From e2c81f86f873872b2e12dbf34cc1163905c610ca Mon Sep 17 00:00:00 2001
From: Rob McColl <rmccoll@ionicsecurity.com>
Date: Mon, 10 Oct 2016 16:55:00 -0400
Subject: [PATCH] adds options for ldap connect and idle timeout, removes
 password logging

---
 packages/rocketchat-i18n/i18n/en.i18n.json  | 2 ++
 packages/rocketchat-ldap/server/ldap.js     | 6 ++++--
 packages/rocketchat-ldap/server/settings.js | 2 ++
 packages/rocketchat-ldap/server/sync.js     | 2 +-
 4 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/packages/rocketchat-i18n/i18n/en.i18n.json b/packages/rocketchat-i18n/i18n/en.i18n.json
index 25ad7020dd5..2899fdc2d18 100644
--- a/packages/rocketchat-i18n/i18n/en.i18n.json
+++ b/packages/rocketchat-i18n/i18n/en.i18n.json
@@ -656,6 +656,7 @@
   "Layout_Terms_of_Service": "Terms of Service",
   "LDAP": "LDAP",
   "LDAP_CA_Cert": "CA Cert",
+  "LDAP_Connect_Timeout": "Connection Timeout (ms)",
   "LDAP_Custom_Domain_Search": "Custom Domain Search",
   "LDAP_Custom_Domain_Search_Description": "A piece of JSON that governs bind and connection info and is of the form:<br/> <code>{\"filter\": \"(&(objectCategory=person)(objectclass=user)(memberOf=CN=ROCKET_ACCESS,CN=Users,DC=domain,DC=com)(sAMAccountName=#{username}))\", \"scope\": \"sub\", \"userDN\": \"rocket.service@domain.com\", \"password\": \"urpass\"}</code>",
   "LDAP_Default_Domain": "Default Domain",
@@ -680,6 +681,7 @@
   "LDAP_Encryption_Description": "The encryption method used to secure communications to the LDAP server. Examples include `plain` (no encryption), `SSL/LDAPS` (encrypted from the start), and `StartTLS` (upgrade to encrypted communication once connected).",
   "LDAP_Host": "Host",
   "LDAP_Host_Description": "The LDAP host, e.g. `ldap.example.com` or `10.0.0.30`.",
+  "LDAP_Idle_Timeout": "Idle Timeout (ms)",
   "LDAP_Import_Users": "Import LDAP users",
   "LDAP_Import_Users_Description": "It True sync process will be import all LDAP users <br/> *Caution!* Specify search filter to not import excess users.",
   "LDAP_Login_Fallback": "Login Fallback",
diff --git a/packages/rocketchat-ldap/server/ldap.js b/packages/rocketchat-ldap/server/ldap.js
index d33d8730241..254eb7718ab 100644
--- a/packages/rocketchat-ldap/server/ldap.js
+++ b/packages/rocketchat-ldap/server/ldap.js
@@ -23,6 +23,8 @@ LDAP = class LDAP {
 		self.options = {
 			host: RocketChat.settings.get('LDAP_Host'),
 			port: RocketChat.settings.get('LDAP_Port'),
+			connect_timeout: RocketChat.settings.get('LDAP_Connect_Timeout'),
+			idle_timeout: RocketChat.settings.get('LDAP_Idle_Timeout'),
 			encryption: RocketChat.settings.get('LDAP_Encryption'),
 			ca_cert: RocketChat.settings.get('LDAP_CA_Cert'),
 			reject_unauthorized: RocketChat.settings.get('LDAP_Reject_Unauthorized') || false,
@@ -51,8 +53,8 @@ LDAP = class LDAP {
 		const connectionOptions = {
 			url: `${self.options.host}:${self.options.port}`,
 			timeout: 1000 * 60 * 10,
-			connectTimeout: 1000 * 10,
-			idleTimeout: 1000 * 10,
+			connectTimeout: self.options.connect_timeout,
+			idleTimeout: self.options.idle_timeout,
 			reconnect: false
 		};
 
diff --git a/packages/rocketchat-ldap/server/settings.js b/packages/rocketchat-ldap/server/settings.js
index 544983b6bf5..9561e0e6bff 100644
--- a/packages/rocketchat-ldap/server/settings.js
+++ b/packages/rocketchat-ldap/server/settings.js
@@ -22,6 +22,8 @@ Meteor.startup(function() {
 		this.add('LDAP_Login_Fallback', true, { type: 'boolean', enableQuery: enableQuery });
 		this.add('LDAP_Host', '', { type: 'string', enableQuery: enableQuery });
 		this.add('LDAP_Port', '389', { type: 'string', enableQuery: enableQuery });
+		this.add('LDAP_Connect_Timeout', 600000, {type: 'int', enableQuery: enableQuery});
+		this.add('LDAP_Idle_Timeout', 600000, {type: 'int', enableQuery: enableQuery});
 		this.add('LDAP_Encryption', 'plain', { type: 'select', values: [ { key: 'plain', i18nLabel: 'No_Encryption' }, { key: 'tls', i18nLabel: 'StartTLS' }, { key: 'ssl', i18nLabel: 'SSL/LDAPS' } ], enableQuery: enableQuery });
 		this.add('LDAP_CA_Cert', '', { type: 'string', multiline: true, enableQuery: enableTLSQuery });
 		this.add('LDAP_Reject_Unauthorized', true, { type: 'boolean', enableQuery: enableTLSQuery });
diff --git a/packages/rocketchat-ldap/server/sync.js b/packages/rocketchat-ldap/server/sync.js
index 8a8d330844a..bce6c278f7a 100644
--- a/packages/rocketchat-ldap/server/sync.js
+++ b/packages/rocketchat-ldap/server/sync.js
@@ -117,7 +117,7 @@ getDataToSyncUserData = function getDataToSyncUserData(ldapUser, user) {
 
 syncUserData = function syncUserData(user, ldapUser) {
 	logger.info('Syncing user data');
-	logger.debug('user', user);
+	logger.debug('user', {'email': user.email, '_id': user._id});
 	logger.debug('ldapUser', ldapUser);
 
 	const userData = getDataToSyncUserData(ldapUser, user);