Add LDAP over SSL support

diff --git a/modules/auth/authentication.go b/modules/auth/authentication.go
index 4456d2a5f7b1099ec5938ca1c702ee2ef71fa7e6..74d5e11b64074e173dcdd2b8e83ee0abd31175eb 100644 (file)
--- a/modules/auth/authentication.go
+++ b/modules/auth/authentication.go
@@ -21,6 +21,7 @@ type AuthenticationForm struct {
        Domain            string `form:"domain"`
        Host              string `form:"host"`
        Port              int    `form:"port"`
+       UseSSL            bool   `form:"usessl"`
        BaseDN            string `form:"base_dn"`
        Attributes        string `form:"attributes"`
        Filter            string `form:"filter"`
@@ -37,6 +38,7 @@ func (f *AuthenticationForm) Name(field string) string {
                "Domain":     "Domain name",
                "Host":       "Host address",
                "Port":       "Port Number",
+               "UseSSL":     "Use SSL",
                "BaseDN":     "Base DN",
                "Attributes": "Search attributes",
                "Filter":     "Search filter",

diff --git a/modules/auth/ldap/ldap.go b/modules/auth/ldap/ldap.go
index 493339cde0b5754acdd9b869f65f4aadb43e9123..200490afb5399acdfd3f6e1a60f460ee0f7b3cb6 100644 (file)
--- a/modules/auth/ldap/ldap.go
+++ b/modules/auth/ldap/ldap.go
@@ -18,6 +18,7 @@ type Ldapsource struct {
        Name         string // canonical name (ie. corporate.ad)
        Host         string // LDAP host
        Port         int    // port number
+       UseSSL       bool   // Use SSL
        BaseDN       string // Base DN
        Attributes   string // Attribut to search
        Filter       string // Query filter to validate entry
@@ -31,8 +32,8 @@ var (
 )
 
 // Add a new source (LDAP directory) to the global pool
-func AddSource(name string, host string, port int, basedn string, attributes string, filter string, msadsaformat string) {
-       ldaphost := Ldapsource{name, host, port, basedn, attributes, filter, msadsaformat, true}
+func AddSource(name string, host string, port int, usessl bool, basedn string, attributes string, filter string, msadsaformat string) {
+       ldaphost := Ldapsource{name, host, port, usessl, basedn, attributes, filter, msadsaformat, true}
        Authensource = append(Authensource, ldaphost)
 }
 
@@ -52,7 +53,8 @@ func LoginUser(name, passwd string) (a string, r bool) {
 
 // searchEntry : search an LDAP source if an entry (name, passwd) is valide and in the specific filter
 func (ls Ldapsource) SearchEntry(name, passwd string) (string, bool) {
-       l, err := goldap.Dial("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port))
+       l, err := ldapDial(ls)
+
        if err != nil {
                log.Debug("LDAP Connect error, disabled source %s", ls.Host)
                ls.Enabled = false
@@ -85,3 +87,11 @@ func (ls Ldapsource) SearchEntry(name, passwd string) (string, bool) {
        }
        return "", true
 }
+
+func ldapDial(ls Ldapsource) (*goldap.Conn, error) {
+       if ls.UseSSL {
+               return goldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), nil)
+       } else {
+               return goldap.Dial("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port))
+       }
+}

diff --git a/modules/base/conf.go b/modules/base/conf.go
index 99bac9006f96e89f9ccf419b89af822f74e9d246..7d26623a52f17470bdd8d21b0201bd9af72c7967 100644 (file)
--- a/modules/base/conf.go
+++ b/modules/base/conf.go
@@ -195,11 +195,12 @@ func newLdapService() {
                        ldapname := Cfg.MustValue(v, "name", v)
                        ldaphost := Cfg.MustValue(v, "host")
                        ldapport := Cfg.MustInt(v, "port", 389)
+                       ldapusessl := Cfg.MustBool(v, "usessl", false)
                        ldapbasedn := Cfg.MustValue(v, "basedn", "dc=*,dc=*")
                        ldapattribute := Cfg.MustValue(v, "attribute", "mail")
                        ldapfilter := Cfg.MustValue(v, "filter", "(*)")
                        ldapmsadsaformat := Cfg.MustValue(v, "MSADSAFORMAT", "%s")
-                       ldap.AddSource(ldapname, ldaphost, ldapport, ldapbasedn, ldapattribute, ldapfilter, ldapmsadsaformat)
+                       ldap.AddSource(ldapname, ldaphost, ldapport, ldapusessl, ldapbasedn, ldapattribute, ldapfilter, ldapmsadsaformat)
                        nbsrc++
                        log.Debug("%s added as LDAP source", ldapname)
                }

diff --git a/routers/admin/auths.go b/routers/admin/auths.go
index 1822fd69ae12199d2ea2c248ade8764d851f9d87..70a23baad74c69b70a107d948fb9086ec75d0af9 100644 (file)
--- a/routers/admin/auths.go
+++ b/routers/admin/auths.go
@@ -44,6 +44,7 @@ func NewAuthSourcePost(ctx *middleware.Context, form auth.AuthenticationForm) {
                        Ldapsource: ldap.Ldapsource{
                                Host:         form.Host,
                                Port:         form.Port,
+                               UseSSL:       form.UseSSL,
                                BaseDN:       form.BaseDN,
                                Attributes:   form.Attributes,
                                Filter:       form.Filter,
@@ -121,6 +122,7 @@ func EditAuthSourcePost(ctx *middleware.Context, form auth.AuthenticationForm) {
                        Ldapsource: ldap.Ldapsource{
                                Host:         form.Host,
                                Port:         form.Port,
+                               UseSSL:       form.UseSSL,
                                BaseDN:       form.BaseDN,
                                Attributes:   form.Attributes,
                                Filter:       form.Filter,

diff --git a/templates/admin/auths/edit.tmpl b/templates/admin/auths/edit.tmpl
index 2c7a5754bfa638632149ec3baef18ff7b3e1d155..e1cef8cf9257fe309437055446a07d1e6079a4fa 100644 (file)
--- a/templates/admin/auths/edit.tmpl
+++ b/templates/admin/auths/edit.tmpl
@@ -53,6 +53,14 @@
                         </div>
                     </div>
 
+                    <div class="form-group {{if .Err_UseSSL}}has-error has-feedback{{end}}">
+                         <label class="col-md-3 control-label">Use SSL: </label>
+                         <div class="col-md-7">
+                              <input name="usessl" class="form-control" type="checkbox" {{if .Source.LDAP.UseSSL}}checked{{end}}>
+                         </div>
+                    </div>
+
+
                     <div class="form-group {{if .Err_BaseDN}}has-error has-feedback{{end}}">
                         <label class="col-md-3 control-label">Base DN: </label>
                         <div class="col-md-7">
@@ -147,4 +155,4 @@
 
     </div>
 </div>
-{{template "base/footer" .}}
\ No newline at end of file
+{{template "base/footer" .}}

diff --git a/templates/admin/auths/new.tmpl b/templates/admin/auths/new.tmpl
index e5dcb4339b94bb38f33deca3b08157476bf472dd..d09833fc77904814216122bc71156468385770eb 100644 (file)
--- a/templates/admin/auths/new.tmpl
+++ b/templates/admin/auths/new.tmpl
@@ -51,6 +51,13 @@
                             </div>
                         </div>
 
+                        <div class="form-group {{if .Err_UseSSL}}has-error has-feedback{{end}}">
+                             <label class="col-md-3 control-label">Use SSL: </label>
+                             <div class="col-md-7">
+                                  <input name="usessl" class="form-control" type="checkbox" {{if .usessl}}checked{{end}}>
+                             </div>
+                        </div>
+
                         <div class="form-group {{if .Err_BaseDN}}has-error has-feedback{{end}}">
                             <label class="col-md-3 control-label">Base DN: </label>
                             <div class="col-md-7">
@@ -158,4 +165,4 @@
         });
     });
 </script>
-{{template "base/footer" .}}
\ No newline at end of file
+{{template "base/footer" .}}