diff --git a/modules/auth/authentication.go b/modules/auth/authentication.go index 170b24a988..e9b215101b 100644 --- a/modules/auth/authentication.go +++ b/modules/auth/authentication.go @@ -21,6 +21,7 @@ type AuthenticationForm struct { Domain string `form:"domain"` Host string `form:"host"` Port int `form:"port"` + UseSSL bool `form:"usessl"` BaseDN string `form:"base_dn"` Attributes string `form:"attributes"` Filter string `form:"filter"` @@ -39,6 +40,7 @@ func (f *AuthenticationForm) Name(field string) string { "Domain": "Domain name", "Host": "Host address", "Port": "Port Number", + "UseSSL": "Use SSL", "BaseDN": "Base DN", "Attributes": "Search attributes", "Filter": "Search filter", diff --git a/modules/auth/ldap/ldap.go b/modules/auth/ldap/ldap.go index 493339cde0..200490afb5 100644 --- a/modules/auth/ldap/ldap.go +++ b/modules/auth/ldap/ldap.go @@ -18,6 +18,7 @@ type Ldapsource struct { Name string // canonical name (ie. corporate.ad) Host string // LDAP host Port int // port number + UseSSL bool // Use SSL BaseDN string // Base DN Attributes string // Attribut to search Filter string // Query filter to validate entry @@ -31,8 +32,8 @@ var ( ) // Add a new source (LDAP directory) to the global pool -func AddSource(name string, host string, port int, basedn string, attributes string, filter string, msadsaformat string) { - ldaphost := Ldapsource{name, host, port, basedn, attributes, filter, msadsaformat, true} +func AddSource(name string, host string, port int, usessl bool, basedn string, attributes string, filter string, msadsaformat string) { + ldaphost := Ldapsource{name, host, port, usessl, basedn, attributes, filter, msadsaformat, true} Authensource = append(Authensource, ldaphost) } @@ -52,7 +53,8 @@ func LoginUser(name, passwd string) (a string, r bool) { // searchEntry : search an LDAP source if an entry (name, passwd) is valide and in the specific filter func (ls Ldapsource) SearchEntry(name, passwd string) (string, bool) { - l, err := goldap.Dial("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port)) + l, err := ldapDial(ls) + if err != nil { log.Debug("LDAP Connect error, disabled source %s", ls.Host) ls.Enabled = false @@ -85,3 +87,11 @@ func (ls Ldapsource) SearchEntry(name, passwd string) (string, bool) { } return "", true } + +func ldapDial(ls Ldapsource) (*goldap.Conn, error) { + if ls.UseSSL { + return goldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), nil) + } else { + return goldap.Dial("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port)) + } +} diff --git a/modules/base/conf.go b/modules/base/conf.go index c38d335775..03e453e6d5 100644 --- a/modules/base/conf.go +++ b/modules/base/conf.go @@ -200,11 +200,12 @@ func newLdapService() { ldapname := Cfg.MustValue(v, "name", v) ldaphost := Cfg.MustValue(v, "host") ldapport := Cfg.MustInt(v, "port", 389) + ldapusessl := Cfg.MustBool(v, "usessl", false) ldapbasedn := Cfg.MustValue(v, "basedn", "dc=*,dc=*") ldapattribute := Cfg.MustValue(v, "attribute", "mail") ldapfilter := Cfg.MustValue(v, "filter", "(*)") ldapmsadsaformat := Cfg.MustValue(v, "MSADSAFORMAT", "%s") - ldap.AddSource(ldapname, ldaphost, ldapport, ldapbasedn, ldapattribute, ldapfilter, ldapmsadsaformat) + ldap.AddSource(ldapname, ldaphost, ldapport, ldapusessl, ldapbasedn, ldapattribute, ldapfilter, ldapmsadsaformat) nbsrc++ log.Debug("%s added as LDAP source", ldapname) } diff --git a/routers/admin/auths.go b/routers/admin/auths.go index 0bc2566a1c..b7b382cd94 100644 --- a/routers/admin/auths.go +++ b/routers/admin/auths.go @@ -44,6 +44,7 @@ func NewAuthSourcePost(ctx *middleware.Context, form auth.AuthenticationForm) { Ldapsource: ldap.Ldapsource{ Host: form.Host, Port: form.Port, + UseSSL: form.UseSSL, BaseDN: form.BaseDN, Attributes: form.Attributes, Filter: form.Filter, @@ -121,6 +122,7 @@ func EditAuthSourcePost(ctx *middleware.Context, form auth.AuthenticationForm) { Ldapsource: ldap.Ldapsource{ Host: form.Host, Port: form.Port, + UseSSL: form.UseSSL, BaseDN: form.BaseDN, Attributes: form.Attributes, Filter: form.Filter, diff --git a/templates/admin/auths/edit.tmpl b/templates/admin/auths/edit.tmpl index b3277242ce..f2ba68fd27 100644 --- a/templates/admin/auths/edit.tmpl +++ b/templates/admin/auths/edit.tmpl @@ -53,6 +53,14 @@ +