Fix HMD_LDAP_TLS_CA not passing correctly and update README.md
This commit is contained in:
parent
d6822dd410
commit
bbbf64aae4
2 changed files with 17 additions and 8 deletions
12
README.md
12
README.md
|
@ -130,15 +130,15 @@ Environment variables (will overwrite other server configs)
|
||||||
| HMD_DROPBOX_CLIENTSECRET | no example | Dropbox API client secret |
|
| HMD_DROPBOX_CLIENTSECRET | no example | Dropbox API client secret |
|
||||||
| HMD_GOOGLE_CLIENTID | no example | Google API client id |
|
| HMD_GOOGLE_CLIENTID | no example | Google API client id |
|
||||||
| HMD_GOOGLE_CLIENTSECRET | no example | Google API client secret |
|
| HMD_GOOGLE_CLIENTSECRET | no example | Google API client secret |
|
||||||
| HMD_LDAP_URL | ldap://example.com | url of LDAP server |
|
| HMD_LDAP_URL | `ldap://example.com` | url of LDAP server |
|
||||||
| HMD_LDAP_BINDDN | no example | bindDn for LDAP access |
|
| HMD_LDAP_BINDDN | no example | bindDn for LDAP access |
|
||||||
| HMD_LDAP_BINDCREDENTIALS | no example | bindCredentials for LDAP access |
|
| HMD_LDAP_BINDCREDENTIALS | no example | bindCredentials for LDAP access |
|
||||||
| HMD_LDAP_TOKENSECRET | supersecretkey | secret used for generating access/refresh tokens |
|
| HMD_LDAP_TOKENSECRET | `supersecretkey` | secret used for generating access/refresh tokens |
|
||||||
| HMD_LDAP_SEARCHBASE | o=users,dc=example,dc=com | LDAP directory to begin search from |
|
| HMD_LDAP_SEARCHBASE | `o=users,dc=example,dc=com` | LDAP directory to begin search from |
|
||||||
| HMD_LDAP_SEARCHFILTER | (uid={{username}}) | LDAP filter to search with |
|
| HMD_LDAP_SEARCHFILTER | `(uid={{username}})` | LDAP filter to search with |
|
||||||
| HMD_LDAP_SEARCHATTRIBUTES | no example | LDAP attributes to search with |
|
| HMD_LDAP_SEARCHATTRIBUTES | no example | LDAP attributes to search with |
|
||||||
| HMD_LDAP_TLS_CA | no example | Root CA for LDAP TLS in PEM format |
|
| HMD_LDAP_TLS_CA | `server-cert.pem, root.pem` | Root CA for LDAP TLS in PEM format (use comma to separate) |
|
||||||
| HMD_LDAP_PROVIDERNAME | My institution | Optional name to be displayed at login form indicating the LDAP provider |
|
| HMD_LDAP_PROVIDERNAME | `My institution` | Optional name to be displayed at login form indicating the LDAP provider |
|
||||||
| HMD_IMGUR_CLIENTID | no example | Imgur API client id |
|
| HMD_IMGUR_CLIENTID | no example | Imgur API client id |
|
||||||
| HMD_EMAIL | `true` or `false` | set to allow email signin |
|
| HMD_EMAIL | `true` or `false` | set to allow email signin |
|
||||||
| HMD_ALLOW_EMAIL_REGISTER | `true` or `false` | set to allow email register (only applied when email is set, default is `true`) |
|
| HMD_ALLOW_EMAIL_REGISTER | `true` or `false` | set to allow email register (only applied when email is set, default is `true`) |
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
// external modules
|
// external modules
|
||||||
|
var fs = require('fs');
|
||||||
var path = require('path');
|
var path = require('path');
|
||||||
|
|
||||||
// configs
|
// configs
|
||||||
|
@ -123,9 +124,17 @@ if (process.env.HMD_LDAP_SEARCHATTRIBUTES)
|
||||||
ldap.searchAttributes = process.env.HMD_LDAP_SEARCHATTRIBUTES;
|
ldap.searchAttributes = process.env.HMD_LDAP_SEARCHATTRIBUTES;
|
||||||
if (process.env.HMD_LDAP_TLS_CA) {
|
if (process.env.HMD_LDAP_TLS_CA) {
|
||||||
var ca = {
|
var ca = {
|
||||||
ca: process.env.HMD_LDAP_TLS_CA
|
ca: process.env.HMD_LDAP_TLS_CA.split(',')
|
||||||
|
}
|
||||||
|
ldap.tlsOptions = ldap.tlsOptions ? Object.assign(ldap.tlsOptions, ca) : ca;
|
||||||
|
if (Array.isArray(ldap.tlsOptions.ca) && ldap.tlsOptions.ca.length > 0) {
|
||||||
|
var i, len, results;
|
||||||
|
results = [];
|
||||||
|
for (i = 0, len = ldap.tlsOptions.ca.length; i < len; i++) {
|
||||||
|
results.push(fs.readFileSync(ldap.tlsOptions.ca[i], 'utf8'));
|
||||||
|
}
|
||||||
|
ldap.tlsOptions.ca = results;
|
||||||
}
|
}
|
||||||
ldap.tlsOptions = ldap.tlsOptions ? Object.assign(ldap.tlsOptions, ca) : ca
|
|
||||||
}
|
}
|
||||||
if (process.env.HMD_LDAP_PROVIDERNAME) {
|
if (process.env.HMD_LDAP_PROVIDERNAME) {
|
||||||
ldap.providerName = process.env.HMD_LDAP_PROVIDERNAME;
|
ldap.providerName = process.env.HMD_LDAP_PROVIDERNAME;
|
||||||
|
|
Loading…
Reference in a new issue