self-hosted/mailcow-dockerized
1
0
Fork 0
mirror of https://github.com/mailcow/mailcow-dockerized.git synced 2025-01-10 04:18:10 +02:00
Code Issues Releases Activity

[Web] allow SSL / TLS connections for LDAP

Browse Source
This commit is contained in:
FreddleSpl0it 2024-03-08 13:50:20 +01:00
parent e1c3ad9fe8
commit 2ba64e93f9
No known key found for this signature in database
GPG Key ID: 00E14E7634F4BEC5
3 changed files with 63 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
data/web/inc/functions.inc.php
View File

@ -2120,10 +2120,19 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
$stmt->execute(); $stmt->execute();
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC); $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
foreach($rows as $row){ foreach($rows as $row){
if ($row["key"] == 'mappers' || $row["key"] == 'templates'){ switch ($row["key"]) {
case "mappers":
case "templates":
$settings[$row["key"]] = json_decode($row["value"]); $settings[$row["key"]] = json_decode($row["value"]);
} else { break;
case "use_ssl":
case "use_tls":
case "ignore_ssl_errors":
$settings[$row["key"]] = boolval($row["value"]);
break;
default:
$settings[$row["key"]] = $row["value"]; $settings[$row["key"]] = $row["value"];
break;
} }
} }
// return default client_scopes for generic-oidc if none is set // return default client_scopes for generic-oidc if none is set
@ -2207,9 +2216,12 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
$_data['filter'] = (!empty($_data['filter'])) ? $_data['filter'] : ""; $_data['filter'] = (!empty($_data['filter'])) ? $_data['filter'] : "";
$_data['periodic_sync'] = isset($_data['periodic_sync']) ? intval($_data['periodic_sync']) : 0; $_data['periodic_sync'] = isset($_data['periodic_sync']) ? intval($_data['periodic_sync']) : 0;
$_data['import_users'] = isset($_data['import_users']) ? intval($_data['import_users']) : 0; $_data['import_users'] = isset($_data['import_users']) ? intval($_data['import_users']) : 0;
$_data['use_ssl'] = isset($_data['use_ssl']) ? boolval($_data['use_ssl']) : false;
$_data['use_tls'] = isset($_data['use_tls']) && !$_data['use_ssl'] ? boolval($_data['use_tls']) : false;
$_data['ignore_ssl_error'] = isset($_data['ignore_ssl_error']) ? boolval($_data['ignore_ssl_error']) : false;
$_data['sync_interval'] = (!empty($_data['sync_interval'])) ? intval($_data['sync_interval']) : 15; $_data['sync_interval'] = (!empty($_data['sync_interval'])) ? intval($_data['sync_interval']) : 15;
$_data['sync_interval'] = $_data['sync_interval'] < 1 ? 1 : $_data['sync_interval']; $_data['sync_interval'] = $_data['sync_interval'] < 1 ? 1 : $_data['sync_interval'];
$required_settings = array('authsource', 'host', 'port', 'basedn', 'username_field', 'filter', 'attribute_field', 'binddn', 'bindpass', 'periodic_sync', 'import_users', 'sync_interval'); $required_settings = array('authsource', 'host', 'port', 'basedn', 'username_field', 'filter', 'attribute_field', 'binddn', 'bindpass', 'periodic_sync', 'import_users', 'sync_interval', 'use_ssl', 'use_tls', 'ignore_ssl_error');
break; break;
} }
@ -2306,12 +2318,22 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
!$_data['binddn'] || !$_data['bindpass']){ !$_data['binddn'] || !$_data['bindpass']){
return false; return false;
} }
$_data['use_ssl'] = isset($_data['use_ssl']) ? boolval($_data['use_ssl']) : false;
$_data['use_tls'] = isset($_data['use_tls']) && !$_data['use_ssl'] ? boolval($_data['use_tls']) : false;
$_data['ignore_ssl_error'] = isset($_data['ignore_ssl_error']) ? boolval($_data['ignore_ssl_error']) : false;
$options = array();
if ($_data['ignore_ssl_error']) {
$options['LDAP_OPT_X_TLS_REQUIRE_CERT'] = "LDAP_OPT_X_TLS_NEVER";
}
$provider = new \LdapRecord\Connection([ $provider = new \LdapRecord\Connection([
'hosts' => [$_data['host']], 'hosts' => [$_data['host']],
'port' => $_data['port'], 'port' => $_data['port'],
'base_dn' => $_data['basedn'], 'base_dn' => $_data['basedn'],
'username' => $_data['binddn'], 'username' => $_data['binddn'],
'password' => $_data['bindpass'] 'password' => $_data['bindpass'],
'use_ssl' => $_data['use_ssl'],
'use_tls' => $_data['use_tls'],
'options' => $options
]); ]);
try { try {
$provider->connect(); $provider->connect();
@ -2395,12 +2417,19 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
case "ldap": case "ldap":
if ($iam_settings['host'] && $iam_settings['port'] && $iam_settings['basedn'] && if ($iam_settings['host'] && $iam_settings['port'] && $iam_settings['basedn'] &&
$iam_settings['binddn'] && $iam_settings['bindpass']){ $iam_settings['binddn'] && $iam_settings['bindpass']){
$options = array();
if ($iam_settings['ignore_ssl_error']) {
$options['LDAP_OPT_X_TLS_REQUIRE_CERT'] = "LDAP_OPT_X_TLS_NEVER";
}
$provider = new \LdapRecord\Connection([ $provider = new \LdapRecord\Connection([
'hosts' => [$iam_settings['host']], 'hosts' => [$iam_settings['host']],
'port' => $iam_settings['port'], 'port' => $iam_settings['port'],
'base_dn' => $iam_settings['basedn'], 'base_dn' => $iam_settings['basedn'],
'username' => $iam_settings['binddn'], 'username' => $iam_settings['binddn'],
'password' => $iam_settings['bindpass'] 'password' => $iam_settings['bindpass'],
'use_ssl' => $iam_settings['use_ssl'],
'use_tls' => $iam_settings['use_tls'],
'options' => $options
]); ]);
try { try {
$provider->connect(); $provider->connect();

3
data/web/lang/lang.en-gb.json
View File

@ -240,7 +240,10 @@
"iam_userinfo_url": "User info endpoint", "iam_userinfo_url": "User info endpoint",
"iam_username_field": "Username Field", "iam_username_field": "Username Field",
"iam_binddn": "Bind DN", "iam_binddn": "Bind DN",
"iam_use_ssl": "Use SSL",
"iam_use_tls": "Use TLS",
"iam_version": "Version", "iam_version": "Version",
"ignore_ssl_error": "Ignore SSL Errors",
"import": "Import", "import": "Import",
"import_private_key": "Import private key", "import_private_key": "Import private key",
"in_use_by": "In use by", "in_use_by": "In use by",

24
data/web/templates/admin/tab-config-identity-provider.twig
View File

@ -302,6 +302,30 @@
<input type="number" class="form-control" id="iam_ldap_port" name="port" value="{{ iam_settings.port }}" required> <input type="number" class="form-control" id="iam_ldap_port" name="port" value="{{ iam_settings.port }}" required>
</div> </div>
</div> </div>
<div class="row mb-2">
<label class="control-label col-md-3 text-sm-end">{{ lang.admin.iam_use_ssl }}</label>
<div class="col-12 col-md-9">
<div class="form-check form-switch">
<input class="form-check-input" type="checkbox" role="switch" name="use_ssl" value="1" {% if iam_settings.use_ssl == 1 %}checked{% endif %}>
</div>
</div>
</div>
<div class="row mb-2">
<label class="control-label col-md-3 text-sm-end">{{ lang.admin.iam_use_tls }}</label>
<div class="col-12 col-md-9">
<div class="form-check form-switch">
<input class="form-check-input" type="checkbox" role="switch" name="use_tls" value="1" {% if iam_settings.use_tls == 1 %}checked{% endif %}>
</div>
</div>
</div>
<div class="row mb-4">
<label class="control-label col-md-3 text-sm-end">{{ lang.admin.ignore_ssl_error }}</label>
<div class="col-12 col-md-9">
<div class="form-check form-switch">
<input class="form-check-input" type="checkbox" role="switch" name="ignore_ssl_error" value="1" {% if iam_settings.ignore_ssl_error == 1 %}checked{% endif %}>
</div>
</div>
</div>
<div class="row mb-2"> <div class="row mb-2">
<label class="control-label col-md-3 text-sm-end" for="iam_ldap_basedn">{{ lang.admin.iam_basedn }}:</label> <label class="control-label col-md-3 text-sm-end" for="iam_ldap_basedn">{{ lang.admin.iam_basedn }}:</label>
<div class="col-12 col-md-9 col-lg-4"> <div class="col-12 col-md-9 col-lg-4">