[Update] 修改ldap支持ssl

1097b111 · ibuler · 20656921 · 1097b111 · 1097b111
Commit 1097b111 authored May 28, 2019 by ibuler
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 4 deletions

settings.py apps/jumpserver/settings.py +7 -1

forms.py apps/settings/forms.py +3 -3

No files found.
--- a/apps/jumpserver/settings.py
+++ b/apps/jumpserver/settings.py
@@ -173,7 +173,7 @@ DATABASES = {
        'OPTIONS': DB_OPTIONS
    }
 }
-DB_CA_PATH = os.path.join(PROJECT_DIR, 'data', 'ca.pem')
+DB_CA_PATH = os.path.join(PROJECT_DIR, 'data', 'certs', 'db_ca.pem')
 if CONFIG.DB_ENGINE.lower() == 'mysql':
    DB_OPTIONS['init_command'] = "SET sql_mode='STRICT_TRANS_TABLES'"
    if os.path.isfile(DB_CA_PATH):
@@ -426,6 +426,12 @@ AUTH_LDAP_SEARCH_OU = 'ou=tech,dc=jumpserver,dc=org'
 AUTH_LDAP_SEARCH_FILTER = '(cn=%(user)s)'
 AUTH_LDAP_START_TLS = False
 AUTH_LDAP_USER_ATTR_MAP = {"username": "cn", "name": "sn", "email": "mail"}
+AUTH_LDAP_GLOBAL_OPTIONS = {
+    ldap.OPT_X_TLS_REQUIRE_CERT: ldap.OPT_X_TLS_NEVER,
+}
+LDAP_CERT_FILE = os.path.join(PROJECT_DIR, "data", "certs", "ldap_ca.pem")
+if os.path.isfile(LDAP_CERT_FILE):
+    AUTH_LDAP_GLOBAL_OPTIONS[ldap.OPT_X_TLS_CACERTFILE] = LDAP_CERT_FILE
 # AUTH_LDAP_GROUP_SEARCH_OU = CONFIG.AUTH_LDAP_GROUP_SEARCH_OU
 # AUTH_LDAP_GROUP_SEARCH_FILTER = CONFIG.AUTH_LDAP_GROUP_SEARCH_FILTER
 # AUTH_LDAP_GROUP_SEARCH = LDAPSearch(

--- a/apps/settings/forms.py
+++ b/apps/settings/forms.py
@@ -121,9 +121,9 @@ class LDAPSettingForm(BaseForm):
    )
    # AUTH_LDAP_GROUP_SEARCH_OU = CONFIG.AUTH_LDAP_GROUP_SEARCH_OU
    # AUTH_LDAP_GROUP_SEARCH_FILTER = CONFIG.AUTH_LDAP_GROUP_SEARCH_FILTER
-    AUTH_LDAP_START_TLS = forms.BooleanField(
+    # AUTH_LDAP_START_TLS = forms.BooleanField(
-        label=_("Use SSL"), required=False
+    #     label=_("Use SSL"), required=False
-    )
+    # )
    AUTH_LDAP = forms.BooleanField(label=_("Enable LDAP auth"), required=False)