fix: fix russian comments, tls cert verify default true

go.mod

@@ -104,7 +104,7 @@ require (
 	lukechampine.com/blake3 v1.4.1 // indirect
 )
 
-// Локальные подмены модулей
+// Local module replacements
 replace github.com/mhsanaei/3x-ui/v2/util/ldap => ./util/ldap
 replace github.com/mhsanaei/3x-ui/v2/web/service => ./web/service
 replace github.com/mhsanaei/3x-ui/v2/web/job => ./web/job

util/ldap/ldap.go

@@ -27,7 +27,7 @@ func FetchVlessFlags(cfg Config) (map[string]bool, error) {
     var conn *ldap.Conn
     var err error
     if cfg.UseTLS {
-        conn, err = ldap.DialTLS("tcp", addr, &tls.Config{InsecureSkipVerify: true})
+        conn, err = ldap.DialTLS("tcp", addr, &tls.Config{InsecureSkipVerify: false})
     } else {
         conn, err = ldap.Dial("tcp", addr)
     }
@@ -94,7 +94,7 @@ func AuthenticateUser(cfg Config, username, password string) (bool, error) {
     var conn *ldap.Conn
     var err error
     if cfg.UseTLS {
-        conn, err = ldap.DialTLS("tcp", addr, &tls.Config{InsecureSkipVerify: true})
+        conn, err = ldap.DialTLS("tcp", addr, &tls.Config{InsecureSkipVerify: false})
     } else {
         conn, err = ldap.Dial("tcp", addr)
     }

web/job/ldap_sync_job.go

@@ -13,13 +13,15 @@ import (
     "strconv"
 )
 
+var DefaultTruthyValues = []string{"true", "1", "yes", "on"}
+
 type LdapSyncJob struct {
     settingService service.SettingService
     inboundService service.InboundService
     xrayService    service.XrayService
 }
 
-// --- Вспомогательные функции для mustGet ---
+// --- Helper functions for mustGet ---
 func mustGetString(fn func() (string, error)) string {
     v, err := fn()
     if err != nil {
@@ -172,7 +174,7 @@ func (j *LdapSyncJob) Run() {
 
 func splitCsv(s string) []string {
     if s == "" {
-        return []string{"true", "1", "yes", "on"}
+        return DefaultTruthyValues
     }
     parts := strings.Split(s, ",")
     out := make([]string, 0, len(parts))
@@ -186,7 +188,7 @@ func splitCsv(s string) []string {
 }
 
 
-// buildClient собирает нового клиента для auto-create
+// buildClient creates a new client for auto-create
 func (j *LdapSyncJob) buildClient(ib *model.Inbound, email string, defGB, defExpiryDays, defLimitIP int) model.Client {
     c := model.Client{
         Email:   email,
@@ -206,7 +208,7 @@ func (j *LdapSyncJob) buildClient(ib *model.Inbound, email string, defGB, defExp
     return c
 }
 
-// batchSetEnable массово включает/выключает клиентов через один вызов
+// batchSetEnable enables/disables clients in batch through a single call
 func (j *LdapSyncJob) batchSetEnable(ib *model.Inbound, emails []string, enable bool) {
     if len(emails) == 0 {
         return
@@ -226,7 +228,7 @@ func (j *LdapSyncJob) batchSetEnable(ib *model.Inbound, emails []string, enable
         Settings: j.clientsToJSON(clients),
     }
 
-    // Используем один вызов AddInboundClient для обновления enable
+    // Use a single AddInboundClient call to update enable
     if _, err := j.inboundService.AddInboundClient(payload); err != nil {
         logger.Warningf("Batch set enable failed for inbound %s: %v", ib.Tag, err)
         return
@@ -236,7 +238,7 @@ func (j *LdapSyncJob) batchSetEnable(ib *model.Inbound, emails []string, enable
     j.xrayService.SetToNeedRestart()
 }
 
-// deleteClientsNotInLDAP массовое удаление клиентов, которых нет в LDAP
+// deleteClientsNotInLDAP performs batch deletion of clients not in LDAP
 func (j *LdapSyncJob) deleteClientsNotInLDAP(inboundTag string, ldapEmails map[string]struct{}) {
     inbounds, err := j.inboundService.GetAllInbounds()
     if err != nil {
@@ -257,7 +259,7 @@ func (j *LdapSyncJob) deleteClientsNotInLDAP(inboundTag string, ldapEmails map[s
         toDelete := []model.Client{}
         for _, c := range clients {
             if _, ok := ldapEmails[c.Email]; !ok {
-                // В зависимости от протокола используем нужное поле
+                // Use appropriate field depending on protocol
                 client := model.Client{Email: c.Email, ID: c.ID, Password: c.Password}
                 toDelete = append(toDelete, client)
             }
@@ -354,41 +356,6 @@ func (j *LdapSyncJob) ensureClientExists(inboundTag string, email string, defGB
     }
 }
 
-// deleteClientsNotInLDAP removes clients from inbound tag that are not in ldapEmails
-// func (j *LdapSyncJob) deleteClientsNotInLDAP(inboundTag string, ldapEmails map[string]struct{}) {
-//     inbounds, err := j.inboundService.GetAllInbounds()
-//     if err != nil {
-//         return
-//     }
-//     for _, ib := range inbounds {
-//         if ib.Tag != inboundTag {
-//             continue
-//         }
-//         clients, err := j.inboundService.GetClients(ib)
-//         if err != nil {
-//             continue
-//         }
-//         for _, c := range clients {
-//             if _, ok := ldapEmails[c.Email]; !ok {
-//                 // determine clientId per protocol
-//                 clientId := c.ID
-//                 if ib.Protocol == model.Trojan {
-//                     clientId = c.Password
-//                 } else if ib.Protocol == model.Shadowsocks {
-//                     clientId = c.Email
-//                 }
-//                 needRestart, err := j.inboundService.DelInboundClient(ib.Id, clientId)
-//                 if err == nil {
-//                     if needRestart {
-//                         j.xrayService.SetToNeedRestart()
-//                     }
-//                     logger.Infof("LDAP auto-delete: %s from %s", c.Email, inboundTag)
-//                 }
-//             }
-//         }
-//     }
-// }
-
 // clientToJSON serializes minimal client fields to JSON object string without extra deps
 func (j *LdapSyncJob) clientToJSON(c model.Client) string {
     // construct minimal JSON manually to avoid importing json for simple case