mirror of
https://github.com/DJSundog/wg-portal.git
synced 2024-11-23 07:03:50 -05:00
make ldap cert check configurable, fix CodeQL warnings
This commit is contained in:
parent
588f8c7c70
commit
6ece6e5be9
@ -182,7 +182,7 @@ func (provider Provider) open() (*ldap.Conn, error) {
|
|||||||
|
|
||||||
if provider.config.StartTLS {
|
if provider.config.StartTLS {
|
||||||
// Reconnect with TLS
|
// Reconnect with TLS
|
||||||
err = conn.StartTLS(&tls.Config{InsecureSkipVerify: true})
|
err = conn.StartTLS(&tls.Config{InsecureSkipVerify: !provider.config.CertValidation})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
@ -8,11 +8,12 @@ const (
|
|||||||
)
|
)
|
||||||
|
|
||||||
type Config struct {
|
type Config struct {
|
||||||
URL string `yaml:"url" envconfig:"LDAP_URL"`
|
URL string `yaml:"url" envconfig:"LDAP_URL"`
|
||||||
StartTLS bool `yaml:"startTLS" envconfig:"LDAP_STARTTLS"`
|
StartTLS bool `yaml:"startTLS" envconfig:"LDAP_STARTTLS"`
|
||||||
BaseDN string `yaml:"dn" envconfig:"LDAP_BASEDN"`
|
CertValidation bool `yaml:"certcheck" envconfig:"LDAP_CERT_VALIDATION"`
|
||||||
BindUser string `yaml:"user" envconfig:"LDAP_USER"`
|
BaseDN string `yaml:"dn" envconfig:"LDAP_BASEDN"`
|
||||||
BindPass string `yaml:"pass" envconfig:"LDAP_PASSWORD"`
|
BindUser string `yaml:"user" envconfig:"LDAP_USER"`
|
||||||
|
BindPass string `yaml:"pass" envconfig:"LDAP_PASSWORD"`
|
||||||
|
|
||||||
Type Type `yaml:"typ" envconfig:"LDAP_TYPE"` // AD for active directory, OpenLDAP for OpenLDAP
|
Type Type `yaml:"typ" envconfig:"LDAP_TYPE"` // AD for active directory, OpenLDAP for OpenLDAP
|
||||||
UserClass string `yaml:"userClass" envconfig:"LDAP_USER_CLASS"`
|
UserClass string `yaml:"userClass" envconfig:"LDAP_USER_CLASS"`
|
||||||
|
@ -23,7 +23,7 @@ func Open(cfg *Config) (*ldap.Conn, error) {
|
|||||||
|
|
||||||
if cfg.StartTLS {
|
if cfg.StartTLS {
|
||||||
// Reconnect with TLS
|
// Reconnect with TLS
|
||||||
err = conn.StartTLS(&tls.Config{InsecureSkipVerify: true})
|
err = conn.StartTLS(&tls.Config{InsecureSkipVerify: !cfg.CertValidation})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, errors.Wrap(err, "failed to star TLS on connection")
|
return nil, errors.Wrap(err, "failed to star TLS on connection")
|
||||||
}
|
}
|
||||||
@ -92,7 +92,7 @@ func IsActiveDirectoryUserDisabled(userAccountControl string) bool {
|
|||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
uacInt, err := strconv.Atoi(userAccountControl)
|
uacInt, err := strconv.ParseInt(userAccountControl, 10, 32)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user