Merge pull request #192 from DerDackel/ldapssl

Add LDAP over SSL support
2014-05-15 20:52:05 +08:00 · 2014-05-15 20:52:05 +08:00 · 7869cfccb9
commit 7869cfccb9
parent b70db61854 eb264a112b
8 changed files with 104 additions and 6 deletions
--- a/modules/auth/authentication.go
+++ b/modules/auth/authentication.go
@ -21,6 +21,7 @@ type AuthenticationForm struct {
 	Domain            string `form:"domain"`
 	Host              string `form:"host"`
 	Port              int    `form:"port"`
+	UseSSL            bool   `form:"usessl"`
 	BaseDN            string `form:"base_dn"`
 	Attributes        string `form:"attributes"`
 	Filter            string `form:"filter"`
@ -39,6 +40,7 @@ func (f *AuthenticationForm) Name(field string) string {
 		"Domain":     "Domain name",
 		"Host":       "Host address",
 		"Port":       "Port Number",
+		"UseSSL":     "Use SSL",
 		"BaseDN":     "Base DN",
 		"Attributes": "Search attributes",
 		"Filter":     "Search filter",
--- a/modules/auth/ldap/ldap.go
+++ b/modules/auth/ldap/ldap.go
@ -18,6 +18,7 @@ type Ldapsource struct {
 	Name         string // canonical name (ie. corporate.ad)
 	Host         string // LDAP host
 	Port         int    // port number
+	UseSSL       bool   // Use SSL
 	BaseDN       string // Base DN
 	Attributes   string // Attribut to search
 	Filter       string // Query filter to validate entry
@ -31,8 +32,8 @@ var (
 )

 // Add a new source (LDAP directory) to the global pool
-func AddSource(name string, host string, port int, basedn string, attributes string, filter string, msadsaformat string) {
-	ldaphost := Ldapsource{name, host, port, basedn, attributes, filter, msadsaformat, true}
+func AddSource(name string, host string, port int, usessl bool, basedn string, attributes string, filter string, msadsaformat string) {
+	ldaphost := Ldapsource{name, host, port, usessl, basedn, attributes, filter, msadsaformat, true}
 	Authensource = append(Authensource, ldaphost)
 }

@ -52,7 +53,8 @@ func LoginUser(name, passwd string) (a string, r bool) {

 // searchEntry : search an LDAP source if an entry (name, passwd) is valide and in the specific filter
 func (ls Ldapsource) SearchEntry(name, passwd string) (string, bool) {
-	l, err := goldap.Dial("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port))
+	l, err := ldapDial(ls)
+
 	if err != nil {
 		log.Debug("LDAP Connect error, disabled source %s", ls.Host)
 		ls.Enabled = false
@ -85,3 +87,11 @@ func (ls Ldapsource) SearchEntry(name, passwd string) (string, bool) {
 	}
 	return "", true
 }
+
+func ldapDial(ls Ldapsource) (*goldap.Conn, error) {
+	if ls.UseSSL {
+		return goldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), nil)
+	} else {
+		return goldap.Dial("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port))
+	}
+}
--- a/modules/base/conf.go
+++ b/modules/base/conf.go
@ -200,11 +200,12 @@ func newLdapService() {
 			ldapname := Cfg.MustValue(v, "name", v)
 			ldaphost := Cfg.MustValue(v, "host")
 			ldapport := Cfg.MustInt(v, "port", 389)
+			ldapusessl := Cfg.MustBool(v, "usessl", false)
 			ldapbasedn := Cfg.MustValue(v, "basedn", "dc=*,dc=*")
 			ldapattribute := Cfg.MustValue(v, "attribute", "mail")
 			ldapfilter := Cfg.MustValue(v, "filter", "(*)")
 			ldapmsadsaformat := Cfg.MustValue(v, "MSADSAFORMAT", "%s")
-			ldap.AddSource(ldapname, ldaphost, ldapport, ldapbasedn, ldapattribute, ldapfilter, ldapmsadsaformat)
+			ldap.AddSource(ldapname, ldaphost, ldapport, ldapusessl, ldapbasedn, ldapattribute, ldapfilter, ldapmsadsaformat)
 			nbsrc++
 			log.Debug("%s added as LDAP source", ldapname)
 		}