mirror of
https://github.com/casdoor/casdoor.git
synced 2025-07-03 12:30:19 +08:00
feat: support LDAP with SSL/TLS enabled (#1655)
This commit is contained in:
Yaodong Yu
@ -46,7 +46,7 @@ func (c *ApiController) GetLdapUsers() {
|
|||||||
_, ldapId := util.GetOwnerAndNameFromId(id)
|
_, ldapId := util.GetOwnerAndNameFromId(id)
|
||||||
ldapServer := object.GetLdap(ldapId)
|
ldapServer := object.GetLdap(ldapId)
|
||||||
|
|
||||||
conn, err := object.GetLdapConn(ldapServer.Host, ldapServer.Port, ldapServer.Admin, ldapServer.Passwd)
|
conn, err := ldapServer.GetLdapConn()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
c.ResponseError(err.Error())
|
c.ResponseError(err.Error())
|
||||||
return
|
return
|
||||||
|
|||||||
@ -12,6 +12,9 @@
|
|||||||
// See the License for the specific language governing permissions and
|
// See the License for the specific language governing permissions and
|
||||||
// limitations under the License.
|
// limitations under the License.
|
||||||
|
|
||||||
|
//go:build !skipCi
|
||||||
|
// +build !skipCi
|
||||||
|
|
||||||
package i18n
|
package i18n
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
|||||||
@ -196,7 +196,7 @@ func checkLdapUserPassword(user *User, password string, lang string) (*User, str
|
|||||||
ldaps := GetLdaps(user.Owner)
|
ldaps := GetLdaps(user.Owner)
|
||||||
ldapLoginSuccess := false
|
ldapLoginSuccess := false
|
||||||
for _, ldapServer := range ldaps {
|
for _, ldapServer := range ldaps {
|
||||||
conn, err := GetLdapConn(ldapServer.Host, ldapServer.Port, ldapServer.Admin, ldapServer.Passwd)
|
conn, err := ldapServer.GetLdapConn()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|||||||
@ -33,6 +33,7 @@ type Ldap struct {
|
|||||||
ServerName string `xorm:"varchar(100)" json:"serverName"`
|
ServerName string `xorm:"varchar(100)" json:"serverName"`
|
||||||
Host string `xorm:"varchar(100)" json:"host"`
|
Host string `xorm:"varchar(100)" json:"host"`
|
||||||
Port int `json:"port"`
|
Port int `json:"port"`
|
||||||
|
EnableSsl bool `xorm:"bool" json:"enableSsl"`
|
||||||
Admin string `xorm:"varchar(100)" json:"admin"`
|
Admin string `xorm:"varchar(100)" json:"admin"`
|
||||||
Passwd string `xorm:"varchar(100)" json:"passwd"`
|
Passwd string `xorm:"varchar(100)" json:"passwd"`
|
||||||
BaseDn string `xorm:"varchar(100)" json:"baseDn"`
|
BaseDn string `xorm:"varchar(100)" json:"baseDn"`
|
||||||
@ -152,13 +153,19 @@ func isMicrosoftAD(Conn *goldap.Conn) (bool, error) {
|
|||||||
return isMicrosoft, err
|
return isMicrosoft, err
|
||||||
}
|
}
|
||||||
|
|
||||||
func GetLdapConn(host string, port int, adminUser string, adminPasswd string) (*ldapConn, error) {
|
func (ldap *Ldap) GetLdapConn() (c *ldapConn, err error) {
|
||||||
conn, err := goldap.Dial("tcp", fmt.Sprintf("%s:%d", host, port))
|
var conn *goldap.Conn
|
||||||
|
if ldap.EnableSsl {
|
||||||
|
conn, err = goldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ldap.Host, ldap.Port), nil)
|
||||||
|
} else {
|
||||||
|
conn, err = goldap.Dial("tcp", fmt.Sprintf("%s:%d", ldap.Host, ldap.Port))
|
||||||
|
}
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
err = conn.Bind(adminUser, adminPasswd)
|
err = conn.Bind(ldap.Admin, ldap.Passwd)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
@ -352,7 +359,7 @@ func UpdateLdap(ldap *Ldap) bool {
|
|||||||
}
|
}
|
||||||
|
|
||||||
affected, err := adapter.Engine.ID(ldap.Id).Cols("owner", "server_name", "host",
|
affected, err := adapter.Engine.ID(ldap.Id).Cols("owner", "server_name", "host",
|
||||||
"port", "admin", "passwd", "base_dn", "auto_sync").Update(ldap)
|
"port", "enable_ssl", "admin", "passwd", "base_dn", "auto_sync").Update(ldap)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
panic(err)
|
panic(err)
|
||||||
}
|
}
|
||||||
|
|||||||
@ -76,7 +76,7 @@ func (l *LdapAutoSynchronizer) syncRoutine(ldap *Ldap, stopChan chan struct{}) {
|
|||||||
|
|
||||||
UpdateLdapSyncTime(ldap.Id)
|
UpdateLdapSyncTime(ldap.Id)
|
||||||
// fetch all users
|
// fetch all users
|
||||||
conn, err := GetLdapConn(ldap.Host, ldap.Port, ldap.Admin, ldap.Passwd)
|
conn, err := ldap.GetLdapConn()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logs.Warning(fmt.Sprintf("autoSync failed for %s, error %s", ldap.Id, err))
|
logs.Warning(fmt.Sprintf("autoSync failed for %s, error %s", ldap.Id, err))
|
||||||
continue
|
continue
|
||||||
|
|||||||
@ -13,7 +13,7 @@
|
|||||||
// limitations under the License.
|
// limitations under the License.
|
||||||
|
|
||||||
import React from "react";
|
import React from "react";
|
||||||
import {Button, Card, Col, Input, InputNumber, Row, Select} from "antd";
|
import {Button, Card, Col, Input, InputNumber, Row, Select, Switch} from "antd";
|
||||||
import {EyeInvisibleOutlined, EyeTwoTone} from "@ant-design/icons";
|
import {EyeInvisibleOutlined, EyeTwoTone} from "@ant-design/icons";
|
||||||
import * as LddpBackend from "./backend/LdapBackend";
|
import * as LddpBackend from "./backend/LdapBackend";
|
||||||
import * as OrganizationBackend from "./backend/OrganizationBackend";
|
import * as OrganizationBackend from "./backend/OrganizationBackend";
|
||||||
@ -146,6 +146,16 @@ class LdapEditPage extends React.Component {
|
|||||||
}} />
|
}} />
|
||||||
</Col>
|
</Col>
|
||||||
</Row>
|
</Row>
|
||||||
|
<Row style={{marginTop: "20px"}} >
|
||||||
|
<Col style={{lineHeight: "32px", textAlign: "right", paddingRight: "25px"}} span={3}>
|
||||||
|
{Setting.getLabel(i18next.t("ldap:Enable SSL"), i18next.t("ldap:Enable SSL - Tooltip"))} :
|
||||||
|
</Col>
|
||||||
|
<Col span={21} >
|
||||||
|
<Switch checked={this.state.ldap.enableSsl} onChange={checked => {
|
||||||
|
this.updateLdapField("enableSsl", checked);
|
||||||
|
}} />
|
||||||
|
</Col>
|
||||||
|
</Row>
|
||||||
<Row style={{marginTop: "20px"}}>
|
<Row style={{marginTop: "20px"}}>
|
||||||
<Col style={{lineHeight: "32px", textAlign: "right", paddingRight: "25px"}} span={3}>
|
<Col style={{lineHeight: "32px", textAlign: "right", paddingRight: "25px"}} span={3}>
|
||||||
{Setting.getLabel(i18next.t("ldap:Base DN"), i18next.t("ldap:Base DN - Tooltip"))} :
|
{Setting.getLabel(i18next.t("ldap:Base DN"), i18next.t("ldap:Base DN - Tooltip"))} :
|
||||||
|
|||||||
@ -288,6 +288,8 @@
|
|||||||
"CN": "KN",
|
"CN": "KN",
|
||||||
"Edit LDAP": "LDAP bearbeiten",
|
"Edit LDAP": "LDAP bearbeiten",
|
||||||
"Email": "E-Mail",
|
"Email": "E-Mail",
|
||||||
|
"Enable SSL": "Enable SSL",
|
||||||
|
"Enable SSL - Tooltip": "Enable SSL - Tooltip",
|
||||||
"Group Id": "Gruppen Id",
|
"Group Id": "Gruppen Id",
|
||||||
"ID": "ID",
|
"ID": "ID",
|
||||||
"Last Sync": "Letzter Sync",
|
"Last Sync": "Letzter Sync",
|
||||||
|
|||||||
@ -288,6 +288,8 @@
|
|||||||
"CN": "CN",
|
"CN": "CN",
|
||||||
"Edit LDAP": "Edit LDAP",
|
"Edit LDAP": "Edit LDAP",
|
||||||
"Email": "Email",
|
"Email": "Email",
|
||||||
|
"Enable SSL": "Enable SSL",
|
||||||
|
"Enable SSL - Tooltip": "Enable SSL - Tooltip",
|
||||||
"Group Id": "Group Id",
|
"Group Id": "Group Id",
|
||||||
"ID": "ID",
|
"ID": "ID",
|
||||||
"Last Sync": "Last Sync",
|
"Last Sync": "Last Sync",
|
||||||
|
|||||||
@ -288,6 +288,8 @@
|
|||||||
"CN": "CN",
|
"CN": "CN",
|
||||||
"Edit LDAP": "Editar LDAP",
|
"Edit LDAP": "Editar LDAP",
|
||||||
"Email": "Email",
|
"Email": "Email",
|
||||||
|
"Enable SSL": "Enable SSL",
|
||||||
|
"Enable SSL - Tooltip": "Enable SSL - Tooltip",
|
||||||
"Group Id": "Group Id",
|
"Group Id": "Group Id",
|
||||||
"ID": "ID",
|
"ID": "ID",
|
||||||
"Last Sync": "Última Sincronización",
|
"Last Sync": "Última Sincronización",
|
||||||
|
|||||||
@ -288,6 +288,8 @@
|
|||||||
"CN": "CN",
|
"CN": "CN",
|
||||||
"Edit LDAP": "Modifier LDAP",
|
"Edit LDAP": "Modifier LDAP",
|
||||||
"Email": "Courriel",
|
"Email": "Courriel",
|
||||||
|
"Enable SSL": "Enable SSL",
|
||||||
|
"Enable SSL - Tooltip": "Enable SSL - Tooltip",
|
||||||
"Group Id": "Identifiant du groupe",
|
"Group Id": "Identifiant du groupe",
|
||||||
"ID": "ID",
|
"ID": "ID",
|
||||||
"Last Sync": "Dernière synchronisation",
|
"Last Sync": "Dernière synchronisation",
|
||||||
|
|||||||
@ -288,6 +288,8 @@
|
|||||||
"CN": "CN",
|
"CN": "CN",
|
||||||
"Edit LDAP": "LDAP を編集",
|
"Edit LDAP": "LDAP を編集",
|
||||||
"Email": "Eメールアドレス",
|
"Email": "Eメールアドレス",
|
||||||
|
"Enable SSL": "Enable SSL",
|
||||||
|
"Enable SSL - Tooltip": "Enable SSL - Tooltip",
|
||||||
"Group Id": "グループ ID",
|
"Group Id": "グループ ID",
|
||||||
"ID": "ID",
|
"ID": "ID",
|
||||||
"Last Sync": "前回の同期",
|
"Last Sync": "前回の同期",
|
||||||
|
|||||||
@ -288,6 +288,8 @@
|
|||||||
"CN": "CN",
|
"CN": "CN",
|
||||||
"Edit LDAP": "Edit LDAP",
|
"Edit LDAP": "Edit LDAP",
|
||||||
"Email": "Email",
|
"Email": "Email",
|
||||||
|
"Enable SSL": "Enable SSL",
|
||||||
|
"Enable SSL - Tooltip": "Enable SSL - Tooltip",
|
||||||
"Group Id": "Group Id",
|
"Group Id": "Group Id",
|
||||||
"ID": "ID",
|
"ID": "ID",
|
||||||
"Last Sync": "Last Sync",
|
"Last Sync": "Last Sync",
|
||||||
|
|||||||
@ -288,6 +288,8 @@
|
|||||||
"CN": "КНР",
|
"CN": "КНР",
|
||||||
"Edit LDAP": "Редактировать LDAP",
|
"Edit LDAP": "Редактировать LDAP",
|
||||||
"Email": "Почта",
|
"Email": "Почта",
|
||||||
|
"Enable SSL": "Enable SSL",
|
||||||
|
"Enable SSL - Tooltip": "Enable SSL - Tooltip",
|
||||||
"Group Id": "ID группы",
|
"Group Id": "ID группы",
|
||||||
"ID": "ID",
|
"ID": "ID",
|
||||||
"Last Sync": "Последняя синхронизация",
|
"Last Sync": "Последняя синхронизация",
|
||||||
|
|||||||
@ -288,6 +288,8 @@
|
|||||||
"CN": "CN",
|
"CN": "CN",
|
||||||
"Edit LDAP": "Edit LDAP",
|
"Edit LDAP": "Edit LDAP",
|
||||||
"Email": "Email",
|
"Email": "Email",
|
||||||
|
"Enable SSL": "Enable SSL",
|
||||||
|
"Enable SSL - Tooltip": "Enable SSL - Tooltip",
|
||||||
"Group Id": "Group Id",
|
"Group Id": "Group Id",
|
||||||
"ID": "ID",
|
"ID": "ID",
|
||||||
"Last Sync": "Last Sync",
|
"Last Sync": "Last Sync",
|
||||||
|
|||||||
@ -288,6 +288,8 @@
|
|||||||
"CN": "CN",
|
"CN": "CN",
|
||||||
"Edit LDAP": "编辑LDAP",
|
"Edit LDAP": "编辑LDAP",
|
||||||
"Email": "电子邮件",
|
"Email": "电子邮件",
|
||||||
|
"Enable SSL": "启用 SSL",
|
||||||
|
"Enable SSL - Tooltip": "启用 SSL",
|
||||||
"Group Id": "组ID",
|
"Group Id": "组ID",
|
||||||
"ID": "ID",
|
"ID": "ID",
|
||||||
"Last Sync": "最近同步",
|
"Last Sync": "最近同步",
|
||||||
|
|||||||
Reference in New Issue
Block a user