Mashroom LDAP Security Provider
Plugin for Mashroom Server, a Integration Platform for Microfrontends.
This plugin adds a LDAP security provider.
Usage
If node_modules/@mashroom is configured as plugin path just add @mashroom/mashroom-security-provider-ldap as dependency.
To activate this provider configure the Mashroom Security plugin like this:
{
"plugins": {
"Mashroom Security Services": {
"provider": "Mashroom LDAP Security Provider"
}
}
}
And configure this plugin like this in the Mashroom config file:
{
"plugins": {
"Mashroom LDAP Security Provider": {
"loginPage": "/login",
"serverUrl": "ldap://my-ldap-server:636",
"bindDN": "admin",
"bindCredentials": "secret",
"baseDN": "OU=Mashroom",
"userSearchFilter": "(&(objectClass=person)(uid=@username@))",
"groupSearchFilter": "(objectClass=group)",
"groupToRoleMapping": "./groupToRoleMapping.json",
"authenticationTimeoutSec": 1200
}
}
}
- loginPage: The login URL when user is not authenticated (must match the path of Mashroom Security Default Login Webapp)
- serverUrl: The LDAP server URL with protocol and port
- tlsOptions: Optional TLS options if your LDAP server requires TLS. The options are passed to Node TLS,
but the file paths (e.g. for "cert") are resolved relatively to mashroom.json.
- bindDN: The bind user for searching
- bindCredentials: The password for the bind user
- baseDN: The base DN for searches (can be empty)
- userSearchFilter: The user search filter, @username@ will be replaced by the actual username entered in the login form
- groupSearchFilter: The group search filter (can be empty if you don't want to fetch the user groups)
- groupToRoleMapping: An optional JSON file that contains a user group to roles mapping
- authenticationTimeoutSec: The inactivity time after that the authentication expires. Since this plugin uses the session to store make sure the session cookie.maxAge is greater than this value.
For a server that requires TLS you have to provide a tlsOptions object:
{
"plugins": {
"Mashroom LDAP Security Provider": {
"serverUrl": "ldaps://my-ldap-server:636",
"tlsOptions": {
"cert": "./server-cert.pem",
}
}
}
}
The groupToRoleMapping file has to following simple structure:
{
"LDAP_GROUP1": [
"ROLE1",
"ROLE2"
]
}