Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix(ldap): exiting by peer exception occurred during the TLS connec…
Browse files Browse the repository at this point in the history
…tion(AlistGo#5977)
rayiins authored and EtherealAO committed Apr 12, 2024

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
1 parent 80aede8 commit f12dc8f
Showing 1 changed file with 18 additions and 20 deletions.
38 changes: 18 additions & 20 deletions server/handles/ldap_login.go
Original file line number Diff line number Diff line change
@@ -50,31 +50,13 @@ func loginLdap(c *gin.Context, req *LoginReq) {
ldapUserSearchBase := setting.GetStr(conf.LdapUserSearchBase)
ldapUserSearchFilter := setting.GetStr(conf.LdapUserSearchFilter) // (uid=%s)

var tlsEnabled bool = false
if strings.HasPrefix(ldapServer, "ldaps://") {
tlsEnabled = true
ldapServer = strings.TrimPrefix(ldapServer, "ldaps://")
} else if strings.HasPrefix(ldapServer, "ldap://") {
ldapServer = strings.TrimPrefix(ldapServer, "ldap://")
}

l, err := ldap.Dial("tcp", ldapServer)
// Connect to LdapServer
l, err := dial(ldapServer)
if err != nil {
utils.Log.Errorf("failed to connect to LDAP: %v", err)
common.ErrorResp(c, err, 500)
return
}
defer l.Close()

if tlsEnabled {
// Reconnect with TLS
err = l.StartTLS(&tls.Config{InsecureSkipVerify: true})
if err != nil {
utils.Log.Errorf("failed to start tls: %v", err)
common.ErrorResp(c, err, 500)
return
}
}

// First bind with a read only user
if ldapManagerDN != "" && ldapManagerPassword != "" {
@@ -157,3 +139,19 @@ func ladpRegister(username string) (*model.User, error) {
}
return user, nil
}

func dial(ldapServer string) (*ldap.Conn, error) {
var tlsEnabled bool = false
if strings.HasPrefix(ldapServer, "ldaps://") {
tlsEnabled = true
ldapServer = strings.TrimPrefix(ldapServer, "ldaps://")
} else if strings.HasPrefix(ldapServer, "ldap://") {
ldapServer = strings.TrimPrefix(ldapServer, "ldap://")
}

if tlsEnabled {
return ldap.DialTLS("tcp", ldapServer, &tls.Config{InsecureSkipVerify: true})
} else {
return ldap.Dial("tcp", ldapServer)
}
}

0 comments on commit f12dc8f

Please sign in to comment.