Support loading CA certs from local or web URL

CHANGELOG.md

@@ -1,5 +1,10 @@
 # Change log
 
+## 0.1.3
+### Added
+- Support for loading CA certificates for AD off of the file system or a web
+  server.
+
 ## 0.1.2
 ### Added
 - `objectGUID` attributes on objects are now converted to a human-readable

README.md

@@ -45,6 +45,9 @@ var config = {
     bindDn: "CN=LDAP User,OU=Users,OU=MyBusiness,DC=example,DC=com",
     bindCredentials: "mypassword",
     searchBase: "OU=Users,OU=MyBusiness,DC=example,DC=com"
+    tlsOptions: {
+      ca: "./example-ca.cer"
+    }
   }
 };
 

lib/adauth.js

@@ -19,7 +19,9 @@ var ldap = require('ldapjs');
 var debug = console.warn;
 var format = require('util').format;
 var bcrypt = require('bcryptjs');
-
+var validUrl = require('valid-url');
+var syncRequest = require('sync-request');
+var fs = require('fs');
 
 /**
  * Create an AD auth class. Primary usage is the `.authenticate` method.
@@ -135,6 +137,17 @@ function ADAuth(opts) {
     var Cache = require('./cache');
     this.userCache = new Cache(100, 300, this.log, 'user');
   }
+
+  if (opts.tlsOptions && opts.tlsOptions.ca && typeof (opts.tlsOptions.ca) === 'string') {
+    if (validUrl.isWebUri(opts.tlsOptions.ca)) {
+      var cert = syncRequest('GET', opts.tlsOptions.ca);
+      opts.tlsOptions.ca = cert.getBody();
+    } else {
+      try {
+        opts.tlsOptions.ca = fs.readFileSync(opts.tlsOptions.ca);
+      } catch (err) {}
+    }
+  }
 
   this.clientOpts = {
     url: opts.url,

package.json

@@ -1,6 +1,6 @@
 {
   "name": "adauth",
-  "version": "0.1.2",
+  "version": "0.1.3",
   "main": "./lib/adauth.js",
   "description": "Authenticate against an Active Directory domain via LDAP",
   "author": "Vartan Simonian <[email protected]> (https://github.com/vsimonian)",
@@ -29,6 +29,8 @@
     "bcryptjs": "^2.1.0",
     "ldapjs": "mcavage/node-ldapjs",
     "long": "^2.2.3",
-    "lru-cache": "^2.5.0"
+    "lru-cache": "^2.5.0",
+    "sync-request": "^2.0.1",
+    "valid-url": "^1.0.9"
   }
 }