1
0
mirror of https://github.com/mailcow/mailcow-dockerized.git synced 2024-12-23 02:04:46 +02:00

[Web] allow SSL / TLS connections for LDAP

This commit is contained in:
FreddleSpl0it 2024-03-08 13:50:20 +01:00
parent e1c3ad9fe8
commit 2ba64e93f9
No known key found for this signature in database
GPG Key ID: 00E14E7634F4BEC5
3 changed files with 63 additions and 7 deletions

View File

@ -2120,10 +2120,19 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
$stmt->execute();
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
foreach($rows as $row){
if ($row["key"] == 'mappers' || $row["key"] == 'templates'){
$settings[$row["key"]] = json_decode($row["value"]);
} else {
$settings[$row["key"]] = $row["value"];
switch ($row["key"]) {
case "mappers":
case "templates":
$settings[$row["key"]] = json_decode($row["value"]);
break;
case "use_ssl":
case "use_tls":
case "ignore_ssl_errors":
$settings[$row["key"]] = boolval($row["value"]);
break;
default:
$settings[$row["key"]] = $row["value"];
break;
}
}
// return default client_scopes for generic-oidc if none is set
@ -2207,9 +2216,12 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
$_data['filter'] = (!empty($_data['filter'])) ? $_data['filter'] : "";
$_data['periodic_sync'] = isset($_data['periodic_sync']) ? intval($_data['periodic_sync']) : 0;
$_data['import_users'] = isset($_data['import_users']) ? intval($_data['import_users']) : 0;
$_data['use_ssl'] = isset($_data['use_ssl']) ? boolval($_data['use_ssl']) : false;
$_data['use_tls'] = isset($_data['use_tls']) && !$_data['use_ssl'] ? boolval($_data['use_tls']) : false;
$_data['ignore_ssl_error'] = isset($_data['ignore_ssl_error']) ? boolval($_data['ignore_ssl_error']) : false;
$_data['sync_interval'] = (!empty($_data['sync_interval'])) ? intval($_data['sync_interval']) : 15;
$_data['sync_interval'] = $_data['sync_interval'] < 1 ? 1 : $_data['sync_interval'];
$required_settings = array('authsource', 'host', 'port', 'basedn', 'username_field', 'filter', 'attribute_field', 'binddn', 'bindpass', 'periodic_sync', 'import_users', 'sync_interval');
$required_settings = array('authsource', 'host', 'port', 'basedn', 'username_field', 'filter', 'attribute_field', 'binddn', 'bindpass', 'periodic_sync', 'import_users', 'sync_interval', 'use_ssl', 'use_tls', 'ignore_ssl_error');
break;
}
@ -2306,12 +2318,22 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
!$_data['binddn'] || !$_data['bindpass']){
return false;
}
$_data['use_ssl'] = isset($_data['use_ssl']) ? boolval($_data['use_ssl']) : false;
$_data['use_tls'] = isset($_data['use_tls']) && !$_data['use_ssl'] ? boolval($_data['use_tls']) : false;
$_data['ignore_ssl_error'] = isset($_data['ignore_ssl_error']) ? boolval($_data['ignore_ssl_error']) : false;
$options = array();
if ($_data['ignore_ssl_error']) {
$options['LDAP_OPT_X_TLS_REQUIRE_CERT'] = "LDAP_OPT_X_TLS_NEVER";
}
$provider = new \LdapRecord\Connection([
'hosts' => [$_data['host']],
'port' => $_data['port'],
'base_dn' => $_data['basedn'],
'username' => $_data['binddn'],
'password' => $_data['bindpass']
'password' => $_data['bindpass'],
'use_ssl' => $_data['use_ssl'],
'use_tls' => $_data['use_tls'],
'options' => $options
]);
try {
$provider->connect();
@ -2395,12 +2417,19 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
case "ldap":
if ($iam_settings['host'] && $iam_settings['port'] && $iam_settings['basedn'] &&
$iam_settings['binddn'] && $iam_settings['bindpass']){
$options = array();
if ($iam_settings['ignore_ssl_error']) {
$options['LDAP_OPT_X_TLS_REQUIRE_CERT'] = "LDAP_OPT_X_TLS_NEVER";
}
$provider = new \LdapRecord\Connection([
'hosts' => [$iam_settings['host']],
'port' => $iam_settings['port'],
'base_dn' => $iam_settings['basedn'],
'username' => $iam_settings['binddn'],
'password' => $iam_settings['bindpass']
'password' => $iam_settings['bindpass'],
'use_ssl' => $iam_settings['use_ssl'],
'use_tls' => $iam_settings['use_tls'],
'options' => $options
]);
try {
$provider->connect();

View File

@ -240,7 +240,10 @@
"iam_userinfo_url": "User info endpoint",
"iam_username_field": "Username Field",
"iam_binddn": "Bind DN",
"iam_use_ssl": "Use SSL",
"iam_use_tls": "Use TLS",
"iam_version": "Version",
"ignore_ssl_error": "Ignore SSL Errors",
"import": "Import",
"import_private_key": "Import private key",
"in_use_by": "In use by",

View File

@ -302,6 +302,30 @@
<input type="number" class="form-control" id="iam_ldap_port" name="port" value="{{ iam_settings.port }}" required>
</div>
</div>
<div class="row mb-2">
<label class="control-label col-md-3 text-sm-end">{{ lang.admin.iam_use_ssl }}</label>
<div class="col-12 col-md-9">
<div class="form-check form-switch">
<input class="form-check-input" type="checkbox" role="switch" name="use_ssl" value="1" {% if iam_settings.use_ssl == 1 %}checked{% endif %}>
</div>
</div>
</div>
<div class="row mb-2">
<label class="control-label col-md-3 text-sm-end">{{ lang.admin.iam_use_tls }}</label>
<div class="col-12 col-md-9">
<div class="form-check form-switch">
<input class="form-check-input" type="checkbox" role="switch" name="use_tls" value="1" {% if iam_settings.use_tls == 1 %}checked{% endif %}>
</div>
</div>
</div>
<div class="row mb-4">
<label class="control-label col-md-3 text-sm-end">{{ lang.admin.ignore_ssl_error }}</label>
<div class="col-12 col-md-9">
<div class="form-check form-switch">
<input class="form-check-input" type="checkbox" role="switch" name="ignore_ssl_error" value="1" {% if iam_settings.ignore_ssl_error == 1 %}checked{% endif %}>
</div>
</div>
</div>
<div class="row mb-2">
<label class="control-label col-md-3 text-sm-end" for="iam_ldap_basedn">{{ lang.admin.iam_basedn }}:</label>
<div class="col-12 col-md-9 col-lg-4">