summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorWu Cheng-Han2017-02-07 21:17:05 +0800
committerWu Cheng-Han2017-02-07 21:17:05 +0800
commitbbbf64aae465ed46505f4945080fa2d72e8d0b2b (patch)
tree0a10a447bad7e191c0ccf9c76d58cb268eb2e3a1
parentd6822dd410f0356322c2cdb402a95ccbbdeeb208 (diff)
Fix HMD_LDAP_TLS_CA not passing correctly and update README.md
Diffstat (limited to '')
-rw-r--r--README.md12
-rw-r--r--lib/config.js13
2 files changed, 17 insertions, 8 deletions
diff --git a/README.md b/README.md
index 3025f84e..198f2fb6 100644
--- a/README.md
+++ b/README.md
@@ -130,15 +130,15 @@ Environment variables (will overwrite other server configs)
| HMD_DROPBOX_CLIENTSECRET | no example | Dropbox API client secret |
| HMD_GOOGLE_CLIENTID | no example | Google API client id |
| HMD_GOOGLE_CLIENTSECRET | no example | Google API client secret |
-| HMD_LDAP_URL | ldap://example.com | url of LDAP server |
+| HMD_LDAP_URL | `ldap://example.com` | url of LDAP server |
| HMD_LDAP_BINDDN | no example | bindDn for LDAP access |
| HMD_LDAP_BINDCREDENTIALS | no example | bindCredentials for LDAP access |
-| HMD_LDAP_TOKENSECRET | supersecretkey | secret used for generating access/refresh tokens |
-| HMD_LDAP_SEARCHBASE | o=users,dc=example,dc=com | LDAP directory to begin search from |
-| HMD_LDAP_SEARCHFILTER | (uid={{username}}) | LDAP filter to search with |
+| HMD_LDAP_TOKENSECRET | `supersecretkey` | secret used for generating access/refresh tokens |
+| HMD_LDAP_SEARCHBASE | `o=users,dc=example,dc=com` | LDAP directory to begin search from |
+| HMD_LDAP_SEARCHFILTER | `(uid={{username}})` | LDAP filter to search with |
| HMD_LDAP_SEARCHATTRIBUTES | no example | LDAP attributes to search with |
-| HMD_LDAP_TLS_CA | no example | Root CA for LDAP TLS in PEM format |
-| HMD_LDAP_PROVIDERNAME | My institution | Optional name to be displayed at login form indicating the LDAP provider |
+| HMD_LDAP_TLS_CA | `server-cert.pem, root.pem` | Root CA for LDAP TLS in PEM format (use comma to separate) |
+| HMD_LDAP_PROVIDERNAME | `My institution` | Optional name to be displayed at login form indicating the LDAP provider |
| HMD_IMGUR_CLIENTID | no example | Imgur API client id |
| HMD_EMAIL | `true` or `false` | set to allow email signin |
| HMD_ALLOW_EMAIL_REGISTER | `true` or `false` | set to allow email register (only applied when email is set, default is `true`) |
diff --git a/lib/config.js b/lib/config.js
index 3816017e..e765d730 100644
--- a/lib/config.js
+++ b/lib/config.js
@@ -1,4 +1,5 @@
// external modules
+var fs = require('fs');
var path = require('path');
// configs
@@ -123,9 +124,17 @@ if (process.env.HMD_LDAP_SEARCHATTRIBUTES)
ldap.searchAttributes = process.env.HMD_LDAP_SEARCHATTRIBUTES;
if (process.env.HMD_LDAP_TLS_CA) {
var ca = {
- ca: process.env.HMD_LDAP_TLS_CA
+ ca: process.env.HMD_LDAP_TLS_CA.split(',')
+ }
+ ldap.tlsOptions = ldap.tlsOptions ? Object.assign(ldap.tlsOptions, ca) : ca;
+ if (Array.isArray(ldap.tlsOptions.ca) && ldap.tlsOptions.ca.length > 0) {
+ var i, len, results;
+ results = [];
+ for (i = 0, len = ldap.tlsOptions.ca.length; i < len; i++) {
+ results.push(fs.readFileSync(ldap.tlsOptions.ca[i], 'utf8'));
+ }
+ ldap.tlsOptions.ca = results;
}
- ldap.tlsOptions = ldap.tlsOptions ? Object.assign(ldap.tlsOptions, ca) : ca
}
if (process.env.HMD_LDAP_PROVIDERNAME) {
ldap.providerName = process.env.HMD_LDAP_PROVIDERNAME;