Add LDAP over SSL support

2025-10-31 11:28:24 +00:00 · 2014-05-15 14:21:27 +02:00
parent f5b2e5f836
commit eb264a112b
6 changed files with 36 additions and 6 deletions
--- a/modules/auth/authentication.go
+++ b/modules/auth/authentication.go
@@ -21,6 +21,7 @@ type AuthenticationForm struct {
 	Domain            string `form:"domain"`
 	Host              string `form:"host"`
 	Port              int    `form:"port"`
+	UseSSL            bool   `form:"usessl"`
 	BaseDN            string `form:"base_dn"`
 	Attributes        string `form:"attributes"`
 	Filter            string `form:"filter"`
@@ -37,6 +38,7 @@ func (f *AuthenticationForm) Name(field string) string {
 		"Domain":     "Domain name",
 		"Host":       "Host address",
 		"Port":       "Port Number",
+		"UseSSL":     "Use SSL",
 		"BaseDN":     "Base DN",
 		"Attributes": "Search attributes",
 		"Filter":     "Search filter",
--- a/modules/auth/ldap/ldap.go
+++ b/modules/auth/ldap/ldap.go
@@ -18,6 +18,7 @@ type Ldapsource struct {
 	Name         string // canonical name (ie. corporate.ad)
 	Host         string // LDAP host
 	Port         int    // port number
+	UseSSL       bool   // Use SSL
 	BaseDN       string // Base DN
 	Attributes   string // Attribut to search
 	Filter       string // Query filter to validate entry
@@ -31,8 +32,8 @@ var (
 )

 // Add a new source (LDAP directory) to the global pool
-func AddSource(name string, host string, port int, basedn string, attributes string, filter string, msadsaformat string) {
-	ldaphost := Ldapsource{name, host, port, basedn, attributes, filter, msadsaformat, true}
+func AddSource(name string, host string, port int, usessl bool, basedn string, attributes string, filter string, msadsaformat string) {
+	ldaphost := Ldapsource{name, host, port, usessl, basedn, attributes, filter, msadsaformat, true}
 	Authensource = append(Authensource, ldaphost)
 }

@@ -52,7 +53,8 @@ func LoginUser(name, passwd string) (a string, r bool) {

 // searchEntry : search an LDAP source if an entry (name, passwd) is valide and in the specific filter
 func (ls Ldapsource) SearchEntry(name, passwd string) (string, bool) {
-	l, err := goldap.Dial("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port))
+	l, err := ldapDial(ls)
+
 	if err != nil {
 		log.Debug("LDAP Connect error, disabled source %s", ls.Host)
 		ls.Enabled = false
@@ -85,3 +87,11 @@ func (ls Ldapsource) SearchEntry(name, passwd string) (string, bool) {
 	}
 	return "", true
 }
+
+func ldapDial(ls Ldapsource) (*goldap.Conn, error) {
+	if ls.UseSSL {
+		return goldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), nil)
+	} else {
+		return goldap.Dial("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port))
+	}
+}
--- a/modules/base/conf.go
+++ b/modules/base/conf.go
@@ -195,11 +195,12 @@ func newLdapService() {
 			ldapname := Cfg.MustValue(v, "name", v)
 			ldaphost := Cfg.MustValue(v, "host")
 			ldapport := Cfg.MustInt(v, "port", 389)
+			ldapusessl := Cfg.MustBool(v, "usessl", false)
 			ldapbasedn := Cfg.MustValue(v, "basedn", "dc=*,dc=*")
 			ldapattribute := Cfg.MustValue(v, "attribute", "mail")
 			ldapfilter := Cfg.MustValue(v, "filter", "(*)")
 			ldapmsadsaformat := Cfg.MustValue(v, "MSADSAFORMAT", "%s")
-			ldap.AddSource(ldapname, ldaphost, ldapport, ldapbasedn, ldapattribute, ldapfilter, ldapmsadsaformat)
+			ldap.AddSource(ldapname, ldaphost, ldapport, ldapusessl, ldapbasedn, ldapattribute, ldapfilter, ldapmsadsaformat)
 			nbsrc++
 			log.Debug("%s added as LDAP source", ldapname)
 		}
--- a/routers/admin/auths.go
+++ b/routers/admin/auths.go
@@ -44,6 +44,7 @@ func NewAuthSourcePost(ctx *middleware.Context, form auth.AuthenticationForm) {
 			Ldapsource: ldap.Ldapsource{
 				Host:         form.Host,
 				Port:         form.Port,
+				UseSSL:       form.UseSSL,
 				BaseDN:       form.BaseDN,
 				Attributes:   form.Attributes,
 				Filter:       form.Filter,
@@ -121,6 +122,7 @@ func EditAuthSourcePost(ctx *middleware.Context, form auth.AuthenticationForm) {
 			Ldapsource: ldap.Ldapsource{
 				Host:         form.Host,
 				Port:         form.Port,
+				UseSSL:       form.UseSSL,
 				BaseDN:       form.BaseDN,
 				Attributes:   form.Attributes,
 				Filter:       form.Filter,
--- a/templates/admin/auths/edit.tmpl
+++ b/templates/admin/auths/edit.tmpl
@@ -53,6 +53,14 @@
                        </div>
                    </div>

+                    <div class="form-group {{if .Err_UseSSL}}has-error has-feedback{{end}}">
+                         <label class="col-md-3 control-label">Use SSL: </label>
+                         <div class="col-md-7">
+                              <input name="usessl" class="form-control" type="checkbox" {{if .Source.LDAP.UseSSL}}checked{{end}}>
+                         </div>
+                    </div>
+
+
                    <div class="form-group {{if .Err_BaseDN}}has-error has-feedback{{end}}">
                        <label class="col-md-3 control-label">Base DN: </label>
                        <div class="col-md-7">
@@ -147,4 +155,4 @@

    </div>
 </div>
-{{template "base/footer" .}}
+{{template "base/footer" .}}
--- a/templates/admin/auths/new.tmpl
+++ b/templates/admin/auths/new.tmpl
@@ -51,6 +51,13 @@
                            </div>
                        </div>

+                        <div class="form-group {{if .Err_UseSSL}}has-error has-feedback{{end}}">
+                             <label class="col-md-3 control-label">Use SSL: </label>
+                             <div class="col-md-7">
+                                  <input name="usessl" class="form-control" type="checkbox" {{if .usessl}}checked{{end}}>
+                             </div>
+                        </div>
+
                        <div class="form-group {{if .Err_BaseDN}}has-error has-feedback{{end}}">
                            <label class="col-md-3 control-label">Base DN: </label>
                            <div class="col-md-7">
@@ -158,4 +165,4 @@
        });
    });
 </script>
-{{template "base/footer" .}}
+{{template "base/footer" .}}