From 78be95147420082e66fdf583d98e3f588edb32dd Mon Sep 17 00:00:00 2001
From: jerhat <jeremy@webnest.tech>
Date: Thu, 9 Jul 2020 14:24:36 +0800
Subject: [PATCH] Added optional ldap_no_tls_verify config that allows
 bypassiung ldap ssl certification check

---
 README.md     |  1 +
 src/config.rs |  6 ++++++
 src/main.rs   | 10 ++++++++--
 3 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index ca58815..d3a5053 100644
--- a/README.md
+++ b/README.md
@@ -23,6 +23,7 @@ Configuration values are as follows:
 |`ldap_host`|String||The hostname or IP address for your ldap server|
 |`ldap_scheme`|String|Optional|The that should be used to connect. `ldap` or `ldaps`. This is set by default based on SSL settings|
 |`ldap_ssl`|Boolean|Optional|Indicates if SSL should be used. Defaults to `false`|
+|`ldap_no_tls_verify`|Boolean|Optional|Indicates if certificate should be verified when using SSL. Defaults to `true`|
 |`ldap_port`|Integer|Optional|Port used to connect to the LDAP server. This will default to 389 or 636, depending on your SSL settings|
 |`ldap_bind_dn`|String||The dn for the bind user that will connect to LDAP. Eg. `cn=admin,dc=example,dc=org`|
 |`ldap_bind_password`|String||The password for the provided bind user.|
diff --git a/src/config.rs b/src/config.rs
index 958464a..5c81c63 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -44,6 +44,8 @@ pub struct Config {
     ldap_scheme: Option<String>,
     ldap_ssl: Option<bool>,
     ldap_port: Option<u16>,
+	// LDAP skip tls verify
+    ldap_no_tls_verify: Option<bool>,
     // LDAP auth config
     ldap_bind_dn: String,
     ldap_bind_password: Pass,
@@ -109,6 +111,10 @@ impl Config {
         self.ldap_ssl.unwrap_or(false)
     }
 
+    pub fn get_ldap_no_tls_verify(&self) -> bool {
+        self.ldap_no_tls_verify.unwrap_or(false)
+    }
+
     pub fn get_ldap_port(&self) -> u16 {
         match self.ldap_port {
             Some(ldap_port) => ldap_port,
diff --git a/src/main.rs b/src/main.rs
index 3698012..af10abd 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -5,7 +5,7 @@ use std::error::Error;
 use std::thread::sleep;
 use std::time::Duration;
 
-use ldap3::{DerefAliases, LdapConn, Scope, SearchEntry, SearchOptions};
+use ldap3::{DerefAliases, LdapConn, Scope, SearchEntry, SearchOptions, LdapConnSettings};
 
 mod bw_admin;
 mod config;
@@ -65,8 +65,13 @@ fn ldap_client(
     ldap_url: String,
     bind_dn: String,
     bind_pw: String,
+	no_tls_verify: bool
 ) -> Result<LdapConn, Box<dyn Error>> {
-    let ldap = LdapConn::new(ldap_url.as_str())?;
+	
+	let settings = LdapConnSettings::new()
+		.set_no_tls_verify(no_tls_verify);
+	
+    let ldap = LdapConn::with_settings(settings, ldap_url.as_str())?;
     match ldap.simple_bind(bind_dn.as_str(), bind_pw.as_str()) {
         _ => {}
     };
@@ -80,6 +85,7 @@ fn search_entries(config: &config::Config) -> Result<Vec<SearchEntry>, Box<dyn E
         config.get_ldap_url(),
         config.get_ldap_bind_dn(),
         config.get_ldap_bind_password(),
+		config.get_ldap_no_tls_verify()
     );
 
     if ldap.is_err() {