diff options
Diffstat (limited to 'modules/auth')
| -rw-r--r-- | modules/auth/authentication.go | 2 | ||||
| -rw-r--r-- | modules/auth/ldap/ldap.go | 16 |
2 files changed, 15 insertions, 3 deletions
diff --git a/modules/auth/authentication.go b/modules/auth/authentication.go index 4456d2a5f7..74d5e11b64 100644 --- a/modules/auth/authentication.go +++ b/modules/auth/authentication.go @@ -21,6 +21,7 @@ type AuthenticationForm struct { Domain string `form:"domain"` Host string `form:"host"` Port int `form:"port"` + UseSSL bool `form:"usessl"` BaseDN string `form:"base_dn"` Attributes string `form:"attributes"` Filter string `form:"filter"` @@ -37,6 +38,7 @@ func (f *AuthenticationForm) Name(field string) string { "Domain": "Domain name", "Host": "Host address", "Port": "Port Number", + "UseSSL": "Use SSL", "BaseDN": "Base DN", "Attributes": "Search attributes", "Filter": "Search filter", diff --git a/modules/auth/ldap/ldap.go b/modules/auth/ldap/ldap.go index 493339cde0..200490afb5 100644 --- a/modules/auth/ldap/ldap.go +++ b/modules/auth/ldap/ldap.go @@ -18,6 +18,7 @@ type Ldapsource struct { Name string // canonical name (ie. corporate.ad) Host string // LDAP host Port int // port number + UseSSL bool // Use SSL BaseDN string // Base DN Attributes string // Attribut to search Filter string // Query filter to validate entry @@ -31,8 +32,8 @@ var ( ) // Add a new source (LDAP directory) to the global pool -func AddSource(name string, host string, port int, basedn string, attributes string, filter string, msadsaformat string) { - ldaphost := Ldapsource{name, host, port, basedn, attributes, filter, msadsaformat, true} +func AddSource(name string, host string, port int, usessl bool, basedn string, attributes string, filter string, msadsaformat string) { + ldaphost := Ldapsource{name, host, port, usessl, basedn, attributes, filter, msadsaformat, true} Authensource = append(Authensource, ldaphost) } @@ -52,7 +53,8 @@ func LoginUser(name, passwd string) (a string, r bool) { // searchEntry : search an LDAP source if an entry (name, passwd) is valide and in the specific filter func (ls Ldapsource) SearchEntry(name, passwd string) (string, bool) { - l, err := goldap.Dial("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port)) + l, err := ldapDial(ls) + if err != nil { log.Debug("LDAP Connect error, disabled source %s", ls.Host) ls.Enabled = false @@ -85,3 +87,11 @@ func (ls Ldapsource) SearchEntry(name, passwd string) (string, bool) { } return "", true } + +func ldapDial(ls Ldapsource) (*goldap.Conn, error) { + if ls.UseSSL { + return goldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), nil) + } else { + return goldap.Dial("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port)) + } +} |