public/mailtrain
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge pull request #444 from Addy90/ldap-ssl

Browse source 
LDAP SSL Support
This commit is contained in:
Tomas Bures 2018-08-05 17:24:16 +05:30 committed by GitHub
commit 967e19f55e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 18 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

8
config/default.toml
View file

@ -114,8 +114,7 @@ host="0.0.0.0"
[ldap] [ldap]
# enable to use ldap user backend # enable to use ldap user backend
enabled=false enabled=false
host="localhost" url="ldap://localhost:3002"
port=3002
baseDN="ou=users,dc=company" baseDN="ou=users,dc=company"
filter="(|(username={{username}})(mail={{username}}))" filter="(|(username={{username}})(mail={{username}}))"
#Username field in LDAP (uid/cn/username) #Username field in LDAP (uid/cn/username)
@ -124,12 +123,12 @@ passwordresetlink=""
# Use a different user to bind LDAP (final bind DN will be: {{uidTag}}={{bindUser}},{{baseDN}}) # Use a different user to bind LDAP (final bind DN will be: {{uidTag}}={{bindUser}},{{baseDN}})
bindUser="" bindUser=""
bindPassword="" bindPassword=""
#ca="self-signed-ca.pem"
[ldapauth] [ldapauth]
# Alternative LDAP implementation using the more popular passport-ldapauth library. # Alternative LDAP implementation using the more popular passport-ldapauth library.
enabled=false enabled=false
host="localhost" url="ldap://localhost:389"
port=389
# Subtree in which the searchrequest for the user is done # Subtree in which the searchrequest for the user is done
baseDN="ou=users,dc=company" baseDN="ou=users,dc=company"
# What whe are searching for. This should return a single user. # What whe are searching for. This should return a single user.
@ -140,6 +139,7 @@ passwordresetlink=""
# Credentials for the initial search operation (final bind DN will be exactly as specified) # Credentials for the initial search operation (final bind DN will be exactly as specified)
bindUser="name@company.net" bindUser="name@company.net"
bindPassword="mySecretPassword" bindPassword="mySecretPassword"
#ca="self-signed-ca.pem"
[postfixbounce] [postfixbounce]
# Enable to allow writing Postfix bounce log to Mailtrain listener # Enable to allow writing Postfix bounce log to Mailtrain listener

17
lib/passport.js
View file

@ -6,6 +6,7 @@ let _ = require('./translate')._;
let util = require('util'); let util = require('util');
let passport = require('passport'); let passport = require('passport');
let fs = require('fs');
let LocalStrategy = require('passport-local').Strategy; let LocalStrategy = require('passport-local').Strategy;
let csrf = require('csurf'); let csrf = require('csurf');
@ -87,7 +88,12 @@ if (config.ldap.enabled && LdapStrategy) {
let opts = { let opts = {
server: { server: {
url: 'ldap://' + config.ldap.host + ':' + config.ldap.port url: config.ldap.url,
tlsOptions: {
ca: config.ldap.ca ? [
fs.readFileSync(config.ldap.ca)
] : undefined
}
}, },
base: config.ldap.baseDN, base: config.ldap.baseDN,
search: { search: {
@ -130,12 +136,17 @@ if (config.ldap.enabled && LdapStrategy) {
log.info('Using LDAP auth (passport-ldapauth)'); log.info('Using LDAP auth (passport-ldapauth)');
let opts = { let opts = {
server: { server: {
url: 'ldap://' + config.ldap.host + ':' + config.ldap.port, url: config.ldapauth.url,
searchBase: config.ldapauth.baseDN, searchBase: config.ldapauth.baseDN,
searchFilter: config.ldapauth.filter, searchFilter: config.ldapauth.filter,
searchAttributes: [config.ldapauth.uidTag, 'mail'], searchAttributes: [config.ldapauth.uidTag, 'mail'],
bindDN: config.ldapauth.bindUser, bindDN: config.ldapauth.bindUser,
bindCredentials: config.ldapauth.bindPassword bindCredentials: config.ldapauth.bindPassword,
tlsOptions: {
ca: config.ldapauth.ca ? [
fs.readFileSync(config.ldapauth.ca)
] : undefined
}
} }
}; };