diff options
| -rw-r--r-- | README.md | 12 | ||||
| -rw-r--r-- | lib/config.js | 20 |
2 files changed, 20 insertions, 12 deletions
@@ -130,15 +130,15 @@ Environment variables (will overwrite other server configs) | HMD_DROPBOX_CLIENTSECRET | no example | Dropbox API client secret | | HMD_GOOGLE_CLIENTID | no example | Google API client id | | HMD_GOOGLE_CLIENTSECRET | no example | Google API client secret | -| HMD_LDAP_URL | ldap://example.com | url of LDAP server | +| HMD_LDAP_URL | `ldap://example.com` | url of LDAP server | | HMD_LDAP_BINDDN | no example | bindDn for LDAP access | | HMD_LDAP_BINDCREDENTIALS | no example | bindCredentials for LDAP access | -| HMD_LDAP_TOKENSECRET | supersecretkey | secret used for generating access/refresh tokens | -| HMD_LDAP_SEARCHBASE | o=users,dc=example,dc=com | LDAP directory to begin search from | -| HMD_LDAP_SEARCHFILTER | (uid={{username}}) | LDAP filter to search with | +| HMD_LDAP_TOKENSECRET | `supersecretkey` | secret used for generating access/refresh tokens | +| HMD_LDAP_SEARCHBASE | `o=users,dc=example,dc=com` | LDAP directory to begin search from | +| HMD_LDAP_SEARCHFILTER | `(uid={{username}})` | LDAP filter to search with | | HMD_LDAP_SEARCHATTRIBUTES | no example | LDAP attributes to search with | -| HMD_LDAP_TLS_CA | no example | Root CA for LDAP TLS in PEM format | -| HMD_LDAP_PROVIDERNAME | My institution | Optional name to be displayed at login form indicating the LDAP provider | +| HMD_LDAP_TLS_CA | `server-cert.pem, root.pem` | Root CA for LDAP TLS in PEM format (use comma to separate) | +| HMD_LDAP_PROVIDERNAME | `My institution` | Optional name to be displayed at login form indicating the LDAP provider | | HMD_IMGUR_CLIENTID | no example | Imgur API client id | | HMD_EMAIL | `true` or `false` | set to allow email signin | | HMD_ALLOW_EMAIL_REGISTER | `true` or `false` | set to allow email register (only applied when email is set, default is `true`) | diff --git a/lib/config.js b/lib/config.js index 3816017e..c0373820 100644 --- a/lib/config.js +++ b/lib/config.js @@ -1,4 +1,5 @@ // external modules +var fs = require('fs'); var path = require('path'); // configs @@ -95,7 +96,7 @@ var google = (process.env.HMD_GOOGLE_CLIENTID && process.env.HMD_GOOGLE_CLIENTSE clientID: process.env.HMD_GOOGLE_CLIENTID, clientSecret: process.env.HMD_GOOGLE_CLIENTSECRET } : (config.google && config.google.clientID && config.google.clientSecret && config.google) || false; -var ldap = config.ldap || ( +var ldap = config.ldap || (( process.env.HMD_LDAP_URL || process.env.HMD_LDAP_BINDDN || process.env.HMD_LDAP_BINDCREDENTIALS || @@ -103,10 +104,9 @@ var ldap = config.ldap || ( process.env.HMD_LDAP_SEARCHBASE || process.env.HMD_LDAP_SEARCHFILTER || process.env.HMD_LDAP_SEARCHATTRIBUTES || + process.env.HMD_LDAP_TLS_CA || process.env.HMD_LDAP_PROVIDERNAME -) || false; -if (ldap == true) - ldap = {}; +) ? {} : false); if (process.env.HMD_LDAP_URL) ldap.url = process.env.HMD_LDAP_URL; if (process.env.HMD_LDAP_BINDDN) @@ -123,9 +123,17 @@ if (process.env.HMD_LDAP_SEARCHATTRIBUTES) ldap.searchAttributes = process.env.HMD_LDAP_SEARCHATTRIBUTES; if (process.env.HMD_LDAP_TLS_CA) { var ca = { - ca: process.env.HMD_LDAP_TLS_CA + ca: process.env.HMD_LDAP_TLS_CA.split(',') + } + ldap.tlsOptions = ldap.tlsOptions ? Object.assign(ldap.tlsOptions, ca) : ca; + if (Array.isArray(ldap.tlsOptions.ca) && ldap.tlsOptions.ca.length > 0) { + var i, len, results; + results = []; + for (i = 0, len = ldap.tlsOptions.ca.length; i < len; i++) { + results.push(fs.readFileSync(ldap.tlsOptions.ca[i], 'utf8')); + } + ldap.tlsOptions.ca = results; } - ldap.tlsOptions = ldap.tlsOptions ? Object.assign(ldap.tlsOptions, ca) : ca } if (process.env.HMD_LDAP_PROVIDERNAME) { ldap.providerName = process.env.HMD_LDAP_PROVIDERNAME; |