From b5ed4888ac6192d67c73f33a1e96342ccdcd4479 Mon Sep 17 00:00:00 2001
From: wangzhengkun <zhengkun@fit2cloud.com>
Date: Thu, 19 May 2022 12:59:53 +0800
Subject: [PATCH] =?UTF-8?q?feat:=20LDAP=E6=94=AF=E6=8C=81SSL?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 internal/model/v1/ldap/ldap.go                 |  1 +
 internal/service/v1/ldap/ldap.go               |  8 ++++----
 pkg/util/ldap/ldap_client.go                   | 18 ++++++++++++++----
 .../business/user-management/ldap/index.vue    |  4 ++++
 4 files changed, 23 insertions(+), 8 deletions(-)

diff --git a/internal/model/v1/ldap/ldap.go b/internal/model/v1/ldap/ldap.go
index 92bea8bb..fc46899e 100644
--- a/internal/model/v1/ldap/ldap.go
+++ b/internal/model/v1/ldap/ldap.go
@@ -15,6 +15,7 @@ type Ldap struct {
 	Dn           string `json:"dn"`
 	Filter       string `json:"filter"`
 	Mapping      string `json:"mapping"`
+	TLS          bool   `json:"tls"`
 }
 
 func (l *Ldap) GetAttributes() ([]string, error) {
diff --git a/internal/service/v1/ldap/ldap.go b/internal/service/v1/ldap/ldap.go
index fe0ed48a..fc4fc1df 100644
--- a/internal/service/v1/ldap/ldap.go
+++ b/internal/service/v1/ldap/ldap.go
@@ -51,7 +51,7 @@ func (l *service) Create(ldap *v1Ldap.Ldap, options common.DBOptions) error {
 	if err != nil {
 		return err
 	}
-	lc := ldapClient.NewLdapClient(ldap.Address, ldap.Port, ldap.Username, ldap.Password)
+	lc := ldapClient.NewLdapClient(ldap.Address, ldap.Port, ldap.Username, ldap.Password, ldap.TLS)
 	err = lc.Connect()
 	if err != nil {
 		return err
@@ -78,7 +78,7 @@ func (l *service) Update(id string, ldap *v1Ldap.Ldap, options common.DBOptions)
 	if err != nil {
 		return err
 	}
-	lc := ldapClient.NewLdapClient(ldap.Address, ldap.Port, ldap.Username, ldap.Password)
+	lc := ldapClient.NewLdapClient(ldap.Address, ldap.Port, ldap.Username, ldap.Password, ldap.TLS)
 	if err := lc.Connect(); err != nil {
 		return err
 	}
@@ -129,7 +129,7 @@ func (l *service) Login(user v1User.User, password string, options common.DBOpti
 			userFilter = "(" + v + "=" + user.Name + ")"
 		}
 	}
-	lc := ldapClient.NewLdapClient(ldap.Address, ldap.Port, ldap.Username, ldap.Password)
+	lc := ldapClient.NewLdapClient(ldap.Address, ldap.Port, ldap.Username, ldap.Password, ldap.TLS)
 	if err := lc.Connect(); err != nil {
 		return err
 	}
@@ -141,7 +141,7 @@ func (l *service) Sync(id string, options common.DBOptions) error {
 	if err != nil {
 		return err
 	}
-	lc := ldapClient.NewLdapClient(ldap.Address, ldap.Port, ldap.Username, ldap.Password)
+	lc := ldapClient.NewLdapClient(ldap.Address, ldap.Port, ldap.Username, ldap.Password, ldap.TLS)
 	if err := lc.Connect(); err != nil {
 		return err
 	}
diff --git a/pkg/util/ldap/ldap_client.go b/pkg/util/ldap/ldap_client.go
index fa1cd76a..91ffc375 100644
--- a/pkg/util/ldap/ldap_client.go
+++ b/pkg/util/ldap/ldap_client.go
@@ -1,6 +1,7 @@
 package ldap
 
 import (
+	"crypto/tls"
 	"errors"
 	"fmt"
 	"github.com/go-ldap/ldap"
@@ -12,26 +13,35 @@ type Ldap struct {
 	Username string `json:"username"`
 	Password string `json:"password"`
 	Conn     *ldap.Conn
+	TLS      bool `json:"tls"`
 }
 
-func NewLdapClient(address, port, username, password string) *Ldap {
+func NewLdapClient(address, port, username, password string, tls bool) *Ldap {
 	return &Ldap{
 		Username: username,
 		Address:  address,
 		Password: password,
 		Port:     port,
+		TLS:      tls,
 	}
 }
 
 func (l *Ldap) Connect() error {
-	conn, err := ldap.Dial("tcp", fmt.Sprintf("%s:%s", l.Address, l.Port))
+	var err error
+	if l.TLS {
+		l.Conn, err = ldap.DialTLS("tcp", fmt.Sprintf("%s:%s", l.Address, l.Port), &tls.Config{
+			InsecureSkipVerify: true,
+		})
+	} else {
+		l.Conn, err = ldap.Dial("tcp", fmt.Sprintf("%s:%s", l.Address, l.Port))
+	}
+
 	if err != nil {
 		return err
 	}
-	if err := conn.Bind(l.Username, l.Password); err != nil {
+	if err := l.Conn.Bind(l.Username, l.Password); err != nil {
 		return err
 	}
-	l.Conn = conn
 	return nil
 }
 
diff --git a/web/kubepi/src/business/user-management/ldap/index.vue b/web/kubepi/src/business/user-management/ldap/index.vue
index 32537f71..a9f50f91 100644
--- a/web/kubepi/src/business/user-management/ldap/index.vue
+++ b/web/kubepi/src/business/user-management/ldap/index.vue
@@ -10,6 +10,10 @@
           <el-form-item style="width: 100%" :label="$t('business.user.ldap_port')" prop="port" >
             <el-input v-model="form.port" :placeholder="'389'" type="number"></el-input>
           </el-form-item>
+          <el-form-item style="width: 100%" :label="$t('business.user.ldap_tls')" prop="tls" >
+            <el-checkbox v-model="form.tls">{{$t('commons.bool.true')}}</el-checkbox>
+            <!--            <el-input v-model="form.port" :placeholder="'389'" type="number"></el-input>-->
+          </el-form-item>
           <el-form-item style="width: 100%" :label="$t('business.user.ldap_username')" prop="username">
             <el-input v-model="form.username" :placeholder="'cn=Manager,dc=ko,dc=com'"></el-input>
           </el-form-item>