From f5c7f22cc8595a81b5d9f9da4a0a29faf2dbbdce Mon Sep 17 00:00:00 2001
From: Unknwon <u@gogs.io>
Date: Mon, 14 Sep 2015 15:48:51 -0400
Subject: #1637 able to skip verify for LDAP

---
 modules/auth/ldap/ldap.go | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

(limited to 'modules')

diff --git a/modules/auth/ldap/ldap.go b/modules/auth/ldap/ldap.go
index 3e6f9731..1f876905 100644
--- a/modules/auth/ldap/ldap.go
+++ b/modules/auth/ldap/ldap.go
@@ -7,6 +7,7 @@
 package ldap
 
 import (
+	"crypto/tls"
 	"fmt"
 
 	"github.com/gogits/gogs/modules/ldap"
@@ -14,11 +15,12 @@ import (
 )
 
 // Basic LDAP authentication service
-type Ldapsource struct {
+type Source struct {
 	Name             string // canonical name (ie. corporate.ad)
 	Host             string // LDAP host
 	Port             int    // port number
 	UseSSL           bool   // Use SSL
+	SkipVerify       bool
 	BindDN           string // DN to bind with
 	BindPassword     string // Bind DN password
 	UserBase         string // Base search path for users
@@ -31,7 +33,7 @@ type Ldapsource struct {
 	Enabled          bool   // if this source is disabled
 }
 
-func (ls Ldapsource) FindUserDN(name string) (string, bool) {
+func (ls *Source) FindUserDN(name string) (string, bool) {
 	l, err := ldapDial(ls)
 	if err != nil {
 		log.Error(4, "LDAP Connect error, %s:%v", ls.Host, err)
@@ -79,7 +81,7 @@ func (ls Ldapsource) FindUserDN(name string) (string, bool) {
 }
 
 // searchEntry : search an LDAP source if an entry (name, passwd) is valid and in the specific filter
-func (ls Ldapsource) SearchEntry(name, passwd string, directBind bool) (string, string, string, bool, bool) {
+func (ls *Source) SearchEntry(name, passwd string, directBind bool) (string, string, string, bool, bool) {
 	var userDN string
 	if directBind {
 		log.Trace("LDAP will bind directly via UserDN: %s", ls.UserDN)
@@ -154,10 +156,12 @@ func (ls Ldapsource) SearchEntry(name, passwd string, directBind bool) (string,
 	return name_attr, sn_attr, mail_attr, admin_attr, true
 }
 
-func ldapDial(ls Ldapsource) (*ldap.Conn, error) {
+func ldapDial(ls *Source) (*ldap.Conn, error) {
 	if ls.UseSSL {
-		log.Debug("Using TLS for LDAP")
-		return ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), nil)
+		log.Debug("Using TLS for LDAP without verifying: %v", ls.SkipVerify)
+		return ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), &tls.Config{
+			InsecureSkipVerify: ls.SkipVerify,
+		})
 	} else {
 		return ldap.Dial("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port))
 	}
-- 
cgit v1.2.3