Significantly enhanced LDAP support in Gogs.

This commit is contained in:
Sergio Benitez 2015-08-12 16:58:27 -07:00
parent 631c85ba4f
commit 7d84d4a8f0
23 changed files with 295 additions and 250 deletions

View File

@ -663,8 +663,6 @@ auths.auth_name=Име на удостоверяването
auths.domain=Домейн auths.domain=Домейн
auths.host=Хост auths.host=Хост
auths.port=Порт auths.port=Порт
auths.base_dn=Основен DN
auths.attribute_username=Атрибут на потребителско име
auths.attribute_name=Атрибут име auths.attribute_name=Атрибут име
auths.attribute_surname=Атрибут фамилия auths.attribute_surname=Атрибут фамилия
auths.attribute_mail=E-Mail атрибут auths.attribute_mail=E-Mail атрибут

View File

@ -722,8 +722,6 @@ auths.auth_name=Authentifizierungsname
auths.domain=Domain auths.domain=Domain
auths.host=Host auths.host=Host
auths.port=Port auths.port=Port
auths.base_dn=Base DN
auths.attribute_username=Benutzername Attribut
auths.attribute_name=Vorname Attribut auths.attribute_name=Vorname Attribut
auths.attribute_surname=Nachname Attribut auths.attribute_surname=Nachname Attribut
auths.attribute_mail=E-Mail Attribut auths.attribute_mail=E-Mail Attribut

View File

@ -722,12 +722,13 @@ auths.auth_name = Authorization Name
auths.domain = Domain auths.domain = Domain
auths.host = Host auths.host = Host
auths.port = Port auths.port = Port
auths.base_dn = Base DN auths.bind_dn = Bind DN
auths.attribute_username = Username attribute auths.bind_password = Bind Password
auths.user_base = User Search Base
auths.attribute_name = First name attribute auths.attribute_name = First name attribute
auths.attribute_surname = Surname attribute auths.attribute_surname = Surname attribute
auths.attribute_mail = E-mail attribute auths.attribute_mail = E-mail attribute
auths.filter = Search Filter auths.filter = User Filter
auths.ms_ad_sa = Ms Ad SA auths.ms_ad_sa = Ms Ad SA
auths.smtp_auth = SMTP Authorization Type auths.smtp_auth = SMTP Authorization Type
auths.smtphost = SMTP Host auths.smtphost = SMTP Host

View File

@ -663,13 +663,10 @@ auths.auth_name=Nombre de Autorización
auths.domain=Dominio auths.domain=Dominio
auths.host=Host auths.host=Host
auths.port=Puerto auths.port=Puerto
auths.base_dn=Base DN
auths.attribute_username=Atributo username
auths.attribute_name=Atributo nombre auths.attribute_name=Atributo nombre
auths.attribute_surname=Atributo apellido auths.attribute_surname=Atributo apellido
auths.attribute_mail=Atributo correo electrónico auths.attribute_mail=Atributo correo electrónico
auths.filter=Filtro de Búsqueda auths.filter=Filtro de Búsqueda
auths.ms_ad_sa=Ms Ad SA
auths.smtp_auth=Tipo de Autorización SMTP auths.smtp_auth=Tipo de Autorización SMTP
auths.smtphost=SMTP Host auths.smtphost=SMTP Host
auths.smtpport=Puerto SMTP auths.smtpport=Puerto SMTP

View File

@ -722,8 +722,6 @@ auths.auth_name=Nom d'Autorisation
auths.domain=Domaine auths.domain=Domaine
auths.host=Hôte auths.host=Hôte
auths.port=Port auths.port=Port
auths.base_dn=Base DN (Nom Distingué)
auths.attribute_username=Attribut du nom d'utilisateur
auths.attribute_name=Attribut du prénom auths.attribute_name=Attribut du prénom
auths.attribute_surname=Attribut du nom de famille auths.attribute_surname=Attribut du nom de famille
auths.attribute_mail=Attribut de l'e-mail auths.attribute_mail=Attribut de l'e-mail

View File

@ -663,8 +663,6 @@ auths.auth_name=Nome Autorizzazione
auths.domain=Dominio auths.domain=Dominio
auths.host=Host auths.host=Host
auths.port=Porta auths.port=Porta
auths.base_dn=Base DN
auths.attribute_username=Attributo Nome Utente
auths.attribute_name=Attributo Nome auths.attribute_name=Attributo Nome
auths.attribute_surname=Attributo Cognome auths.attribute_surname=Attributo Cognome
auths.attribute_mail=Attributo Email auths.attribute_mail=Attributo Email

View File

@ -663,8 +663,6 @@ auths.auth_name=認証名
auths.domain=ドメイン auths.domain=ドメイン
auths.host=ホスト auths.host=ホスト
auths.port=ポート auths.port=ポート
auths.base_dn=ベースのドメイン名
auths.attribute_username=ユーザー名属性
auths.attribute_name=名前属性 auths.attribute_name=名前属性
auths.attribute_surname=名字属性 auths.attribute_surname=名字属性
auths.attribute_mail=Eメール属性 auths.attribute_mail=Eメール属性

View File

@ -663,8 +663,6 @@ auths.auth_name=Autorizācijas nosaukums
auths.domain=Domēns auths.domain=Domēns
auths.host=Resursdators auths.host=Resursdators
auths.port=Ports auths.port=Ports
auths.base_dn=Pamata DN
auths.attribute_username=Username attribute
auths.attribute_name=First name attribute auths.attribute_name=First name attribute
auths.attribute_surname=Surname attribute auths.attribute_surname=Surname attribute
auths.attribute_mail=E-mail attribute auths.attribute_mail=E-mail attribute

View File

@ -663,8 +663,6 @@ auths.auth_name=Autorisatienaam
auths.domain=Domein auths.domain=Domein
auths.host=Host auths.host=Host
auths.port=Poort auths.port=Poort
auths.base_dn=Base DN
auths.attribute_username=Gebruikersnaam attribuut
auths.attribute_name=Voornaam attribuut auths.attribute_name=Voornaam attribuut
auths.attribute_surname=Achternaam attribuut auths.attribute_surname=Achternaam attribuut
auths.attribute_mail=E-mail attribuut auths.attribute_mail=E-mail attribuut

View File

@ -663,8 +663,6 @@ auths.auth_name=Nazwa autoryzacji
auths.domain=Domena auths.domain=Domena
auths.host=Host auths.host=Host
auths.port=Port auths.port=Port
auths.base_dn=Base DN
auths.attribute_username=Atrybut username
auths.attribute_name=Atrybut imienia auths.attribute_name=Atrybut imienia
auths.attribute_surname=Atrybut nazwiska auths.attribute_surname=Atrybut nazwiska
auths.attribute_mail=Atrybut email auths.attribute_mail=Atrybut email

View File

@ -663,8 +663,6 @@ auths.auth_name=Nome da Autorização
auths.domain=Domínio auths.domain=Domínio
auths.host=Host auths.host=Host
auths.port=Porta auths.port=Porta
auths.base_dn=Base DN
auths.attribute_username=Atributo nome de usuário
auths.attribute_name=Atributo primeiro nome auths.attribute_name=Atributo primeiro nome
auths.attribute_surname=Atributo sobrenome auths.attribute_surname=Atributo sobrenome
auths.attribute_mail=Atributo e-mail auths.attribute_mail=Atributo e-mail

View File

@ -663,8 +663,6 @@ auths.auth_name=Название авторизации
auths.domain=Домен auths.domain=Домен
auths.host=Хост auths.host=Хост
auths.port=Порт auths.port=Порт
auths.base_dn=Base DN
auths.attribute_username=Username attribute
auths.attribute_name=First name attribute auths.attribute_name=First name attribute
auths.attribute_surname=Surname attribute auths.attribute_surname=Surname attribute
auths.attribute_mail=E-mail attribute auths.attribute_mail=E-mail attribute

View File

@ -722,8 +722,6 @@ auths.auth_name=授权名称
auths.domain=域名 auths.domain=域名
auths.host=主机地址 auths.host=主机地址
auths.port=主机端口 auths.port=主机端口
auths.base_dn=Base DN
auths.attribute_username=用户名属性
auths.attribute_name=名字属性 auths.attribute_name=名字属性
auths.attribute_surname=姓氏属性 auths.attribute_surname=姓氏属性
auths.attribute_mail=邮箱属性 auths.attribute_mail=邮箱属性

View File

@ -663,8 +663,6 @@ auths.auth_name=授權名稱
auths.domain=域名 auths.domain=域名
auths.host=主機地址 auths.host=主機地址
auths.port=主機端口 auths.port=主機端口
auths.base_dn=Base DN
auths.attribute_username=用戶名屬性
auths.attribute_name=名子屬性 auths.attribute_name=名子屬性
auths.attribute_surname=姓氏屬性 auths.attribute_surname=姓氏屬性
auths.attribute_mail=電子郵箱屬性 auths.attribute_mail=電子郵箱屬性

View File

@ -19,7 +19,6 @@ import (
"github.com/gogits/gogs/modules/auth/ldap" "github.com/gogits/gogs/modules/auth/ldap"
"github.com/gogits/gogs/modules/auth/pam" "github.com/gogits/gogs/modules/auth/pam"
"github.com/gogits/gogs/modules/log" "github.com/gogits/gogs/modules/log"
"github.com/gogits/gogs/modules/uuid"
) )
type LoginType int type LoginType int
@ -258,18 +257,19 @@ func UserSignIn(uname, passwd string) (*User, error) {
// Return the same LoginUserPlain semantic // Return the same LoginUserPlain semantic
// FIXME: https://github.com/gogits/gogs/issues/672 // FIXME: https://github.com/gogits/gogs/issues/672
func LoginUserLdapSource(u *User, name, passwd string, sourceId int64, cfg *LDAPConfig, autoRegister bool) (*User, error) { func LoginUserLdapSource(u *User, name, passwd string, sourceId int64, cfg *LDAPConfig, autoRegister bool) (*User, error) {
name, fn, sn, mail, logged := cfg.Ldapsource.SearchEntry(name, passwd) fn, sn, mail, logged := cfg.Ldapsource.SearchEntry(name, passwd)
if !logged { if !logged {
// User not in LDAP, do nothing // User not in LDAP, do nothing
return nil, ErrUserNotExist{u.Id, u.Name} return nil, ErrUserNotExist{0, name}
} }
if !autoRegister { if !autoRegister {
return u, nil return u, nil
} }
// Fallback. // Fallback.
if len(mail) == 0 { if len(mail) == 0 {
mail = uuid.NewV4().String() + "@localhost" mail = fmt.Sprintf("%s@localhost", name)
} }
u = &User{ u = &User{

View File

@ -13,17 +13,16 @@ type AuthenticationForm struct {
ID int64 `form:"id"` ID int64 `form:"id"`
Type int Type int
Name string `binding:"Required;MaxSize(50)"` Name string `binding:"Required;MaxSize(50)"`
Domain string
Host string Host string
Port int Port int
UseSSL bool `form:"usessl"` UseSSL bool `form:"use_ssl"`
BaseDN string `form:"base_dn"` BindDN string `form:"bind_dn"`
AttributeUsername string BindPassword string
UserBase string
AttributeName string AttributeName string
AttributeSurname string AttributeSurname string
AttributeMail string AttributeMail string
Filter string Filter string
MsAdSA string `form:"ms_ad_sa"`
IsActived bool IsActived bool
SMTPAuth string `form:"smtp_auth"` SMTPAuth string `form:"smtp_auth"`
SMTPHost string `form:"smtp_host"` SMTPHost string `form:"smtp_host"`

View File

@ -1,43 +1,64 @@
LDAP authentication Gogs LDAP Authentication Module
=================== ===============================
## Goal ## About
Authenticat user against LDAP directories This authentication module attempts to authorize and authenticate a user
against an LDAP server. Like most LDAP authentication systems, this module does
It will bind with the user's login/pasword and query attributs ("mail" for instance) in a pool of directory servers this in two steps. First, it queries the LDAP server using a Bind DN and
searches for the user that is attempting to sign in. If the user is found, the
The first OK wins. module attempts to bind to the server using the user's supplied credentials. If
this succeeds, the user has been authenticated, and his account information is
If there's connection error, the server will be disabled and won't be checked again retrieved and passed to the Gogs login infrastructure.
## Usage ## Usage
In the [security] section, set To use this module, add an LDAP authentication source via the Authentications
> LDAP_AUTH = true section in the admin panel. The fields should be set as follows:
then for each LDAP source, set Authorization Name (required)
A name to assign to the new method of authorization.
> [LdapSource-someuniquename] Host (required)
> name=canonicalName The address where the LDAP server can be reached.
> host=hostname-or-ip Example: mydomain.com
> port=3268 # or regular LDAP port
> # the following settings depend highly how you've configured your AD
> basedn=dc=ACME,dc=COM
> MSADSAFORMAT=%s@ACME.COM
> filter=(&(objectClass=user)(sAMAccountName=%s))
### Limitation Port (required)
The port to use when connecting to the server.
Example: 636
Only tested on an MS 2008R2 DC, using global catalog (TCP/3268) Enable TLS Encryption (optional)
Whether to use TLS when connecting to the LDAP server.
This MSAD is a mess. Bind DN (optional)
The DN to bind to the LDAP server with when searching for the user.
This may be left blank to perform an anonymous search.
Example: cn=Search,dc=mydomain,dc=com
The way how one checks the directory (CN, DN etc...) may be highly depending local custom configuration Bind Password (optional)
The password for the Bind DN specified above, if any.
### Todo User Search Base (required)
* Define a timeout per server The LDAP base at which user accounts will be searched for.
* Check servers marked as "Disabled" when they'll come back online Example: ou=Users,dc=mydomain,dc=com
* Find a more flexible way to define filter/MSADSAFORMAT/Attributes etc... maybe text/template ?
* Check OpenLDAP server User Filter (required)
* SSL support ? An LDAP filter declaring how to find the user record that is attempting
to authenticate. The '%s' matching parameter will be substituted with
the user's username.
Example: (&(objectClass=posixAccount)(uid=%s))
First name attribute (optional)
The attribute of the user's LDAP record containing the user's first
name. This will be used to populate their account information.
Example: givenName
Surname name attribute (optional)
The attribute of the user's LDAP record containing the user's surname
This will be used to populate their account information.
Example: sn
E-mail attribute (required)
The attribute of the user's LDAP record containing the user's email
address. This will be used to populate their account information.
Example: mail

View File

@ -19,82 +19,114 @@ type Ldapsource struct {
Host string // LDAP host Host string // LDAP host
Port int // port number Port int // port number
UseSSL bool // Use SSL UseSSL bool // Use SSL
BaseDN string // Base DN BindDN string // DN to bind with
AttributeUsername string // Username attribute BindPassword string // Bind DN password
UserBase string // Base search path for users
AttributeName string // First name attribute AttributeName string // First name attribute
AttributeSurname string // Surname attribute AttributeSurname string // Surname attribute
AttributeMail string // E-mail attribute AttributeMail string // E-mail attribute
Filter string // Query filter to validate entry Filter string // Query filter to validate entry
MsAdSAFormat string // in the case of MS AD Simple Authen, the format to use (see: http://msdn.microsoft.com/en-us/library/cc223499.aspx)
Enabled bool // if this source is disabled Enabled bool // if this source is disabled
} }
//Global LDAP directory pool func (ls Ldapsource) FindUserDN(name string) (userDN string, success bool) {
var ( userDN = ""
Authensource []Ldapsource success = false
)
// Add a new source (LDAP directory) to the global pool
func AddSource(name string, host string, port int, usessl bool, basedn string, attribcn string, attribname string, attribsn string, attribmail string, filter string, msadsaformat string) {
ldaphost := Ldapsource{name, host, port, usessl, basedn, attribcn, attribname, attribsn, attribmail, filter, msadsaformat, true}
Authensource = append(Authensource, ldaphost)
}
//LoginUser : try to login an user to LDAP sources, return requested (attribute,true) if ok, ("",false) other wise
//First match wins
//Returns first attribute if exists
func LoginUser(name, passwd string) (cn, fn, sn, mail string, r bool) {
r = false
for _, ls := range Authensource {
cn, fn, sn, mail, r = ls.SearchEntry(name, passwd)
if r {
return
}
}
return
}
// searchEntry : search an LDAP source if an entry (name, passwd) is valide and in the specific filter
func (ls Ldapsource) SearchEntry(name, passwd string) (string, string, string, string, bool) {
l, err := ldapDial(ls) l, err := ldapDial(ls)
if err != nil { if err != nil {
log.Error(4, "LDAP Connect error, %s:%v", ls.Host, err) log.Error(4, "LDAP Connect error, %s:%v", ls.Host, err)
ls.Enabled = false ls.Enabled = false
return "", "", "", "", false return
} }
defer l.Close()
log.Trace("Search for LDAP user: %s", name)
if ls.BindDN != "" && ls.BindPassword != "" {
err = l.Bind(ls.BindDN, ls.BindPassword)
if err != nil {
log.Debug("Failed to bind as BindDN: %s, %s", ls.BindDN, err.Error())
return
}
log.Trace("Bound as BindDN %s", ls.BindDN)
} else {
log.Trace("Proceeding with anonymous LDAP search.")
}
// A search for the user.
userFilter := fmt.Sprintf(ls.Filter, name)
log.Trace("Searching using filter %s", userFilter)
search := ldap.NewSearchRequest(
ls.UserBase, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0,
false, userFilter, []string{}, nil)
// Ensure we found a user
sr, err := l.Search(search)
if err != nil || len(sr.Entries) < 1 {
log.Debug("Failed search using filter %s: %s", userFilter, err.Error())
return
} else if len(sr.Entries) > 1 {
log.Debug("Filter '%s' returned more than one user.", userFilter)
return
}
userDN = sr.Entries[0].DN
if userDN == "" {
log.Error(4, "LDAP search was succesful, but found no DN!")
return
}
success = true
return
}
// searchEntry : search an LDAP source if an entry (name, passwd) is valid and in the specific filter
func (ls Ldapsource) SearchEntry(name, passwd string) (string, string, string, bool) {
userDN, found := ls.FindUserDN(name)
if !found {
return "", "", "", false
}
l, err := ldapDial(ls)
if err != nil {
log.Error(4, "LDAP Connect error, %s:%v", ls.Host, err)
ls.Enabled = false
return "", "", "", false
}
defer l.Close() defer l.Close()
nx := fmt.Sprintf(ls.MsAdSAFormat, name) log.Trace("Binding with userDN: %s", userDN)
err = l.Bind(nx, passwd) err = l.Bind(userDN, passwd)
if err != nil { if err != nil {
log.Debug("LDAP Authan failed for %s, reason: %s", nx, err.Error()) log.Debug("LDAP auth. failed for %s, reason: %s", userDN, err.Error())
return "", "", "", "", false return "", "", "", false
} }
log.Trace("Bound successfully with userDN: %s", userDN)
userFilter := fmt.Sprintf(ls.Filter, name)
search := ldap.NewSearchRequest( search := ldap.NewSearchRequest(
ls.BaseDN, userDN, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, userFilter,
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, []string{ls.AttributeName, ls.AttributeSurname, ls.AttributeMail},
fmt.Sprintf(ls.Filter, name),
[]string{ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail},
nil) nil)
sr, err := l.Search(search) sr, err := l.Search(search)
if err != nil { if err != nil {
log.Debug("LDAP Authen OK but not in filter %s", name) log.Error(4, "LDAP Search failed unexpectedly! (%s)", err.Error())
return "", "", "", "", false return "", "", "", false
} else if len(sr.Entries) < 1 {
log.Error(4, "LDAP Search failed unexpectedly! (0 entries)")
return "", "", "", false
} }
log.Debug("LDAP Authen OK: %s", name)
if len(sr.Entries) > 0 { name_attr := sr.Entries[0].GetAttributeValue(ls.AttributeName)
cn := sr.Entries[0].GetAttributeValue(ls.AttributeUsername) sn_attr := sr.Entries[0].GetAttributeValue(ls.AttributeSurname)
name := sr.Entries[0].GetAttributeValue(ls.AttributeName) mail_attr := sr.Entries[0].GetAttributeValue(ls.AttributeMail)
sn := sr.Entries[0].GetAttributeValue(ls.AttributeSurname) return name_attr, sn_attr, mail_attr, true
mail := sr.Entries[0].GetAttributeValue(ls.AttributeMail)
return cn, name, sn, mail, true
}
return "", "", "", "", true
} }
func ldapDial(ls Ldapsource) (*ldap.Conn, error) { func ldapDial(ls Ldapsource) (*ldap.Conn, error) {
if ls.UseSSL { if ls.UseSSL {
log.Debug("Using TLS for LDAP")
return ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), nil) return ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), nil)
} else { } else {
return ldap.Dial("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port)) return ldap.Dial("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port))

View File

@ -1,29 +0,0 @@
package ldap
// import (
// "fmt"
// "testing"
// )
// var ldapServer = "ldap.itd.umich.edu"
// var ldapPort = 389
// var baseDN = "dc=umich,dc=edu"
// var filter = []string{
// "(cn=cis-fac)",
// "(&(objectclass=rfc822mailgroup)(cn=*Computer*))",
// "(&(objectclass=rfc822mailgroup)(cn=*Mathematics*))"}
// var attributes = []string{
// "cn",
// "description"}
// var msadsaformat = ""
// func TestLDAP(t *testing.T) {
// AddSource("test", ldapServer, ldapPort, baseDN, attributes, filter, msadsaformat)
// user, err := LoginUserLdap("xiaolunwen", "")
// if err != nil {
// t.Error(err)
// return
// }
// fmt.Println(user)
// }

File diff suppressed because one or more lines are too long

View File

@ -63,18 +63,18 @@ func NewAuthSourcePost(ctx *middleware.Context, form auth.AuthenticationForm) {
case models.LDAP: case models.LDAP:
u = &models.LDAPConfig{ u = &models.LDAPConfig{
Ldapsource: ldap.Ldapsource{ Ldapsource: ldap.Ldapsource{
Name: form.Name,
Host: form.Host, Host: form.Host,
Port: form.Port, Port: form.Port,
UseSSL: form.UseSSL, UseSSL: form.UseSSL,
BaseDN: form.BaseDN, BindDN: form.BindDN,
AttributeUsername: form.AttributeUsername, BindPassword: form.BindPassword,
UserBase: form.UserBase,
Filter: form.Filter,
AttributeName: form.AttributeName, AttributeName: form.AttributeName,
AttributeSurname: form.AttributeSurname, AttributeSurname: form.AttributeSurname,
AttributeMail: form.AttributeMail, AttributeMail: form.AttributeMail,
Filter: form.Filter,
MsAdSAFormat: form.MsAdSA,
Enabled: true, Enabled: true,
Name: form.Name,
}, },
} }
case models.SMTP: case models.SMTP:
@ -149,18 +149,18 @@ func EditAuthSourcePost(ctx *middleware.Context, form auth.AuthenticationForm) {
case models.LDAP: case models.LDAP:
config = &models.LDAPConfig{ config = &models.LDAPConfig{
Ldapsource: ldap.Ldapsource{ Ldapsource: ldap.Ldapsource{
Name: form.Name,
Host: form.Host, Host: form.Host,
Port: form.Port, Port: form.Port,
UseSSL: form.UseSSL, UseSSL: form.UseSSL,
BaseDN: form.BaseDN, BindDN: form.BindDN,
AttributeUsername: form.AttributeUsername, BindPassword: form.BindPassword,
UserBase: form.UserBase,
AttributeName: form.AttributeName, AttributeName: form.AttributeName,
AttributeSurname: form.AttributeSurname, AttributeSurname: form.AttributeSurname,
AttributeMail: form.AttributeMail, AttributeMail: form.AttributeMail,
Filter: form.Filter, Filter: form.Filter,
MsAdSAFormat: form.MsAdSA,
Enabled: true, Enabled: true,
Name: form.Name,
}, },
} }
case models.SMTP: case models.SMTP:

View File

@ -31,10 +31,6 @@
</div> </div>
{{if eq $type 2}} {{if eq $type 2}}
<div class="field">
<label class="req" for="domain">{{.i18n.Tr "admin.auths.domain"}}</label>
<input class="ipt ipt-large ipt-radius {{if .Err_Domain}}ipt-error{{end}}" id="domain" name="domain" value="{{.Source.LDAP.Name}}" required />
</div>
<div class="field"> <div class="field">
<label class="req" for="host">{{.i18n.Tr "admin.auths.host"}}</label> <label class="req" for="host">{{.i18n.Tr "admin.auths.host"}}</label>
<input class="ipt ipt-large ipt-radius {{if .Err_Host}}ipt-error{{end}}" id="host" name="host" value="{{.Source.LDAP.Host}}" required /> <input class="ipt ipt-large ipt-radius {{if .Err_Host}}ipt-error{{end}}" id="host" name="host" value="{{.Source.LDAP.Host}}" required />
@ -44,12 +40,24 @@
<input class="ipt ipt-large ipt-radius {{if .Err_Port}}ipt-error{{end}}" id="port" name="port" value="{{.Source.LDAP.Port}}" required /> <input class="ipt ipt-large ipt-radius {{if .Err_Port}}ipt-error{{end}}" id="port" name="port" value="{{.Source.LDAP.Port}}" required />
</div> </div>
<div class="field"> <div class="field">
<label class="req" for="base_dn">{{.i18n.Tr "admin.auths.base_dn"}}</label> <label for="use_ssl">{{.i18n.Tr "admin.auths.enable_tls"}}</label>
<input class="ipt ipt-large ipt-radius {{if .Err_BaseDN}}ipt-error{{end}}" id="base_dn" name="base_dn" value="{{.Source.LDAP.BaseDN}}" /> <input name="use_ssl" type="checkbox" {{if .Source.LDAP.UseSSL}}checked{{end}}>
</div> </div>
<div class="field"> <div class="field">
<label class="req" for="attribute_username">{{.i18n.Tr "admin.auths.attribute_username"}}</label> <label for="bind_dn">{{.i18n.Tr "admin.auths.bind_dn"}}</label>
<input class="ipt ipt-large ipt-radius {{if .Err_Attributes}}ipt-error{{end}}" id="attribute_username" name="attribute_username" value="{{.Source.LDAP.AttributeUsername}}" /> <input class="ipt ipt-large ipt-radius {{if .Err_BindDN}}ipt-error{{end}}" id="bind_dn" name="bind_dn" value="{{.Source.LDAP.BindDN}}" />
</div>
<div class="field">
<label for="bind_password">{{.i18n.Tr "admin.auths.bind_password"}}</label>
<input class="ipt ipt-large ipt-radius {{if .Err_BindPassword}}ipt-error{{end}}" id="bind_password" name="bind_password" value="{{.Source.LDAP.BindPassword}}" />
</div>
<div class="field">
<label class="req" for="user_base">{{.i18n.Tr "admin.auths.user_base"}}</label>
<input class="ipt ipt-large ipt-radius {{if .Err_UserBase}}ipt-error{{end}}" id="user_base" name="user_base" value="{{.Source.LDAP.UserBase}}" />
</div>
<div class="field">
<label class="req" for="filter">{{.i18n.Tr "admin.auths.filter"}}</label>
<input class="ipt ipt-large ipt-radius {{if .Err_Filter}}ipt-error{{end}}" id="filter" name="filter" value="{{.Source.LDAP.Filter}}" />
</div> </div>
<div class="field"> <div class="field">
<label for="attribute_name">{{.i18n.Tr "admin.auths.attribute_name"}}</label> <label for="attribute_name">{{.i18n.Tr "admin.auths.attribute_name"}}</label>
@ -63,14 +71,6 @@
<label class="req" for="attribute_mail">{{.i18n.Tr "admin.auths.attribute_mail"}}</label> <label class="req" for="attribute_mail">{{.i18n.Tr "admin.auths.attribute_mail"}}</label>
<input class="ipt ipt-large ipt-radius {{if .Err_Attributes}}ipt-error{{end}}" id="attribute_mail" name="attribute_mail" value="{{.Source.LDAP.AttributeMail}}" /> <input class="ipt ipt-large ipt-radius {{if .Err_Attributes}}ipt-error{{end}}" id="attribute_mail" name="attribute_mail" value="{{.Source.LDAP.AttributeMail}}" />
</div> </div>
<div class="field">
<label class="req" for="filter">{{.i18n.Tr "admin.auths.filter"}}</label>
<input class="ipt ipt-large ipt-radius {{if .Err_Filter}}ipt-error{{end}}" id="filter" name="filter" value="{{.Source.LDAP.Filter}}" />
</div>
<div class="field">
<label class="req" for="ms_ad_sa">{{.i18n.Tr "admin.auths.ms_ad_sa"}}</label>
<input class="ipt ipt-large ipt-radius {{if .Err_MsAdSA}}ipt-error{{end}}" id="ms_ad_sa" name="ms_ad_sa" value="{{.Source.LDAP.MsAdSAFormat}}" />
</div>
{{else if eq $type 3}} {{else if eq $type 3}}
<div class="field"> <div class="field">

View File

@ -27,10 +27,6 @@
<input class="ipt ipt-large ipt-radius {{if .Err_AuthName}}ipt-error{{end}}" id="name" name="name" value="{{.name}}" required /> <input class="ipt ipt-large ipt-radius {{if .Err_AuthName}}ipt-error{{end}}" id="name" name="name" value="{{.name}}" required />
</div> </div>
<div class="ldap"> <div class="ldap">
<div class="field">
<label class="req" for="domain">{{.i18n.Tr "admin.auths.domain"}}</label>
<input class="ipt ipt-large ipt-radius {{if .Err_Domain}}ipt-error{{end}}" id="domain" name="domain" value="{{.domain}}" />
</div>
<div class="field"> <div class="field">
<label class="req" for="host">{{.i18n.Tr "admin.auths.host"}}</label> <label class="req" for="host">{{.i18n.Tr "admin.auths.host"}}</label>
<input class="ipt ipt-large ipt-radius {{if .Err_Host}}ipt-error{{end}}" id="host" name="host" value="{{.host}}" /> <input class="ipt ipt-large ipt-radius {{if .Err_Host}}ipt-error{{end}}" id="host" name="host" value="{{.host}}" />
@ -40,12 +36,24 @@
<input class="ipt ipt-large ipt-radius {{if .Err_Port}}ipt-error{{end}}" id="port" name="port" value="{{.port}}" /> <input class="ipt ipt-large ipt-radius {{if .Err_Port}}ipt-error{{end}}" id="port" name="port" value="{{.port}}" />
</div> </div>
<div class="field"> <div class="field">
<label class="req" for="base_dn">{{.i18n.Tr "admin.auths.base_dn"}}</label> <label for="use_ssl">{{.i18n.Tr "admin.auths.enable_tls"}}</label>
<input class="ipt ipt-large ipt-radius {{if .Err_BaseDN}}ipt-error{{end}}" id="base_dn" name="base_dn" value="{{.base_dn}}" /> <input name="use_ssl" type="checkbox" {{if .use_ssl}}checked{{end}}>
</div> </div>
<div class="field"> <div class="field">
<label class="req" for="attribute_username">{{.i18n.Tr "admin.auths.attribute_username"}}</label> <label class="req" for="bind_dn">{{.i18n.Tr "admin.auths.bind_dn"}}</label>
<input class="ipt ipt-large ipt-radius {{if .Err_AttributeUsername}}ipt-error{{end}}" id="attribute_username" name="attribute_username" value="{{.attribute_username}}" /> <input class="ipt ipt-large ipt-radius {{if .Err_BindDN}}ipt-error{{end}}" id="bind_dn" name="bind_dn" value="{{.bind_dn}}" />
</div>
<div class="field">
<label class="req" for="bind_password">{{.i18n.Tr "admin.auths.bind_password"}}</label>
<input class="ipt ipt-large ipt-radius {{if .Err_BindPassword}}ipt-error{{end}}" id="bind_password" name="bind_password" value="{{.bind_password}}" />
</div>
<div class="field">
<label class="req" for="user_base">{{.i18n.Tr "admin.auths.user_base"}}</label>
<input class="ipt ipt-large ipt-radius {{if .Err_UserBase}}ipt-error{{end}}" id="user_base" name="user_base" value="{{.user_base}}" />
</div>
<div class="field">
<label class="req" for="filter">{{.i18n.Tr "admin.auths.filter"}}</label>
<input class="ipt ipt-large ipt-radius {{if .Err_Filter}}ipt-error{{end}}" id="filter" name="filter" value="{{.filter}}" />
</div> </div>
<div class="field"> <div class="field">
<label for="attribute_name">{{.i18n.Tr "admin.auths.attribute_name"}}</label> <label for="attribute_name">{{.i18n.Tr "admin.auths.attribute_name"}}</label>
@ -59,14 +67,6 @@
<label class="req" for="attribute_mail">{{.i18n.Tr "admin.auths.attribute_mail"}}</label> <label class="req" for="attribute_mail">{{.i18n.Tr "admin.auths.attribute_mail"}}</label>
<input class="ipt ipt-large ipt-radius {{if .Err_AttributeMail}}ipt-error{{end}}" id="attribute_mail" name="attribute_mail" value="{{.attribute_mail}}" /> <input class="ipt ipt-large ipt-radius {{if .Err_AttributeMail}}ipt-error{{end}}" id="attribute_mail" name="attribute_mail" value="{{.attribute_mail}}" />
</div> </div>
<div class="field">
<label class="req" for="filter">{{.i18n.Tr "admin.auths.filter"}}</label>
<input class="ipt ipt-large ipt-radius {{if .Err_Filter}}ipt-error{{end}}" id="filter" name="filter" value="{{.filter}}" />
</div>
<div class="field">
<label class="req" for="ms_ad_sa">{{.i18n.Tr "admin.auths.ms_ad_sa"}}</label>
<input class="ipt ipt-large ipt-radius {{if .Err_MsAdSA}}ipt-error{{end}}" id="ms_ad_sa" name="ms_ad_sa" value="{{.ms_ad_sa}}" />
</div>
</div> </div>
<div class="smtp hidden"> <div class="smtp hidden">
<div class="field"> <div class="field">