fix: LDAP - avoid reading empty tls cert file (#2980)

Co-authored-by: Kevyn Bruyere <kevyn@inovasi.fr>
This commit is contained in:
Kevyn Bruyere 2021-01-31 07:03:24 +01:00 committed by GitHub
parent cfbd3dca00
commit b106018029
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -18,12 +18,7 @@ module.exports = {
bindCredentials: conf.bindCredentials, bindCredentials: conf.bindCredentials,
searchBase: conf.searchBase, searchBase: conf.searchBase,
searchFilter: conf.searchFilter, searchFilter: conf.searchFilter,
tlsOptions: (conf.tlsEnabled) ? { tlsOptions: getTlsOptions(conf),
rejectUnauthorized: conf.verifyTLSCertificate,
ca: [
fs.readFileSync(conf.tlsCertPath)
]
} : {},
includeRaw: true includeRaw: true
}, },
usernameField: 'email', usernameField: 'email',
@ -56,3 +51,25 @@ module.exports = {
)) ))
} }
} }
function getTlsOptions(conf) {
if (!conf.tlsEnabled) {
return {}
}
if (!conf.tlsCertPath) {
return {
rejectUnauthorized: conf.verifyTLSCertificate,
}
}
const caList = []
if (conf.verifyTLSCertificate) {
caList.push(fs.readFileSync(conf.tlsCertPath))
}
return {
rejectUnauthorized: conf.verifyTLSCertificate,
ca: caList
}
}