support secure protocol

[smelukov]

When we use ldaps://... in the config then we get an error

 fatal--- uncaught exception, please report this
Error: unable to get local issuer certificate
    at TLSSocket.<anonymous> (_tls_wrap.js:1105:38)
    at emitNone (events.js:106:13)
    at TLSSocket.emit (events.js:208:7)
    at TLSSocket._finishInit (_tls_wrap.js:639:8)
    at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:469:38)

[smelukov]

The reason is self-signed certificate

[Alexandre-io]

For self signed certificate you can add:

auth:
  ldap:
    type: ldap
    groupNameAttribute: 'cn'
    client_options:
      tlsOptions:
        rejectUnauthorized: false

[smelukov]

@Alexandre-io rejectUnauthorized is deprecated We were passed certificates content instead of rejectUnauthorized

[C-Duv]

For anyone wondering, here is a way to tell a Dockerized Node to trust some certificates:

• Place your certificates (as PEM) into a extra-certs.pem file (on your host)
• Make sure this file extra-certs.pem gets copied into image's directory /verdaccio/conf (eg. docker run -v /some/path/on/host/my_verdaccio_docker/conf:/verdaccio/conf/).
• Add --env NODE_EXTRA_CA_CERTS=/verdaccio/conf/extra-certs.pem to the docker run command.

[jzielke84]

@C-Duv Does this apply only for the Docker-Version or for a general npm setup on bare metal? I tired to debug it myself but when clicking login, the application just sits there and no logfile entry is generated until it says "couldn't log in" after like 30 seconds - even in debug mode. Would appreciate some help from @smelukov or @Alexandre-io on how to fix that, since clear text ldap is a no-go from a security perspective.

EDIT: OK it seems like the port in the URL was causing the problems. I don't know where I got that from but there are so many ldap exmaples for verdaccio out there, that I probably got an outdated example.