Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2025-12-16 08:20:14 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

🔒 feat: add option to disable TLS for LDAP authentication (#3247)

Browse source 
* feat: add ldap tls config

* Update ldapStrategy.js

* LDAP_TLS_REJECT_UNAUTHORIZED optional

---------

Co-authored-by: Danny Avila <danacordially@gmail.com>
Co-authored-by: Danny Avila <danny@librechat.ai>
This commit is contained in:
Ravi Katiyar 2024-07-28 01:16:39 +05:30 committed by GitHub
parent ba9cb71245
commit 18fd8f1416
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 5 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.env.example
View file

@ -374,6 +374,7 @@ LDAP_BIND_CREDENTIALS=
LDAP_USER_SEARCH_BASE=
LDAP_SEARCH_FILTER=mail={{username}}
LDAP_CA_CERT_PATH=
# LDAP_TLS_REJECT_UNAUTHORIZED=
# LDAP_LOGIN_USES_USERNAME=true
# LDAP_ID=
# LDAP_USERNAME=

4
api/strategies/ldapStrategy.js
View file

@ -1,6 +1,7 @@
const fs = require('fs');
const LdapStrategy = require('passport-ldapauth');
const { findUser, createUser, updateUser } = require('~/models/userMethods');
const { isEnabled } = require('~/server/utils');
const logger = require('~/utils/logger');
const {
@ -13,6 +14,7 @@ const {
LDAP_FULL_NAME,
LDAP_ID,
LDAP_USERNAME,
LDAP_TLS_REJECT_UNAUTHORIZED,
} = process.env;
// Check required environment variables
@ -41,6 +43,7 @@ if (LDAP_ID) {
if (LDAP_USERNAME) {
searchAttributes.push(LDAP_USERNAME);
}
const rejectUnauthorized = isEnabled(LDAP_TLS_REJECT_UNAUTHORIZED);
const ldapOptions = {
server: {
@ -52,6 +55,7 @@ const ldapOptions = {
searchAttributes: [...new Set(searchAttributes)],
...(LDAP_CA_CERT_PATH && {
tlsOptions: {
rejectUnauthorized,
ca: (() => {
try {
return [fs.readFileSync(LDAP_CA_CERT_PATH)];