Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2025-12-17 00:40:14 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

🚀 feat: Add support for LDAP STARTTLS in LDAP Auth (#6438)

Browse source
This commit is contained in:
Ruben Talstra 2025-03-21 12:55:09 +01:00 committed by GitHub
parent bc88ac846d
commit b70d9f1a82
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 4 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.env.example
View file

@ -444,6 +444,7 @@ LDAP_USER_SEARCH_BASE=
LDAP_SEARCH_FILTER=mail={{username}} LDAP_SEARCH_FILTER=mail={{username}}
LDAP_CA_CERT_PATH= LDAP_CA_CERT_PATH=
# LDAP_TLS_REJECT_UNAUTHORIZED= # LDAP_TLS_REJECT_UNAUTHORIZED=
# LDAP_STARTTLS=
# LDAP_LOGIN_USES_USERNAME=true # LDAP_LOGIN_USES_USERNAME=true
# LDAP_ID= # LDAP_ID=
# LDAP_USERNAME= # LDAP_USERNAME=

3
api/strategies/ldapStrategy.js
View file

@ -18,6 +18,7 @@ const {
LDAP_USERNAME, LDAP_USERNAME,
LDAP_EMAIL, LDAP_EMAIL,
LDAP_TLS_REJECT_UNAUTHORIZED, LDAP_TLS_REJECT_UNAUTHORIZED,
LDAP_STARTTLS,
} = process.env; } = process.env;
// Check required environment variables // Check required environment variables
@ -50,6 +51,7 @@ if (LDAP_EMAIL) {
searchAttributes.push(LDAP_EMAIL); searchAttributes.push(LDAP_EMAIL);
} }
const rejectUnauthorized = isEnabled(LDAP_TLS_REJECT_UNAUTHORIZED); const rejectUnauthorized = isEnabled(LDAP_TLS_REJECT_UNAUTHORIZED);
const startTLS = isEnabled(LDAP_STARTTLS);
const ldapOptions = { const ldapOptions = {
server: { server: {
@ -72,6 +74,7 @@ const ldapOptions = {
})(), })(),
}, },
}), }),
...(startTLS && { starttls: true }),
}, },
usernameField: 'email', usernameField: 'email',
passwordField: 'password', passwordField: 'password',