diff --git a/jslib b/jslib index e1d42f95..44b86f5d 160000 --- a/jslib +++ b/jslib @@ -1 +1 @@ -Subproject commit e1d42f95d9c662bd4ffc8221bc4e5b9b96a095a6 +Subproject commit 44b86f5dd028271059b70a00d7878fbb1a06023f diff --git a/src/app/app.module.ts b/src/app/app.module.ts index cf6b0526..3b68d5ff 100644 --- a/src/app/app.module.ts +++ b/src/app/app.module.ts @@ -15,6 +15,7 @@ import { BrowserAnimationsModule } from '@angular/platform-browser/animations'; import { AppComponent } from './app.component'; +import { CalloutComponent } from 'jslib/angular/components/callout.component'; import { IconComponent } from 'jslib/angular/components/icon.component'; import { ModalComponent } from 'jslib/angular/components/modal.component'; @@ -60,6 +61,7 @@ import { SearchCiphersPipe } from 'jslib/angular/pipes/search-ciphers.pipe'; AutofocusDirective, BlurClickDirective, BoxRowDirective, + CalloutComponent, DashboardComponent, EnvironmentComponent, FallbackSrcDirective, diff --git a/src/app/tabs/settings.component.html b/src/app/tabs/settings.component.html index 45c053be..eca7acaf 100644 --- a/src/app/tabs/settings.component.html +++ b/src/app/tabs/settings.component.html @@ -35,54 +35,64 @@
- +
- - -
-
- +
+
+ + +
-
+

{{'ldapTlsUntrustedDesc' | i18n}}

- + (change)="setSslPath('tlsCaPath')"> +
-
+

{{'ldapSslUntrustedDesc' | i18n}}

- +
- - + +
- - + +
- +
diff --git a/src/models/ldapConfiguration.ts b/src/models/ldapConfiguration.ts index e41b6dc1..f34246b5 100644 --- a/src/models/ldapConfiguration.ts +++ b/src/models/ldapConfiguration.ts @@ -1,6 +1,6 @@ export class LdapConfiguration { ssl = false; - starttls = true; + startTls = false; tlsCaPath: string; sslAllowUnauthorized = false; sslCertPath: string; diff --git a/src/services/ldap-directory.service.ts b/src/services/ldap-directory.service.ts index d267ddf9..dc3439bf 100644 --- a/src/services/ldap-directory.service.ts +++ b/src/services/ldap-directory.service.ts @@ -324,7 +324,7 @@ export class LdapDirectoryService implements DirectoryService { reject(this.i18nService.t('dirConfigIncomplete')); return; } - const protocol = 'ldap' + (this.dirConfig.ssl && !this.dirConfig.starttls ? 's' : ''); + const protocol = 'ldap' + (this.dirConfig.ssl && !this.dirConfig.startTls ? 's' : ''); const url = protocol + '://' + this.dirConfig.hostname + ':' + this.dirConfig.port; const options: ldap.ClientOptions = { @@ -333,7 +333,10 @@ export class LdapDirectoryService implements DirectoryService { const tlsOptions: any = {}; if (this.dirConfig.ssl) { - if (!this.dirConfig.starttls) { + if (this.dirConfig.sslAllowUnauthorized) { + tlsOptions.rejectUnauthorized = !this.dirConfig.sslAllowUnauthorized; + } + if (!this.dirConfig.startTls) { if (this.dirConfig.sslCaPath != null && this.dirConfig.sslCaPath !== '' && fs.existsSync(this.dirConfig.sslCaPath)) { tlsOptions.ca = [fs.readFileSync(this.dirConfig.sslCaPath)]; @@ -352,9 +355,6 @@ export class LdapDirectoryService implements DirectoryService { tlsOptions.ca = [fs.readFileSync(this.dirConfig.tlsCaPath)]; } } - if (this.dirConfig.sslAllowUnauthorized) { - tlsOptions.rejectUnauthorized = !this.dirConfig.sslAllowUnauthorized; - } } if (Object.keys(tlsOptions).length > 0) { @@ -373,14 +373,14 @@ export class LdapDirectoryService implements DirectoryService { return; } - if (this.dirConfig.starttls && this.dirConfig.ssl) { + if (this.dirConfig.startTls && this.dirConfig.ssl) { this.client.starttls(options.tlsOptions, undefined, (err, res) => { if (err != null) { reject(err.message); } else { - this.client.bind(user, pass, (err) => { - if (err != null) { - reject(err.message); + this.client.bind(user, pass, (err2) => { + if (err2 != null) { + reject(err2.message); } else { resolve(); }