feat(ldap): added config options for ssl skip verify, and ssl server name, #1450

This commit is contained in:
Torkel Ödegaard 2015-07-16 11:57:59 +02:00
parent a065f93777
commit 9afdea8d2a
4 changed files with 22 additions and 7 deletions

View File

@ -8,6 +8,10 @@ host = "127.0.0.1"
port = 389
# Set to true if ldap server supports TLS
use_ssl = false
# set to true if you want to skip ssl cert validation
ssl_skip_verify = false
# if cert validation is enabled, provide ldap cert server name
ssl_server_name = ""
# Search user bind dn
bind_dn = "cn=admin,dc=grafana,dc=org"

View File

@ -27,6 +27,10 @@ host = "127.0.0.1"
port = 389
# Set to true if ldap server supports TLS
use_ssl = false
# set to true if you want to skip ssl cert validation
ssl_skip_verify = false
# if cert validation is enabled, provide ldap cert server name
ssl_server_name = ""
# Search user bind dn
bind_dn = "cn=admin,dc=grafana,dc=org"

View File

@ -1,6 +1,7 @@
package login
import (
"crypto/tls"
"errors"
"fmt"
"strings"
@ -25,7 +26,11 @@ func (a *ldapAuther) Dial() error {
address := fmt.Sprintf("%s:%d", a.server.Host, a.server.Port)
var err error
if a.server.UseSSL {
a.conn, err = ldap.DialTLS("tcp", address, nil)
tlsCfg := &tls.Config{
InsecureSkipVerify: a.server.SkipVerifySSL,
ServerName: a.server.CertServerName,
}
a.conn, err = ldap.DialTLS("tcp", address, tlsCfg)
} else {
a.conn, err = ldap.Dial("tcp", address)
}

View File

@ -16,6 +16,8 @@ type LdapServerConf struct {
Host string `toml:"host"`
Port int `toml:"port"`
UseSSL bool `toml:"use_ssl"`
SkipVerifySSL bool `toml:"ssl_skip_verify"`
CertServerName string `toml:"ssl_server_name"`
BindDN string `toml:"bind_dn"`
BindPassword string `toml:"bind_password"`
Attr LdapAttributeMap `toml:"attributes"`