From 71a09cb4707e88f01debf7b5a2997b923ad9e953 Mon Sep 17 00:00:00 2001 From: Samuel MARTIN MORO Date: Sun, 10 Jan 2021 17:12:47 +0100 Subject: [PATCH] feat(custom-ca): allows to define a custom CA connecting to LDAPs Insecure TLS does work, though I'ld rather have PeerTube trust my custom CA. --- peertube-plugin-auth-ldap/main.js | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/peertube-plugin-auth-ldap/main.js b/peertube-plugin-auth-ldap/main.js index eee6f11..9b9f115 100644 --- a/peertube-plugin-auth-ldap/main.js +++ b/peertube-plugin-auth-ldap/main.js @@ -1,4 +1,5 @@ const LdapAuth = require('ldapauth-fork') +const fs = require('fs'); const store = { weight: 100 @@ -33,6 +34,14 @@ async function register ({ default: false }) + registerSetting({ + name: 'custom-ca', + label: 'Path to LDAP Server Certificate Chain of Trust', + type: 'input', + private: true, + default: '' + }) + registerSetting({ name: 'bind-dn', label: 'Bind DN', @@ -151,6 +160,7 @@ async function login (peertubeHelpers, settingsManager, options) { 'insecure-tls', 'bind-dn', 'bind-credentials', + 'custom-ca', 'search-base', 'search-filter', 'mail-property', @@ -167,7 +177,7 @@ async function login (peertubeHelpers, settingsManager, options) { return null } - const ldapClient = new LdapAuth({ + let clientOpts = { url: settings['url'], bindDN: settings['bind-dn'], bindCredentials: settings['bind-credentials'], @@ -179,7 +189,17 @@ async function login (peertubeHelpers, settingsManager, options) { tlsOptions: { rejectUnauthorized: settings['insecure-tls'] !== true } - }) + }; + if (settings['custom-ca'] && settings['insecure-tls'] !== true) { + try { + let cadata = fs.readFileSync(settings['custom-ca']); + clientOpts.tlsOptions['ca'] = [ cadata ]; + } catch (nvm) { + logger.warn('Could not load custom CA in LDAP plugin', { nvm }); + } + } + + const ldapClient = new LdapAuth(clientOpts); return new Promise(res => { function onError (err) {