#1637 able to skip verify for LDAP

models/login.go

@@ -55,15 +55,15 @@ var (
 )
 
 type LDAPConfig struct {
-	ldap.Ldapsource
+	*ldap.Source
 }
 
 func (cfg *LDAPConfig) FromDB(bs []byte) error {
-	return json.Unmarshal(bs, &cfg.Ldapsource)
+	return json.Unmarshal(bs, &cfg)
 }
 
 func (cfg *LDAPConfig) ToDB() ([]byte, error) {
-	return json.Marshal(cfg.Ldapsource)
+	return json.Marshal(cfg)
 }
 
 type SMTPConfig struct {
@@ -152,6 +152,17 @@ func (source *LoginSource) UseTLS() bool {
 	return false
 }
 
+func (source *LoginSource) SkipVerify() bool {
+	switch source.Type {
+	case LDAP, DLDAP:
+		return source.LDAP().SkipVerify
+	case SMTP:
+		return source.SMTP().SkipVerify
+	}
+
+	return false
+}
+
 func (source *LoginSource) LDAP() *LDAPConfig {
 	return source.Cfg.(*LDAPConfig)
 }
@@ -221,7 +232,7 @@ func DeleteSource(source *LoginSource) error {
 func LoginUserLDAPSource(u *User, name, passwd string, source *LoginSource, autoRegister bool) (*User, error) {
 	cfg := source.Cfg.(*LDAPConfig)
 	directBind := (source.Type == DLDAP)
-	fn, sn, mail, admin, logged := cfg.Ldapsource.SearchEntry(name, passwd, directBind)
+	fn, sn, mail, admin, logged := cfg.SearchEntry(name, passwd, directBind)
 	if !logged {
 		// User not in LDAP, do nothing
 		return nil, ErrUserNotExist{0, name}

modules/auth/ldap/ldap.go

@@ -7,6 +7,7 @@
 package ldap
 
 import (
+	"crypto/tls"
 	"fmt"
 
 	"github.com/gogits/gogs/modules/ldap"
@@ -14,11 +15,12 @@ import (
 )
 
 // Basic LDAP authentication service
-type Ldapsource struct {
+type Source struct {
 	Name             string // canonical name (ie. corporate.ad)
 	Host             string // LDAP host
 	Port             int    // port number
 	UseSSL           bool   // Use SSL
+	SkipVerify       bool
 	BindDN           string // DN to bind with
 	BindPassword     string // Bind DN password
 	UserBase         string // Base search path for users
@@ -31,7 +33,7 @@ type Ldapsource struct {
 	Enabled          bool   // if this source is disabled
 }
 
-func (ls Ldapsource) FindUserDN(name string) (string, bool) {
+func (ls *Source) FindUserDN(name string) (string, bool) {
 	l, err := ldapDial(ls)
 	if err != nil {
 		log.Error(4, "LDAP Connect error, %s:%v", ls.Host, err)
@@ -79,7 +81,7 @@ func (ls Ldapsource) FindUserDN(name string) (string, bool) {
 }
 
 // searchEntry : search an LDAP source if an entry (name, passwd) is valid and in the specific filter
-func (ls Ldapsource) SearchEntry(name, passwd string, directBind bool) (string, string, string, bool, bool) {
+func (ls *Source) SearchEntry(name, passwd string, directBind bool) (string, string, string, bool, bool) {
 	var userDN string
 	if directBind {
 		log.Trace("LDAP will bind directly via UserDN: %s", ls.UserDN)
@@ -154,10 +156,12 @@ func (ls Ldapsource) SearchEntry(name, passwd string, directBind bool) (string,
 	return name_attr, sn_attr, mail_attr, admin_attr, true
 }
 
-func ldapDial(ls Ldapsource) (*ldap.Conn, error) {
+func ldapDial(ls *Source) (*ldap.Conn, error) {
 	if ls.UseSSL {
-		log.Debug("Using TLS for LDAP")
-		return ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), nil)
+		log.Debug("Using TLS for LDAP without verifying: %v", ls.SkipVerify)
+		return ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), &tls.Config{
+			InsecureSkipVerify: ls.SkipVerify,
+		})
 	} else {
 		return ldap.Dial("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port))
 	}

routers/admin/auths.go

@@ -67,11 +67,12 @@ func NewAuthSource(ctx *middleware.Context) {
 
 func parseLDAPConfig(form auth.AuthenticationForm) *models.LDAPConfig {
 	return &models.LDAPConfig{
-		Ldapsource: ldap.Ldapsource{
+		Source: &ldap.Source{
 			Name:             form.Name,
 			Host:             form.Host,
 			Port:             form.Port,
 			UseSSL:           form.TLS,
+			SkipVerify:       form.SkipVerify,
 			BindDN:           form.BindDN,
 			UserDN:           form.UserDN,
 			BindPassword:     form.BindPassword,

templates/admin/auth/edit.tmpl

@@ -123,14 +123,12 @@
                 <input name="tls" type="checkbox" {{if .Source.UseTLS}}checked{{end}}>
               </div>
             </div>
-            {{if .Source.IsSMTP}}
-            <div class="inline field">
+            <div class="inline field {{if not (or (or .Source.IsLDAP .Source.IsDLDAP) .Source.IsSMTP)}}hide{{end}}">
               <div class="ui checkbox">
                 <label><strong>{{.i18n.Tr "admin.auths.skip_tls_verify"}}</strong></label>
-                <input name="skip_verify" type="checkbox" {{if .Source.SMTP.SkipVerify}}checked{{end}}>
+                <input name="skip_verify" type="checkbox" {{if .Source.SkipVerify}}checked{{end}}>
               </div>
             </div>
-            {{end}}
             <div class="inline field">
               <div class="ui checkbox">
                 <label><strong>{{.i18n.Tr "admin.auths.activated"}}</strong></label>

templates/admin/auth/new.tmpl

@@ -122,7 +122,7 @@
                 <input name="tls" type="checkbox" {{if .tls}}checked{{end}}>
               </div>
             </div>
-            <div class="smtp inline field {{if not (eq .type 3)}}hide{{end}}">
+            <div class="ldap dldap smtp inline field {{if not (or (or (eq .type 2) (eq .type 5)) (eq .type 3))}}hide{{end}}">
               <div class="ui checkbox">
                 <label><strong>{{.i18n.Tr "admin.auths.skip_tls_verify"}}</strong></label>
                 <input name="skip_verify" type="checkbox" {{if .skip_verify}}checked{{end}}>