Browse Source
fix: LDAP - avoid reading empty tls cert file (#2980)
Co-authored-by: Kevyn Bruyere <kevyn@inovasi.fr>
pull/3003/head
Kevyn Bruyere
4 years ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with
23 additions and
6 deletions
-
server/modules/authentication/ldap/authentication.js
|
|
@ -18,12 +18,7 @@ module.exports = { |
|
|
bindCredentials: conf.bindCredentials, |
|
|
bindCredentials: conf.bindCredentials, |
|
|
searchBase: conf.searchBase, |
|
|
searchBase: conf.searchBase, |
|
|
searchFilter: conf.searchFilter, |
|
|
searchFilter: conf.searchFilter, |
|
|
tlsOptions: (conf.tlsEnabled) ? { |
|
|
|
|
|
rejectUnauthorized: conf.verifyTLSCertificate, |
|
|
|
|
|
ca: [ |
|
|
|
|
|
fs.readFileSync(conf.tlsCertPath) |
|
|
|
|
|
] |
|
|
|
|
|
} : {}, |
|
|
|
|
|
|
|
|
tlsOptions: getTlsOptions(conf), |
|
|
includeRaw: true |
|
|
includeRaw: true |
|
|
}, |
|
|
}, |
|
|
usernameField: 'email', |
|
|
usernameField: 'email', |
|
|
@ -56,3 +51,25 @@ module.exports = { |
|
|
)) |
|
|
)) |
|
|
} |
|
|
} |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
function getTlsOptions(conf) { |
|
|
|
|
|
if (!conf.tlsEnabled) { |
|
|
|
|
|
return {} |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
if (!conf.tlsCertPath) { |
|
|
|
|
|
return { |
|
|
|
|
|
rejectUnauthorized: conf.verifyTLSCertificate, |
|
|
|
|
|
} |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
const caList = [] |
|
|
|
|
|
if (conf.verifyTLSCertificate) { |
|
|
|
|
|
caList.push(fs.readFileSync(conf.tlsCertPath)) |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
return { |
|
|
|
|
|
rejectUnauthorized: conf.verifyTLSCertificate, |
|
|
|
|
|
ca: caList |
|
|
|
|
|
} |
|
|
|
|
|
} |
