From ba15d2f09bf1c85a8e74e87a0117e70484ef57c2 Mon Sep 17 00:00:00 2001
From: Oliver Facklam <oliver.facklam@polytechnique.edu>
Date: Sat, 6 Apr 2019 11:35:46 +0200
Subject: [PATCH] [ldaps] loading of tlsOptions in ldap/config.ts

---
 src/config_passport.js      | 2 +-
 src/ldap/internal/basics.ts | 2 +-
 src/ldap/internal/config.ts | 9 +++++++++
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/src/config_passport.js b/src/config_passport.js
index 761ef5a..3113a03 100644
--- a/src/config_passport.js
+++ b/src/config_passport.js
@@ -45,7 +45,7 @@ passport.use(new LdapStrategy({
         searchBase: ldapConfig.dn.user, // this field cannot be left empty.
         searchFilter: '(uid={{username}})', // this field cannot be left empty.
         searchAttributes: ['uid', 'urlPhoto'], // only fetch the uid, no need for any other field
-        //tlsOptions: '..........',
+        tlsOptions: ldapConfig.tlsOptions,
         //https://www.npmjs.com/package/passport-ldapauth for more
     },
     //usernameField: 'username', // Field name where the username is found, defaults to username
diff --git a/src/ldap/internal/basics.ts b/src/ldap/internal/basics.ts
index 96824ac..5f7b8c0 100644
--- a/src/ldap/internal/basics.ts
+++ b/src/ldap/internal/basics.ts
@@ -14,7 +14,7 @@ import ldapEscape from 'ldap-escape';
 import {ldapConfig, credentialsLdapConfig} from './config';
 
 // Connection au serveur LDAP avec des temps de timeout arbitraires
-var client = ldap.createClient({ url: ldapConfig.server});
+var client = ldap.createClient({ url: ldapConfig.server, tlsOptions: ldapConfig.tlsOptions });
 
 // Interface pratique pour que Typescript comprenne ce qu'est un dictionnaire simple
 interface dic {
diff --git a/src/ldap/internal/config.ts b/src/ldap/internal/config.ts
index 3b00495..0d983cb 100644
--- a/src/ldap/internal/config.ts
+++ b/src/ldap/internal/config.ts
@@ -31,6 +31,15 @@ else {
     else                                        ldapConfig.server = ldapConfig.server_dev;
 }
 
+//Get certification authorities
+let ca = []
+if(process.env.CA !== undefined) {
+    for(let file of process.env.CA.split(' ')) {
+        ca.push(fs.readFileSync(file));
+    }
+}
+ldapConfig.tlsOptions = { ca: ca };
+
 // Gestion des super-identifiants
 let path_credentials = path.resolve(__dirname, '..', '..', '..', 'ldap_credentials.json');
 console.log(colors.green("Loading LDAP credentials from "+path_credentials));
-- 
GitLab