[ldaps] loading of tlsOptions in ldap/config.ts

ba15d2f0 · Olivér FACKLAM · ebd5c4b8 · ba15d2f0 · ba15d2f0 · ba15d2f0
Commit ba15d2f0 authored 5 years ago by Olivér FACKLAM
--- a/src/config_passport.js
+++ b/src/config_passport.js
@@ -45,7 +45,7 @@ passport.use(new LdapStrategy({
        searchBase: ldapConfig.dn.user, // this field cannot be left empty.
        searchFilter: '(uid={{username}})', // this field cannot be left empty.
        searchAttributes: ['uid', 'urlPhoto'], // only fetch the uid, no need for any other field
-        //tlsOptions: '..........',
+        tlsOptions: ldapConfig.tlsOptions,
        //https://www.npmjs.com/package/passport-ldapauth for more
    },
    //usernameField: 'username', // Field name where the username is found, defaults to username

--- a/src/ldap/internal/basics.ts
+++ b/src/ldap/internal/basics.ts
@@ -14,7 +14,7 @@ import ldapEscape from 'ldap-escape';
 import {ldapConfig, credentialsLdapConfig} from './config';

 // Connection au serveur LDAP avec des temps de timeout arbitraires
-var client = ldap.createClient({ url: ldapConfig.server});
+var client = ldap.createClient({ url: ldapConfig.server, tlsOptions: ldapConfig.tlsOptions });

 // Interface pratique pour que Typescript comprenne ce qu'est un dictionnaire simple
 interface dic {

--- a/src/ldap/internal/config.ts
+++ b/src/ldap/internal/config.ts
@@ -31,6 +31,15 @@ else {
    else                                        ldapConfig.server = ldapConfig.server_dev;
 }

+//Get certification authorities
+let ca = []
+if(process.env.CA !== undefined) {
+    for(let file of process.env.CA.split(' ')) {
+        ca.push(fs.readFileSync(file));
+    }
+}
+ldapConfig.tlsOptions = { ca: ca };
+
 // Gestion des super-identifiants
 let path_credentials = path.resolve(__dirname, '..', '..', '..', 'ldap_credentials.json');
 console.log(colors.green("Loading LDAP credentials from "+path_credentials));