Skip to content

Support LDAP auth #93

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
reyman opened this issue Mar 22, 2016 · 16 comments
Closed

Support LDAP auth #93

reyman opened this issue Mar 22, 2016 · 16 comments
Labels
auth provider feature Wants to add a new feature

Comments

@reyman
Copy link

reyman commented Mar 22, 2016

Do you have some plan to create a docker container/images for hackmd ?
I can be great for easy self-hosted installation :)
@jackycute
Copy link
Member

Yes, we already have it.
https://github.com/hackmdio/docker-hackmd

@reyman
Copy link
Author

reyman commented Mar 22, 2016

@jackycute You support Ldap ?

@jackycute
Copy link
Member

Hmm, you mean the user auth use LDAP?
I have no experience to do that.
Maybe we can discuss more.
Why you want to use LDAP here?

@jackycute
Copy link
Member

Since we use passportjs to auth right now.
Support LDAP maybe not difficult via this repo:
https://github.com/vesse/passport-ldapauth

@reyman
Copy link
Author

reyman commented Mar 22, 2016

@jackycute Yes, for an usage in academic environment (each laboratory/university have an ldap...) , ldap is a great and common way to offer new services at zero cost :)

@jackycute
Copy link
Member

OK I get it, then I will change this issue's name.
Please notice this feature is not on top one priority.
But definitely will solve in the future.

@jackycute jackycute changed the title Docker container ? Support LDAP auth Mar 23, 2016
@jackycute jackycute added the feature Wants to add a new feature label Mar 23, 2016
@Joe136 Joe136 mentioned this issue Dec 9, 2016
Open
@jackycute
Copy link
Member

PR welcome 😄

@alecdwm alecdwm mentioned this issue Dec 13, 2016
Merged
@jackycute jackycute added this to the 0.5.1 milestone Jan 10, 2017
@jackycute
Copy link
Member

@reyman Hi, could you help us to test if this issue solved?

@reyman
Copy link
Author

reyman commented Jan 24, 2017 via email

@exstral
Copy link

exstral commented Feb 7, 2017

I've been trying to get this to work using our internal LDAP. I can get it to connect, but since we are using our own Root CA to sign the SSL certs for our services it complains it cannot verify the certificate. Even when I supple our root ca file using the HMD_LDAP_TLS_CA variable it does not work. Maybe it is not reading that file properly :(

This is the error that is logged, and then HackMD crashes.

uncaughtException: unable to verify the first certificate date=Tue Feb 07 2017 11:40:50 GMT+0000 (UTC), pid=23, uid=10000, gid=65533, cwd=/hackmd, execPath=/usr/local/bin/node, version=v6.9.5, argv=[/usr/local/bin/node, /hackmd/app.js], rss=77271040, heapTotal=54575104, heapUsed=46572568, loadavg=[0.2060546875, 0.0703125, 0.02294921875], uptime=327595, trace=[column=null, file=null, function=Error, line=null, method=null, native=true, column=38, file=_tls_wrap.js, function=, line=1079, method=null, native=false, column=13, file=events.js, function=emitNone, line=86, method=null, native=false, column=7, file=events.js, function=TLSSocket.emit, line=185, method=emit, native=false, column=8, file=_tls_wrap.js, function=TLSSocket._finishInit, line=603, method=_finishInit, native=false, column=38, file=_tls_wrap.js, function=TLSWrap.ssl.onhandshakedone, line=433, method=ssl.onhandshakedone, native=false], stack=[Error: unable to verify the first certificate,     at Error (native),     at TLSSocket.<anonymous> (_tls_wrap.js:1079:38),     at emitNone (events.js:86:13),     at TLSSocket.emit (events.js:185:7),     at TLSSocket._finishInit (_tls_wrap.js:603:8),     at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:433:38)]

Any ides on how to debug?

@jackycute
Copy link
Member

jackycute commented Feb 7, 2017
edited
Loading

@esbite I found we might have some issue on passing the ca file.
Because the HMD_LDAP_TLS_CA will pass to node tls modules
And the ca option will need to be the certificate's content instead of the ca path.
https://github.com/hackmdio/hackmd/blob/master/lib/config.js#L126
It should be an array and read read before passing.
Like we've done for ssl server setup here.

@jackycute
Copy link
Member

@esbite I made a patch in bbbf64a
Could you please give it a try?

@exstral
Copy link

exstral commented Feb 7, 2017

@jackycute Nope when I using the variable HMD_LDAP_TLS_CA now I get this error right at startup:

/hackmd/lib/config.js:130
    if (Array.isArray(ldap.tlsOptions.ca) && ldap.tlsOptions.ca.length > 0) {
                                     ^

TypeError: Cannot read property 'ca' of undefined
    at Object.<anonymous> (/hackmd/lib/config.js:130:38)
    at Module._compile (module.js:570:32)
    at Object.Module._extensions..js (module.js:579:10)
    at Module.load (module.js:487:32)
    at tryModuleLoad (module.js:446:12)
    at Function.Module._load (module.js:438:3)
    at Module.require (module.js:497:17)
    at require (internal/module.js:20:19)
    at Object.<anonymous> (/hackmd/app.js:26:14)
    at Module._compile (module.js:570:32)

@jackycute
Copy link
Member

@esbite Fixed in 1cc27e1

@exstral
Copy link

exstral commented Feb 8, 2017

Thanks now it works great! :)

@jackycute
Copy link
Member

I think this feature has been implemented and used by many of our users.
It's time to close this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
auth provider feature Wants to add a new feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@exstral @reyman @jackycute @SISheogorath