llvy.ltd/casdoor
1
0
Fork 0
mirror of https://github.com/casdoor/casdoor.git synced 2025-05-23 02:35:49 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: support LDAPS protocol (#3390)

Browse Source 
* feat: support ldaps

* fix: unencrypted port 389 not work after enable SSL
fix: remove useless conf and set ldapsCertId to empty
fix: return and log getTLSconfig error

* fix: remove unused setting

* fix: check nil condition

* fix: not log fail when certId is empty
This commit is contained in:
DacongDA 2024-12-07 21:26:07 +08:00 committed by GitHub
parent 922b19c64b
commit 58e1c28f7c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 55 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
conf/app.conf
View File

@ -25,6 +25,8 @@ enableErrorMask = false
enableGzip = true enableGzip = true
inactiveTimeoutMinutes = inactiveTimeoutMinutes =
ldapServerPort = 389 ldapServerPort = 389
ldapsCertId = ""
ldapsServerPort = 636
radiusServerPort = 1812 radiusServerPort = 1812
radiusSecret = "secret" radiusSecret = "secret"
quota = {"organization": -1, "user": -1, "application": -1, "provider": -1} quota = {"organization": -1, "user": -1, "application": -1, "provider": -1}

58
ldap/server.go
View File

@ -15,6 +15,7 @@
package ldap package ldap
import ( import (
"crypto/tls"
"fmt" "fmt"
"hash/fnv" "hash/fnv"
"log" "log"
@ -27,21 +28,68 @@ import (
func StartLdapServer() { func StartLdapServer() {
ldapServerPort := conf.GetConfigString("ldapServerPort") ldapServerPort := conf.GetConfigString("ldapServerPort")
if ldapServerPort == "" || ldapServerPort == "0" { ldapsServerPort := conf.GetConfigString("ldapsServerPort")
return
}
server := ldap.NewServer() server := ldap.NewServer()
serverSsl := ldap.NewServer()
routes := ldap.NewRouteMux() routes := ldap.NewRouteMux()
routes.Bind(handleBind) routes.Bind(handleBind)
routes.Search(handleSearch).Label(" SEARCH****") routes.Search(handleSearch).Label(" SEARCH****")
server.Handle(routes) server.Handle(routes)
err := server.ListenAndServe("0.0.0.0:" + ldapServerPort) serverSsl.Handle(routes)
go func() {
if ldapServerPort == "" || ldapServerPort == "0" {
return
}
err := server.ListenAndServe("0.0.0.0:" + ldapServerPort)
if err != nil {
log.Printf("StartLdapServer() failed, err = %s", err.Error())
}
}()
go func() {
if ldapsServerPort == "" || ldapsServerPort == "0" {
return
}
ldapsCertId := conf.GetConfigString("ldapsCertId")
if ldapsCertId == "" {
return
}
config, err := getTLSconfig(ldapsCertId)
if err != nil {
log.Printf("StartLdapsServer() failed, err = %s", err.Error())
return
}
secureConn := func(s *ldap.Server) {
s.Listener = tls.NewListener(s.Listener, config)
}
err = serverSsl.ListenAndServe("0.0.0.0:"+ldapsServerPort, secureConn)
if err != nil {
log.Printf("StartLdapsServer() failed, err = %s", err.Error())
}
}()
}
func getTLSconfig(ldapsCertId string) (*tls.Config, error) {
rawCert, err := object.GetCert(ldapsCertId)
if err != nil { if err != nil {
log.Printf("StartLdapServer() failed, err = %s", err.Error()) return nil, err
} }
if rawCert == nil {
return nil, fmt.Errorf("cert is empty")
}
cert, err := tls.X509KeyPair([]byte(rawCert.Certificate), []byte(rawCert.PrivateKey))
if err != nil {
return &tls.Config{}, err
}
return &tls.Config{
MinVersion: tls.VersionTLS10,
MaxVersion: tls.VersionTLS13,
Certificates: []tls.Certificate{cert},
}, nil
} }
func handleBind(w ldap.ResponseWriter, m *ldap.Message) { func handleBind(w ldap.ResponseWriter, m *ldap.Message) {