fix: manage root CA for LDAP IdPs correctly (#9517)

# Which Problems Are Solved #9292 did not correctly change the projection table to list IdPs for existing ZITADEL setups. # How the Problems Are Solved Fixed the projection table by an explicit setup. # Additional Changes To prevent user facing error when using the LDAP with a custom root CA as much as possible, the certificate is parsed when passing it to the API. # Additional Context - Closes https://github.com/zitadel/zitadel/issues/9514 --------- Co-authored-by: Iraq Jaber <IraqJaber@gmail.com> (cherry picked from commit 11c9be3b8d)
2025-08-12 04:07:31 +00:00 · 2025-03-18 15:23:12 +00:00
parent 9c6394c164
commit 9f0da00cd5
11 changed files with 265 additions and 75 deletions
--- a/cmd/setup/setup.go
+++ b/cmd/setup/setup.go
@@ -177,6 +177,7 @@ func Setup(ctx context.Context, config *Config, steps *Steps, masterKey string)
 	steps.s48Apps7SAMLConfigsLoginVersion = &Apps7SAMLConfigsLoginVersion{dbClient: dbClient}
 	steps.s49InitPermittedOrgsFunction = &InitPermittedOrgsFunction{eventstoreClient: dbClient}
 	steps.s50IDPTemplate6UsePKCE = &IDPTemplate6UsePKCE{dbClient: dbClient}
+	steps.s51IDPTemplate6RootCA = &IDPTemplate6RootCA{dbClient: dbClient}

 	err = projection.Create(ctx, dbClient, eventstoreClient, config.Projections, nil, nil, nil)
 	logging.OnError(err).Fatal("unable to start projections")
@@ -216,6 +217,7 @@ func Setup(ctx context.Context, config *Config, steps *Steps, masterKey string)
 		steps.s47FillMembershipFields,
 		steps.s49InitPermittedOrgsFunction,
 		steps.s50IDPTemplate6UsePKCE,
+		steps.s51IDPTemplate6RootCA,
 	} {
 		mustExecuteMigration(ctx, eventstoreClient, step, "migration failed")
 	}