OpenWebUI/open-webui
1
0
Fork 0
mirror of https://github.com/open-webui/open-webui synced 2025-06-12 01:12:49 +00:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

Add option to disable certificate validation.

Browse Source
This commit is contained in:
Hans Gaiser 2025-05-13 17:36:50 +02:00
parent 950f3cdcc0
commit f63e76e653
4 changed files with 26 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
backend/open_webui/config.py
View File

@ -2839,6 +2839,12 @@ LDAP_CA_CERT_FILE = PersistentConfig(
os.environ.get("LDAP_CA_CERT_FILE", ""), os.environ.get("LDAP_CA_CERT_FILE", ""),
) )
LDAP_VALIDATE_CERT = PersistentConfig(
"LDAP_VALIDATE_CERT",
"ldap.server.validate_cert",
os.environ.get("LDAP_USE_TLS", "True").lower() == "true",
)
LDAP_CIPHERS = PersistentConfig( LDAP_CIPHERS = PersistentConfig(
"LDAP_CIPHERS", "ldap.server.ciphers", os.environ.get("LDAP_CIPHERS", "ALL") "LDAP_CIPHERS", "ldap.server.ciphers", os.environ.get("LDAP_CIPHERS", "ALL")
) )

2
backend/open_webui/main.py
View File

@ -317,6 +317,7 @@ from open_webui.config import (
LDAP_APP_PASSWORD, LDAP_APP_PASSWORD,
LDAP_USE_TLS, LDAP_USE_TLS,
LDAP_CA_CERT_FILE, LDAP_CA_CERT_FILE,
LDAP_VALIDATE_CERT,
LDAP_CIPHERS, LDAP_CIPHERS,
# Misc # Misc
ENV, ENV,
@ -609,6 +610,7 @@ app.state.config.LDAP_SEARCH_BASE = LDAP_SEARCH_BASE
app.state.config.LDAP_SEARCH_FILTERS = LDAP_SEARCH_FILTERS app.state.config.LDAP_SEARCH_FILTERS = LDAP_SEARCH_FILTERS
app.state.config.LDAP_USE_TLS = LDAP_USE_TLS app.state.config.LDAP_USE_TLS = LDAP_USE_TLS
app.state.config.LDAP_CA_CERT_FILE = LDAP_CA_CERT_FILE app.state.config.LDAP_CA_CERT_FILE = LDAP_CA_CERT_FILE
app.state.config.LDAP_VALIDATE_CERT = LDAP_VALIDATE_CERT
app.state.config.LDAP_CIPHERS = LDAP_CIPHERS app.state.config.LDAP_CIPHERS = LDAP_CIPHERS

13
backend/open_webui/routers/auths.py
View File

@ -51,7 +51,7 @@ from open_webui.utils.access_control import get_permissions
from typing import Optional, List from typing import Optional, List
from ssl import CERT_REQUIRED, PROTOCOL_TLS from ssl import CERT_NONE, CERT_REQUIRED, PROTOCOL_TLS
if ENABLE_LDAP.value: if ENABLE_LDAP.value:
from ldap3 import Server, Connection, NONE, Tls from ldap3 import Server, Connection, NONE, Tls
@ -186,6 +186,11 @@ async def ldap_auth(request: Request, response: Response, form_data: LdapForm):
LDAP_APP_PASSWORD = request.app.state.config.LDAP_APP_PASSWORD LDAP_APP_PASSWORD = request.app.state.config.LDAP_APP_PASSWORD
LDAP_USE_TLS = request.app.state.config.LDAP_USE_TLS LDAP_USE_TLS = request.app.state.config.LDAP_USE_TLS
LDAP_CA_CERT_FILE = request.app.state.config.LDAP_CA_CERT_FILE LDAP_CA_CERT_FILE = request.app.state.config.LDAP_CA_CERT_FILE
LDAP_VALIDATE_CERT = (
CERT_REQUIRED
if request.app.state.config.LDAP_VALIDATE_CERT
else CERT_NONE
)
LDAP_CIPHERS = ( LDAP_CIPHERS = (
request.app.state.config.LDAP_CIPHERS request.app.state.config.LDAP_CIPHERS
if request.app.state.config.LDAP_CIPHERS if request.app.state.config.LDAP_CIPHERS
@ -197,7 +202,7 @@ async def ldap_auth(request: Request, response: Response, form_data: LdapForm):
try: try:
tls = Tls( tls = Tls(
validate=CERT_REQUIRED, validate=LDAP_VALIDATE_CERT,
version=PROTOCOL_TLS, version=PROTOCOL_TLS,
ca_certs_file=LDAP_CA_CERT_FILE, ca_certs_file=LDAP_CA_CERT_FILE,
ciphers=LDAP_CIPHERS, ciphers=LDAP_CIPHERS,
@ -779,6 +784,7 @@ class LdapServerConfig(BaseModel):
search_filters: str = "" search_filters: str = ""
use_tls: bool = True use_tls: bool = True
certificate_path: Optional[str] = None certificate_path: Optional[str] = None
validate_cert: bool = True
ciphers: Optional[str] = "ALL" ciphers: Optional[str] = "ALL"
@ -796,6 +802,7 @@ async def get_ldap_server(request: Request, user=Depends(get_admin_user)):
"search_filters": request.app.state.config.LDAP_SEARCH_FILTERS, "search_filters": request.app.state.config.LDAP_SEARCH_FILTERS,
"use_tls": request.app.state.config.LDAP_USE_TLS, "use_tls": request.app.state.config.LDAP_USE_TLS,
"certificate_path": request.app.state.config.LDAP_CA_CERT_FILE, "certificate_path": request.app.state.config.LDAP_CA_CERT_FILE,
"validate_cert": request.app.state.config.LDAP_VALIDATE_CERT,
"ciphers": request.app.state.config.LDAP_CIPHERS, "ciphers": request.app.state.config.LDAP_CIPHERS,
} }
@ -831,6 +838,7 @@ async def update_ldap_server(
request.app.state.config.LDAP_SEARCH_FILTERS = form_data.search_filters request.app.state.config.LDAP_SEARCH_FILTERS = form_data.search_filters
request.app.state.config.LDAP_USE_TLS = form_data.use_tls request.app.state.config.LDAP_USE_TLS = form_data.use_tls
request.app.state.config.LDAP_CA_CERT_FILE = form_data.certificate_path request.app.state.config.LDAP_CA_CERT_FILE = form_data.certificate_path
request.app.state.config.LDAP_VALIDATE_CERT = form_data.validate_cert
request.app.state.config.LDAP_CIPHERS = form_data.ciphers request.app.state.config.LDAP_CIPHERS = form_data.ciphers
return { return {
@ -845,6 +853,7 @@ async def update_ldap_server(
"search_filters": request.app.state.config.LDAP_SEARCH_FILTERS, "search_filters": request.app.state.config.LDAP_SEARCH_FILTERS,
"use_tls": request.app.state.config.LDAP_USE_TLS, "use_tls": request.app.state.config.LDAP_USE_TLS,
"certificate_path": request.app.state.config.LDAP_CA_CERT_FILE, "certificate_path": request.app.state.config.LDAP_CA_CERT_FILE,
"validate_cert": request.app.state.config.LDAP_VALIDATE_CERT,
"ciphers": request.app.state.config.LDAP_CIPHERS, "ciphers": request.app.state.config.LDAP_CIPHERS,
} }

7
src/lib/components/admin/Settings/General.svelte
View File

@ -559,6 +559,13 @@
/> />
</div> </div>
</div> </div>
<div class="flex justify-between items-center text-xs">
<div class=" font-medium">Validate certificate</div>
<div class="mt-1">
<Switch bind:state={LDAP_SERVER.validate_cert} />
</div>
</div>
<div class="flex w-full gap-2"> <div class="flex w-full gap-2">
<div class="w-full"> <div class="w-full">
<div class=" self-center text-xs font-medium min-w-fit mb-1"> <div class=" self-center text-xs font-medium min-w-fit mb-1">