Codimd: Support LDAP auth

Created on 22 Mar 2016  Â·  16Comments  Â·  Source: hackmdio/codimd

Do you have some plan to create a docker container/images for hackmd ?
I can be great for easy self-hosted installation :)

auth provider feature
Source
picture reyman

Most helpful comment

OK I get it, then I will change this issue's name.
Please notice this feature is not on top one priority.
But definitely will solve in the future.

picture jackycute on 23 Mar 2016
👍6

All 16 comments

Yes, we already have it.
https://github.com/hackmdio/docker-hackmd

jackycute picture jackycute on 22 Mar 2016
👍1

@jackycute You support Ldap ?

reyman picture reyman on 22 Mar 2016

Hmm, you mean the user auth use LDAP?
I have no experience to do that.
Maybe we can discuss more.
Why you want to use LDAP here?

jackycute picture jackycute on 22 Mar 2016

Since we use passportjs to auth right now.
Support LDAP maybe not difficult via this repo:
https://github.com/vesse/passport-ldapauth

jackycute picture jackycute on 22 Mar 2016

@jackycute Yes, for an usage in academic environment (each laboratory/university have an ldap...) , ldap is a great and common way to offer new services at zero cost :)

reyman picture reyman on 22 Mar 2016

OK I get it, then I will change this issue's name.
Please notice this feature is not on top one priority.
But definitely will solve in the future.

jackycute picture jackycute on 23 Mar 2016
👍6

PR welcome 😄

jackycute picture jackycute on 10 Dec 2016

@reyman Hi, could you help us to test if this issue solved?

jackycute picture jackycute on 24 Jan 2017

Why not ! I could test that during february

Sent from Nylas Pro, the most powerful
email app for work

On janv. 24 2017, at 4:49 am, Max Wu notifications@github.com wrote:

@reyman Hi, could you help us to test if this
issue solved?

>

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on
GitHub,
or mute the thread.

reyman picture reyman on 24 Jan 2017

I've been trying to get this to work using our internal LDAP. I can get it to connect, but since we are using our own Root CA to sign the SSL certs for our services it complains it cannot verify the certificate. Even when I supple our root ca file using the HMD_LDAP_TLS_CA variable it does not work. Maybe it is not reading that file properly :(

This is the error that is logged, and then HackMD crashes.

uncaughtException: unable to verify the first certificate date=Tue Feb 07 2017 11:40:50 GMT+0000 (UTC), pid=23, uid=10000, gid=65533, cwd=/hackmd, execPath=/usr/local/bin/node, version=v6.9.5, argv=[/usr/local/bin/node, /hackmd/app.js], rss=77271040, heapTotal=54575104, heapUsed=46572568, loadavg=[0.2060546875, 0.0703125, 0.02294921875], uptime=327595, trace=[column=null, file=null, function=Error, line=null, method=null, native=true, column=38, file=_tls_wrap.js, function=, line=1079, method=null, native=false, column=13, file=events.js, function=emitNone, line=86, method=null, native=false, column=7, file=events.js, function=TLSSocket.emit, line=185, method=emit, native=false, column=8, file=_tls_wrap.js, function=TLSSocket._finishInit, line=603, method=_finishInit, native=false, column=38, file=_tls_wrap.js, function=TLSWrap.ssl.onhandshakedone, line=433, method=ssl.onhandshakedone, native=false], stack=[Error: unable to verify the first certificate,     at Error (native),     at TLSSocket.<anonymous> (_tls_wrap.js:1079:38),     at emitNone (events.js:86:13),     at TLSSocket.emit (events.js:185:7),     at TLSSocket._finishInit (_tls_wrap.js:603:8),     at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:433:38)]

Any ides on how to debug?

exstral picture exstral on 7 Feb 2017

@esbite I found we might have some issue on passing the ca file.
Because the HMD_LDAP_TLS_CA will pass to node tls modules
And the ca option will need to be the certificate's content instead of the ca path.
https://github.com/hackmdio/hackmd/blob/master/lib/config.js#L126
It should be an array and read read before passing.
Like we've done for ssl server setup here.

jackycute picture jackycute on 7 Feb 2017

@esbite I made a patch in bbbf64aae465ed46505f4945080fa2d72e8d0b2b
Could you please give it a try?

jackycute picture jackycute on 7 Feb 2017

@jackycute Nope when I using the variable HMD_LDAP_TLS_CA now I get this error right at startup:

/hackmd/lib/config.js:130
    if (Array.isArray(ldap.tlsOptions.ca) && ldap.tlsOptions.ca.length > 0) {
                                     ^

TypeError: Cannot read property 'ca' of undefined
    at Object.<anonymous> (/hackmd/lib/config.js:130:38)
    at Module._compile (module.js:570:32)
    at Object.Module._extensions..js (module.js:579:10)
    at Module.load (module.js:487:32)
    at tryModuleLoad (module.js:446:12)
    at Function.Module._load (module.js:438:3)
    at Module.require (module.js:497:17)
    at require (internal/module.js:20:19)
    at Object.<anonymous> (/hackmd/app.js:26:14)
    at Module._compile (module.js:570:32)
exstral picture exstral on 7 Feb 2017

@esbite Fixed in 1cc27e1794afbe9f23bfb13cd098eeba554b1086

jackycute picture jackycute on 7 Feb 2017

Thanks now it works great! :)

exstral picture exstral on 8 Feb 2017

I think this feature has been implemented and used by many of our users.
It's time to close this.

jackycute picture jackycute on 27 Feb 2017
Was this page helpful?
0 / 5 - 0 ratings

Related issues

ghost picture ghost  Â·  4Comments
mxmo0rhuhn picture mxmo0rhuhn  Â·  3Comments
Nebukadneza picture Nebukadneza  Â·  3Comments
mxmilkiib picture mxmilkiib  Â·  3Comments
ccoenen picture ccoenen  Â·  3Comments