From 295a69c5f748879d0d28a72fbb6a3b214fea6368 Mon Sep 17 00:00:00 2001
From: Yaodong Yu <2814461814@qq.com>
Date: Wed, 15 Mar 2023 11:12:31 +0800
Subject: [PATCH] feat: support LDAP with SSL/TLS enabled (#1655)

---
 controllers/ldap.go          |  2 +-
 i18n/generate_test.go        |  3 +++
 object/check.go              |  2 +-
 object/ldap.go               | 15 +++++++++++----
 object/ldap_autosync.go      |  2 +-
 web/src/LdapEditPage.js      | 12 +++++++++++-
 web/src/locales/de/data.json |  2 ++
 web/src/locales/en/data.json |  2 ++
 web/src/locales/es/data.json |  2 ++
 web/src/locales/fr/data.json |  2 ++
 web/src/locales/ja/data.json |  2 ++
 web/src/locales/ko/data.json |  2 ++
 web/src/locales/ru/data.json |  2 ++
 web/src/locales/vi/data.json |  2 ++
 web/src/locales/zh/data.json |  2 ++
 15 files changed, 46 insertions(+), 8 deletions(-)

diff --git a/controllers/ldap.go b/controllers/ldap.go
index 03e8a2af..21ee6f38 100644
--- a/controllers/ldap.go
+++ b/controllers/ldap.go
@@ -46,7 +46,7 @@ func (c *ApiController) GetLdapUsers() {
 	_, ldapId := util.GetOwnerAndNameFromId(id)
 	ldapServer := object.GetLdap(ldapId)
 
-	conn, err := object.GetLdapConn(ldapServer.Host, ldapServer.Port, ldapServer.Admin, ldapServer.Passwd)
+	conn, err := ldapServer.GetLdapConn()
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
diff --git a/i18n/generate_test.go b/i18n/generate_test.go
index 824112c4..d2937cbe 100644
--- a/i18n/generate_test.go
+++ b/i18n/generate_test.go
@@ -12,6 +12,9 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+//go:build !skipCi
+// +build !skipCi
+
 package i18n
 
 import (
diff --git a/object/check.go b/object/check.go
index ed34c1ca..d9d8060e 100644
--- a/object/check.go
+++ b/object/check.go
@@ -196,7 +196,7 @@ func checkLdapUserPassword(user *User, password string, lang string) (*User, str
 	ldaps := GetLdaps(user.Owner)
 	ldapLoginSuccess := false
 	for _, ldapServer := range ldaps {
-		conn, err := GetLdapConn(ldapServer.Host, ldapServer.Port, ldapServer.Admin, ldapServer.Passwd)
+		conn, err := ldapServer.GetLdapConn()
 		if err != nil {
 			continue
 		}
diff --git a/object/ldap.go b/object/ldap.go
index 1a90e577..7c82e818 100644
--- a/object/ldap.go
+++ b/object/ldap.go
@@ -33,6 +33,7 @@ type Ldap struct {
 	ServerName string `xorm:"varchar(100)" json:"serverName"`
 	Host       string `xorm:"varchar(100)" json:"host"`
 	Port       int    `json:"port"`
+	EnableSsl  bool   `xorm:"bool" json:"enableSsl"`
 	Admin      string `xorm:"varchar(100)" json:"admin"`
 	Passwd     string `xorm:"varchar(100)" json:"passwd"`
 	BaseDn     string `xorm:"varchar(100)" json:"baseDn"`
@@ -152,13 +153,19 @@ func isMicrosoftAD(Conn *goldap.Conn) (bool, error) {
 	return isMicrosoft, err
 }
 
-func GetLdapConn(host string, port int, adminUser string, adminPasswd string) (*ldapConn, error) {
-	conn, err := goldap.Dial("tcp", fmt.Sprintf("%s:%d", host, port))
+func (ldap *Ldap) GetLdapConn() (c *ldapConn, err error) {
+	var conn *goldap.Conn
+	if ldap.EnableSsl {
+		conn, err = goldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ldap.Host, ldap.Port), nil)
+	} else {
+		conn, err = goldap.Dial("tcp", fmt.Sprintf("%s:%d", ldap.Host, ldap.Port))
+	}
+
 	if err != nil {
 		return nil, err
 	}
 
-	err = conn.Bind(adminUser, adminPasswd)
+	err = conn.Bind(ldap.Admin, ldap.Passwd)
 	if err != nil {
 		return nil, err
 	}
@@ -352,7 +359,7 @@ func UpdateLdap(ldap *Ldap) bool {
 	}
 
 	affected, err := adapter.Engine.ID(ldap.Id).Cols("owner", "server_name", "host",
-		"port", "admin", "passwd", "base_dn", "auto_sync").Update(ldap)
+		"port", "enable_ssl", "admin", "passwd", "base_dn", "auto_sync").Update(ldap)
 	if err != nil {
 		panic(err)
 	}
diff --git a/object/ldap_autosync.go b/object/ldap_autosync.go
index 2e0a8aa4..88cb7ab8 100644
--- a/object/ldap_autosync.go
+++ b/object/ldap_autosync.go
@@ -76,7 +76,7 @@ func (l *LdapAutoSynchronizer) syncRoutine(ldap *Ldap, stopChan chan struct{}) {
 
 		UpdateLdapSyncTime(ldap.Id)
 		// fetch all users
-		conn, err := GetLdapConn(ldap.Host, ldap.Port, ldap.Admin, ldap.Passwd)
+		conn, err := ldap.GetLdapConn()
 		if err != nil {
 			logs.Warning(fmt.Sprintf("autoSync failed for %s, error %s", ldap.Id, err))
 			continue
diff --git a/web/src/LdapEditPage.js b/web/src/LdapEditPage.js
index e5d5c0b4..fbe17747 100644
--- a/web/src/LdapEditPage.js
+++ b/web/src/LdapEditPage.js
@@ -13,7 +13,7 @@
 // limitations under the License.
 
 import React from "react";
-import {Button, Card, Col, Input, InputNumber, Row, Select} from "antd";
+import {Button, Card, Col, Input, InputNumber, Row, Select, Switch} from "antd";
 import {EyeInvisibleOutlined, EyeTwoTone} from "@ant-design/icons";
 import * as LddpBackend from "./backend/LdapBackend";
 import * as OrganizationBackend from "./backend/OrganizationBackend";
@@ -146,6 +146,16 @@ class LdapEditPage extends React.Component {
               }} />
           </Col>
         </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{lineHeight: "32px", textAlign: "right", paddingRight: "25px"}} span={3}>
+            {Setting.getLabel(i18next.t("ldap:Enable SSL"), i18next.t("ldap:Enable SSL - Tooltip"))} :
+          </Col>
+          <Col span={21} >
+            <Switch checked={this.state.ldap.enableSsl} onChange={checked => {
+              this.updateLdapField("enableSsl", checked);
+            }} />
+          </Col>
+        </Row>
         <Row style={{marginTop: "20px"}}>
           <Col style={{lineHeight: "32px", textAlign: "right", paddingRight: "25px"}} span={3}>
             {Setting.getLabel(i18next.t("ldap:Base DN"), i18next.t("ldap:Base DN - Tooltip"))} :
diff --git a/web/src/locales/de/data.json b/web/src/locales/de/data.json
index 7be14fb0..d467b126 100644
--- a/web/src/locales/de/data.json
+++ b/web/src/locales/de/data.json
@@ -288,6 +288,8 @@
     "CN": "KN",
     "Edit LDAP": "LDAP bearbeiten",
     "Email": "E-Mail",
+    "Enable SSL": "Enable SSL",
+    "Enable SSL - Tooltip": "Enable SSL - Tooltip",
     "Group Id": "Gruppen Id",
     "ID": "ID",
     "Last Sync": "Letzter Sync",
diff --git a/web/src/locales/en/data.json b/web/src/locales/en/data.json
index 5ce16ff0..faebc3e6 100644
--- a/web/src/locales/en/data.json
+++ b/web/src/locales/en/data.json
@@ -288,6 +288,8 @@
     "CN": "CN",
     "Edit LDAP": "Edit LDAP",
     "Email": "Email",
+    "Enable SSL": "Enable SSL",
+    "Enable SSL - Tooltip": "Enable SSL - Tooltip",
     "Group Id": "Group Id",
     "ID": "ID",
     "Last Sync": "Last Sync",
diff --git a/web/src/locales/es/data.json b/web/src/locales/es/data.json
index a15c2775..be032cee 100644
--- a/web/src/locales/es/data.json
+++ b/web/src/locales/es/data.json
@@ -288,6 +288,8 @@
     "CN": "CN",
     "Edit LDAP": "Editar LDAP",
     "Email": "Email",
+    "Enable SSL": "Enable SSL",
+    "Enable SSL - Tooltip": "Enable SSL - Tooltip",
     "Group Id": "Group Id",
     "ID": "ID",
     "Last Sync": "Última Sincronización",
diff --git a/web/src/locales/fr/data.json b/web/src/locales/fr/data.json
index 26ba6091..1d6ee12f 100644
--- a/web/src/locales/fr/data.json
+++ b/web/src/locales/fr/data.json
@@ -288,6 +288,8 @@
     "CN": "CN",
     "Edit LDAP": "Modifier LDAP",
     "Email": "Courriel",
+    "Enable SSL": "Enable SSL",
+    "Enable SSL - Tooltip": "Enable SSL - Tooltip",
     "Group Id": "Identifiant du groupe",
     "ID": "ID",
     "Last Sync": "Dernière synchronisation",
diff --git a/web/src/locales/ja/data.json b/web/src/locales/ja/data.json
index 0750e163..dfb2f24a 100644
--- a/web/src/locales/ja/data.json
+++ b/web/src/locales/ja/data.json
@@ -288,6 +288,8 @@
     "CN": "CN",
     "Edit LDAP": "LDAP を編集",
     "Email": "Eメールアドレス",
+    "Enable SSL": "Enable SSL",
+    "Enable SSL - Tooltip": "Enable SSL - Tooltip",
     "Group Id": "グループ ID",
     "ID": "ID",
     "Last Sync": "前回の同期",
diff --git a/web/src/locales/ko/data.json b/web/src/locales/ko/data.json
index d684cfd6..d883a00c 100644
--- a/web/src/locales/ko/data.json
+++ b/web/src/locales/ko/data.json
@@ -288,6 +288,8 @@
     "CN": "CN",
     "Edit LDAP": "Edit LDAP",
     "Email": "Email",
+    "Enable SSL": "Enable SSL",
+    "Enable SSL - Tooltip": "Enable SSL - Tooltip",
     "Group Id": "Group Id",
     "ID": "ID",
     "Last Sync": "Last Sync",
diff --git a/web/src/locales/ru/data.json b/web/src/locales/ru/data.json
index a8b64396..bcb1f795 100644
--- a/web/src/locales/ru/data.json
+++ b/web/src/locales/ru/data.json
@@ -288,6 +288,8 @@
     "CN": "КНР",
     "Edit LDAP": "Редактировать LDAP",
     "Email": "Почта",
+    "Enable SSL": "Enable SSL",
+    "Enable SSL - Tooltip": "Enable SSL - Tooltip",
     "Group Id": "ID группы",
     "ID": "ID",
     "Last Sync": "Последняя синхронизация",
diff --git a/web/src/locales/vi/data.json b/web/src/locales/vi/data.json
index 67c16a83..58d670a4 100644
--- a/web/src/locales/vi/data.json
+++ b/web/src/locales/vi/data.json
@@ -288,6 +288,8 @@
     "CN": "CN",
     "Edit LDAP": "Edit LDAP",
     "Email": "Email",
+    "Enable SSL": "Enable SSL",
+    "Enable SSL - Tooltip": "Enable SSL - Tooltip",
     "Group Id": "Group Id",
     "ID": "ID",
     "Last Sync": "Last Sync",
diff --git a/web/src/locales/zh/data.json b/web/src/locales/zh/data.json
index 03cb9c1b..3641fc0c 100644
--- a/web/src/locales/zh/data.json
+++ b/web/src/locales/zh/data.json
@@ -288,6 +288,8 @@
     "CN": "CN",
     "Edit LDAP": "编辑LDAP",
     "Email": "电子邮件",
+    "Enable SSL": "启用 SSL",
+    "Enable SSL - Tooltip": "启用 SSL",
     "Group Id": "组ID",
     "ID": "ID",
     "Last Sync": "最近同步",