Browse Source

Add LDAP over SSL support

pull/192/head
Sebastian Jackel 11 years ago
parent
commit
eb264a112b
  1. 2
      modules/auth/authentication.go
  2. 16
      modules/auth/ldap/ldap.go
  3. 3
      modules/base/conf.go
  4. 2
      routers/admin/auths.go
  5. 10
      templates/admin/auths/edit.tmpl
  6. 9
      templates/admin/auths/new.tmpl

2
modules/auth/authentication.go

@ -21,6 +21,7 @@ type AuthenticationForm struct {
Domain string `form:"domain"` Domain string `form:"domain"`
Host string `form:"host"` Host string `form:"host"`
Port int `form:"port"` Port int `form:"port"`
UseSSL bool `form:"usessl"`
BaseDN string `form:"base_dn"` BaseDN string `form:"base_dn"`
Attributes string `form:"attributes"` Attributes string `form:"attributes"`
Filter string `form:"filter"` Filter string `form:"filter"`
@ -37,6 +38,7 @@ func (f *AuthenticationForm) Name(field string) string {
"Domain": "Domain name", "Domain": "Domain name",
"Host": "Host address", "Host": "Host address",
"Port": "Port Number", "Port": "Port Number",
"UseSSL": "Use SSL",
"BaseDN": "Base DN", "BaseDN": "Base DN",
"Attributes": "Search attributes", "Attributes": "Search attributes",
"Filter": "Search filter", "Filter": "Search filter",

16
modules/auth/ldap/ldap.go

@ -18,6 +18,7 @@ type Ldapsource struct {
Name string // canonical name (ie. corporate.ad) Name string // canonical name (ie. corporate.ad)
Host string // LDAP host Host string // LDAP host
Port int // port number Port int // port number
UseSSL bool // Use SSL
BaseDN string // Base DN BaseDN string // Base DN
Attributes string // Attribut to search Attributes string // Attribut to search
Filter string // Query filter to validate entry Filter string // Query filter to validate entry
@ -31,8 +32,8 @@ var (
) )
// Add a new source (LDAP directory) to the global pool // Add a new source (LDAP directory) to the global pool
func AddSource(name string, host string, port int, basedn string, attributes string, filter string, msadsaformat string) { func AddSource(name string, host string, port int, usessl bool, basedn string, attributes string, filter string, msadsaformat string) {
ldaphost := Ldapsource{name, host, port, basedn, attributes, filter, msadsaformat, true} ldaphost := Ldapsource{name, host, port, usessl, basedn, attributes, filter, msadsaformat, true}
Authensource = append(Authensource, ldaphost) Authensource = append(Authensource, ldaphost)
} }
@ -52,7 +53,8 @@ func LoginUser(name, passwd string) (a string, r bool) {
// searchEntry : search an LDAP source if an entry (name, passwd) is valide and in the specific filter // searchEntry : search an LDAP source if an entry (name, passwd) is valide and in the specific filter
func (ls Ldapsource) SearchEntry(name, passwd string) (string, bool) { func (ls Ldapsource) SearchEntry(name, passwd string) (string, bool) {
l, err := goldap.Dial("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port)) l, err := ldapDial(ls)
if err != nil { if err != nil {
log.Debug("LDAP Connect error, disabled source %s", ls.Host) log.Debug("LDAP Connect error, disabled source %s", ls.Host)
ls.Enabled = false ls.Enabled = false
@ -85,3 +87,11 @@ func (ls Ldapsource) SearchEntry(name, passwd string) (string, bool) {
} }
return "", true return "", true
} }
func ldapDial(ls Ldapsource) (*goldap.Conn, error) {
if ls.UseSSL {
return goldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), nil)
} else {
return goldap.Dial("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port))
}
}

3
modules/base/conf.go

@ -195,11 +195,12 @@ func newLdapService() {
ldapname := Cfg.MustValue(v, "name", v) ldapname := Cfg.MustValue(v, "name", v)
ldaphost := Cfg.MustValue(v, "host") ldaphost := Cfg.MustValue(v, "host")
ldapport := Cfg.MustInt(v, "port", 389) ldapport := Cfg.MustInt(v, "port", 389)
ldapusessl := Cfg.MustBool(v, "usessl", false)
ldapbasedn := Cfg.MustValue(v, "basedn", "dc=*,dc=*") ldapbasedn := Cfg.MustValue(v, "basedn", "dc=*,dc=*")
ldapattribute := Cfg.MustValue(v, "attribute", "mail") ldapattribute := Cfg.MustValue(v, "attribute", "mail")
ldapfilter := Cfg.MustValue(v, "filter", "(*)") ldapfilter := Cfg.MustValue(v, "filter", "(*)")
ldapmsadsaformat := Cfg.MustValue(v, "MSADSAFORMAT", "%s") ldapmsadsaformat := Cfg.MustValue(v, "MSADSAFORMAT", "%s")
ldap.AddSource(ldapname, ldaphost, ldapport, ldapbasedn, ldapattribute, ldapfilter, ldapmsadsaformat) ldap.AddSource(ldapname, ldaphost, ldapport, ldapusessl, ldapbasedn, ldapattribute, ldapfilter, ldapmsadsaformat)
nbsrc++ nbsrc++
log.Debug("%s added as LDAP source", ldapname) log.Debug("%s added as LDAP source", ldapname)
} }

2
routers/admin/auths.go

@ -44,6 +44,7 @@ func NewAuthSourcePost(ctx *middleware.Context, form auth.AuthenticationForm) {
Ldapsource: ldap.Ldapsource{ Ldapsource: ldap.Ldapsource{
Host: form.Host, Host: form.Host,
Port: form.Port, Port: form.Port,
UseSSL: form.UseSSL,
BaseDN: form.BaseDN, BaseDN: form.BaseDN,
Attributes: form.Attributes, Attributes: form.Attributes,
Filter: form.Filter, Filter: form.Filter,
@ -121,6 +122,7 @@ func EditAuthSourcePost(ctx *middleware.Context, form auth.AuthenticationForm) {
Ldapsource: ldap.Ldapsource{ Ldapsource: ldap.Ldapsource{
Host: form.Host, Host: form.Host,
Port: form.Port, Port: form.Port,
UseSSL: form.UseSSL,
BaseDN: form.BaseDN, BaseDN: form.BaseDN,
Attributes: form.Attributes, Attributes: form.Attributes,
Filter: form.Filter, Filter: form.Filter,

10
templates/admin/auths/edit.tmpl

@ -53,6 +53,14 @@
</div> </div>
</div> </div>
<div class="form-group {{if .Err_UseSSL}}has-error has-feedback{{end}}">
<label class="col-md-3 control-label">Use SSL: </label>
<div class="col-md-7">
<input name="usessl" class="form-control" type="checkbox" {{if .Source.LDAP.UseSSL}}checked{{end}}>
</div>
</div>
<div class="form-group {{if .Err_BaseDN}}has-error has-feedback{{end}}"> <div class="form-group {{if .Err_BaseDN}}has-error has-feedback{{end}}">
<label class="col-md-3 control-label">Base DN: </label> <label class="col-md-3 control-label">Base DN: </label>
<div class="col-md-7"> <div class="col-md-7">
@ -147,4 +155,4 @@
</div> </div>
</div> </div>
{{template "base/footer" .}} {{template "base/footer" .}}

9
templates/admin/auths/new.tmpl

@ -51,6 +51,13 @@
</div> </div>
</div> </div>
<div class="form-group {{if .Err_UseSSL}}has-error has-feedback{{end}}">
<label class="col-md-3 control-label">Use SSL: </label>
<div class="col-md-7">
<input name="usessl" class="form-control" type="checkbox" {{if .usessl}}checked{{end}}>
</div>
</div>
<div class="form-group {{if .Err_BaseDN}}has-error has-feedback{{end}}"> <div class="form-group {{if .Err_BaseDN}}has-error has-feedback{{end}}">
<label class="col-md-3 control-label">Base DN: </label> <label class="col-md-3 control-label">Base DN: </label>
<div class="col-md-7"> <div class="col-md-7">
@ -158,4 +165,4 @@
}); });
}); });
</script> </script>
{{template "base/footer" .}} {{template "base/footer" .}}

Loading…
Cancel
Save