Skip to content
Snippets Groups Projects
Commit b83f07ad authored by Rodrigo Nascimento's avatar Rodrigo Nascimento
Browse files

Close #1925; Add options to enable TLS on LDAP

parent dbdc7e47
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
packages/rocketchat-ldap/config_server.coffee
+ 21
6
View file @ b83f07ad
...@@ -2,13 +2,22 @@ MeteorWrapperLdapjs = Npm.require 'ldapjs' ...@@ -2,13 +2,22 @@ MeteorWrapperLdapjs = Npm.require 'ldapjs'
Meteor.startup -> Meteor.startup ->
RocketChat.settings.addGroup 'LDAP', -> RocketChat.settings.addGroup 'LDAP', ->
enableQuery = {_id: 'LDAP_Enable', value: true}
enableTLSQuery = [
{_id: 'LDAP_Enable', value: true}
{_id: 'LDAP_TLS', value: true}
]
@add 'LDAP_Enable', false, { type: 'boolean', public: true } @add 'LDAP_Enable', false, { type: 'boolean', public: true }
@add 'LDAP_Url', 'ldap://', { type: 'string' , enableQuery: {_id: 'LDAP_Enable', value: true} } @add 'LDAP_TLS', false, { type: 'boolean', enableQuery: enableQuery }
@add 'LDAP_Port', '389', { type: 'string' , enableQuery: {_id: 'LDAP_Enable', value: true} } @add 'LDAP_CA_Cert', '', { type: 'string', multiline: true, enableQuery: enableTLSQuery }
@add 'LDAP_DN', '', { type: 'string' , public: true, enableQuery: {_id: 'LDAP_Enable', value: true} } @add 'LDAP_Reject_Unauthorized', true, { type: 'boolean', enableQuery: enableTLSQuery }
@add 'LDAP_Bind_Search', '', { type: 'string' , enableQuery: {_id: 'LDAP_Enable', value: true} } @add 'LDAP_Url', 'ldap://', { type: 'string' , enableQuery: enableQuery }
@add 'LDAP_Sync_User_Data', false, { type: 'boolean' , enableQuery: {_id: 'LDAP_Enable', value: true} } @add 'LDAP_Port', '389', { type: 'string' , enableQuery: enableQuery }
@add 'LDAP_Sync_User_Data_FieldMap', '{"cn":"name", "mail":"email"}', { type: 'string', enableQuery: {_id: 'LDAP_Enable', value: true} } @add 'LDAP_DN', '', { type: 'string' , public: true, enableQuery: enableQuery }
@add 'LDAP_Bind_Search', '', { type: 'string' , enableQuery: enableQuery }
@add 'LDAP_Sync_User_Data', false, { type: 'boolean' , enableQuery: enableQuery }
@add 'LDAP_Sync_User_Data_FieldMap', '{"cn":"name", "mail":"email"}', { type: 'string', enableQuery: enableQuery }
timer = undefined timer = undefined
...@@ -20,11 +29,17 @@ updateServices = -> ...@@ -20,11 +29,17 @@ updateServices = ->
if enable? if enable?
console.log "Enabling LDAP".blue console.log "Enabling LDAP".blue
LDAP_DEFAULTS.TLS = RocketChat.settings.get 'LDAP_TLS'
LDAP_DEFAULTS.CACert = RocketChat.settings.get 'LDAP_CA_Cert'
LDAP_DEFAULTS.rejectUnauthorized = RocketChat.settings.get 'LDAP_Reject_Unauthorized'
LDAP_DEFAULTS.url = RocketChat.settings.get 'LDAP_Url' LDAP_DEFAULTS.url = RocketChat.settings.get 'LDAP_Url'
LDAP_DEFAULTS.port = RocketChat.settings.get 'LDAP_Port' if RocketChat.settings.get 'LDAP_Port' LDAP_DEFAULTS.port = RocketChat.settings.get 'LDAP_Port' if RocketChat.settings.get 'LDAP_Port'
LDAP_DEFAULTS.dn = RocketChat.settings.get 'LDAP_DN' or false LDAP_DEFAULTS.dn = RocketChat.settings.get 'LDAP_DN' or false
LDAP_DEFAULTS.bindSearch = RocketChat.settings.get 'LDAP_Bind_Search' or '' LDAP_DEFAULTS.bindSearch = RocketChat.settings.get 'LDAP_Bind_Search' or ''
else else
LDAP_DEFAULTS.TLS = undefined
LDAP_DEFAULTS.CACert = undefined
LDAP_DEFAULTS.rejectUnauthorized = undefined
LDAP_DEFAULTS.url = undefined LDAP_DEFAULTS.url = undefined
LDAP_DEFAULTS.port = undefined LDAP_DEFAULTS.port = undefined
LDAP_DEFAULTS.dn = undefined LDAP_DEFAULTS.dn = undefined
......
packages/rocketchat-ldap/ldap_server.js
+ 24
0
View file @ b83f07ad
...@@ -11,6 +11,7 @@ var slug = function (text) { ...@@ -11,6 +11,7 @@ var slug = function (text) {
// e.g. "uid=someuser,cn=users,dc=somevalue" // e.g. "uid=someuser,cn=users,dc=somevalue"
LDAP_DEFAULTS = { LDAP_DEFAULTS = {
url: false, url: false,
TLS: false,
port: '389', port: '389',
dn: false, dn: false,
createNewUser: true, createNewUser: true,
...@@ -42,6 +43,25 @@ var LDAP = function(options) { ...@@ -42,6 +43,25 @@ var LDAP = function(options) {
this.ldapjs = MeteorWrapperLdapjs; this.ldapjs = MeteorWrapperLdapjs;
}; };
function startTLS(client) {
var opts = {
rejectUnauthorized: LDAP_DEFAULTS.rejectUnauthorized
};
if ( LDAP_DEFAULTS.CACert && LDAP_DEFAULTS.CACert != '' ){
opts.ca = [LDAP_DEFAULTS.CACert];
}
var starttlsSync = Meteor.wrapAsync(client.starttls);
var res = starttlsSync(opts , null);
if (res) {
console.log("StartTLS Result: " + res);
}
}
/** /**
* Attempt to bind (authenticate) ldap * Attempt to bind (authenticate) ldap
* and perform a dn search if specified * and perform a dn search if specified
...@@ -68,6 +88,10 @@ LDAP.prototype.ldapCheck = function(options) { ...@@ -68,6 +88,10 @@ LDAP.prototype.ldapCheck = function(options) {
reconnect: false reconnect: false
}); });
if (LDAP_DEFAULTS.TLS == true) {
startTLS(client);
}
client.on('error', function() { client.on('error', function() {
console.log('Client Error:', arguments); console.log('Client Error:', arguments);
}); });
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment