bitwarden/directory-connector
1
0
Fork 0
mirror of https://github.com/bitwarden/directory-connector synced 2025-12-10 05:13:17 +00:00
Code Issues Releases Wiki Activity

ssl options for ldap

Browse Source
This commit is contained in:
Kyle Spearrin
2018-09-18 11:31:11 -04:00
parent 8c8b4da595
commit 63bc5e4161
5 changed files with 89 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
src/app/tabs/settings.component.html
View File

@@ -27,14 +27,38 @@
</div> </div>
<div class="form-group"> <div class="form-group">
<div class="form-check"> <div class="form-check">
<input class="form-check-input" type="checkbox" id="ssl" [(ngModel)]="ldap.ssl" name="SSL"> <input class="form-check-input" type="checkbox" id="ad" [(ngModel)]="ldap.ad" name="AD">
<label class="form-check-label" for="ssl">{{'ldapSsl' | i18n}}</label> <label class="form-check-label" for="ad">{{'ldapAd' | i18n}}</label>
</div> </div>
</div> </div>
<div class="form-group"> <div class="form-group">
<div class="form-check"> <div class="form-check">
<input class="form-check-input" type="checkbox" id="ad" [(ngModel)]="ldap.ad" name="AD"> <input class="form-check-input" type="checkbox" id="ssl" [(ngModel)]="ldap.ssl" name="SSL">
<label class="form-check-label" for="ad">{{'ldapAd' | i18n}}</label> <label class="form-check-label" for="ssl">{{'ldapSsl' | i18n}}</label>
</div>
</div>
<div class="ml-4" *ngIf="ldap.ssl">
<p>{{'ldapSslUntrustedDesc' | i18n}}</p>
<div class="form-group">
<label for="sslCertPath">{{'ldapSslCert' | i18n}}</label>
<input type="file" class="form-control-file mb-2" id="sslCertPath_file" (change)="setSslPath('sslCertPath')">
<input type="text" class="form-control" id="sslCertPath" name="SSLCertPath" [(ngModel)]="ldap.sslCertPath">
</div>
<div class="form-group">
<label for="sslKeyPath">{{'ldapSslKey' | i18n}}</label>
<input type="file" class="form-control-file mb-2" id="sslKeyPath_file" (change)="setSslPath('sslKeyPath')">
<input type="text" class="form-control" id="sslKeyPath" name="SSLKeyPath" [(ngModel)]="ldap.sslKeyPath">
</div>
<div class="form-group">
<label for="sslCaPath">{{'ldapSslCa' | i18n}}</label>
<input type="file" class="form-control-file mb-2" id="sslCaPath_file" (change)="setSslPath('sslCaPath')">
<input type="text" class="form-control" id="sslCaPath" name="SSLCaPath" [(ngModel)]="ldap.sslCaPath">
</div>
<div class="form-group">
<div class="form-check">
<input class="form-check-input" type="checkbox" id="sslAllowUnauthorized" [(ngModel)]="ldap.sslAllowUnauthorized" name="SSLAllowUnauthorized">
<label class="form-check-label" for="sslAllowUnauthorized">{{'ldapSslAllowUnauthorized' | i18n}}</label>
</div>
</div> </div>
</div> </div>
<div class="form-group" [hidden]="true"> <div class="form-group" [hidden]="true">

18
src/app/tabs/settings.component.ts
View File

@@ -111,7 +111,7 @@ export class SettingsComponent implements OnInit, OnDestroy {
await this.configurationService.saveSync(this.sync); await this.configurationService.saveSync(this.sync);
} }
async parseKeyFile() { parseKeyFile() {
const filePicker = (document.getElementById('keyFile') as HTMLInputElement); const filePicker = (document.getElementById('keyFile') as HTMLInputElement);
if (filePicker.files == null || filePicker.files.length < 0) { if (filePicker.files == null || filePicker.files.length < 0) {
return; return;
@@ -122,7 +122,7 @@ export class SettingsComponent implements OnInit, OnDestroy {
reader.onload = (evt) => { reader.onload = (evt) => {
this.ngZone.run(async () => { this.ngZone.run(async () => {
try { try {
const result = JSON.parse((evt.target as FileReader).result); const result = JSON.parse((evt.target as FileReader).result as string);
if (result.client_email != null && result.private_key != null) { if (result.client_email != null && result.private_key != null) {
this.gsuite.clientEmail = result.client_email; this.gsuite.clientEmail = result.client_email;
this.gsuite.privateKey = result.private_key; this.gsuite.privateKey = result.private_key;
@@ -138,4 +138,18 @@ export class SettingsComponent implements OnInit, OnDestroy {
filePicker.value = ''; filePicker.value = '';
}; };
} }
setSslPath(id: string) {
const filePicker = (document.getElementById(id + '_file') as HTMLInputElement);
if (filePicker.files == null || filePicker.files.length < 0) {
return;
}
(this.ldap as any)[id] = filePicker.files[0].path;
// reset file input
// ref: https://stackoverflow.com/a/20552042
filePicker.type = '';
filePicker.type = 'file';
filePicker.value = '';
}
} }

15
src/locales/en/messages.json
View File

@@ -417,6 +417,21 @@
"ldapSsl": { "ldapSsl": {
"message": "This server uses SSL (LDAPS)" "message": "This server uses SSL (LDAPS)"
}, },
"ldapSslUntrustedDesc": {
"message": "If your LDAPS server uses an untrusted certificate you can configure certificate options below."
},
"ldapSslCa": {
"message": "Certificate CA Chain (PEM)"
},
"ldapSslCert": {
"message": "Certificate (PEM)"
},
"ldapSslKey": {
"message": "Certificate Private Key (PEM)"
},
"ldapSslAllowUnauthorized": {
"message": "Allow untrusted SSL connections (not recommended)."
},
"ldapAd": { "ldapAd": {
"message": "This server uses Active Directory" "message": "This server uses Active Directory"
}, },

6
src/models/ldapConfiguration.ts
View File

@@ -1,7 +1,9 @@
import { DirectoryType } from '../enums/directoryType';
export class LdapConfiguration { export class LdapConfiguration {
ssl = false; ssl = false;
sslAllowUnauthorized = false;
sslCertPath: string;
sslKeyPath: string;
sslCaPath: string;
hostname: string; hostname: string;
port = 389; port = 389;
domain: string; domain: string;

29
src/services/ldap-directory.service.ts
View File

@@ -1,3 +1,4 @@
import * as fs from 'fs';
import * as ldap from 'ldapjs'; import * as ldap from 'ldapjs';
import { DirectoryType } from '../enums/directoryType'; import { DirectoryType } from '../enums/directoryType';
@@ -326,10 +327,32 @@ export class LdapDirectoryService implements DirectoryService {
const url = 'ldap' + (this.dirConfig.ssl ? 's' : '') + '://' + this.dirConfig.hostname + const url = 'ldap' + (this.dirConfig.ssl ? 's' : '') + '://' + this.dirConfig.hostname +
':' + this.dirConfig.port; ':' + this.dirConfig.port;
const options: ldap.ClientOptions = {
this.client = ldap.createClient({
url: url.trim().toLowerCase(), url: url.trim().toLowerCase(),
}); };
if (this.dirConfig.ssl) {
const tlsOptions: any = {};
if (this.dirConfig.sslAllowUnauthorized != null) {
tlsOptions.rejectUnauthorized = !this.dirConfig.sslAllowUnauthorized;
}
if (this.dirConfig.sslCaPath != null && this.dirConfig.sslCaPath !== '' &&
fs.existsSync(this.dirConfig.sslCaPath)) {
tlsOptions.ca = [fs.readFileSync(this.dirConfig.sslCaPath)];
}
if (this.dirConfig.sslCertPath != null && this.dirConfig.sslCertPath !== '' &&
fs.existsSync(this.dirConfig.sslCertPath)) {
tlsOptions.cert = fs.readFileSync(this.dirConfig.sslCertPath);
}
if (this.dirConfig.sslKeyPath != null && this.dirConfig.sslKeyPath !== '' &&
fs.existsSync(this.dirConfig.sslKeyPath)) {
tlsOptions.key = fs.readFileSync(this.dirConfig.sslKeyPath);
}
if (Object.keys(tlsOptions).length > 0) {
options.tlsOptions = tlsOptions;
}
}
this.client = ldap.createClient(options);
const user = this.dirConfig.username == null || this.dirConfig.username.trim() === '' ? null : const user = this.dirConfig.username == null || this.dirConfig.username.trim() === '' ? null :
this.dirConfig.username; this.dirConfig.username;