diff options
| author | Unknwon <u@gogs.io> | 2015-09-14 15:48:51 -0400 |
|---|---|---|
| committer | Unknwon <u@gogs.io> | 2015-09-14 15:48:51 -0400 |
| commit | f5c7f22cc8595a81b5d9f9da4a0a29faf2dbbdce (patch) | |
| tree | af338ee4d3f7ca0edec0f8e1159b52d69da5f912 /modules/auth/ldap | |
| parent | 2bc3e83e1ce89a6c250116216a93da3a401127db (diff) | |
| download | gitea-f5c7f22cc8595a81b5d9f9da4a0a29faf2dbbdce.tar.gz gitea-f5c7f22cc8595a81b5d9f9da4a0a29faf2dbbdce.zip | |
#1637 able to skip verify for LDAP
Diffstat (limited to 'modules/auth/ldap')
| -rw-r--r-- | modules/auth/ldap/ldap.go | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/modules/auth/ldap/ldap.go b/modules/auth/ldap/ldap.go index 3e6f9731c1..1f87690526 100644 --- a/modules/auth/ldap/ldap.go +++ b/modules/auth/ldap/ldap.go @@ -7,6 +7,7 @@ package ldap import ( + "crypto/tls" "fmt" "github.com/gogits/gogs/modules/ldap" @@ -14,11 +15,12 @@ import ( ) // Basic LDAP authentication service -type Ldapsource struct { +type Source struct { Name string // canonical name (ie. corporate.ad) Host string // LDAP host Port int // port number UseSSL bool // Use SSL + SkipVerify bool BindDN string // DN to bind with BindPassword string // Bind DN password UserBase string // Base search path for users @@ -31,7 +33,7 @@ type Ldapsource struct { Enabled bool // if this source is disabled } -func (ls Ldapsource) FindUserDN(name string) (string, bool) { +func (ls *Source) FindUserDN(name string) (string, bool) { l, err := ldapDial(ls) if err != nil { log.Error(4, "LDAP Connect error, %s:%v", ls.Host, err) @@ -79,7 +81,7 @@ func (ls Ldapsource) FindUserDN(name string) (string, bool) { } // searchEntry : search an LDAP source if an entry (name, passwd) is valid and in the specific filter -func (ls Ldapsource) SearchEntry(name, passwd string, directBind bool) (string, string, string, bool, bool) { +func (ls *Source) SearchEntry(name, passwd string, directBind bool) (string, string, string, bool, bool) { var userDN string if directBind { log.Trace("LDAP will bind directly via UserDN: %s", ls.UserDN) @@ -154,10 +156,12 @@ func (ls Ldapsource) SearchEntry(name, passwd string, directBind bool) (string, return name_attr, sn_attr, mail_attr, admin_attr, true } -func ldapDial(ls Ldapsource) (*ldap.Conn, error) { +func ldapDial(ls *Source) (*ldap.Conn, error) { if ls.UseSSL { - log.Debug("Using TLS for LDAP") - return ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), nil) + log.Debug("Using TLS for LDAP without verifying: %v", ls.SkipVerify) + return ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), &tls.Config{ + InsecureSkipVerify: ls.SkipVerify, + }) } else { return ldap.Dial("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port)) } |