_url_attribute, profile_attribute) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15, $16, $17, $18, $19, $20, $21, $22, $23, $24)",
+							expectedStmt: "INSERT INTO projections.idp_templates6_ldap3 (idp_id, instance_id, servers, start_tls, base_dn, bind_dn, bind_password, user_base, user_object_classes, user_filters, timeout, rootCA, id_attribute, first_name_attribute, last_name_attribute, display_name_attribute, nick_name_attribute, preferred_username_attribute, email_attribute, email_verified, phone_attribute, phone_verified_attribute, preferred_language_attribute, avatar_url_attribute, profile_attribute) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15, $16, $17, $18, $19, $20, $21, $22, $23, $24, $25)",
 							expectedArgs: []interface{}{
 								"idp-id",
 								"instance-id",
@@ -2281,6 +2284,7 @@ func TestIDPTemplateProjection_reducesLDAP(t *testing.T) {
 								database.TextArray[string]{"object"},
 								database.TextArray[string]{"filter"},
 								time.Duration(30000000000),
+								[]byte("certificate"),
 								"id",
 								"first",
 								"last",
@@ -2331,7 +2335,7 @@ func TestIDPTemplateProjection_reducesLDAP(t *testing.T) {
 							},
 						},
 						{
-							expectedStmt: "UPDATE projections.idp_templates6_ldap2 SET base_dn = $1 WHERE (idp_id = $2) AND (instance_id = $3)",
+							expectedStmt: "UPDATE projections.idp_templates6_ldap3 SET base_dn = $1 WHERE (idp_id = $2) AND (instance_id = $3)",
 							expectedArgs: []interface{}{
 								"basedn",
 								"idp-id",
@@ -2365,6 +2369,7 @@ func TestIDPTemplateProjection_reducesLDAP(t *testing.T) {
 	"userObjectClasses": ["object"],
 	"userFilters": ["filter"],
 	"timeout": 30000000000,
+	"rootcA": `+stringToJSONByte("certificate")+`,
 	"idAttribute": "id",
 	"firstNameAttribute": "first",
 	"lastNameAttribute": "last",
@@ -2408,7 +2413,7 @@ func TestIDPTemplateProjection_reducesLDAP(t *testing.T) {
 							},
 						},
 						{
-							expectedStmt: "UPDATE projections.idp_templates6_ldap2 SET (servers, start_tls, base_dn, bind_dn, bind_password, user_base, user_object_classes, user_filters, timeout, id_attribute, first_name_attribute, last_name_attribute, display_name_attribute, nick_name_attribute, preferred_username_attribute, email_attribute, email_verified, phone_attribute, phone_verified_attribute, preferred_language_attribute, avatar_url_attribute, profile_attribute) = ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15, $16, $17, $18, $19, $20, $21, $22) WHERE (idp_id = $23) AND (instance_id = $24)",
+							expectedStmt: "UPDATE projections.idp_templates6_ldap3 SET (servers, start_tls, base_dn, bind_dn, bind_password, user_base, user_object_classes, user_filters, timeout, rootCA, id_attribute, first_name_attribute, last_name_attribute, display_name_attribute, nick_name_attribute, preferred_username_attribute, email_attribute, email_verified, phone_attribute, phone_verified_attribute, preferred_language_attribute, avatar_url_attribute, profile_attribute) = ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15, $16, $17, $18, $19, $20, $21, $22, $23) WHERE (idp_id = $24) AND (instance_id = $25)",
 							expectedArgs: []interface{}{
 								database.TextArray[string]{"server"},
 								false,
@@ -2419,6 +2424,7 @@ func TestIDPTemplateProjection_reducesLDAP(t *testing.T) {
 								database.TextArray[string]{"object"},
 								database.TextArray[string]{"filter"},
 								time.Duration(30000000000),
+								[]byte("certificate"),
 								"id",
 								"first",
 								"last",