10 年之前 · 9afdea8d2a
--- a/conf/ldap.toml
+++ b/conf/ldap.toml
@@ -8,6 +8,10 @@ host = "127.0.0.1"
 
				 port = 389
			
 
				 # Set to true if ldap server supports TLS
			
 
				 use_ssl = false
			
 
				+# set to true if you want to skip ssl cert validation
			
 
				+ssl_skip_verify = false
			
 
				+# if cert validation is enabled, provide ldap cert server name
			
 
				+ssl_server_name = ""
			
 
				 
			
 
				 # Search user bind dn
			
 
				 bind_dn = "cn=admin,dc=grafana,dc=org"
			
--- a/docs/sources/installation/ldap.md
+++ b/docs/sources/installation/ldap.md
@@ -27,6 +27,10 @@ host = "127.0.0.1"
 
				 port = 389
			
 
				 # Set to true if ldap server supports TLS
			
 
				 use_ssl = false
			
 
				+# set to true if you want to skip ssl cert validation
			
 
				+ssl_skip_verify = false
			
 
				+# if cert validation is enabled, provide ldap cert server name
			
 
				+ssl_server_name = ""
			
 
				 
			
 
				 # Search user bind dn
			
 
				 bind_dn = "cn=admin,dc=grafana,dc=org"
			
--- a/pkg/login/ldap.go
+++ b/pkg/login/ldap.go
@@ -1,6 +1,7 @@
 
				 package login
			
 
				 
			
 
				 import (
			
 
				+	"crypto/tls"
			
 
				 	"errors"
			
 
				 	"fmt"
			
 
				 	"strings"
			
@@ -25,7 +26,11 @@ func (a *ldapAuther) Dial() error {
 
				 	address := fmt.Sprintf("%s:%d", a.server.Host, a.server.Port)
			
 
				 	var err error
			
 
				 	if a.server.UseSSL {
			
 
				-		a.conn, err = ldap.DialTLS("tcp", address, nil)
			
 
				+		tlsCfg := &tls.Config{
			
 
				+			InsecureSkipVerify: a.server.SkipVerifySSL,
			
 
				+			ServerName:         a.server.CertServerName,
			
 
				+		}
			
 
				+		a.conn, err = ldap.DialTLS("tcp", address, tlsCfg)
			
 
				 	} else {
			
 
				 		a.conn, err = ldap.Dial("tcp", address)
			
 
				 	}
			
--- a/pkg/login/settings.go
+++ b/pkg/login/settings.go
@@ -13,12 +13,14 @@ type LdapConfig struct {
 
				 }
			
 
				 
			
 
				 type LdapServerConf struct {
			
 
				-	Host         string           `toml:"host"`
			
 
				-	Port         int              `toml:"port"`
			
 
				-	UseSSL       bool             `toml:"use_ssl"`
			
 
				-	BindDN       string           `toml:"bind_dn"`
			
 
				-	BindPassword string           `toml:"bind_password"`
			
 
				-	Attr         LdapAttributeMap `toml:"attributes"`
			
 
				+	Host           string           `toml:"host"`
			
 
				+	Port           int              `toml:"port"`
			
 
				+	UseSSL         bool             `toml:"use_ssl"`
			
 
				+	SkipVerifySSL  bool             `toml:"ssl_skip_verify"`
			
 
				+	CertServerName string           `toml:"ssl_server_name"`
			
 
				+	BindDN         string           `toml:"bind_dn"`
			
 
				+	BindPassword   string           `toml:"bind_password"`
			
 
				+	Attr           LdapAttributeMap `toml:"attributes"`
			
 
				 
			
 
				 	SearchFilter  string   `toml:"search_filter"`
			
 
				 	SearchBaseDNs []string `toml:"search_base_dns"`