fix: LDAP - avoid reading empty tls cert file (#2980)
Co-authored-by: Kevyn Bruyere <kevyn@inovasi.fr>
This commit is contained in:
parent
cfbd3dca00
commit
b106018029
@ -18,12 +18,7 @@ module.exports = {
|
|||||||
bindCredentials: conf.bindCredentials,
|
bindCredentials: conf.bindCredentials,
|
||||||
searchBase: conf.searchBase,
|
searchBase: conf.searchBase,
|
||||||
searchFilter: conf.searchFilter,
|
searchFilter: conf.searchFilter,
|
||||||
tlsOptions: (conf.tlsEnabled) ? {
|
tlsOptions: getTlsOptions(conf),
|
||||||
rejectUnauthorized: conf.verifyTLSCertificate,
|
|
||||||
ca: [
|
|
||||||
fs.readFileSync(conf.tlsCertPath)
|
|
||||||
]
|
|
||||||
} : {},
|
|
||||||
includeRaw: true
|
includeRaw: true
|
||||||
},
|
},
|
||||||
usernameField: 'email',
|
usernameField: 'email',
|
||||||
@ -56,3 +51,25 @@ module.exports = {
|
|||||||
))
|
))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function getTlsOptions(conf) {
|
||||||
|
if (!conf.tlsEnabled) {
|
||||||
|
return {}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!conf.tlsCertPath) {
|
||||||
|
return {
|
||||||
|
rejectUnauthorized: conf.verifyTLSCertificate,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
const caList = []
|
||||||
|
if (conf.verifyTLSCertificate) {
|
||||||
|
caList.push(fs.readFileSync(conf.tlsCertPath))
|
||||||
|
}
|
||||||
|
|
||||||
|
return {
|
||||||
|
rejectUnauthorized: conf.verifyTLSCertificate,
|
||||||
|
ca: caList
|
||||||
|
}
|
||||||
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user