diff --git a/object/ldap.go b/object/ldap.go
index 85376c42..4197350b 100644
--- a/object/ldap.go
+++ b/object/ldap.go
@@ -23,17 +23,18 @@ type Ldap struct {
Owner string `xorm:"varchar(100)" json:"owner"`
CreatedTime string `xorm:"varchar(100)" json:"createdTime"`
- ServerName string `xorm:"varchar(100)" json:"serverName"`
- Host string `xorm:"varchar(100)" json:"host"`
- Port int `xorm:"int" json:"port"`
- EnableSsl bool `xorm:"bool" json:"enableSsl"`
- Username string `xorm:"varchar(100)" json:"username"`
- Password string `xorm:"varchar(100)" json:"password"`
- BaseDn string `xorm:"varchar(100)" json:"baseDn"`
- Filter string `xorm:"varchar(200)" json:"filter"`
- FilterFields []string `xorm:"varchar(100)" json:"filterFields"`
- DefaultGroup string `xorm:"varchar(100)" json:"defaultGroup"`
- PasswordType string `xorm:"varchar(100)" json:"passwordType"`
+ ServerName string `xorm:"varchar(100)" json:"serverName"`
+ Host string `xorm:"varchar(100)" json:"host"`
+ Port int `xorm:"int" json:"port"`
+ EnableSsl bool `xorm:"bool" json:"enableSsl"`
+ AllowSelfSignedCert bool `xorm:"bool" json:"allowSelfSignedCert"`
+ Username string `xorm:"varchar(100)" json:"username"`
+ Password string `xorm:"varchar(100)" json:"password"`
+ BaseDn string `xorm:"varchar(100)" json:"baseDn"`
+ Filter string `xorm:"varchar(200)" json:"filter"`
+ FilterFields []string `xorm:"varchar(100)" json:"filterFields"`
+ DefaultGroup string `xorm:"varchar(100)" json:"defaultGroup"`
+ PasswordType string `xorm:"varchar(100)" json:"passwordType"`
AutoSync int `json:"autoSync"`
LastSync string `xorm:"varchar(100)" json:"lastSync"`
@@ -150,7 +151,7 @@ func UpdateLdap(ldap *Ldap) (bool, error) {
}
affected, err := ormer.Engine.ID(ldap.Id).Cols("owner", "server_name", "host",
- "port", "enable_ssl", "username", "password", "base_dn", "filter", "filter_fields", "auto_sync", "default_group", "password_type").Update(ldap)
+ "port", "enable_ssl", "username", "password", "base_dn", "filter", "filter_fields", "auto_sync", "default_group", "password_type", "allow_self_signed_cert").Update(ldap)
if err != nil {
return false, nil
}
diff --git a/object/ldap_conn.go b/object/ldap_conn.go
index 352132c7..c43338d3 100644
--- a/object/ldap_conn.go
+++ b/object/ldap_conn.go
@@ -16,6 +16,7 @@ package object
import (
"crypto/md5"
+ "crypto/tls"
"encoding/base64"
"errors"
"fmt"
@@ -64,8 +65,11 @@ type LdapUser struct {
func (ldap *Ldap) GetLdapConn() (c *LdapConn, err error) {
var conn *goldap.Conn
+ tlsConfig := tls.Config{
+ InsecureSkipVerify: ldap.AllowSelfSignedCert,
+ }
if ldap.EnableSsl {
- conn, err = goldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ldap.Host, ldap.Port), nil)
+ conn, err = goldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ldap.Host, ldap.Port), &tlsConfig)
} else {
conn, err = goldap.Dial("tcp", fmt.Sprintf("%s:%d", ldap.Host, ldap.Port))
}
diff --git a/web/src/LdapEditPage.js b/web/src/LdapEditPage.js
index 7bd289d0..fa4131c1 100644
--- a/web/src/LdapEditPage.js
+++ b/web/src/LdapEditPage.js
@@ -170,6 +170,16 @@ class LdapEditPage extends React.Component {
}} />
+
+
+ {Setting.getLabel(i18next.t("ldap:Allow self-signed certificate"), i18next.t("ldap:Allow self-signed certificate - Tooltip"))} :
+
+
+ {
+ this.updateLdapField("allowSelfSignedCert", checked);
+ }} />
+
+
{Setting.getLabel(i18next.t("ldap:Base DN"), i18next.t("ldap:Base DN - Tooltip"))} :