Merge pull request #13 from flavienbwk/develop

flavienbwk · web-flow · commit 8e3269b118bf · 2020-10-04T19:28:50.000+02:00
Added secure LDAP support
diff --git a/api/app/service/auth_service.py b/api/app/service/auth_service.py
@@ -19,9 +19,10 @@
 from model.User import User
 from model.Token import Token
 
+LDAP_SCHEME = os.environ.get("LDAP_SCHEME")
 LDAP_HOST = os.environ.get("LDAP_HOST")
 LDAP_PORT = os.environ.get("LDAP_PORT")
-LDAP_ENDPOINT = "ldap://{}:{}".format(LDAP_HOST, LDAP_PORT)
+LDAP_ENDPOINT = "{}://{}:{}".format(LDAP_SCHEME, LDAP_HOST, LDAP_PORT)
 LDAP_USERS_DN = os.environ.get("LDAP_USERS_DN")
 LDAP_ADMIN_DN = os.environ.get("LDAP_ADMIN_DN")
 LDAP_ADMIN_PASSWORD = os.environ.get("LDAP_ADMIN_PASSWORD")
@@ -94,6 +95,7 @@ def checkLDAPCredentials(username: str, password: str):
         return_value = False
         search_filter = "(&(uid={})(objectClass=inetOrgPerson))".format(username)
         try:
+            ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
             connection = ldap.initialize(LDAP_ENDPOINT)
             connection.protocol_version = ldap.VERSION3
             connection.simple_bind_s(LDAP_ADMIN_DN, LDAP_ADMIN_PASSWORD)
diff --git a/api/app/service/user_service.py b/api/app/service/user_service.py
@@ -15,9 +15,10 @@
 from model.User import User
 from model.Token import Token
 
+LDAP_SCHEME = os.environ.get("LDAP_SCHEME")
 LDAP_HOST = os.environ.get("LDAP_HOST")
 LDAP_PORT = os.environ.get("LDAP_PORT")
-LDAP_ENDPOINT = "ldap://{}:{}".format(LDAP_HOST, LDAP_PORT)
+LDAP_ENDPOINT = "{}://{}:{}".format(LDAP_SCHEME, LDAP_HOST, LDAP_PORT)
 LDAP_USERS_DN = os.environ.get("LDAP_USERS_DN")
 LDAP_ADMIN_DN = os.environ.get("LDAP_ADMIN_DN")
 LDAP_ADMIN_PASSWORD = os.environ.get("LDAP_ADMIN_PASSWORD")
@@ -60,6 +61,7 @@ def updateLDAPUser(user: User):
         response = ApiResponse()
         search_filter = "(&(uid={})(objectClass=inetOrgPerson))".format(user.username)
         try:
+            ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
             connection = ldap.initialize(LDAP_ENDPOINT)
             connection.protocol_version = ldap.VERSION3
             connection.simple_bind_s(LDAP_ADMIN_DN, LDAP_ADMIN_PASSWORD)
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -66,7 +66,8 @@ services:
       LOG_LEVEL: "DEBUG" # DEBUG, INFO, WARNING or ERROR
 
       LDAP_HOST: "ldap"
-      LDAP_PORT: 389 # Secure LDAP (LDAPS) are not supported yet
+      LDAP_SCHEME: "ldap" # "ldaps" if using secure LDAP, "ldap" else
+      LDAP_PORT: 389
       LDAP_USERS_DN: "dc=mycompany,dc=com"
       LDAP_ADMIN_DN: "cn=admin,dc=mycompany,dc=com"
       LDAP_ADMIN_PASSWORD: "adminpwd"
