Merge branch 'feature/v2.0/support-ldap-uris' into 'v2.0'
Support TLS parameters for ldaps URIs See merge request lemonldap-ng/lemonldap-ng!256
This commit is contained in:
commit
3a82e3af7b
|
@ -74,12 +74,12 @@ Connection
|
|||
|
||||
- More than one server can be set here separated by spaces or
|
||||
commas. They will be tested in the specified order.
|
||||
- To use TLS, set ``ldap+tls://server`` and to use LDAPS, set
|
||||
- To use StartTLS, set ``ldap+tls://server`` and to use LDAPS, set
|
||||
``ldaps://server`` instead of server name.
|
||||
- If you use TLS, you can set any of the
|
||||
- If you use StartTLS or LDAPS, you can set any of the
|
||||
`Net::LDAP <http://search.cpan.org/~gbarr/perl-ldap/lib/Net/LDAP.pod>`__
|
||||
start_tls() sub like
|
||||
``ldap+tls://server/verify=none&capath=/etc/ssl``. You can
|
||||
start_tls() options in the URL, such as ``ldap+tls://server/verify=none``
|
||||
or ``ldaps://server/cafile=/etc/ssl/ca.pem&sslversion=tlsv1_2``. You can
|
||||
also use cafile and capath parameters.
|
||||
|
||||
- **Server port**: TCP port used by LDAP server if different from the standard
|
||||
|
|
|
@ -24,32 +24,38 @@ sub new {
|
|||
my $portal = $args->{p} or die "$class : p argument required !";
|
||||
my $conf = $args->{conf} or die "$class : conf argument required !";
|
||||
my $self;
|
||||
my $useTls = 0;
|
||||
my $tlsParam;
|
||||
my $useStartTls = 0;
|
||||
my %tlsParams;
|
||||
my @servers = ();
|
||||
foreach my $server ( split /[\s,]+/, $conf->{ldapServer} ) {
|
||||
|
||||
if ( $server =~ m{^ldap\+tls://([^/]+)/?\??(.*)$} ) {
|
||||
$useTls = 1;
|
||||
$server = $1;
|
||||
$tlsParam = $2 || "";
|
||||
$useStartTls = 1;
|
||||
$server = $1;
|
||||
%tlsParams = split( /[&=]/, $2 || "" );
|
||||
}
|
||||
elsif ( $server =~ m{^(ldaps://[^/]+)/?\??(.*)$} ) {
|
||||
$useStartTls = 0;
|
||||
$server = $1;
|
||||
%tlsParams = split( /[&=]/, $2 || "" );
|
||||
}
|
||||
else {
|
||||
$useTls = 0;
|
||||
$useStartTls = 0;
|
||||
}
|
||||
push @servers, $server;
|
||||
}
|
||||
$tlsParams{cafile} ||= $conf->{ldapCAFile} if ( $conf->{ldapCAFile} );
|
||||
$tlsParams{capath} ||= $conf->{ldapCAPath} if ( $conf->{ldapCAPath} );
|
||||
$tlsParams{verify} ||= $conf->{ldapVerify} if ( $conf->{ldapVerify} );
|
||||
$self = Net::LDAP->new(
|
||||
\@servers,
|
||||
onerror => undef,
|
||||
keepalive => 1,
|
||||
%tlsParams,
|
||||
( $conf->{ldapPort} ? ( port => $conf->{ldapPort} ) : () ),
|
||||
( $conf->{ldapTimeout} ? ( timeout => $conf->{ldapTimeout} ) : () ),
|
||||
( $conf->{ldapVersion} ? ( version => $conf->{ldapVersion} ) : () ),
|
||||
( $conf->{ldapRaw} ? ( raw => $conf->{ldapRaw} ) : () ),
|
||||
( $conf->{ldapCAFile} ? ( cafile => $conf->{ldapCAFile} ) : () ),
|
||||
( $conf->{ldapCAPath} ? ( capath => $conf->{ldapCAPath} ) : () ),
|
||||
( $conf->{ldapVerify} ? ( verify => $conf->{ldapVerify} ) : () ),
|
||||
);
|
||||
unless ($self) {
|
||||
$portal->logger->error( "LDAP initialization error: " . $@ );
|
||||
|
@ -77,12 +83,8 @@ sub new {
|
|||
$socket->read_timeout( $conf->{ldapIOTimeout} );
|
||||
$socket->write_timeout( $conf->{ldapIOTimeout} );
|
||||
|
||||
if ($useTls) {
|
||||
my %h = split( /[&=]/, $tlsParam );
|
||||
$h{cafile} ||= $conf->{ldapCAFile} if ( $conf->{ldapCAFile} );
|
||||
$h{capath} ||= $conf->{ldapCAPath} if ( $conf->{ldapCAPath} );
|
||||
$h{verify} ||= $conf->{ldapVerify} if ( $conf->{ldapVerify} );
|
||||
my $mesg = $self->start_tls(%h);
|
||||
if ($useStartTls) {
|
||||
my $mesg = $self->start_tls(%tlsParams);
|
||||
if ( $mesg->code ) {
|
||||
$portal->logger->error( 'LDAP StartTLS failed: ' . $mesg->error );
|
||||
return 0;
|
||||
|
|
Loading…
Reference in New Issue