Add LDAP over SSL support
This commit is contained in:
parent
f5b2e5f836
commit
eb264a112b
@ -21,6 +21,7 @@ type AuthenticationForm struct {
|
||||
Domain string `form:"domain"`
|
||||
Host string `form:"host"`
|
||||
Port int `form:"port"`
|
||||
UseSSL bool `form:"usessl"`
|
||||
BaseDN string `form:"base_dn"`
|
||||
Attributes string `form:"attributes"`
|
||||
Filter string `form:"filter"`
|
||||
@ -37,6 +38,7 @@ func (f *AuthenticationForm) Name(field string) string {
|
||||
"Domain": "Domain name",
|
||||
"Host": "Host address",
|
||||
"Port": "Port Number",
|
||||
"UseSSL": "Use SSL",
|
||||
"BaseDN": "Base DN",
|
||||
"Attributes": "Search attributes",
|
||||
"Filter": "Search filter",
|
||||
|
@ -18,6 +18,7 @@ type Ldapsource struct {
|
||||
Name string // canonical name (ie. corporate.ad)
|
||||
Host string // LDAP host
|
||||
Port int // port number
|
||||
UseSSL bool // Use SSL
|
||||
BaseDN string // Base DN
|
||||
Attributes string // Attribut to search
|
||||
Filter string // Query filter to validate entry
|
||||
@ -31,8 +32,8 @@ var (
|
||||
)
|
||||
|
||||
// Add a new source (LDAP directory) to the global pool
|
||||
func AddSource(name string, host string, port int, basedn string, attributes string, filter string, msadsaformat string) {
|
||||
ldaphost := Ldapsource{name, host, port, basedn, attributes, filter, msadsaformat, true}
|
||||
func AddSource(name string, host string, port int, usessl bool, basedn string, attributes string, filter string, msadsaformat string) {
|
||||
ldaphost := Ldapsource{name, host, port, usessl, basedn, attributes, filter, msadsaformat, true}
|
||||
Authensource = append(Authensource, ldaphost)
|
||||
}
|
||||
|
||||
@ -52,7 +53,8 @@ func LoginUser(name, passwd string) (a string, r bool) {
|
||||
|
||||
// searchEntry : search an LDAP source if an entry (name, passwd) is valide and in the specific filter
|
||||
func (ls Ldapsource) SearchEntry(name, passwd string) (string, bool) {
|
||||
l, err := goldap.Dial("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port))
|
||||
l, err := ldapDial(ls)
|
||||
|
||||
if err != nil {
|
||||
log.Debug("LDAP Connect error, disabled source %s", ls.Host)
|
||||
ls.Enabled = false
|
||||
@ -85,3 +87,11 @@ func (ls Ldapsource) SearchEntry(name, passwd string) (string, bool) {
|
||||
}
|
||||
return "", true
|
||||
}
|
||||
|
||||
func ldapDial(ls Ldapsource) (*goldap.Conn, error) {
|
||||
if ls.UseSSL {
|
||||
return goldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), nil)
|
||||
} else {
|
||||
return goldap.Dial("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port))
|
||||
}
|
||||
}
|
||||
|
@ -195,11 +195,12 @@ func newLdapService() {
|
||||
ldapname := Cfg.MustValue(v, "name", v)
|
||||
ldaphost := Cfg.MustValue(v, "host")
|
||||
ldapport := Cfg.MustInt(v, "port", 389)
|
||||
ldapusessl := Cfg.MustBool(v, "usessl", false)
|
||||
ldapbasedn := Cfg.MustValue(v, "basedn", "dc=*,dc=*")
|
||||
ldapattribute := Cfg.MustValue(v, "attribute", "mail")
|
||||
ldapfilter := Cfg.MustValue(v, "filter", "(*)")
|
||||
ldapmsadsaformat := Cfg.MustValue(v, "MSADSAFORMAT", "%s")
|
||||
ldap.AddSource(ldapname, ldaphost, ldapport, ldapbasedn, ldapattribute, ldapfilter, ldapmsadsaformat)
|
||||
ldap.AddSource(ldapname, ldaphost, ldapport, ldapusessl, ldapbasedn, ldapattribute, ldapfilter, ldapmsadsaformat)
|
||||
nbsrc++
|
||||
log.Debug("%s added as LDAP source", ldapname)
|
||||
}
|
||||
|
@ -44,6 +44,7 @@ func NewAuthSourcePost(ctx *middleware.Context, form auth.AuthenticationForm) {
|
||||
Ldapsource: ldap.Ldapsource{
|
||||
Host: form.Host,
|
||||
Port: form.Port,
|
||||
UseSSL: form.UseSSL,
|
||||
BaseDN: form.BaseDN,
|
||||
Attributes: form.Attributes,
|
||||
Filter: form.Filter,
|
||||
@ -121,6 +122,7 @@ func EditAuthSourcePost(ctx *middleware.Context, form auth.AuthenticationForm) {
|
||||
Ldapsource: ldap.Ldapsource{
|
||||
Host: form.Host,
|
||||
Port: form.Port,
|
||||
UseSSL: form.UseSSL,
|
||||
BaseDN: form.BaseDN,
|
||||
Attributes: form.Attributes,
|
||||
Filter: form.Filter,
|
||||
|
@ -53,6 +53,14 @@
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="form-group {{if .Err_UseSSL}}has-error has-feedback{{end}}">
|
||||
<label class="col-md-3 control-label">Use SSL: </label>
|
||||
<div class="col-md-7">
|
||||
<input name="usessl" class="form-control" type="checkbox" {{if .Source.LDAP.UseSSL}}checked{{end}}>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
||||
<div class="form-group {{if .Err_BaseDN}}has-error has-feedback{{end}}">
|
||||
<label class="col-md-3 control-label">Base DN: </label>
|
||||
<div class="col-md-7">
|
||||
@ -147,4 +155,4 @@
|
||||
|
||||
</div>
|
||||
</div>
|
||||
{{template "base/footer" .}}
|
||||
{{template "base/footer" .}}
|
||||
|
@ -51,6 +51,13 @@
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="form-group {{if .Err_UseSSL}}has-error has-feedback{{end}}">
|
||||
<label class="col-md-3 control-label">Use SSL: </label>
|
||||
<div class="col-md-7">
|
||||
<input name="usessl" class="form-control" type="checkbox" {{if .usessl}}checked{{end}}>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="form-group {{if .Err_BaseDN}}has-error has-feedback{{end}}">
|
||||
<label class="col-md-3 control-label">Base DN: </label>
|
||||
<div class="col-md-7">
|
||||
@ -158,4 +165,4 @@
|
||||
});
|
||||
});
|
||||
</script>
|
||||
{{template "base/footer" .}}
|
||||
{{template "base/footer" .}}
|
||||
|
Loading…
Reference in New Issue
Block a user