mirror of
https://github.com/open-webui/open-webui
synced 2025-06-12 09:23:05 +00:00
Add option to disable certificate validation.
This commit is contained in:
parent
950f3cdcc0
commit
f63e76e653
@ -2839,6 +2839,12 @@ LDAP_CA_CERT_FILE = PersistentConfig(
|
|||||||
os.environ.get("LDAP_CA_CERT_FILE", ""),
|
os.environ.get("LDAP_CA_CERT_FILE", ""),
|
||||||
)
|
)
|
||||||
|
|
||||||
|
LDAP_VALIDATE_CERT = PersistentConfig(
|
||||||
|
"LDAP_VALIDATE_CERT",
|
||||||
|
"ldap.server.validate_cert",
|
||||||
|
os.environ.get("LDAP_USE_TLS", "True").lower() == "true",
|
||||||
|
)
|
||||||
|
|
||||||
LDAP_CIPHERS = PersistentConfig(
|
LDAP_CIPHERS = PersistentConfig(
|
||||||
"LDAP_CIPHERS", "ldap.server.ciphers", os.environ.get("LDAP_CIPHERS", "ALL")
|
"LDAP_CIPHERS", "ldap.server.ciphers", os.environ.get("LDAP_CIPHERS", "ALL")
|
||||||
)
|
)
|
||||||
|
@ -317,6 +317,7 @@ from open_webui.config import (
|
|||||||
LDAP_APP_PASSWORD,
|
LDAP_APP_PASSWORD,
|
||||||
LDAP_USE_TLS,
|
LDAP_USE_TLS,
|
||||||
LDAP_CA_CERT_FILE,
|
LDAP_CA_CERT_FILE,
|
||||||
|
LDAP_VALIDATE_CERT,
|
||||||
LDAP_CIPHERS,
|
LDAP_CIPHERS,
|
||||||
# Misc
|
# Misc
|
||||||
ENV,
|
ENV,
|
||||||
@ -609,6 +610,7 @@ app.state.config.LDAP_SEARCH_BASE = LDAP_SEARCH_BASE
|
|||||||
app.state.config.LDAP_SEARCH_FILTERS = LDAP_SEARCH_FILTERS
|
app.state.config.LDAP_SEARCH_FILTERS = LDAP_SEARCH_FILTERS
|
||||||
app.state.config.LDAP_USE_TLS = LDAP_USE_TLS
|
app.state.config.LDAP_USE_TLS = LDAP_USE_TLS
|
||||||
app.state.config.LDAP_CA_CERT_FILE = LDAP_CA_CERT_FILE
|
app.state.config.LDAP_CA_CERT_FILE = LDAP_CA_CERT_FILE
|
||||||
|
app.state.config.LDAP_VALIDATE_CERT = LDAP_VALIDATE_CERT
|
||||||
app.state.config.LDAP_CIPHERS = LDAP_CIPHERS
|
app.state.config.LDAP_CIPHERS = LDAP_CIPHERS
|
||||||
|
|
||||||
|
|
||||||
|
@ -51,7 +51,7 @@ from open_webui.utils.access_control import get_permissions
|
|||||||
|
|
||||||
from typing import Optional, List
|
from typing import Optional, List
|
||||||
|
|
||||||
from ssl import CERT_REQUIRED, PROTOCOL_TLS
|
from ssl import CERT_NONE, CERT_REQUIRED, PROTOCOL_TLS
|
||||||
|
|
||||||
if ENABLE_LDAP.value:
|
if ENABLE_LDAP.value:
|
||||||
from ldap3 import Server, Connection, NONE, Tls
|
from ldap3 import Server, Connection, NONE, Tls
|
||||||
@ -186,6 +186,11 @@ async def ldap_auth(request: Request, response: Response, form_data: LdapForm):
|
|||||||
LDAP_APP_PASSWORD = request.app.state.config.LDAP_APP_PASSWORD
|
LDAP_APP_PASSWORD = request.app.state.config.LDAP_APP_PASSWORD
|
||||||
LDAP_USE_TLS = request.app.state.config.LDAP_USE_TLS
|
LDAP_USE_TLS = request.app.state.config.LDAP_USE_TLS
|
||||||
LDAP_CA_CERT_FILE = request.app.state.config.LDAP_CA_CERT_FILE
|
LDAP_CA_CERT_FILE = request.app.state.config.LDAP_CA_CERT_FILE
|
||||||
|
LDAP_VALIDATE_CERT = (
|
||||||
|
CERT_REQUIRED
|
||||||
|
if request.app.state.config.LDAP_VALIDATE_CERT
|
||||||
|
else CERT_NONE
|
||||||
|
)
|
||||||
LDAP_CIPHERS = (
|
LDAP_CIPHERS = (
|
||||||
request.app.state.config.LDAP_CIPHERS
|
request.app.state.config.LDAP_CIPHERS
|
||||||
if request.app.state.config.LDAP_CIPHERS
|
if request.app.state.config.LDAP_CIPHERS
|
||||||
@ -197,7 +202,7 @@ async def ldap_auth(request: Request, response: Response, form_data: LdapForm):
|
|||||||
|
|
||||||
try:
|
try:
|
||||||
tls = Tls(
|
tls = Tls(
|
||||||
validate=CERT_REQUIRED,
|
validate=LDAP_VALIDATE_CERT,
|
||||||
version=PROTOCOL_TLS,
|
version=PROTOCOL_TLS,
|
||||||
ca_certs_file=LDAP_CA_CERT_FILE,
|
ca_certs_file=LDAP_CA_CERT_FILE,
|
||||||
ciphers=LDAP_CIPHERS,
|
ciphers=LDAP_CIPHERS,
|
||||||
@ -779,6 +784,7 @@ class LdapServerConfig(BaseModel):
|
|||||||
search_filters: str = ""
|
search_filters: str = ""
|
||||||
use_tls: bool = True
|
use_tls: bool = True
|
||||||
certificate_path: Optional[str] = None
|
certificate_path: Optional[str] = None
|
||||||
|
validate_cert: bool = True
|
||||||
ciphers: Optional[str] = "ALL"
|
ciphers: Optional[str] = "ALL"
|
||||||
|
|
||||||
|
|
||||||
@ -796,6 +802,7 @@ async def get_ldap_server(request: Request, user=Depends(get_admin_user)):
|
|||||||
"search_filters": request.app.state.config.LDAP_SEARCH_FILTERS,
|
"search_filters": request.app.state.config.LDAP_SEARCH_FILTERS,
|
||||||
"use_tls": request.app.state.config.LDAP_USE_TLS,
|
"use_tls": request.app.state.config.LDAP_USE_TLS,
|
||||||
"certificate_path": request.app.state.config.LDAP_CA_CERT_FILE,
|
"certificate_path": request.app.state.config.LDAP_CA_CERT_FILE,
|
||||||
|
"validate_cert": request.app.state.config.LDAP_VALIDATE_CERT,
|
||||||
"ciphers": request.app.state.config.LDAP_CIPHERS,
|
"ciphers": request.app.state.config.LDAP_CIPHERS,
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -831,6 +838,7 @@ async def update_ldap_server(
|
|||||||
request.app.state.config.LDAP_SEARCH_FILTERS = form_data.search_filters
|
request.app.state.config.LDAP_SEARCH_FILTERS = form_data.search_filters
|
||||||
request.app.state.config.LDAP_USE_TLS = form_data.use_tls
|
request.app.state.config.LDAP_USE_TLS = form_data.use_tls
|
||||||
request.app.state.config.LDAP_CA_CERT_FILE = form_data.certificate_path
|
request.app.state.config.LDAP_CA_CERT_FILE = form_data.certificate_path
|
||||||
|
request.app.state.config.LDAP_VALIDATE_CERT = form_data.validate_cert
|
||||||
request.app.state.config.LDAP_CIPHERS = form_data.ciphers
|
request.app.state.config.LDAP_CIPHERS = form_data.ciphers
|
||||||
|
|
||||||
return {
|
return {
|
||||||
@ -845,6 +853,7 @@ async def update_ldap_server(
|
|||||||
"search_filters": request.app.state.config.LDAP_SEARCH_FILTERS,
|
"search_filters": request.app.state.config.LDAP_SEARCH_FILTERS,
|
||||||
"use_tls": request.app.state.config.LDAP_USE_TLS,
|
"use_tls": request.app.state.config.LDAP_USE_TLS,
|
||||||
"certificate_path": request.app.state.config.LDAP_CA_CERT_FILE,
|
"certificate_path": request.app.state.config.LDAP_CA_CERT_FILE,
|
||||||
|
"validate_cert": request.app.state.config.LDAP_VALIDATE_CERT,
|
||||||
"ciphers": request.app.state.config.LDAP_CIPHERS,
|
"ciphers": request.app.state.config.LDAP_CIPHERS,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -559,6 +559,13 @@
|
|||||||
/>
|
/>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
<div class="flex justify-between items-center text-xs">
|
||||||
|
<div class=" font-medium">Validate certificate</div>
|
||||||
|
|
||||||
|
<div class="mt-1">
|
||||||
|
<Switch bind:state={LDAP_SERVER.validate_cert} />
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
<div class="flex w-full gap-2">
|
<div class="flex w-full gap-2">
|
||||||
<div class="w-full">
|
<div class="w-full">
|
||||||
<div class=" self-center text-xs font-medium min-w-fit mb-1">
|
<div class=" self-center text-xs font-medium min-w-fit mb-1">
|
||||||
|
Loading…
Reference in New Issue
Block a user