Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2025-12-16 16:30:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

🔒 feat: add option to disable TLS for LDAP authentication (#3247)

Browse source 
* feat: add ldap tls config

* Update ldapStrategy.js

* LDAP_TLS_REJECT_UNAUTHORIZED optional

---------

Co-authored-by: Danny Avila <danacordially@gmail.com>
Co-authored-by: Danny Avila <danny@librechat.ai>
This commit is contained in:
Ravi Katiyar 2024-07-28 01:16:39 +05:30 committed by GitHub
parent ba9cb71245
commit 18fd8f1416
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 5 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.env.example
View file

@ -374,6 +374,7 @@ LDAP_BIND_CREDENTIALS=
LDAP_USER_SEARCH_BASE= LDAP_USER_SEARCH_BASE=
LDAP_SEARCH_FILTER=mail={{username}} LDAP_SEARCH_FILTER=mail={{username}}
LDAP_CA_CERT_PATH= LDAP_CA_CERT_PATH=
# LDAP_TLS_REJECT_UNAUTHORIZED=
# LDAP_LOGIN_USES_USERNAME=true # LDAP_LOGIN_USES_USERNAME=true
# LDAP_ID= # LDAP_ID=
# LDAP_USERNAME= # LDAP_USERNAME=

4
api/strategies/ldapStrategy.js
View file

@ -1,6 +1,7 @@
const fs = require('fs'); const fs = require('fs');
const LdapStrategy = require('passport-ldapauth'); const LdapStrategy = require('passport-ldapauth');
const { findUser, createUser, updateUser } = require('~/models/userMethods'); const { findUser, createUser, updateUser } = require('~/models/userMethods');
const { isEnabled } = require('~/server/utils');
const logger = require('~/utils/logger'); const logger = require('~/utils/logger');
const { const {
@ -13,6 +14,7 @@ const {
LDAP_FULL_NAME, LDAP_FULL_NAME,
LDAP_ID, LDAP_ID,
LDAP_USERNAME, LDAP_USERNAME,
LDAP_TLS_REJECT_UNAUTHORIZED,
} = process.env; } = process.env;
// Check required environment variables // Check required environment variables
@ -41,6 +43,7 @@ if (LDAP_ID) {
if (LDAP_USERNAME) { if (LDAP_USERNAME) {
searchAttributes.push(LDAP_USERNAME); searchAttributes.push(LDAP_USERNAME);
} }
const rejectUnauthorized = isEnabled(LDAP_TLS_REJECT_UNAUTHORIZED);
const ldapOptions = { const ldapOptions = {
server: { server: {
@ -52,6 +55,7 @@ const ldapOptions = {
searchAttributes: [...new Set(searchAttributes)], searchAttributes: [...new Set(searchAttributes)],
...(LDAP_CA_CERT_PATH && { ...(LDAP_CA_CERT_PATH && {
tlsOptions: { tlsOptions: {
rejectUnauthorized,
ca: (() => { ca: (() => {
try { try {
return [fs.readFileSync(LDAP_CA_CERT_PATH)]; return [fs.readFileSync(LDAP_CA_CERT_PATH)];