Merge pull request #192 from DerDackel/ldapssl
Add LDAP over SSL support
This commit is contained in:
commit
7869cfccb9
8 changed files with 104 additions and 6 deletions
26
conf/etc/supervisord.conf
Normal file
26
conf/etc/supervisord.conf
Normal file
|
@ -0,0 +1,26 @@
|
||||||
|
[unix_http_server]
|
||||||
|
file=/tmp/supervisor.sock ; path to your socket file
|
||||||
|
|
||||||
|
[supervisord]
|
||||||
|
logfile=log/supervisord.log ; supervisord log file
|
||||||
|
logfile_maxbytes=50MB ; maximum size of logfile before rotation
|
||||||
|
logfile_backups=10 ; number of backed up logfiles
|
||||||
|
loglevel=warn ; info, debug, warn, trace
|
||||||
|
pidfile=/tmp/supervisord.pid ; pidfile location
|
||||||
|
nodaemon=false ; run supervisord as a daemon
|
||||||
|
minfds=1024 ; number of startup file descriptors
|
||||||
|
minprocs=200 ; number of process descriptors
|
||||||
|
user=root ; default user
|
||||||
|
childlogdir=log
|
||||||
|
|
||||||
|
[rpcinterface:supervisor]
|
||||||
|
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
|
||||||
|
|
||||||
|
[supervisorctl]
|
||||||
|
serverurl=unix:///tmp/supervisor.sock ; use a unix:// URL for a unix socket
|
||||||
|
|
||||||
|
[program:gogs]
|
||||||
|
command = /root/Developer/gopath/src/github.com/gogits/gogs/start.sh ; here must be the real url, not ~ or $GOROOT like
|
||||||
|
autostart = true
|
||||||
|
stdout_logfile = log/supervisor-gogs-stderr.log
|
||||||
|
stderr_logfile = log/supervisor-gogs-error.log
|
42
gogs_supervisord.sh
Executable file
42
gogs_supervisord.sh
Executable file
|
@ -0,0 +1,42 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
echo 'plase remember to modify the command path in etc/conf/supervisord.conf(line 23)'
|
||||||
|
|
||||||
|
PID="/tmp/supervisord.pid"
|
||||||
|
CONF="conf/etc/supervisord.conf"
|
||||||
|
|
||||||
|
LOGDIR="log"
|
||||||
|
if [ ! -d $LOGDIR ]; then
|
||||||
|
mkdir $LOGDIR
|
||||||
|
fi
|
||||||
|
|
||||||
|
stop() {
|
||||||
|
if [ -f $PID ]; then
|
||||||
|
kill `cat -- $PID`
|
||||||
|
rm -f -- $PID
|
||||||
|
echo "stopped"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
start() {
|
||||||
|
echo "starting"
|
||||||
|
if [ ! -f $PID ]; then
|
||||||
|
supervisord -c $CONF
|
||||||
|
echo "started"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
case "$1" in
|
||||||
|
start)
|
||||||
|
start
|
||||||
|
;;
|
||||||
|
stop)
|
||||||
|
stop
|
||||||
|
;;
|
||||||
|
restart)
|
||||||
|
stop
|
||||||
|
start
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "Usage: $0 {start|stop|restart}"
|
||||||
|
esac
|
|
@ -21,6 +21,7 @@ type AuthenticationForm struct {
|
||||||
Domain string `form:"domain"`
|
Domain string `form:"domain"`
|
||||||
Host string `form:"host"`
|
Host string `form:"host"`
|
||||||
Port int `form:"port"`
|
Port int `form:"port"`
|
||||||
|
UseSSL bool `form:"usessl"`
|
||||||
BaseDN string `form:"base_dn"`
|
BaseDN string `form:"base_dn"`
|
||||||
Attributes string `form:"attributes"`
|
Attributes string `form:"attributes"`
|
||||||
Filter string `form:"filter"`
|
Filter string `form:"filter"`
|
||||||
|
@ -39,6 +40,7 @@ func (f *AuthenticationForm) Name(field string) string {
|
||||||
"Domain": "Domain name",
|
"Domain": "Domain name",
|
||||||
"Host": "Host address",
|
"Host": "Host address",
|
||||||
"Port": "Port Number",
|
"Port": "Port Number",
|
||||||
|
"UseSSL": "Use SSL",
|
||||||
"BaseDN": "Base DN",
|
"BaseDN": "Base DN",
|
||||||
"Attributes": "Search attributes",
|
"Attributes": "Search attributes",
|
||||||
"Filter": "Search filter",
|
"Filter": "Search filter",
|
||||||
|
|
|
@ -18,6 +18,7 @@ type Ldapsource struct {
|
||||||
Name string // canonical name (ie. corporate.ad)
|
Name string // canonical name (ie. corporate.ad)
|
||||||
Host string // LDAP host
|
Host string // LDAP host
|
||||||
Port int // port number
|
Port int // port number
|
||||||
|
UseSSL bool // Use SSL
|
||||||
BaseDN string // Base DN
|
BaseDN string // Base DN
|
||||||
Attributes string // Attribut to search
|
Attributes string // Attribut to search
|
||||||
Filter string // Query filter to validate entry
|
Filter string // Query filter to validate entry
|
||||||
|
@ -31,8 +32,8 @@ var (
|
||||||
)
|
)
|
||||||
|
|
||||||
// Add a new source (LDAP directory) to the global pool
|
// Add a new source (LDAP directory) to the global pool
|
||||||
func AddSource(name string, host string, port int, basedn string, attributes string, filter string, msadsaformat string) {
|
func AddSource(name string, host string, port int, usessl bool, basedn string, attributes string, filter string, msadsaformat string) {
|
||||||
ldaphost := Ldapsource{name, host, port, basedn, attributes, filter, msadsaformat, true}
|
ldaphost := Ldapsource{name, host, port, usessl, basedn, attributes, filter, msadsaformat, true}
|
||||||
Authensource = append(Authensource, ldaphost)
|
Authensource = append(Authensource, ldaphost)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -52,7 +53,8 @@ func LoginUser(name, passwd string) (a string, r bool) {
|
||||||
|
|
||||||
// searchEntry : search an LDAP source if an entry (name, passwd) is valide and in the specific filter
|
// searchEntry : search an LDAP source if an entry (name, passwd) is valide and in the specific filter
|
||||||
func (ls Ldapsource) SearchEntry(name, passwd string) (string, bool) {
|
func (ls Ldapsource) SearchEntry(name, passwd string) (string, bool) {
|
||||||
l, err := goldap.Dial("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port))
|
l, err := ldapDial(ls)
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Debug("LDAP Connect error, disabled source %s", ls.Host)
|
log.Debug("LDAP Connect error, disabled source %s", ls.Host)
|
||||||
ls.Enabled = false
|
ls.Enabled = false
|
||||||
|
@ -85,3 +87,11 @@ func (ls Ldapsource) SearchEntry(name, passwd string) (string, bool) {
|
||||||
}
|
}
|
||||||
return "", true
|
return "", true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func ldapDial(ls Ldapsource) (*goldap.Conn, error) {
|
||||||
|
if ls.UseSSL {
|
||||||
|
return goldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), nil)
|
||||||
|
} else {
|
||||||
|
return goldap.Dial("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
@ -200,11 +200,12 @@ func newLdapService() {
|
||||||
ldapname := Cfg.MustValue(v, "name", v)
|
ldapname := Cfg.MustValue(v, "name", v)
|
||||||
ldaphost := Cfg.MustValue(v, "host")
|
ldaphost := Cfg.MustValue(v, "host")
|
||||||
ldapport := Cfg.MustInt(v, "port", 389)
|
ldapport := Cfg.MustInt(v, "port", 389)
|
||||||
|
ldapusessl := Cfg.MustBool(v, "usessl", false)
|
||||||
ldapbasedn := Cfg.MustValue(v, "basedn", "dc=*,dc=*")
|
ldapbasedn := Cfg.MustValue(v, "basedn", "dc=*,dc=*")
|
||||||
ldapattribute := Cfg.MustValue(v, "attribute", "mail")
|
ldapattribute := Cfg.MustValue(v, "attribute", "mail")
|
||||||
ldapfilter := Cfg.MustValue(v, "filter", "(*)")
|
ldapfilter := Cfg.MustValue(v, "filter", "(*)")
|
||||||
ldapmsadsaformat := Cfg.MustValue(v, "MSADSAFORMAT", "%s")
|
ldapmsadsaformat := Cfg.MustValue(v, "MSADSAFORMAT", "%s")
|
||||||
ldap.AddSource(ldapname, ldaphost, ldapport, ldapbasedn, ldapattribute, ldapfilter, ldapmsadsaformat)
|
ldap.AddSource(ldapname, ldaphost, ldapport, ldapusessl, ldapbasedn, ldapattribute, ldapfilter, ldapmsadsaformat)
|
||||||
nbsrc++
|
nbsrc++
|
||||||
log.Debug("%s added as LDAP source", ldapname)
|
log.Debug("%s added as LDAP source", ldapname)
|
||||||
}
|
}
|
||||||
|
|
|
@ -44,6 +44,7 @@ func NewAuthSourcePost(ctx *middleware.Context, form auth.AuthenticationForm) {
|
||||||
Ldapsource: ldap.Ldapsource{
|
Ldapsource: ldap.Ldapsource{
|
||||||
Host: form.Host,
|
Host: form.Host,
|
||||||
Port: form.Port,
|
Port: form.Port,
|
||||||
|
UseSSL: form.UseSSL,
|
||||||
BaseDN: form.BaseDN,
|
BaseDN: form.BaseDN,
|
||||||
Attributes: form.Attributes,
|
Attributes: form.Attributes,
|
||||||
Filter: form.Filter,
|
Filter: form.Filter,
|
||||||
|
@ -121,6 +122,7 @@ func EditAuthSourcePost(ctx *middleware.Context, form auth.AuthenticationForm) {
|
||||||
Ldapsource: ldap.Ldapsource{
|
Ldapsource: ldap.Ldapsource{
|
||||||
Host: form.Host,
|
Host: form.Host,
|
||||||
Port: form.Port,
|
Port: form.Port,
|
||||||
|
UseSSL: form.UseSSL,
|
||||||
BaseDN: form.BaseDN,
|
BaseDN: form.BaseDN,
|
||||||
Attributes: form.Attributes,
|
Attributes: form.Attributes,
|
||||||
Filter: form.Filter,
|
Filter: form.Filter,
|
||||||
|
|
|
@ -53,6 +53,14 @@
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
<div class="form-group {{if .Err_UseSSL}}has-error has-feedback{{end}}">
|
||||||
|
<label class="col-md-3 control-label">Use SSL: </label>
|
||||||
|
<div class="col-md-7">
|
||||||
|
<input name="usessl" class="form-control" type="checkbox" {{if .Source.LDAP.UseSSL}}checked{{end}}>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
|
||||||
<div class="form-group {{if .Err_BaseDN}}has-error has-feedback{{end}}">
|
<div class="form-group {{if .Err_BaseDN}}has-error has-feedback{{end}}">
|
||||||
<label class="col-md-3 control-label">Base DN: </label>
|
<label class="col-md-3 control-label">Base DN: </label>
|
||||||
<div class="col-md-7">
|
<div class="col-md-7">
|
||||||
|
|
|
@ -51,6 +51,13 @@
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
<div class="form-group {{if .Err_UseSSL}}has-error has-feedback{{end}}">
|
||||||
|
<label class="col-md-3 control-label">Use SSL: </label>
|
||||||
|
<div class="col-md-7">
|
||||||
|
<input name="usessl" class="form-control" type="checkbox" {{if .usessl}}checked{{end}}>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
<div class="form-group {{if .Err_BaseDN}}has-error has-feedback{{end}}">
|
<div class="form-group {{if .Err_BaseDN}}has-error has-feedback{{end}}">
|
||||||
<label class="col-md-3 control-label">Base DN: </label>
|
<label class="col-md-3 control-label">Base DN: </label>
|
||||||
<div class="col-md-7">
|
<div class="col-md-7">
|
||||||
|
|
Loading…
Reference in a new issue