Add TLS options for running both with TLS and without on the same time #27
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This commit expands on the settings available for using TLS. It puts TLS settings under the [frontend.tls] section and adds a new setting to [frontend] called TLSExclusive (bool). TLSExclusive specifies whether or not to only run TLS when it is enabled, and is 'true' by default. Setting it to 'false' and having TLS enabled, causes the server to start both a LDAP and LDAPS server, and therefore requires to seperate 'listen' options (to run on different ports) - the Frontend.Listen and the Frontend.TLS.Listen. If TLSExclusive is set to 'true' and no Frontend.TLS.Listen is specified, it will use the Frontend.Listen.
|
Dude, you're killing it with features. Will look at this and the updates on the others later today if I have some time, or this weekend. |
|
It's features we need / use internally. We want to substitute our FreeIPA servers with this more clean LDAP server. |
|
I've found the same - this tool is far better than some of the heavy LDAP servers currently available out there. |
|
I'm considering to get Jeppe to do a PR more. FreeIPS uses the structure: DN for groups: DN for users: GLAuth does not use this, so we can switch directly yet. |
|
The implementation of TLS-exclusive seems a bit clunky. Have you considered going the route of two distinct options, 'Enable LDAP over TLS' and 'Enable LDAP'? That way it can be far more clearly controled. |
|
Also, I'd be open to a config option which could dynamically set the structure. Another PR would be great so we can more easily thread the discussions. Feel free to even send an incomplete PR and we can discuss and work on it. |
|
I agree that it seems a bit clunky. Is there any specific reason the the section is called 'frontend'? Seems a bit misleading in the cases where you are not proxying to another ldap service. Maybe the section should be renamed to [server] with two seperate sections [server.ldap] and [server.ldaps] ? Or maybe just skip the 'server' prefix and just have two sections called [ldap] and [ldaps] ? |
|
We could do something like this, optionally we could put an 'enabled' flag under both sections. [ldap]
# LDAP bind address
listen = "localhost:3893"
[ldaps]
listen = "localhost:3894"
cert = "certs/server.crt"
key = "certs/server.key" |
|
That looks a lot clearer (with the 'enabled' flag). Much clearer at first glance what is going on. |
|
I agree. Optionally, we could ensure backward compatibility by reading in a [frontend] section in the old format and passing the values into the proposed [ldap]+[ldaps] structure ? |
|
That sounds like a very good idea - we wouldn't want to break things going forward. Perhaps in a future version, throw an error in the logs if they haven't migrated the config, but in the meantime, both old and new need to still work. |
|
Currently working on this, but time is tight, but updates are coming soon. I have run into some issues with keeping 100% backward compatibility when mixing legacy config with newer config and what should take precedence. Since it is some time ago i don't remember the specifics atm, but i'll look into it soon enough. |
|
Sounds great - I've been looking at it as well, and will push to the branch with comments if I get anywhere on it. |
added 2 commits
August 20, 2018 10:30
…lso reject using both old and new format in same config
|
Got some time to finally work on this. Right now it ensures backwards-compatibility by parsing the old [frontend] section into the new configLDAP and configLDAPS structures, so every working config-files should work with this, in the exact same way. It will warn the user if they are using this "old" format, and it will display and error and exit if they are using both formats at the same time ([frontend] section along with [ldaps]/[ldap]) as there are no sane way (that i know of) of parsing both and deciding how to run when that is the case. Feel free to correct the added error/warning messages. |
|
I'll try and look over the code when I have a chance, but from what you describe, that sounds excellent. Good idea with the deprecation notice and parsing to new datastructure so that we don't need to maintain multiple logic branches. |
It was already gitignored before, it just needed to be deleted now
benyanke
approved these changes
Aug 22, 2018
|
Did a few minor tweaks to the log messages, but looks good to me! |
benyanke
added a commit
that referenced
this pull request
Dec 25, 2018
* Adding a few test dockerfiles * Continued work on docker builds * Basic example of docker build and run works - see build.sh for now * Continuing to work on docker build * Removing testing from build script, since it belongs later in process * Implementing dumb init * Docker build fully switched to alpine * Setting up alpine build * Cleaning up dockerfile * Cleaning up repo in prep for merge * Updating permissions for clean merge * Removing old ansible cruft, as per #12 * Removing binaries (since we now build) * Updating sample config to use new fields now available * Testing travis * another travis test * Still working on travis builds * Fix missing amazon packages * Merge in Travis config feature branch (#26) * Adding version string * Fixing and cleaning up docker build * Adding image hashing and verification to 'make all' * Testing build * Running gofmt to fix build * Testing switching travis to make * Testing build again * Merging in Fixes from travis-build feature branch (#33) This includes an integration test which runs glauth and compares ldapsearch snapshot output stored in the repo compared to the snapshot output of the glauth. Additionally, removing old versions of go, and adding windows and linuxar builds (but not tests) to the makefile, and consequently, the travis build. While the mac, linux-arm, and windows binaries are not able to be run in travis, they are able to be at least compiled. * Remove needless comment from integration test * Adding 'is-process-running' check before integration tests run, to clearly note if the program crashes on run * Switching from 1 sec to 2 sec timeout for integration test * Adding back config file to fix build. Previous commit intended to see if build failed (and it did) * Add support for including groups in groups (#23) * Add support for including groups in groups * Pulling in Makefile structure to allow easier testing and builds * Forgot to remove spare test * Add Version Info at Buildtime (#39) Adds the build info to the binary at buildtime via buildtime variables. This is shown by `./glauth --version`. Example output for a non-release: ``` GLauth Non-release build from branch feature/buildversion Build time: 20180531_181011Z Commit: 07ba631 ``` And example of a built release: ``` GLauth v2.3.4 Build time: 20180601_041330Z Commit: 931d666 ``` * Fixing Broken Docker Build (#41) Forgot to include go-bindata run in Dockerfile. * Removing leftover TODO from merge * Testing releases * Testing releases * Testing releases * Adjusting logging * Add new group tests to integration tests * add cleanup to test process * Add documentation about otherGroups, which was a previously undocumented field. * Auto fetching bindata during build so it's not needed to be done manually * Syntax fix * starting framework for unit tests * Merging in ongoing progress from Feature/travis build (#44) Fixes a few minor issues: #42 - now uses the makefile in the docker build, which means version info is correctly embedded at runtime - also now outputs version data at the top of the log when the container starts Fixing a simple issue found by go vet. Need to do more work on fixing issues found in go vet. * Forgot to run 'go fmt' * Adding codecov for go now that a single test is written * Testing not quite ready yet, removing from build * Add Support For 2 Factor Authentication Merging in feature from @ryskov (PR #24) adding 2FA support during LDAP binds. This is accomplished by concatenating the code to the end of the password. Also added integration tests for the TOTP method to run in CI. Could not, however, add automated tests for the yubikey, due the physical nature. * Expose LDAPS ports in Docker container (#49) Currently, the LDAPS ports are not exposed in the docker container. * Adding better logging to docker start script * Add more logging info to docker startup script * Fix Arm32 Build (#52) As discussed in issue #51, Arm32 builds were using 368 (intel/amd) arch accidentally, generating linux 32 bit binaries instead of arm 32 bit binaries. This commit fixes this in the Makefile, which will fix both the local builds, as well as the travis CI and release builds. fixes #52 * Update docker hub image badge to a working one previous one simply returned 0. * Removing 3893 - fixes #50 * Fixing readme MD formatting * Adding travis_retry to fix against intermittent network outages * Add TLS options for running both with TLS and without on the same time (#27) * Add TLS options for running both with TLS and without on the same time. This commit expands on the settings available for using TLS. It puts TLS settings under the [frontend.tls] section and adds a new setting to [frontend] called TLSExclusive (bool). TLSExclusive specifies whether or not to only run TLS when it is enabled, and is 'true' by default. Setting it to 'false' and having TLS enabled, causes the server to start both a LDAP and LDAPS server, and therefore requires to seperate 'listen' options (to run on different ports) - the Frontend.Listen and the Frontend.TLS.Listen. If TLSExclusive is set to 'true' and no Frontend.TLS.Listen is specified, it will use the Frontend.Listen. * Adding PR template and improving integration test tooling * Updating formatting * Add get dependencies step to makefile setup * Add go 1.11 * Add App Password Support (#60) App passwords can now be used to allow easier OTP use alongside applications which need to bind with a static password. Use the key `passappsha256` and specify an array of password hashes. See the readme and sample configuration file for more information. Fixes #54 * Adding NCoC as official project code of conduct We happily accept contributions based on the merit of the contributions. * Properly handling paramaters in logs - fixes #64 * Adding ldapsearch for healthchecks
butonic
added a commit
that referenced
this pull request
Feb 21, 2020
* Pulling in latest changes and fixes for 1.1.1 (#56) * Adding a few test dockerfiles * Continued work on docker builds * Basic example of docker build and run works - see build.sh for now * Continuing to work on docker build * Removing testing from build script, since it belongs later in process * Implementing dumb init * Docker build fully switched to alpine * Setting up alpine build * Cleaning up dockerfile * Cleaning up repo in prep for merge * Updating permissions for clean merge * Removing old ansible cruft, as per #12 * Removing binaries (since we now build) * Updating sample config to use new fields now available * Testing travis * another travis test * Still working on travis builds * Fix missing amazon packages * Merge in Travis config feature branch (#26) * Adding version string * Fixing and cleaning up docker build * Adding image hashing and verification to 'make all' * Testing build * Running gofmt to fix build * Testing switching travis to make * Testing build again * Merging in Fixes from travis-build feature branch (#33) This includes an integration test which runs glauth and compares ldapsearch snapshot output stored in the repo compared to the snapshot output of the glauth. Additionally, removing old versions of go, and adding windows and linuxar builds (but not tests) to the makefile, and consequently, the travis build. While the mac, linux-arm, and windows binaries are not able to be run in travis, they are able to be at least compiled. * Remove needless comment from integration test * Adding 'is-process-running' check before integration tests run, to clearly note if the program crashes on run * Switching from 1 sec to 2 sec timeout for integration test * Adding back config file to fix build. Previous commit intended to see if build failed (and it did) * Add support for including groups in groups (#23) * Add support for including groups in groups * Pulling in Makefile structure to allow easier testing and builds * Forgot to remove spare test * Add Version Info at Buildtime (#39) Adds the build info to the binary at buildtime via buildtime variables. This is shown by `./glauth --version`. Example output for a non-release: ``` GLauth Non-release build from branch feature/buildversion Build time: 20180531_181011Z Commit: 07ba631 ``` And example of a built release: ``` GLauth v2.3.4 Build time: 20180601_041330Z Commit: 931d666 ``` * Fixing Broken Docker Build (#41) Forgot to include go-bindata run in Dockerfile. * Removing leftover TODO from merge * Testing releases * Testing releases * Testing releases * Adjusting logging * Add new group tests to integration tests * add cleanup to test process * Add documentation about otherGroups, which was a previously undocumented field. * Auto fetching bindata during build so it's not needed to be done manually * Syntax fix * starting framework for unit tests * Merging in ongoing progress from Feature/travis build (#44) Fixes a few minor issues: #42 - now uses the makefile in the docker build, which means version info is correctly embedded at runtime - also now outputs version data at the top of the log when the container starts Fixing a simple issue found by go vet. Need to do more work on fixing issues found in go vet. * Forgot to run 'go fmt' * Adding codecov for go now that a single test is written * Testing not quite ready yet, removing from build * Add Support For 2 Factor Authentication Merging in feature from @ryskov (PR #24) adding 2FA support during LDAP binds. This is accomplished by concatenating the code to the end of the password. Also added integration tests for the TOTP method to run in CI. Could not, however, add automated tests for the yubikey, due the physical nature. * Expose LDAPS ports in Docker container (#49) Currently, the LDAPS ports are not exposed in the docker container. * Adding better logging to docker start script * Add more logging info to docker startup script * Fix Arm32 Build (#52) As discussed in issue #51, Arm32 builds were using 368 (intel/amd) arch accidentally, generating linux 32 bit binaries instead of arm 32 bit binaries. This commit fixes this in the Makefile, which will fix both the local builds, as well as the travis CI and release builds. fixes #52 * Update docker hub image badge to a working one previous one simply returned 0. * Removing 3893 - fixes #50 * Fixing readme MD formatting * Adding travis_retry to fix against intermittent network outages * Add TLS options for running both with TLS and without on the same time (#27) * Add TLS options for running both with TLS and without on the same time. This commit expands on the settings available for using TLS. It puts TLS settings under the [frontend.tls] section and adds a new setting to [frontend] called TLSExclusive (bool). TLSExclusive specifies whether or not to only run TLS when it is enabled, and is 'true' by default. Setting it to 'false' and having TLS enabled, causes the server to start both a LDAP and LDAPS server, and therefore requires to seperate 'listen' options (to run on different ports) - the Frontend.Listen and the Frontend.TLS.Listen. If TLSExclusive is set to 'true' and no Frontend.TLS.Listen is specified, it will use the Frontend.Listen. * Adding PR template and improving integration test tooling * Updating formatting * Add get dependencies step to makefile setup * Add go 1.11 * Add App Password Support (#60) App passwords can now be used to allow easier OTP use alongside applications which need to bind with a static password. Use the key `passappsha256` and specify an array of password hashes. See the readme and sample configuration file for more information. Fixes #54 * Adding NCoC as official project code of conduct We happily accept contributions based on the merit of the contributions. * Properly handling paramaters in logs - fixes #64 * Adding ldapsearch for healthchecks * fixed quoting in docker startup script (#77) Thanks @CXCV cxcv * Minor tweak of help text * More durable Dockerfile (#92) Co-authored-by: Ben Yanke <ben@benyanke.com> Co-authored-by: Andrea Cervesato <andrea.cervesato@gmail.com>
butonic
added a commit
that referenced
this pull request
Feb 21, 2020
* Pulling in latest changes and fixes for 1.1.1 (#56) * Adding a few test dockerfiles * Continued work on docker builds * Basic example of docker build and run works - see build.sh for now * Continuing to work on docker build * Removing testing from build script, since it belongs later in process * Implementing dumb init * Docker build fully switched to alpine * Setting up alpine build * Cleaning up dockerfile * Cleaning up repo in prep for merge * Updating permissions for clean merge * Removing old ansible cruft, as per #12 * Removing binaries (since we now build) * Updating sample config to use new fields now available * Testing travis * another travis test * Still working on travis builds * Fix missing amazon packages * Merge in Travis config feature branch (#26) * Adding version string * Fixing and cleaning up docker build * Adding ima F438 ge hashing and verification to 'make all' * Testing build * Running gofmt to fix build * Testing switching travis to make * Testing build again * Merging in Fixes from travis-build feature branch (#33) This includes an integration test which runs glauth and compares ldapsearch snapshot output stored in the repo compared to the snapshot output of the glauth. Additionally, removing old versions of go, and adding windows and linuxar builds (but not tests) to the makefile, and consequently, the travis build. While the mac, linux-arm, and windows binaries are not able to be run in travis, they are able to be at least compiled. * Remove needless comment from integration test * Adding 'is-process-running' check before integration tests run, to clearly note if the program crashes on run * Switching from 1 sec to 2 sec timeout for integration test * Adding back config file to fix build. Previous commit intended to see if build failed (and it did) * Add support for including groups in groups (#23) * Add support for including groups in groups * Pulling in Makefile structure to allow easier testing and builds * Forgot to remove spare test * Add Version Info at Buildtime (#39) Adds the build info to the binary at buildtime via buildtime variables. This is shown by `./glauth --version`. Example output for a non-release: ``` GLauth Non-release build from branch feature/buildversion Build time: 20180531_181011Z Commit: 07ba631 ``` And example of a built release: ``` GLauth v2.3.4 Build time: 20180601_041330Z Commit: 931d666 ``` * Fixing Broken Docker Build (#41) Forgot to include go-bindata run in Dockerfile. * Removing leftover TODO from merge * Testing releases * Testing releases * Testing releases * Adjusting logging * Add new group tests to integration tests * add cleanup to test process * Add documentation about otherGroups, which was a previously undocumented field. * Auto fetching bindata during build so it's not needed to be done manually * Syntax fix * starting framework for unit tests * Merging in ongoing progress from Feature/travis build (#44) Fixes a few minor issues: #42 - now uses the makefile in the docker build, which means version info is correctly embedded at runtime - also now outputs version data at the top of the log when the container starts Fixing a simple issue found by go vet. Need to do more work on fixing issues found in go vet. * Forgot to run 'go fmt' * Adding codecov for go now that a single test is written * Testing not quite ready yet, removing from build * Add Support For 2 Factor Authentication Merging in feature from @ryskov (PR #24) adding 2FA support during LDAP binds. This is accomplished by concatenating the code to the end of the password. Also added integration tests for the TOTP method to run in CI. Could not, however, add automated tests for the yubikey, due the physical nature. * Expose LDAPS ports in Docker container (#49) Currently, the LDAPS ports are not exposed in the docker container. * Adding better logging to docker start script * Add more logging info to docker startup script * Fix Arm32 Build (#52) As discussed in issue #51, Arm32 builds were using 368 (intel/amd) arch accidentally, generating linux 32 bit binaries instead of arm 32 bit binaries. This commit fixes this in the Makefile, which will fix both the local builds, as well as the travis CI and release builds. fixes #52 * Update docker hub image badge to a working one previous one simply returned 0. * Removing 3893 - fixes #50 * Fixing readme MD formatting * Adding travis_retry to fix against intermittent network outages * Add TLS options for running both with TLS and without on the same time (#27) * Add TLS options for running both with TLS and without on the same time. This commit expands on the settings available for using TLS. It puts TLS settings under the [frontend.tls] section and adds a new setting to [frontend] called TLSExclusive (bool). TLSExclusive specifies whether or not to only run TLS when it is enabled, and is 'true' by default. Setting it to 'false' and having TLS enabled, causes the server to start both a LDAP and LDAPS server, and therefore requires to seperate 'listen' options (to run on different ports) - the Frontend.Listen and the Frontend.TLS.Listen. If TLSExclusive is set to 'true' and no Frontend.TLS.Listen is specified, it will use the Frontend.Listen. * Adding PR template and improving integration test tooling * Updating formatting * Add get dependencies step to makefile setup * Add go 1.11 * Add App Password Support (#60) App passwords can now be used to allow easier OTP use alongside applications which need to bind with a static password. Use the key `passappsha256` and specify an array of password hashes. See the readme and sample configuration file for more information. Fixes #54 * Adding NCoC as official project code of conduct We happily accept contributions based on the merit of the contributions. * Properly handling paramaters in logs - fixes #64 * Adding ldapsearch for healthchecks * fixed quoting in docker startup script (#77) Thanks @CXCV cxcv * Minor tweak of help text * More durable Dockerfile (#92) * refactor with latest dev Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * fix modules, update .gitignore * pass in logger Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> Co-authored-by: Ben Yanke <ben@benyanke.com> Co-authored-by: Andrea Cervesato <andrea.cervesato@gmail.com>
butonic
added a commit
that referenced
this pull request
Feb 21, 2020
* Pulling in latest changes and fixes for 1.1.1 (#56) * Adding a few test dockerfiles * Continued work on docker builds * Basic example of docker build and run works - see build.sh for now * Continuing to work on docker build * Removing testing from build script, since it belongs later in process * Implementing dumb init * Docker build fully switched to alpine * Setting up alpine build * Cleaning up dockerfile * Cleaning up repo in prep for merge * Updating permissions for clean merge * Removing old ansible cruft, as per #12 * Removing binaries (since we now build) * Updating sample config to use new fields now available * Testing travis * another travis test * Still working on travis builds * Fix missing amazon packages * Merge in Travis config feature branch (#26) * Adding version string * Fixing and cleaning up docker build * Adding image hashing and verification to 'make all' * Testing build * Running gofmt to fix build * Testing switching travis to make * Testing build again * Merging in Fixes from travis-build feature branch (#33) This includes an integration test which runs glauth and compares ldapsearch snapshot output stored in the repo compared to the snapshot output of the glauth. Additionally, removing old versions of go, and adding windows and linuxar builds (but not tests) to the makefile, and consequently, the travis build. While the mac, linux-arm, and windows binaries are not able to be run in travis, they are able to be at least compiled. * Remove needless comment from integration test * Adding 'is-process-running' check before integration tests run, to clearly note if the program crashes on run * Switching from 1 sec to 2 sec timeout for integration test * Adding back config file to fix build. Previous commit intended to see if build failed (and it did) * Add support for including groups in groups (#23) * Add support for including groups in groups * Pulling in Makefile structure to allow easier testing and builds * Forgot to remove spare test * Add Version Info at Buildtime (#39) Adds the build info to the binary at buildtime via buildtime variables. This is shown by `./glauth --version`. Example output for a non-release: ``` GLauth Non-release build from branch feature/buildversion Build time: 20180531_181011Z Commit: 07ba631 ``` And example of a built release: ``` GLauth v2.3.4 Build time: 20180601_041330Z Commit: 931d666 ``` * Fixing Broken Docker Build (#41) Forgot to include go-bindata run in Dockerfile. * Removing leftover TODO from merge * Testing releases * Testing releases * Testing releases * Adjusting logging * Add new group tests to integration tests * add cleanup to test process * Add documentation about otherGroups, which was a previously undocumented field. * Auto fetching bindata during build so it's not needed to be done manually * Syntax fix * starting framework for unit tests * Merging in ongoing progress from Feature/travis build (#44) Fixes a few minor issues: #42 - now uses the makefile in the docker build, which means version info is correctly embedded at runtime - also now outputs version data at the top of the log when the container starts Fixing a simple issue found by go vet. Need to do more work on fixing issues found in go vet. * Forgot to run 'go fmt' * Adding codecov for go now that a single test is written * Testing not quite ready yet, removing from build * Add Support For 2 Factor Authentication Merging in feature from @ryskov (PR #24) adding 2FA support during LDAP binds. This is accomplished by concatenating the code to the end of the password. Also added integration tests for the TOTP method to run in CI. Could not, however, add automated tests for the yubikey, due the physical nature. * Expose LDAPS ports in Docker container (#49) Currently, the LDAPS ports are not exposed in the docker container. * Adding better logging to docker start script * Add more logging info to docker startup script * Fix Arm32 Build (#52) As discussed in issue #51, Arm32 builds were using 368 (intel/amd) arch accidentally, generating linux 32 bit binaries instead of arm 32 bit binaries. This commit fixes this in the Makefile, which will fix both the local builds, as well as the travis CI and release builds. fixes #52 * Update docker hub image badge to a working one previous one simply returned 0. * Removing 3893 - fixes #50 * Fixing readme MD formatting * Adding travis_retry to fix against intermittent network outages * Add TLS options for running both with TLS and without on the same time (#27) * Add TLS options for running both with TLS and without on the same time. This commit expands on the settings available for using TLS. It puts TLS settings under the [frontend.tls] section and adds a new setting to [frontend] called TLSExclusive (bool). TLSExclusive specifies whether or not to only run TLS when it is enabled, and is 'true' by default. Setting it to 'false' and having TLS enabled, causes the server to start both a LDAP and LDAPS server, and therefore requires to seperate 'listen' options (to run on different ports) - the Frontend.Listen and the Frontend.TLS.Listen. If TLSExclusive is set to 'true' and no Frontend.TLS.Listen is specified, it will use the Frontend.Listen. * Adding PR template and improving integration test tooling * Updating formatting * Add get dependencies step to makefile setup * Add go 1.11 * Add App Password Support (#60) App passwords can now be used to allow easier OTP use alongside applications which need to bind with a static password. Use the key `passappsha256` and specify an array of password hashes. See the readme and sample configuration file for more information. Fixes #54 * Adding NCoC as official project code of conduct We happily accept contributions based on the merit of the contributions. * Properly handling paramaters in logs - fixes #64 * Adding ldapsearch for healthchecks * fixed quoting in docker startup script (#77) Thanks @CXCV cxcv * Minor tweak of help text * More durable Dockerfile (#92) Co-authored-by: Ben Yanke <ben@benyanke.com> Co-authored-by: Andrea Cervesato <andrea.cervesato@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This commit expands on the settings available for using TLS. It puts TLS settings under the [frontend.tls] section and adds a new setting to [frontend] called TLSExclusive (bool).
TLSExclusive specifies whether or not to only run TLS when it is enabled, and is 'true' by default. Setting it to 'false' and having TLS enabled, causes the server to start both a LDAP and LDAPS server,
and therefore requires two seperate 'listen' options (to run on different ports) - the Frontend.Listen and the Frontend.TLS.Listen. If TLSExclusive is set to 'true' and no Frontend.TLS.Listen is specified, it will use the Frontend.Listen.
sample-simple.cfg is updated with example and comments