msb-public
/
wiki
mirror of https://github.com/requarks/wiki
1
0
Code Issues Projects Releases Wiki Activity

fix: LDAP - avoid reading empty tls cert file (#2980)

Browse Source 
Co-authored-by: Kevyn Bruyere <kevyn@inovasi.fr>
pull/3003/head
Kevyn Bruyere 5 years ago committed by GitHub
parent cfbd3dca00
commit b106018029
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 23 additions and 6 deletions
Show Stats Download Patch File Download Diff File

29
server/modules/authentication/ldap/authentication.js
Unescape View File

@ -18,12 +18,7 @@ module.exports = {
bindCredentials: conf.bindCredentials, bindCredentials: conf.bindCredentials,
searchBase: conf.searchBase, searchBase: conf.searchBase,
searchFilter: conf.searchFilter, searchFilter: conf.searchFilter,
tlsOptions: (conf.tlsEnabled) ? { tlsOptions: getTlsOptions(conf),
rejectUnauthorized: conf.verifyTLSCertificate,
ca: [
fs.readFileSync(conf.tlsCertPath)
]
} : {},
includeRaw: true includeRaw: true
}, },
usernameField: 'email', usernameField: 'email',
@ -56,3 +51,25 @@ module.exports = {
)) ))
} }
} }
function getTlsOptions(conf) {
if (!conf.tlsEnabled) {
return {}
}
if (!conf.tlsCertPath) {
return {
rejectUnauthorized: conf.verifyTLSCertificate,
}
}
const caList = []
if (conf.verifyTLSCertificate) {
caList.push(fs.readFileSync(conf.tlsCertPath))
}
return {
rejectUnauthorized: conf.verifyTLSCertificate,
ca: caList
}
}

Write Preview
Loading…
Cancel
Save