Skip to content

Commit

Permalink
🔒 feat: add option to disable TLS for LDAP authentication (#3247)
Browse files Browse the repository at this point in the history
* feat: add ldap tls config

* Update ldapStrategy.js

* LDAP_TLS_REJECT_UNAUTHORIZED optional

---------

Co-authored-by: Danny Avila <danacordially@gmail.com>
Co-authored-by: Danny Avila <danny@librechat.ai>
  • Loading branch information
3 people authored Jul 27, 2024
1 parent ba9cb71 commit 18fd8f1
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 0 deletions.
1 change: 1 addition & 0 deletions .env.example
Original file line number Diff line number Diff line change
Expand Up @@ -374,6 +374,7 @@ LDAP_BIND_CREDENTIALS=
LDAP_USER_SEARCH_BASE=
LDAP_SEARCH_FILTER=mail={{username}}
LDAP_CA_CERT_PATH=
# LDAP_TLS_REJECT_UNAUTHORIZED=
# LDAP_LOGIN_USES_USERNAME=true
# LDAP_ID=
# LDAP_USERNAME=
Expand Down
4 changes: 4 additions & 0 deletions api/strategies/ldapStrategy.js
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
const fs = require('fs');
const LdapStrategy = require('passport-ldapauth');
const { findUser, createUser, updateUser } = require('~/models/userMethods');
const { isEnabled } = require('~/server/utils');
const logger = require('~/utils/logger');

const {
Expand All @@ -13,6 +14,7 @@ const {
LDAP_FULL_NAME,
LDAP_ID,
LDAP_USERNAME,
LDAP_TLS_REJECT_UNAUTHORIZED,
} = process.env;

// Check required environment variables
Expand Down Expand Up @@ -41,6 +43,7 @@ if (LDAP_ID) {
if (LDAP_USERNAME) {
searchAttributes.push(LDAP_USERNAME);
}
const rejectUnauthorized = isEnabled(LDAP_TLS_REJECT_UNAUTHORIZED);

const ldapOptions = {
server: {
Expand All @@ -52,6 +55,7 @@ const ldapOptions = {
searchAttributes: [...new Set(searchAttributes)],
...(LDAP_CA_CERT_PATH && {
tlsOptions: {
rejectUnauthorized,
ca: (() => {
try {
return [fs.readFileSync(LDAP_CA_CERT_PATH)];
Expand Down

0 comments on commit 18fd8f1

Please sign in to comment.