From 1097b11115f0dc670bb1a94aa4ce97c810e79681 Mon Sep 17 00:00:00 2001
From: ibuler <ibuler@qq.com>
Date: Tue, 28 May 2019 10:28:03 +0800
Subject: [PATCH] =?UTF-8?q?[Update]=20=E4=BF=AE=E6=94=B9ldap=E6=94=AF?=
 =?UTF-8?q?=E6=8C=81ssl?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/jumpserver/settings.py | 8 +++++++-
 apps/settings/forms.py      | 6 +++---
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/apps/jumpserver/settings.py b/apps/jumpserver/settings.py
index 2e09ea191..d9be8c346 100644
--- a/apps/jumpserver/settings.py
+++ b/apps/jumpserver/settings.py
@@ -173,7 +173,7 @@ DATABASES = {
         'OPTIONS': DB_OPTIONS
     }
 }
-DB_CA_PATH = os.path.join(PROJECT_DIR, 'data', 'ca.pem')
+DB_CA_PATH = os.path.join(PROJECT_DIR, 'data', 'certs', 'db_ca.pem')
 if CONFIG.DB_ENGINE.lower() == 'mysql':
     DB_OPTIONS['init_command'] = "SET sql_mode='STRICT_TRANS_TABLES'"
     if os.path.isfile(DB_CA_PATH):
@@ -426,6 +426,12 @@ AUTH_LDAP_SEARCH_OU = 'ou=tech,dc=jumpserver,dc=org'
 AUTH_LDAP_SEARCH_FILTER = '(cn=%(user)s)'
 AUTH_LDAP_START_TLS = False
 AUTH_LDAP_USER_ATTR_MAP = {"username": "cn", "name": "sn", "email": "mail"}
+AUTH_LDAP_GLOBAL_OPTIONS = {
+    ldap.OPT_X_TLS_REQUIRE_CERT: ldap.OPT_X_TLS_NEVER,
+}
+LDAP_CERT_FILE = os.path.join(PROJECT_DIR, "data", "certs", "ldap_ca.pem")
+if os.path.isfile(LDAP_CERT_FILE):
+    AUTH_LDAP_GLOBAL_OPTIONS[ldap.OPT_X_TLS_CACERTFILE] = LDAP_CERT_FILE
 # AUTH_LDAP_GROUP_SEARCH_OU = CONFIG.AUTH_LDAP_GROUP_SEARCH_OU
 # AUTH_LDAP_GROUP_SEARCH_FILTER = CONFIG.AUTH_LDAP_GROUP_SEARCH_FILTER
 # AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
diff --git a/apps/settings/forms.py b/apps/settings/forms.py
index b27cade64..3f6a690a8 100644
--- a/apps/settings/forms.py
+++ b/apps/settings/forms.py
@@ -121,9 +121,9 @@ class LDAPSettingForm(BaseForm):
     )
     # AUTH_LDAP_GROUP_SEARCH_OU = CONFIG.AUTH_LDAP_GROUP_SEARCH_OU
     # AUTH_LDAP_GROUP_SEARCH_FILTER = CONFIG.AUTH_LDAP_GROUP_SEARCH_FILTER
-    AUTH_LDAP_START_TLS = forms.BooleanField(
-        label=_("Use SSL"), required=False
-    )
+    # AUTH_LDAP_START_TLS = forms.BooleanField(
+    #     label=_("Use SSL"), required=False
+    # )
     AUTH_LDAP = forms.BooleanField(label=_("Enable LDAP auth"), required=False)