diff --git a/controllers/ldap.go b/controllers/ldap.go
index 03e8a2af..21ee6f38 100644
--- a/controllers/ldap.go
+++ b/controllers/ldap.go
@@ -46,7 +46,7 @@ func (c *ApiController) GetLdapUsers() {
_, ldapId := util.GetOwnerAndNameFromId(id)
ldapServer := object.GetLdap(ldapId)
- conn, err := object.GetLdapConn(ldapServer.Host, ldapServer.Port, ldapServer.Admin, ldapServer.Passwd)
+ conn, err := ldapServer.GetLdapConn()
if err != nil {
c.ResponseError(err.Error())
return
diff --git a/i18n/generate_test.go b/i18n/generate_test.go
index 824112c4..d2937cbe 100644
--- a/i18n/generate_test.go
+++ b/i18n/generate_test.go
@@ -12,6 +12,9 @@
// See the License for the specific language governing permissions and
// limitations under the License.
+//go:build !skipCi
+// +build !skipCi
+
package i18n
import (
diff --git a/object/check.go b/object/check.go
index ed34c1ca..d9d8060e 100644
--- a/object/check.go
+++ b/object/check.go
@@ -196,7 +196,7 @@ func checkLdapUserPassword(user *User, password string, lang string) (*User, str
ldaps := GetLdaps(user.Owner)
ldapLoginSuccess := false
for _, ldapServer := range ldaps {
- conn, err := GetLdapConn(ldapServer.Host, ldapServer.Port, ldapServer.Admin, ldapServer.Passwd)
+ conn, err := ldapServer.GetLdapConn()
if err != nil {
continue
}
diff --git a/object/ldap.go b/object/ldap.go
index 1a90e577..7c82e818 100644
--- a/object/ldap.go
+++ b/object/ldap.go
@@ -33,6 +33,7 @@ type Ldap struct {
ServerName string `xorm:"varchar(100)" json:"serverName"`
Host string `xorm:"varchar(100)" json:"host"`
Port int `json:"port"`
+ EnableSsl bool `xorm:"bool" json:"enableSsl"`
Admin string `xorm:"varchar(100)" json:"admin"`
Passwd string `xorm:"varchar(100)" json:"passwd"`
BaseDn string `xorm:"varchar(100)" json:"baseDn"`
@@ -152,13 +153,19 @@ func isMicrosoftAD(Conn *goldap.Conn) (bool, error) {
return isMicrosoft, err
}
-func GetLdapConn(host string, port int, adminUser string, adminPasswd string) (*ldapConn, error) {
- conn, err := goldap.Dial("tcp", fmt.Sprintf("%s:%d", host, port))
+func (ldap *Ldap) GetLdapConn() (c *ldapConn, err error) {
+ var conn *goldap.Conn
+ if ldap.EnableSsl {
+ conn, err = goldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ldap.Host, ldap.Port), nil)
+ } else {
+ conn, err = goldap.Dial("tcp", fmt.Sprintf("%s:%d", ldap.Host, ldap.Port))
+ }
+
if err != nil {
return nil, err
}
- err = conn.Bind(adminUser, adminPasswd)
+ err = conn.Bind(ldap.Admin, ldap.Passwd)
if err != nil {
return nil, err
}
@@ -352,7 +359,7 @@ func UpdateLdap(ldap *Ldap) bool {
}
affected, err := adapter.Engine.ID(ldap.Id).Cols("owner", "server_name", "host",
- "port", "admin", "passwd", "base_dn", "auto_sync").Update(ldap)
+ "port", "enable_ssl", "admin", "passwd", "base_dn", "auto_sync").Update(ldap)
if err != nil {
panic(err)
}
diff --git a/object/ldap_autosync.go b/object/ldap_autosync.go
index 2e0a8aa4..88cb7ab8 100644
--- a/object/ldap_autosync.go
+++ b/object/ldap_autosync.go
@@ -76,7 +76,7 @@ func (l *LdapAutoSynchronizer) syncRoutine(ldap *Ldap, stopChan chan struct{}) {
UpdateLdapSyncTime(ldap.Id)
// fetch all users
- conn, err := GetLdapConn(ldap.Host, ldap.Port, ldap.Admin, ldap.Passwd)
+ conn, err := ldap.GetLdapConn()
if err != nil {
logs.Warning(fmt.Sprintf("autoSync failed for %s, error %s", ldap.Id, err))
continue
diff --git a/web/src/LdapEditPage.js b/web/src/LdapEditPage.js
index e5d5c0b4..fbe17747 100644
--- a/web/src/LdapEditPage.js
+++ b/web/src/LdapEditPage.js
@@ -13,7 +13,7 @@
// limitations under the License.
import React from "react";
-import {Button, Card, Col, Input, InputNumber, Row, Select} from "antd";
+import {Button, Card, Col, Input, InputNumber, Row, Select, Switch} from "antd";
import {EyeInvisibleOutlined, EyeTwoTone} from "@ant-design/icons";
import * as LddpBackend from "./backend/LdapBackend";
import * as OrganizationBackend from "./backend/OrganizationBackend";
@@ -146,6 +146,16 @@ class LdapEditPage extends React.Component {
}} />
+
+
+ {Setting.getLabel(i18next.t("ldap:Enable SSL"), i18next.t("ldap:Enable SSL - Tooltip"))} :
+
+
+ {
+ this.updateLdapField("enableSsl", checked);
+ }} />
+
+
{Setting.getLabel(i18next.t("ldap:Base DN"), i18next.t("ldap:Base DN - Tooltip"))} :
diff --git a/web/src/locales/de/data.json b/web/src/locales/de/data.json
index 7be14fb0..d467b126 100644
--- a/web/src/locales/de/data.json
+++ b/web/src/locales/de/data.json
@@ -288,6 +288,8 @@
"CN": "KN",
"Edit LDAP": "LDAP bearbeiten",
"Email": "E-Mail",
+ "Enable SSL": "Enable SSL",
+ "Enable SSL - Tooltip": "Enable SSL - Tooltip",
"Group Id": "Gruppen Id",
"ID": "ID",
"Last Sync": "Letzter Sync",
diff --git a/web/src/locales/en/data.json b/web/src/locales/en/data.json
index 5ce16ff0..faebc3e6 100644
--- a/web/src/locales/en/data.json
+++ b/web/src/locales/en/data.json
@@ -288,6 +288,8 @@
"CN": "CN",
"Edit LDAP": "Edit LDAP",
"Email": "Email",
+ "Enable SSL": "Enable SSL",
+ "Enable SSL - Tooltip": "Enable SSL - Tooltip",
"Group Id": "Group Id",
"ID": "ID",
"Last Sync": "Last Sync",
diff --git a/web/src/locales/es/data.json b/web/src/locales/es/data.json
index a15c2775..be032cee 100644
--- a/web/src/locales/es/data.json
+++ b/web/src/locales/es/data.json
@@ -288,6 +288,8 @@
"CN": "CN",
"Edit LDAP": "Editar LDAP",
"Email": "Email",
+ "Enable SSL": "Enable SSL",
+ "Enable SSL - Tooltip": "Enable SSL - Tooltip",
"Group Id": "Group Id",
"ID": "ID",
"Last Sync": "Última Sincronización",
diff --git a/web/src/locales/fr/data.json b/web/src/locales/fr/data.json
index 26ba6091..1d6ee12f 100644
--- a/web/src/locales/fr/data.json
+++ b/web/src/locales/fr/data.json
@@ -288,6 +288,8 @@
"CN": "CN",
"Edit LDAP": "Modifier LDAP",
"Email": "Courriel",
+ "Enable SSL": "Enable SSL",
+ "Enable SSL - Tooltip": "Enable SSL - Tooltip",
"Group Id": "Identifiant du groupe",
"ID": "ID",
"Last Sync": "Dernière synchronisation",
diff --git a/web/src/locales/ja/data.json b/web/src/locales/ja/data.json
index 0750e163..dfb2f24a 100644
--- a/web/src/locales/ja/data.json
+++ b/web/src/locales/ja/data.json
@@ -288,6 +288,8 @@
"CN": "CN",
"Edit LDAP": "LDAP を編集",
"Email": "Eメールアドレス",
+ "Enable SSL": "Enable SSL",
+ "Enable SSL - Tooltip": "Enable SSL - Tooltip",
"Group Id": "グループ ID",
"ID": "ID",
"Last Sync": "前回の同期",
diff --git a/web/src/locales/ko/data.json b/web/src/locales/ko/data.json
index d684cfd6..d883a00c 100644
--- a/web/src/locales/ko/data.json
+++ b/web/src/locales/ko/data.json
@@ -288,6 +288,8 @@
"CN": "CN",
"Edit LDAP": "Edit LDAP",
"Email": "Email",
+ "Enable SSL": "Enable SSL",
+ "Enable SSL - Tooltip": "Enable SSL - Tooltip",
"Group Id": "Group Id",
"ID": "ID",
"Last Sync": "Last Sync",
diff --git a/web/src/locales/ru/data.json b/web/src/locales/ru/data.json
index a8b64396..bcb1f795 100644
--- a/web/src/locales/ru/data.json
+++ b/web/src/locales/ru/data.json
@@ -288,6 +288,8 @@
"CN": "КНР",
"Edit LDAP": "Редактировать LDAP",
"Email": "Почта",
+ "Enable SSL": "Enable SSL",
+ "Enable SSL - Tooltip": "Enable SSL - Tooltip",
"Group Id": "ID группы",
"ID": "ID",
"Last Sync": "Последняя синхронизация",
diff --git a/web/src/locales/vi/data.json b/web/src/locales/vi/data.json
index 67c16a83..58d670a4 100644
--- a/web/src/locales/vi/data.json
+++ b/web/src/locales/vi/data.json
@@ -288,6 +288,8 @@
"CN": "CN",
"Edit LDAP": "Edit LDAP",
"Email": "Email",
+ "Enable SSL": "Enable SSL",
+ "Enable SSL - Tooltip": "Enable SSL - Tooltip",
"Group Id": "Group Id",
"ID": "ID",
"Last Sync": "Last Sync",
diff --git a/web/src/locales/zh/data.json b/web/src/locales/zh/data.json
index 03cb9c1b..3641fc0c 100644
--- a/web/src/locales/zh/data.json
+++ b/web/src/locales/zh/data.json
@@ -288,6 +288,8 @@
"CN": "CN",
"Edit LDAP": "编辑LDAP",
"Email": "电子邮件",
+ "Enable SSL": "启用 SSL",
+ "Enable SSL - Tooltip": "启用 SSL",
"Group Id": "组ID",
"ID": "ID",
"Last Sync": "最近同步",