feat: support LDAP with SSL/TLS enabled (#1655)

2025-07-03 12:30:19 +08:00 · 2023-03-15 11:12:31 +08:00
parent a8a8f39963
commit 295a69c5f7
15 changed files with 46 additions and 8 deletions
--- a/controllers/ldap.go
+++ b/controllers/ldap.go
@ -46,7 +46,7 @@ func (c *ApiController) GetLdapUsers() {
 	_, ldapId := util.GetOwnerAndNameFromId(id)
 	ldapServer := object.GetLdap(ldapId)

-	conn, err := object.GetLdapConn(ldapServer.Host, ldapServer.Port, ldapServer.Admin, ldapServer.Passwd)
+	conn, err := ldapServer.GetLdapConn()
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
--- a/i18n/generate_test.go
+++ b/i18n/generate_test.go
@ -12,6 +12,9 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.

+//go:build !skipCi
+// +build !skipCi
+
 package i18n

 import (
--- a/object/check.go
+++ b/object/check.go
@ -196,7 +196,7 @@ func checkLdapUserPassword(user *User, password string, lang string) (*User, str
 	ldaps := GetLdaps(user.Owner)
 	ldapLoginSuccess := false
 	for _, ldapServer := range ldaps {
-		conn, err := GetLdapConn(ldapServer.Host, ldapServer.Port, ldapServer.Admin, ldapServer.Passwd)
+		conn, err := ldapServer.GetLdapConn()
 		if err != nil {
 			continue
 		}
--- a/object/ldap.go
+++ b/object/ldap.go
@ -33,6 +33,7 @@ type Ldap struct {
 	ServerName string `xorm:"varchar(100)" json:"serverName"`
 	Host       string `xorm:"varchar(100)" json:"host"`
 	Port       int    `json:"port"`
+	EnableSsl  bool   `xorm:"bool" json:"enableSsl"`
 	Admin      string `xorm:"varchar(100)" json:"admin"`
 	Passwd     string `xorm:"varchar(100)" json:"passwd"`
 	BaseDn     string `xorm:"varchar(100)" json:"baseDn"`
@ -152,13 +153,19 @@ func isMicrosoftAD(Conn *goldap.Conn) (bool, error) {
 	return isMicrosoft, err
 }

-func GetLdapConn(host string, port int, adminUser string, adminPasswd string) (*ldapConn, error) {
-	conn, err := goldap.Dial("tcp", fmt.Sprintf("%s:%d", host, port))
+func (ldap *Ldap) GetLdapConn() (c *ldapConn, err error) {
+	var conn *goldap.Conn
+	if ldap.EnableSsl {
+		conn, err = goldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ldap.Host, ldap.Port), nil)
+	} else {
+		conn, err = goldap.Dial("tcp", fmt.Sprintf("%s:%d", ldap.Host, ldap.Port))
+	}
+
 	if err != nil {
 		return nil, err
 	}

-	err = conn.Bind(adminUser, adminPasswd)
+	err = conn.Bind(ldap.Admin, ldap.Passwd)
 	if err != nil {
 		return nil, err
 	}
@ -352,7 +359,7 @@ func UpdateLdap(ldap *Ldap) bool {
 	}

 	affected, err := adapter.Engine.ID(ldap.Id).Cols("owner", "server_name", "host",
-		"port", "admin", "passwd", "base_dn", "auto_sync").Update(ldap)
+		"port", "enable_ssl", "admin", "passwd", "base_dn", "auto_sync").Update(ldap)
 	if err != nil {
 		panic(err)
 	}
--- a/object/ldap_autosync.go
+++ b/object/ldap_autosync.go
@ -76,7 +76,7 @@ func (l *LdapAutoSynchronizer) syncRoutine(ldap *Ldap, stopChan chan struct{}) {

 		UpdateLdapSyncTime(ldap.Id)
 		// fetch all users
-		conn, err := GetLdapConn(ldap.Host, ldap.Port, ldap.Admin, ldap.Passwd)
+		conn, err := ldap.GetLdapConn()
 		if err != nil {
 			logs.Warning(fmt.Sprintf("autoSync failed for %s, error %s", ldap.Id, err))
 			continue
--- a/web/src/LdapEditPage.js
+++ b/web/src/LdapEditPage.js
@ -13,7 +13,7 @@
 // limitations under the License.

 import React from "react";
-import {Button, Card, Col, Input, InputNumber, Row, Select} from "antd";
+import {Button, Card, Col, Input, InputNumber, Row, Select, Switch} from "antd";
 import {EyeInvisibleOutlined, EyeTwoTone} from "@ant-design/icons";
 import * as LddpBackend from "./backend/LdapBackend";
 import * as OrganizationBackend from "./backend/OrganizationBackend";
@ -146,6 +146,16 @@ class LdapEditPage extends React.Component {
              }} />
          </Col>
        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{lineHeight: "32px", textAlign: "right", paddingRight: "25px"}} span={3}>
+            {Setting.getLabel(i18next.t("ldap:Enable SSL"), i18next.t("ldap:Enable SSL - Tooltip"))} :
+          </Col>
+          <Col span={21} >
+            <Switch checked={this.state.ldap.enableSsl} onChange={checked => {
+              this.updateLdapField("enableSsl", checked);
+            }} />
+          </Col>
+        </Row>
        <Row style={{marginTop: "20px"}}>
          <Col style={{lineHeight: "32px", textAlign: "right", paddingRight: "25px"}} span={3}>
            {Setting.getLabel(i18next.t("ldap:Base DN"), i18next.t("ldap:Base DN - Tooltip"))} :
--- a/web/src/locales/de/data.json
+++ b/web/src/locales/de/data.json
@ -288,6 +288,8 @@
    "CN": "KN",
    "Edit LDAP": "LDAP bearbeiten",
    "Email": "E-Mail",
+    "Enable SSL": "Enable SSL",
+    "Enable SSL - Tooltip": "Enable SSL - Tooltip",
    "Group Id": "Gruppen Id",
    "ID": "ID",
    "Last Sync": "Letzter Sync",
--- a/web/src/locales/en/data.json
+++ b/web/src/locales/en/data.json
@ -288,6 +288,8 @@
    "CN": "CN",
    "Edit LDAP": "Edit LDAP",
    "Email": "Email",
+    "Enable SSL": "Enable SSL",
+    "Enable SSL - Tooltip": "Enable SSL - Tooltip",
    "Group Id": "Group Id",
    "ID": "ID",
    "Last Sync": "Last Sync",
--- a/web/src/locales/es/data.json
+++ b/web/src/locales/es/data.json
@ -288,6 +288,8 @@
    "CN": "CN",
    "Edit LDAP": "Editar LDAP",
    "Email": "Email",
+    "Enable SSL": "Enable SSL",
+    "Enable SSL - Tooltip": "Enable SSL - Tooltip",
    "Group Id": "Group Id",
    "ID": "ID",
    "Last Sync": "Última Sincronización",
--- a/web/src/locales/fr/data.json
+++ b/web/src/locales/fr/data.json
@ -288,6 +288,8 @@
    "CN": "CN",
    "Edit LDAP": "Modifier LDAP",
    "Email": "Courriel",
+    "Enable SSL": "Enable SSL",
+    "Enable SSL - Tooltip": "Enable SSL - Tooltip",
    "Group Id": "Identifiant du groupe",
    "ID": "ID",
    "Last Sync": "Dernière synchronisation",
--- a/web/src/locales/ja/data.json
+++ b/web/src/locales/ja/data.json
@ -288,6 +288,8 @@
    "CN": "CN",
    "Edit LDAP": "LDAP を編集",
    "Email": "Eメールアドレス",
+    "Enable SSL": "Enable SSL",
+    "Enable SSL - Tooltip": "Enable SSL - Tooltip",
    "Group Id": "グループ ID",
    "ID": "ID",
    "Last Sync": "前回の同期",
--- a/web/src/locales/ko/data.json
+++ b/web/src/locales/ko/data.json
@ -288,6 +288,8 @@
    "CN": "CN",
    "Edit LDAP": "Edit LDAP",
    "Email": "Email",
+    "Enable SSL": "Enable SSL",
+    "Enable SSL - Tooltip": "Enable SSL - Tooltip",
    "Group Id": "Group Id",
    "ID": "ID",
    "Last Sync": "Last Sync",
--- a/web/src/locales/ru/data.json
+++ b/web/src/locales/ru/data.json
@ -288,6 +288,8 @@
    "CN": "КНР",
    "Edit LDAP": "Редактировать LDAP",
    "Email": "Почта",
+    "Enable SSL": "Enable SSL",
+    "Enable SSL - Tooltip": "Enable SSL - Tooltip",
    "Group Id": "ID группы",
    "ID": "ID",
    "Last Sync": "Последняя синхронизация",
--- a/web/src/locales/vi/data.json
+++ b/web/src/locales/vi/data.json
@ -288,6 +288,8 @@
    "CN": "CN",
    "Edit LDAP": "Edit LDAP",
    "Email": "Email",
+    "Enable SSL": "Enable SSL",
+    "Enable SSL - Tooltip": "Enable SSL - Tooltip",
    "Group Id": "Group Id",
    "ID": "ID",
    "Last Sync": "Last Sync",
--- a/web/src/locales/zh/data.json
+++ b/web/src/locales/zh/data.json
@ -288,6 +288,8 @@
    "CN": "CN",
    "Edit LDAP": "编辑LDAP",
    "Email": "电子邮件",
+    "Enable SSL": "启用 SSL",
+    "Enable SSL - Tooltip": "启用 SSL",
    "Group Id": "组ID",
    "ID": "ID",
    "Last Sync": "最近同步",