adauth
Advanced tools
Changelog
1.0.0
ADAuth constructor.
If using the constructor, .initialise(), which returns a promise, must be called afterwards. Alternatively, you can use await ADAuth.create(options).Readme
Fork of node-ldapauth-fork targeted towards use with an Active Directory domain.
import ADAuth from 'adauth'
const options = {
url: 'ldaps://corp.example.com:636',
domainDN: 'dc=example,dc=com',
}
const auth = await ADAuth.create(options)
// or
const auth = new ADAuth(options)
await auth.initialise()
try {
const user = await auth.authenticate(username, password)
} catch (error) {
console.error('Authentication failed: ', error)
}
await auth.dispose()
ADAuth inherits from EventEmitter.
$ npm install adauth
ADAuth Config OptionsRequired client options:
url - LLDAP url for the AD domain controller, e.g. ldaps://corp.example.com:636domainDN - The root DN of the AD domain, e.g. dc=corp,dc=example,dc=comsearchBase - The base DN from which to search for users by username. E.g. ou=users,dc=example,dc=comsearchFilterByDN - Optional, default (&(objectCategory=user)(objectClass=user)(distinguishedName={{dn}})). Search filter with which to find a user by FQDN.searchFilterByUPN - Optional, default (&(objectCategory=user)(objectClass=user)(userPrincipalName={{upn}})). Search filter with which to find a user by UPN. (user@domain.com)searchFilterBySAN - Optional, default (&(objectCategory=user)(objectClass=user)(samAccountName={{username}})). Search filter with which to find a user by their old-format Windows username.searchAttributes - Optional, default all. Array of attributes to fetch from LDAP server.bindProperty - Optional, default dn. Property of the LDAP user object to use when binding to verify the password. E.g. name, emailsearchScope - Optional, default sub. Scope of the search, one of base, one, or sub.adauth can look for valid user groups too. Related options:
groupSearchBase - Optional. The base DN from which to search for groups. If defined, also groupSearchFilter must be defined for the search to work.groupSearchFilter - Optional. LDAP search filter for groups. Place literal {{dn}} in the filter to have it replaced by the property defined with groupDnProperty of the found user object. {{username}} is also available and will be replaced with the uid of the found user. This is useful for example to filter PosixGroups by memberUid. Optionally you can also assign a function instead. The found user is passed to the function and it should return a valid search filter for the group search.groupSearchAttributes - Optional, default all. Array of attributes to fetch from LDAP server.groupDnProperty - Optional, default dn. The property of user object to use in {{dn}} interpolation of groupSearchFilter.groupSearchScope - Optional, default sub.Other adauth options:
includeRaw - Optional, default false. Set to true to add property _raw containing the original buffers to the returned user object. Useful when you need to handle binary attributescache - Optional, default false. If true, then up to 100 credentials at a time will be cached for 5 minutes.log - Bunyan logger instance, optional. If given this will result in TRACE-level error logging for component:ldapauth. The logger is also passed forward to ldapjs.Optional ldapjs options, see ldapjs documentation:
tlsOptions - Needed for TLS connection. See Node.js documentationsocketPathtimeoutconnectTimeoutidleTimeoutstrictDNqueueSizequeueTimeoutqueueDisableThe AD authentication flow is usually:
{{username}} from the appropriate searchFilterimport basicAuth from 'basic-auth'
import ADAuth from 'adauth'
const ad = await ADAuth.create({
url: "ldaps://corp.example.com:636",
domainDN: "DC=example,DC=com",
searchBase: "OU=Users,OU=MyBusiness,DC=example,DC=com",
tlsOptions: {
ca: "./example-ca.cer",
},
reconnect: true,
})
const rejectBasicAuth = res => {
res.statusCode = 401
res.setHeader('WWW-Authenticate', 'Basic realm="Example"')
res.end('Access denied')
}
const basicAuthMiddleware = (req, res, next) => {
const credentials = basicAuth(req)
if (!credentials) {
return rejectBasicAuth(res)
}
ad.authenticate(credentials.name, credentials.pass)
.then(user => {
req.user = user
next()
})
.catch(error => rejectBasicAuth(res))
})
}
MIT
FAQs
Authenticate against an Active Directory domain via LDAP
The npm package adauth receives a total of 54 weekly downloads. As such, adauth popularity was classified as not popular.
We found that adauth demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
The Socket Research team found this npm package includes code for collecting sensitive developer information, including your operating system username, Git username, and Git email.
Security News
OpenJS is warning of social engineering takeovers targeting open source projects after receiving a credible attempt on the foundation.
Company News
Come meet the Socket team at BSidesSF and RSA! We're sponsoring several fun networking events and we would love to see you there.