matty/peertube-theme-nctv-dark
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' into 'master'

Browse Source 
feat(custom-ca): allows to define a custom CA connecting to LDAPs

See merge request framasoft/peertube/official-plugins!8
This commit is contained in:
Chocobozzz 2021-01-11 16:24:13 +01:00
commit 6fdd927ba2
1 changed files with 22 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
peertube-plugin-auth-ldap/main.js
View File

@ -1,4 +1,5 @@
const LdapAuth = require('ldapauth-fork') const LdapAuth = require('ldapauth-fork')
const fs = require('fs');
const store = { const store = {
weight: 100 weight: 100
@ -33,6 +34,14 @@ async function register ({
default: false default: false
}) })
registerSetting({
name: 'custom-ca',
label: 'Path to LDAP Server Certificate Chain of Trust',
type: 'input',
private: true,
default: ''
})
registerSetting({ registerSetting({
name: 'bind-dn', name: 'bind-dn',
label: 'Bind DN', label: 'Bind DN',
@ -151,6 +160,7 @@ async function login (peertubeHelpers, settingsManager, options) {
'insecure-tls', 'insecure-tls',
'bind-dn', 'bind-dn',
'bind-credentials', 'bind-credentials',
'custom-ca',
'search-base', 'search-base',
'search-filter', 'search-filter',
'mail-property', 'mail-property',
@ -167,7 +177,7 @@ async function login (peertubeHelpers, settingsManager, options) {
return null return null
} }
const ldapClient = new LdapAuth({ let clientOpts = {
url: settings['url'], url: settings['url'],
bindDN: settings['bind-dn'], bindDN: settings['bind-dn'],
bindCredentials: settings['bind-credentials'], bindCredentials: settings['bind-credentials'],
@ -179,7 +189,17 @@ async function login (peertubeHelpers, settingsManager, options) {
tlsOptions: { tlsOptions: {
rejectUnauthorized: settings['insecure-tls'] !== true rejectUnauthorized: settings['insecure-tls'] !== true
} }
}) };
if (settings['custom-ca'] && settings['insecure-tls'] !== true) {
try {
let cadata = fs.readFileSync(settings['custom-ca']);
clientOpts.tlsOptions['ca'] = [ cadata ];
} catch (nvm) {
logger.warn('Could not load custom CA in LDAP plugin', { nvm });
}
}
const ldapClient = new LdapAuth(clientOpts);
return new Promise(res => { return new Promise(res => {
function onError (err) { function onError (err) {