[PM-15283] [PM-15284] [PM-15286] Upgrade Angular to 19.

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

.github/workflows/version-bump.yml

@@ -7,17 +7,11 @@ on:
         description: "New version override (leave blank for automatic calculation, example: '2024.1.0')"
         required: false
         type: string
-      enable_slack_notification:
-        description: "Enable Slack notifications for upcoming release?"
-        default: false
-        type: boolean
 
 jobs:
   bump_version:
     name: Bump Version
     runs-on: ubuntu-24.04
-    outputs:
-      version: ${{ steps.set-final-version-output.outputs.version }}
     steps:
       - name: Validate version input
         if: ${{ inputs.version_number_override != '' }}
@@ -25,49 +19,22 @@ jobs:
         with:
           version: ${{ inputs.version_number_override }}
 
-      - name: Slack Notification Check
-        run: |
-          if [[ "${{ inputs.enable_slack_notification }}" == true ]]; then
-            echo "Slack notifications enabled."
-          else
-            echo "Slack notifications disabled."
-          fi
+      - name: Generate GH App token
+        uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0
+        id: app-token
+        with:
+          app-id: ${{ secrets.BW_GHAPP_ID }}
+          private-key: ${{ secrets.BW_GHAPP_KEY }}
 
       - name: Checkout Branch
         uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
-
-      - name: Login to Azure - CI Subscription
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
         with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
-
-      - name: Retrieve secrets
-        id: retrieve-secrets
-        uses: bitwarden/gh-actions/get-keyvault-secrets@main
-        with:
-          keyvault: "bitwarden-ci"
-          secrets: "github-gpg-private-key,
-            github-gpg-private-key-passphrase"
-
-      - name: Import GPG key
-        uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0
-        with:
-          gpg_private_key: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key }}
-          passphrase: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key-passphrase }}
-          git_user_signingkey: true
-          git_commit_gpgsign: true
+          token: ${{ steps.app-token.outputs.token }}
 
       - name: Setup git
         run: |
-          git config --local user.email "106330231+bitwarden-devops-bot@users.noreply.github.com"
-          git config --local user.name "bitwarden-devops-bot"
-
-      - name: Create Version Branch
-        id: create-branch
-        run: |
-          NAME=version_bump_${{ github.ref_name }}_$(date +"%Y-%m-%d")
-          git switch -c $NAME
-          echo "name=$NAME" >> $GITHUB_OUTPUT
+          git config user.name github-actions
+          git config user.email github-actions@github.com
 
       - name: Get current version
         id: current-version
@@ -144,61 +111,4 @@ jobs:
 
       - name: Push changes
         if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }}
-        env:
-          PR_BRANCH: ${{ steps.create-branch.outputs.name }}
-        run: git push -u origin $PR_BRANCH
-
-      - name: Generate GH App token
-        uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0
-        id: app-token
-        with:
-          app-id: ${{ secrets.BW_GHAPP_ID }}
-          private-key: ${{ secrets.BW_GHAPP_KEY }}
-          owner: ${{ github.repository_owner }}
-
-      - name: Create Version PR
-        if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }}
-        id: create-pr
-        env:
-          GH_TOKEN: ${{ steps.app-token.outputs.token }}
-          PR_BRANCH: ${{ steps.create-branch.outputs.name }}
-          TITLE: "Bump version to ${{ steps.set-final-version-output.outputs.version }}"
-        run: |
-          PR_URL=$(gh pr create --title "$TITLE" \
-            --base "main" \
-            --head "$PR_BRANCH" \
-            --label "version update" \
-            --label "automated pr" \
-            --body "
-              ## Type of change
-              - [ ] Bug fix
-              - [ ] New feature development
-              - [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
-              - [ ] Build/deploy pipeline (DevOps)
-              - [X] Other
-
-              ## Objective
-              Automated version bump to ${{ steps.set-final-version-output.outputs.version }}")
-          echo "pr_number=${PR_URL##*/}" >> $GITHUB_OUTPUT
-
-      - name: Approve PR
-        if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }}
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          PR_NUMBER: ${{ steps.create-pr.outputs.pr_number }}
-        run: gh pr review $PR_NUMBER --approve
-
-      - name: Merge PR
-        if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }}
-        env:
-          GH_TOKEN: ${{ steps.app-token.outputs.token }}
-          PR_NUMBER: ${{ steps.create-pr.outputs.pr_number }}
-        run: gh pr merge $PR_NUMBER --squash --auto --delete-branch
-
-      - name: Report upcoming release version to Slack
-        if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' && inputs.enable_slack_notification == true }}
-        uses: bitwarden/gh-actions/report-upcoming-release-version@main
-        with:
-          version: ${{ steps.set-final-version-output.outputs.version }}
-          project: ${{ github.repository }}
-          AZURE_KV_CI_SERVICE_PRINCIPAL: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+        run: git push

README.md

@@ -3,7 +3,7 @@
 
 # Bitwarden Directory Connector
 
-The Bitwarden Directory Connector is a a desktop application used to sync your Bitwarden enterprise organization to an existing directory of users and groups.
+The Bitwarden Directory Connector is a desktop application used to sync your Bitwarden enterprise organization to an existing directory of users and groups.
 
 Supported directories:
 

package.json

@@ -73,84 +73,83 @@
     "test:types": "npx tsc --noEmit"
   },
   "devDependencies": {
-    "@angular-devkit/build-angular": "17.3.10",
+    "@angular-devkit/build-angular": "19.0.3",
     "@angular-eslint/eslint-plugin-template": "17.5.3",
     "@angular-eslint/template-parser": "17.5.3",
-    "@angular/compiler-cli": "17.3.12",
-    "@electron/notarize": "2.2.1",
-    "@electron/rebuild": "3.6.0",
+    "@angular/compiler-cli": "19.0.3",
+    "@electron/notarize": "2.5.0",
+    "@electron/rebuild": "3.7.1",
     "@fluffy-spoon/substitute": "1.208.0",
     "@microsoft/microsoft-graph-types": "2.40.0",
-    "@ngtools/webpack": "17.3.10",
+    "@ngtools/webpack": "19.0.0",
     "@types/inquirer": "8.2.10",
-    "@types/jest": "29.5.13",
-    "@types/ldapjs": "2.2.5",
+    "@types/jest": "29.5.14",
     "@types/lowdb": "1.0.15",
-    "@types/node": "20.16.10",
-    "@types/node-fetch": "2.6.11",
+    "@types/node": "20.17.9",
+    "@types/node-fetch": "2.6.12",
     "@types/node-forge": "1.3.11",
     "@types/proper-lockfile": "4.1.4",
     "@types/tldjs": "2.3.4",
     "@typescript-eslint/eslint-plugin": "5.62.0",
     "@typescript-eslint/parser": "5.62.0",
     "clean-webpack-plugin": "4.0.0",
-    "concurrently": "9.0.1",
+    "concurrently": "9.1.0",
     "copy-webpack-plugin": "12.0.2",
     "cross-env": "7.0.3",
     "css-loader": "7.1.2",
     "dotenv": "16.4.5",
     "electron": "28.3.3",
     "electron-builder": "24.13.3",
-    "electron-log": "5.2.0",
+    "electron-log": "5.2.4",
     "electron-reload": "2.0.0-alpha.1",
     "electron-store": "8.2.0",
-    "electron-updater": "6.3.4",
+    "electron-updater": "6.3.9",
     "eslint": "8.57.1",
     "eslint-config-prettier": "9.1.0",
     "eslint-import-resolver-typescript": "3.6.3",
-    "eslint-plugin-import": "2.30.0",
+    "eslint-plugin-import": "2.31.0",
     "eslint-plugin-rxjs": "5.0.3",
     "eslint-plugin-rxjs-angular": "2.0.1",
-    "form-data": "4.0.0",
+    "form-data": "4.0.1",
     "html-loader": "5.1.0",
-    "html-webpack-plugin": "5.6.0",
-    "husky": "9.1.6",
+    "html-webpack-plugin": "5.6.3",
+    "husky": "9.1.7",
     "jest": "29.7.0",
     "jest-junit": "16.0.0",
     "jest-mock-extended": "3.0.7",
-    "jest-preset-angular": "14.2.4",
+    "jest-preset-angular": "14.4.2",
     "lint-staged": "15.2.10",
-    "mini-css-extract-plugin": "2.9.1",
+    "mini-css-extract-plugin": "2.9.2",
     "node-forge": "1.3.1",
-    "node-loader": "2.0.0",
+    "node-loader": "2.1.0",
     "pkg": "5.8.1",
     "prettier": "3.3.3",
     "rimraf": "5.0.10",
     "rxjs": "7.8.1",
     "sass": "1.79.4",
-    "sass-loader": "16.0.2",
+    "sass-loader": "16.0.4",
     "ts-jest": "29.2.5",
     "ts-loader": "9.5.1",
-    "tsconfig-paths-webpack-plugin": "4.1.0",
-    "type-fest": "4.26.1",
-    "typescript": "5.4.5",
-    "typescript-transform-paths": "3.5.1",
+    "tsconfig-paths-webpack-plugin": "4.2.0",
+    "type-fest": "4.30.0",
+    "typescript": "5.5.4",
+    "typescript-transform-paths": "3.5.2",
     "webpack": "5.95.0",
     "webpack-cli": "5.1.4",
     "webpack-merge": "6.0.1",
-    "zone.js": "0.14.10",
+    "zone.js": "0.15.0",
     "webpack-node-externals": "3.0.0"
   },
   "dependencies": {
-    "@angular/animations": "17.3.12",
-    "@angular/cdk": "17.3.10",
-    "@angular/common": "17.3.12",
-    "@angular/compiler": "17.3.12",
-    "@angular/core": "17.3.12",
-    "@angular/forms": "17.3.12",
-    "@angular/platform-browser": "17.3.12",
-    "@angular/platform-browser-dynamic": "17.3.12",
-    "@angular/router": "17.3.12",
+    "@angular/animations": "19.0.3",
+    "@angular/cdk": "19.0.2",
+    "@angular/common": "19.0.3",
+    "@angular/compiler": "19.0.3",
+    "@angular/core": "19.0.3",
+    "@angular/forms": "19.0.3",
+    "@angular/platform-browser": "19.0.3",
+    "@angular/platform-browser-dynamic": "19.0.3",
+    "@angular/router": "19.0.3",
     "@microsoft/microsoft-graph-client": "3.0.7",
     "big-integer": "1.6.52",
     "bootstrap": "5.3.3",
@@ -158,20 +157,20 @@
     "chalk": "4.1.2",
     "commander": "12.1.0",
     "core-js": "3.38.1",
-    "form-data": "4.0.0",
+    "form-data": "4.0.1",
     "google-auth-library": "7.14.1",
     "googleapis": "73.0.0",
     "https-proxy-agent": "7.0.5",
     "inquirer": "8.2.6",
     "keytar": "7.9.0",
-    "ldapjs": "2.3.3",
+    "ldapts": "7.2.1",
     "lowdb": "1.0.0",
     "ngx-toastr": "17.0.2",
     "node-fetch": "2.7.0",
     "proper-lockfile": "4.1.2",
     "rxjs": "7.8.1",
     "tldjs": "2.3.1",
-    "zone.js": "0.14.10"
+    "zone.js": "0.15.0"
   },
   "engines": {
     "node": "~20.18.0",

src/services/ldap-directory.service.ts

@@ -1,7 +1,7 @@
 import * as fs from "fs";
-import { checkServerIdentity, PeerCertificate } from "tls";
+import * as tls from "tls";
 
-import * as ldap from "ldapjs";
+import * as ldapts from "ldapts";
 
 import { I18nService } from "@/jslib/common/src/abstractions/i18n.service";
 import { LogService } from "@/jslib/common/src/abstractions/log.service";
@@ -19,7 +19,7 @@ import { IDirectoryService } from "./directory.service";
 const UserControlAccountDisabled = 2;
 
 export class LdapDirectoryService implements IDirectoryService {
-  private client: ldap.Client;
+  private client: ldapts.Client;
   private dirConfig: LdapConfiguration;
   private syncConfig: SyncConfiguration;
 
@@ -48,21 +48,25 @@ export class LdapDirectoryService implements IDirectoryService {
     await this.bind();
 
     let users: UserEntry[];
-    if (this.syncConfig.users) {
-      users = await this.getUsers(force, test);
-    }
-
     let groups: GroupEntry[];
-    if (this.syncConfig.groups) {
-      let groupForce = force;
-      if (!groupForce && users != null) {
-        const activeUsers = users.filter((u) => !u.deleted && !u.disabled);
-        groupForce = activeUsers.length > 0;
+
+    try {
+      if (this.syncConfig.users) {
+        users = await this.getUsers(force, test);
       }
-      groups = await this.getGroups(groupForce);
+
+      if (this.syncConfig.groups) {
+        let groupForce = force;
+        if (!groupForce && users != null) {
+          const activeUsers = users.filter((u) => !u.deleted && !u.disabled);
+          groupForce = activeUsers.length > 0;
+        }
+        groups = await this.getGroups(groupForce);
+      }
+    } finally {
+      await this.client.unbind();
     }
 
-    await this.unbind();
     return [groups, users];
   }
 
@@ -101,10 +105,7 @@ export class LdapDirectoryService implements IDirectoryService {
       const deletedPath = this.makeSearchPath("CN=Deleted Objects");
       this.logService.info("Deleted user search: " + deletedPath + " => " + deletedFilter);
 
-      const delControl = new (ldap as any).Control({
-        type: "1.2.840.113556.1.4.417",
-        criticality: true,
-      });
+      const delControl = new ldapts.Control("1.2.840.113556.1.4.417", { critical: true });
       const deletedUsers = await this.search<UserEntry>(
         deletedPath,
         deletedFilter,
@@ -120,7 +121,7 @@ export class LdapDirectoryService implements IDirectoryService {
 
   private buildUser(searchEntry: any, deleted: boolean): UserEntry {
     const user = new UserEntry();
-    user.referenceId = searchEntry.objectName;
+    user.referenceId = this.getReferenceId(searchEntry);
     user.deleted = deleted;
 
     if (user.referenceId == null) {
@@ -172,7 +173,7 @@ export class LdapDirectoryService implements IDirectoryService {
     let groupSearchEntries: any[] = [];
     const initialSearchGroupIds = await this.search<string>(path, filter, (se: any) => {
       groupSearchEntries.push(se);
-      return se.objectName;
+      return this.getReferenceId(se);
     });
 
     if (searchSinceRevision && initialSearchGroupIds.length === 0) {
@@ -188,7 +189,7 @@ export class LdapDirectoryService implements IDirectoryService {
     const userPath = this.makeSearchPath(this.syncConfig.userPath);
     const userIdMap = new Map<string, string>();
     await this.search<string>(userPath, userFilter, (se: any) => {
-      userIdMap.set(se.objectName, this.getExternalId(se, se.objectName));
+      userIdMap.set(this.getReferenceId(se), this.getExternalId(se, this.getReferenceId(se)));
       return se;
     });
 
@@ -204,7 +205,7 @@ export class LdapDirectoryService implements IDirectoryService {
 
   private buildGroup(searchEntry: any, userMap: Map<string, string>) {
     const group = new GroupEntry();
-    group.referenceId = searchEntry.objectName;
+    group.referenceId = this.getReferenceId(searchEntry);
     if (group.referenceId == null) {
       return null;
     }
@@ -220,7 +221,7 @@ export class LdapDirectoryService implements IDirectoryService {
       return null;
     }
 
-    const members = this.getAttrVals(searchEntry, this.syncConfig.memberAttribute);
+    const members = this.getAttrVals<string>(searchEntry, this.syncConfig.memberAttribute);
     if (members != null) {
       for (const memDn of members) {
         if (userMap.has(memDn) && !group.userMemberExternalIds.has(userMap.get(memDn))) {
@@ -234,15 +235,26 @@ export class LdapDirectoryService implements IDirectoryService {
     return group;
   }
 
-  private getExternalId(searchEntry: any, referenceId: string) {
-    const attrObj = this.getAttrObj(searchEntry, "objectGUID");
-    if (attrObj != null && attrObj._vals != null && attrObj._vals.length > 0) {
-      return this.bufToGuid(attrObj._vals[0]);
+  /**
+   * The externalId is the "objectGUID" property if present (a unique identifier used by Active Directory),
+   * otherwise it falls back to the provided referenceId.
+   */
+  private getExternalId(searchEntry: ldapts.Entry, referenceId: string) {
+    const attr = this.getAttr<Buffer>(searchEntry, "objectGUID");
+    if (attr != null) {
+      return this.bufToGuid(attr);
     } else {
       return referenceId;
     }
   }
 
+  /**
+   * Gets the object's reference id (dn)
+   */
+  private getReferenceId(entry: ldapts.Entry): string {
+    return entry.dn;
+  }
+
   private buildBaseFilter(objectClass: string, subFilter: string): string {
     let filter = this.buildObjectClassFilter(objectClass);
     if (subFilter != null && subFilter.trim() !== "") {
@@ -281,42 +293,48 @@ export class LdapDirectoryService implements IDirectoryService {
     return null;
   }
 
-  private getAttrObj(searchEntry: any, attr: string): any {
-    if (searchEntry == null || searchEntry.attributes == null) {
+  /**
+   */
+
+  /**
+   * Get all values for an ldap attribute
+   * @param searchEntry The ldap entry
+   * @param attr An attribute name on the ldap entry
+   * @returns An array containing all values of the attribute, or null if there are no values
+   */
+  private getAttrVals<T extends string | Buffer>(
+    searchEntry: ldapts.Entry,
+    attr: string,
+  ): T[] | null {
+    if (searchEntry == null || searchEntry[attr] == null) {
       return null;
     }
 
-    const attrs = searchEntry.attributes.filter((a: any) => a.type === attr);
-    if (
-      attrs == null ||
-      attrs.length === 0 ||
-      attrs[0].vals == null ||
-      attrs[0].vals.length === 0
-    ) {
-      return null;
+    const vals = searchEntry[attr];
+    if (!Array.isArray(vals)) {
+      return [vals] as T[];
     }
 
-    return attrs[0];
+    return vals as T[];
   }
 
-  private getAttrVals(searchEntry: any, attr: string): string[] {
-    const obj = this.getAttrObj(searchEntry, attr);
-    if (obj == null) {
-      return null;
-    }
-    return obj.vals;
-  }
-
-  private getAttr(searchEntry: any, attr: string): string {
+  /**
+   * Get the first value for an ldap attribute
+   * @param searchEntry The ldap entry
+   * @param attr An attribute name on the ldap entry
+   * @returns The first value of the attribute, or null if there is not at least 1 value
+   */
+  private getAttr<T extends string | Buffer>(searchEntry: ldapts.Entry, attr: string): T {
     const vals = this.getAttrVals(searchEntry, attr);
-    if (vals == null) {
+    if (vals == null || vals.length < 1) {
       return null;
     }
-    return vals[0];
+
+    return vals[0] as T;
   }
 
   private entryDisabled(searchEntry: any): boolean {
-    const c = this.getAttr(searchEntry, "userAccountControl");
+    const c = this.getAttr<string>(searchEntry, "userAccountControl");
     if (c != null) {
       try {
         const control = parseInt(c, null);
@@ -333,145 +351,103 @@ export class LdapDirectoryService implements IDirectoryService {
   private async search<T>(
     path: string,
     filter: string,
-    processEntry: (searchEntry: any) => T,
-    controls: ldap.Control[] = [],
+    processEntry: (searchEntry: ldapts.Entry) => T,
+    controls: ldapts.Control[] = [],
   ): Promise<T[]> {
-    const options: ldap.SearchOptions = {
+    const options: ldapts.SearchOptions = {
       filter: filter,
       scope: "sub",
       paged: this.dirConfig.pagedSearch,
     };
-    const entries: T[] = [];
-    return new Promise<T[]>((resolve, reject) => {
-      this.client.search(path, options, controls, (err, res) => {
-        if (err != null) {
-          reject(err);
-          return;
-        }
-
-        res.on("error", (resErr) => {
-          reject(resErr);
-        });
-
-        res.on("searchEntry", (entry) => {
-          const e = processEntry(entry);
-          if (e != null) {
-            entries.push(e);
-          }
-        });
-
-        res.on("end", (result) => {
-          resolve(entries);
-        });
-      });
-    });
+    const { searchEntries } = await this.client.search(path, options, controls);
+    return searchEntries.map((e) => processEntry(e)).filter((e) => e != null);
   }
 
   private async bind(): Promise<any> {
-    return new Promise<void>((resolve, reject) => {
-      if (this.dirConfig.hostname == null || this.dirConfig.port == null) {
-        reject(this.i18nService.t("dirConfigIncomplete"));
-        return;
-      }
-      const protocol = "ldap" + (this.dirConfig.ssl && !this.dirConfig.startTls ? "s" : "");
-      const url = protocol + "://" + this.dirConfig.hostname + ":" + this.dirConfig.port;
-      const options: ldap.ClientOptions = {
-        url: url.trim().toLowerCase(),
-      };
+    if (this.dirConfig.hostname == null || this.dirConfig.port == null) {
+      throw new Error(this.i18nService.t("dirConfigIncomplete"));
+    }
 
-      const tlsOptions: any = {};
-      if (this.dirConfig.ssl) {
-        if (this.dirConfig.sslAllowUnauthorized) {
-          tlsOptions.rejectUnauthorized = !this.dirConfig.sslAllowUnauthorized;
-        }
-        if (!this.dirConfig.startTls) {
-          if (
-            this.dirConfig.sslCaPath != null &&
-            this.dirConfig.sslCaPath !== "" &&
-            fs.existsSync(this.dirConfig.sslCaPath)
-          ) {
-            tlsOptions.ca = [fs.readFileSync(this.dirConfig.sslCaPath)];
-          }
-          if (
-            this.dirConfig.sslCertPath != null &&
-            this.dirConfig.sslCertPath !== "" &&
-            fs.existsSync(this.dirConfig.sslCertPath)
-          ) {
-            tlsOptions.cert = fs.readFileSync(this.dirConfig.sslCertPath);
-          }
-          if (
-            this.dirConfig.sslKeyPath != null &&
-            this.dirConfig.sslKeyPath !== "" &&
-            fs.existsSync(this.dirConfig.sslKeyPath)
-          ) {
-            tlsOptions.key = fs.readFileSync(this.dirConfig.sslKeyPath);
-          }
-        } else {
-          if (
-            this.dirConfig.tlsCaPath != null &&
-            this.dirConfig.tlsCaPath !== "" &&
-            fs.existsSync(this.dirConfig.tlsCaPath)
-          ) {
-            tlsOptions.ca = [fs.readFileSync(this.dirConfig.tlsCaPath)];
-          }
-        }
-      }
+    const protocol = this.dirConfig.ssl && !this.dirConfig.startTls ? "ldaps" : "ldap";
 
-      tlsOptions.checkServerIdentity = this.checkServerIdentityAltNames;
-      options.tlsOptions = tlsOptions;
+    const url = protocol + "://" + this.dirConfig.hostname + ":" + this.dirConfig.port;
+    const options: ldapts.ClientOptions = {
+      url: url.trim().toLowerCase(),
+    };
 
-      this.client = ldap.createClient(options);
+    // If using ldaps, TLS options are given to the client constructor
+    if (protocol === "ldaps") {
+      options.tlsOptions = this.buildTlsOptions();
+    }
 
-      const user =
-        this.dirConfig.username == null || this.dirConfig.username.trim() === ""
-          ? null
-          : this.dirConfig.username;
-      const pass =
-        this.dirConfig.password == null || this.dirConfig.password.trim() === ""
-          ? null
-          : this.dirConfig.password;
+    this.client = new ldapts.Client(options);
 
-      if (user == null || pass == null) {
-        reject(this.i18nService.t("usernamePasswordNotConfigured"));
-        return;
-      }
+    const user =
+      this.dirConfig.username == null || this.dirConfig.username.trim() === ""
+        ? null
+        : this.dirConfig.username;
+    const pass =
+      this.dirConfig.password == null || this.dirConfig.password.trim() === ""
+        ? null
+        : this.dirConfig.password;
 
-      if (this.dirConfig.startTls && this.dirConfig.ssl) {
-        this.client.starttls(options.tlsOptions, undefined, (err, res) => {
-          if (err != null) {
-            reject(err.message);
-          } else {
-            this.client.bind(user, pass, (err2) => {
-              if (err2 != null) {
-                reject(err2.message);
-              } else {
-                resolve();
-              }
-            });
-          }
-        });
-      } else {
-        this.client.bind(user, pass, (err) => {
-          if (err != null) {
-            reject(err.message);
-          } else {
-            resolve();
-          }
-        });
-      }
-    });
+    if (user == null || pass == null) {
+      throw new Error(this.i18nService.t("usernamePasswordNotConfigured"));
+    }
+
+    // If using StartTLS, TLS options are given to the StartTLS call
+    if (this.dirConfig.startTls && this.dirConfig.ssl) {
+      await this.client.startTLS(this.buildTlsOptions());
+    }
+
+    try {
+      await this.client.bind(user, pass);
+    } catch {
+      await this.client.unbind();
+    }
   }
 
-  private async unbind(): Promise<void> {
-    return new Promise((resolve, reject) => {
-      this.client.unbind((err) => {
-        if (err != null) {
-          reject(err);
-        } else {
-          resolve();
-        }
-      });
-    });
+  private buildTlsOptions(): tls.ConnectionOptions {
+    const tlsOptions: tls.ConnectionOptions = {};
+
+    if (this.dirConfig.sslAllowUnauthorized) {
+      tlsOptions.rejectUnauthorized = !this.dirConfig.sslAllowUnauthorized;
+    }
+    if (!this.dirConfig.startTls) {
+      if (
+        this.dirConfig.sslCaPath != null &&
+        this.dirConfig.sslCaPath !== "" &&
+        fs.existsSync(this.dirConfig.sslCaPath)
+      ) {
+        tlsOptions.ca = [fs.readFileSync(this.dirConfig.sslCaPath)];
+      }
+      if (
+        this.dirConfig.sslCertPath != null &&
+        this.dirConfig.sslCertPath !== "" &&
+        fs.existsSync(this.dirConfig.sslCertPath)
+      ) {
+        tlsOptions.cert = fs.readFileSync(this.dirConfig.sslCertPath);
+      }
+      if (
+        this.dirConfig.sslKeyPath != null &&
+        this.dirConfig.sslKeyPath !== "" &&
+        fs.existsSync(this.dirConfig.sslKeyPath)
+      ) {
+        tlsOptions.key = fs.readFileSync(this.dirConfig.sslKeyPath);
+      }
+    } else {
+      if (
+        this.dirConfig.tlsCaPath != null &&
+        this.dirConfig.tlsCaPath !== "" &&
+        fs.existsSync(this.dirConfig.tlsCaPath)
+      ) {
+        tlsOptions.ca = [fs.readFileSync(this.dirConfig.tlsCaPath)];
+      }
+    }
+
+    tlsOptions.checkServerIdentity = this.checkServerIdentityAltNames;
+
+    return tlsOptions;
   }
 
   private bufToGuid(buf: Buffer) {
@@ -494,7 +470,7 @@ export class LdapDirectoryService implements IDirectoryService {
     return guid.toLowerCase();
   }
 
-  private checkServerIdentityAltNames(host: string, cert: PeerCertificate) {
+  private checkServerIdentityAltNames(host: string, cert: tls.PeerCertificate) {
     // Fixes the cert representation when subject is empty and altNames are present
     // Required for node versions < 12.14.1 (which could be used for bwdc cli)
     // Adapted from: https://github.com/auth0/ad-ldap-connector/commit/1f4dd2be6ed93dda591dd31ed5483a9b452a8d2a
@@ -510,6 +486,6 @@ export class LdapDirectoryService implements IDirectoryService {
       };
     }
 
-    return checkServerIdentity(host, cert);
+    return tls.checkServerIdentity(host, cert);
   }
 }