fix: LDAP - avoid reading empty tls cert file (#2980)
Co-authored-by: Kevyn Bruyere <kevyn@inovasi.fr>
This commit is contained in:
parent
cfbd3dca00
commit
b106018029
@ -18,12 +18,7 @@ module.exports = {
|
||||
bindCredentials: conf.bindCredentials,
|
||||
searchBase: conf.searchBase,
|
||||
searchFilter: conf.searchFilter,
|
||||
tlsOptions: (conf.tlsEnabled) ? {
|
||||
rejectUnauthorized: conf.verifyTLSCertificate,
|
||||
ca: [
|
||||
fs.readFileSync(conf.tlsCertPath)
|
||||
]
|
||||
} : {},
|
||||
tlsOptions: getTlsOptions(conf),
|
||||
includeRaw: true
|
||||
},
|
||||
usernameField: 'email',
|
||||
@ -56,3 +51,25 @@ module.exports = {
|
||||
))
|
||||
}
|
||||
}
|
||||
|
||||
function getTlsOptions(conf) {
|
||||
if (!conf.tlsEnabled) {
|
||||
return {}
|
||||
}
|
||||
|
||||
if (!conf.tlsCertPath) {
|
||||
return {
|
||||
rejectUnauthorized: conf.verifyTLSCertificate,
|
||||
}
|
||||
}
|
||||
|
||||
const caList = []
|
||||
if (conf.verifyTLSCertificate) {
|
||||
caList.push(fs.readFileSync(conf.tlsCertPath))
|
||||
}
|
||||
|
||||
return {
|
||||
rejectUnauthorized: conf.verifyTLSCertificate,
|
||||
ca: caList
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user