From eb264a112b378d1ebdf8e1de076797dd56a0e6b8 Mon Sep 17 00:00:00 2001 From: Sebastian Jackel Date: Thu, 15 May 2014 14:21:27 +0200 Subject: [PATCH] Add LDAP over SSL support --- modules/auth/authentication.go | 2 ++ modules/auth/ldap/ldap.go | 16 +++++++++++++--- modules/base/conf.go | 3 ++- routers/admin/auths.go | 2 ++ templates/admin/auths/edit.tmpl | 10 +++++++++- templates/admin/auths/new.tmpl | 9 ++++++++- 6 files changed, 36 insertions(+), 6 deletions(-) diff --git a/modules/auth/authentication.go b/modules/auth/authentication.go index 4456d2a5f7..74d5e11b64 100644 --- a/modules/auth/authentication.go +++ b/modules/auth/authentication.go @@ -21,6 +21,7 @@ type AuthenticationForm struct { Domain string `form:"domain"` Host string `form:"host"` Port int `form:"port"` + UseSSL bool `form:"usessl"` BaseDN string `form:"base_dn"` Attributes string `form:"attributes"` Filter string `form:"filter"` @@ -37,6 +38,7 @@ func (f *AuthenticationForm) Name(field string) string { "Domain": "Domain name", "Host": "Host address", "Port": "Port Number", + "UseSSL": "Use SSL", "BaseDN": "Base DN", "Attributes": "Search attributes", "Filter": "Search filter", diff --git a/modules/auth/ldap/ldap.go b/modules/auth/ldap/ldap.go index 493339cde0..200490afb5 100644 --- a/modules/auth/ldap/ldap.go +++ b/modules/auth/ldap/ldap.go @@ -18,6 +18,7 @@ type Ldapsource struct { Name string // canonical name (ie. corporate.ad) Host string // LDAP host Port int // port number + UseSSL bool // Use SSL BaseDN string // Base DN Attributes string // Attribut to search Filter string // Query filter to validate entry @@ -31,8 +32,8 @@ var ( ) // Add a new source (LDAP directory) to the global pool -func AddSource(name string, host string, port int, basedn string, attributes string, filter string, msadsaformat string) { - ldaphost := Ldapsource{name, host, port, basedn, attributes, filter, msadsaformat, true} +func AddSource(name string, host string, port int, usessl bool, basedn string, attributes string, filter string, msadsaformat string) { + ldaphost := Ldapsource{name, host, port, usessl, basedn, attributes, filter, msadsaformat, true} Authensource = append(Authensource, ldaphost) } @@ -52,7 +53,8 @@ func LoginUser(name, passwd string) (a string, r bool) { // searchEntry : search an LDAP source if an entry (name, passwd) is valide and in the specific filter func (ls Ldapsource) SearchEntry(name, passwd string) (string, bool) { - l, err := goldap.Dial("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port)) + l, err := ldapDial(ls) + if err != nil { log.Debug("LDAP Connect error, disabled source %s", ls.Host) ls.Enabled = false @@ -85,3 +87,11 @@ func (ls Ldapsource) SearchEntry(name, passwd string) (string, bool) { } return "", true } + +func ldapDial(ls Ldapsource) (*goldap.Conn, error) { + if ls.UseSSL { + return goldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), nil) + } else { + return goldap.Dial("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port)) + } +} diff --git a/modules/base/conf.go b/modules/base/conf.go index 99bac9006f..7d26623a52 100644 --- a/modules/base/conf.go +++ b/modules/base/conf.go @@ -195,11 +195,12 @@ func newLdapService() { ldapname := Cfg.MustValue(v, "name", v) ldaphost := Cfg.MustValue(v, "host") ldapport := Cfg.MustInt(v, "port", 389) + ldapusessl := Cfg.MustBool(v, "usessl", false) ldapbasedn := Cfg.MustValue(v, "basedn", "dc=*,dc=*") ldapattribute := Cfg.MustValue(v, "attribute", "mail") ldapfilter := Cfg.MustValue(v, "filter", "(*)") ldapmsadsaformat := Cfg.MustValue(v, "MSADSAFORMAT", "%s") - ldap.AddSource(ldapname, ldaphost, ldapport, ldapbasedn, ldapattribute, ldapfilter, ldapmsadsaformat) + ldap.AddSource(ldapname, ldaphost, ldapport, ldapusessl, ldapbasedn, ldapattribute, ldapfilter, ldapmsadsaformat) nbsrc++ log.Debug("%s added as LDAP source", ldapname) } diff --git a/routers/admin/auths.go b/routers/admin/auths.go index 1822fd69ae..70a23baad7 100644 --- a/routers/admin/auths.go +++ b/routers/admin/auths.go @@ -44,6 +44,7 @@ func NewAuthSourcePost(ctx *middleware.Context, form auth.AuthenticationForm) { Ldapsource: ldap.Ldapsource{ Host: form.Host, Port: form.Port, + UseSSL: form.UseSSL, BaseDN: form.BaseDN, Attributes: form.Attributes, Filter: form.Filter, @@ -121,6 +122,7 @@ func EditAuthSourcePost(ctx *middleware.Context, form auth.AuthenticationForm) { Ldapsource: ldap.Ldapsource{ Host: form.Host, Port: form.Port, + UseSSL: form.UseSSL, BaseDN: form.BaseDN, Attributes: form.Attributes, Filter: form.Filter, diff --git a/templates/admin/auths/edit.tmpl b/templates/admin/auths/edit.tmpl index 2c7a5754bf..e1cef8cf92 100644 --- a/templates/admin/auths/edit.tmpl +++ b/templates/admin/auths/edit.tmpl @@ -53,6 +53,14 @@ +
+ +
+ +
+
+ +
@@ -147,4 +155,4 @@
-{{template "base/footer" .}} \ No newline at end of file +{{template "base/footer" .}} diff --git a/templates/admin/auths/new.tmpl b/templates/admin/auths/new.tmpl index e5dcb4339b..d09833fc77 100644 --- a/templates/admin/auths/new.tmpl +++ b/templates/admin/auths/new.tmpl @@ -51,6 +51,13 @@ +
+ +
+ +
+
+
@@ -158,4 +165,4 @@ }); }); -{{template "base/footer" .}} \ No newline at end of file +{{template "base/footer" .}}