|
|
@ -7,6 +7,7 @@ |
|
|
|
package ldap |
|
|
|
|
|
|
|
import ( |
|
|
|
"crypto/tls" |
|
|
|
"fmt" |
|
|
|
|
|
|
|
"github.com/gogits/gogs/modules/ldap" |
|
|
@ -14,11 +15,12 @@ import ( |
|
|
|
) |
|
|
|
|
|
|
|
// Basic LDAP authentication service
|
|
|
|
type Ldapsource struct { |
|
|
|
type Source struct { |
|
|
|
Name string // canonical name (ie. corporate.ad)
|
|
|
|
Host string // LDAP host
|
|
|
|
Port int // port number
|
|
|
|
UseSSL bool // Use SSL
|
|
|
|
SkipVerify bool |
|
|
|
BindDN string // DN to bind with
|
|
|
|
BindPassword string // Bind DN password
|
|
|
|
UserBase string // Base search path for users
|
|
|
@ -31,7 +33,7 @@ type Ldapsource struct { |
|
|
|
Enabled bool // if this source is disabled
|
|
|
|
} |
|
|
|
|
|
|
|
func (ls Ldapsource) FindUserDN(name string) (string, bool) { |
|
|
|
func (ls *Source) FindUserDN(name string) (string, bool) { |
|
|
|
l, err := ldapDial(ls) |
|
|
|
if err != nil { |
|
|
|
log.Error(4, "LDAP Connect error, %s:%v", ls.Host, err) |
|
|
@ -79,7 +81,7 @@ func (ls Ldapsource) FindUserDN(name string) (string, bool) { |
|
|
|
} |
|
|
|
|
|
|
|
// searchEntry : search an LDAP source if an entry (name, passwd) is valid and in the specific filter
|
|
|
|
func (ls Ldapsource) SearchEntry(name, passwd string, directBind bool) (string, string, string, bool, bool) { |
|
|
|
func (ls *Source) SearchEntry(name, passwd string, directBind bool) (string, string, string, bool, bool) { |
|
|
|
var userDN string |
|
|
|
if directBind { |
|
|
|
log.Trace("LDAP will bind directly via UserDN: %s", ls.UserDN) |
|
|
@ -154,10 +156,12 @@ func (ls Ldapsource) SearchEntry(name, passwd string, directBind bool) (string, |
|
|
|
return name_attr, sn_attr, mail_attr, admin_attr, true |
|
|
|
} |
|
|
|
|
|
|
|
func ldapDial(ls Ldapsource) (*ldap.Conn, error) { |
|
|
|
func ldapDial(ls *Source) (*ldap.Conn, error) { |
|
|
|
if ls.UseSSL { |
|
|
|
log.Debug("Using TLS for LDAP") |
|
|
|
return ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), nil) |
|
|
|
log.Debug("Using TLS for LDAP without verifying: %v", ls.SkipVerify) |
|
|
|
return ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), &tls.Config{ |
|
|
|
InsecureSkipVerify: ls.SkipVerify, |
|
|
|
}) |
|
|
|
} else { |
|
|
|
return ldap.Dial("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port)) |
|
|
|
} |
|
|
|