feat: LDAP支持SSL

internal/model/v1/ldap/ldap.go

@@ -15,6 +15,7 @@ type Ldap struct {
 	Dn           string `json:"dn"`
 	Filter       string `json:"filter"`
 	Mapping      string `json:"mapping"`
+	TLS          bool   `json:"tls"`
 }
 
 func (l *Ldap) GetAttributes() ([]string, error) {

internal/service/v1/ldap/ldap.go

@@ -51,7 +51,7 @@ func (l *service) Create(ldap *v1Ldap.Ldap, options common.DBOptions) error {
 	if err != nil {
 		return err
 	}
-	lc := ldapClient.NewLdapClient(ldap.Address, ldap.Port, ldap.Username, ldap.Password)
+	lc := ldapClient.NewLdapClient(ldap.Address, ldap.Port, ldap.Username, ldap.Password, ldap.TLS)
 	err = lc.Connect()
 	if err != nil {
 		return err
@@ -78,7 +78,7 @@ func (l *service) Update(id string, ldap *v1Ldap.Ldap, options common.DBOptions)
 	if err != nil {
 		return err
 	}
-	lc := ldapClient.NewLdapClient(ldap.Address, ldap.Port, ldap.Username, ldap.Password)
+	lc := ldapClient.NewLdapClient(ldap.Address, ldap.Port, ldap.Username, ldap.Password, ldap.TLS)
 	if err := lc.Connect(); err != nil {
 		return err
 	}
@@ -129,7 +129,7 @@ func (l *service) Login(user v1User.User, password string, options common.DBOpti
 			userFilter = "(" + v + "=" + user.Name + ")"
 		}
 	}
-	lc := ldapClient.NewLdapClient(ldap.Address, ldap.Port, ldap.Username, ldap.Password)
+	lc := ldapClient.NewLdapClient(ldap.Address, ldap.Port, ldap.Username, ldap.Password, ldap.TLS)
 	if err := lc.Connect(); err != nil {
 		return err
 	}
@@ -141,7 +141,7 @@ func (l *service) Sync(id string, options common.DBOptions) error {
 	if err != nil {
 		return err
 	}
-	lc := ldapClient.NewLdapClient(ldap.Address, ldap.Port, ldap.Username, ldap.Password)
+	lc := ldapClient.NewLdapClient(ldap.Address, ldap.Port, ldap.Username, ldap.Password, ldap.TLS)
 	if err := lc.Connect(); err != nil {
 		return err
 	}

pkg/util/ldap/ldap_client.go

@@ -1,6 +1,7 @@
 package ldap
 
 import (
+	"crypto/tls"
 	"errors"
 	"fmt"
 	"github.com/go-ldap/ldap"
@@ -12,26 +13,35 @@ type Ldap struct {
 	Username string `json:"username"`
 	Password string `json:"password"`
 	Conn     *ldap.Conn
+	TLS      bool `json:"tls"`
 }
 
-func NewLdapClient(address, port, username, password string) *Ldap {
+func NewLdapClient(address, port, username, password string, tls bool) *Ldap {
 	return &Ldap{
 		Username: username,
 		Address:  address,
 		Password: password,
 		Port:     port,
+		TLS:      tls,
 	}
 }
 
 func (l *Ldap) Connect() error {
-	conn, err := ldap.Dial("tcp", fmt.Sprintf("%s:%s", l.Address, l.Port))
+	var err error
+	if l.TLS {
+		l.Conn, err = ldap.DialTLS("tcp", fmt.Sprintf("%s:%s", l.Address, l.Port), &tls.Config{
+			InsecureSkipVerify: true,
+		})
+	} else {
+		l.Conn, err = ldap.Dial("tcp", fmt.Sprintf("%s:%s", l.Address, l.Port))
+	}
+
 	if err != nil {
 		return err
 	}
-	if err := conn.Bind(l.Username, l.Password); err != nil {
+	if err := l.Conn.Bind(l.Username, l.Password); err != nil {
 		return err
 	}
-	l.Conn = conn
 	return nil
 }
 

web/kubepi/src/business/user-management/ldap/index.vue

@@ -10,6 +10,10 @@
           <el-form-item style="width: 100%" :label="$t('business.user.ldap_port')" prop="port" >
             <el-input v-model="form.port" :placeholder="'389'" type="number"></el-input>
           </el-form-item>
+          <el-form-item style="width: 100%" :label="$t('business.user.ldap_tls')" prop="tls" >
+            <el-checkbox v-model="form.tls">{{$t('commons.bool.true')}}</el-checkbox>
+            <!--            <el-input v-model="form.port" :placeholder="'389'" type="number"></el-input>-->
+          </el-form-item>
           <el-form-item style="width: 100%" :label="$t('business.user.ldap_username')" prop="username">
             <el-input v-model="form.username" :placeholder="'cn=Manager,dc=ko,dc=com'"></el-input>
           </el-form-item>