Browse Source

fix: LDAP - avoid reading empty tls cert file (#2980)

Co-authored-by: Kevyn Bruyere <kevyn@inovasi.fr>
pull/3003/head
Kevyn Bruyere 4 years ago
committed by GitHub
parent
commit
b106018029
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 23 additions and 6 deletions
  1. 29
      server/modules/authentication/ldap/authentication.js

29
server/modules/authentication/ldap/authentication.js

@ -18,12 +18,7 @@ module.exports = {
bindCredentials: conf.bindCredentials, bindCredentials: conf.bindCredentials,
searchBase: conf.searchBase, searchBase: conf.searchBase,
searchFilter: conf.searchFilter, searchFilter: conf.searchFilter,
tlsOptions: (conf.tlsEnabled) ? {
rejectUnauthorized: conf.verifyTLSCertificate,
ca: [
fs.readFileSync(conf.tlsCertPath)
]
} : {},
tlsOptions: getTlsOptions(conf),
includeRaw: true includeRaw: true
}, },
usernameField: 'email', usernameField: 'email',
@ -56,3 +51,25 @@ module.exports = {
)) ))
} }
} }
function getTlsOptions(conf) {
if (!conf.tlsEnabled) {
return {}
}
if (!conf.tlsCertPath) {
return {
rejectUnauthorized: conf.verifyTLSCertificate,
}
}
const caList = []
if (conf.verifyTLSCertificate) {
caList.push(fs.readFileSync(conf.tlsCertPath))
}
return {
rejectUnauthorized: conf.verifyTLSCertificate,
ca: caList
}
}
Loading…
Cancel
Save