adldap

adldap

This is a simple wrapper around ldapjs for basic operations against an Active Directory instance. If you're looking for a robust interface, you may be interested in activedirectory2.

What can you do with adldap?

• Issue generic searches
• Find users
• Authenticate arbitrary users
• Determine if a user is a member of a specific group
• Update specific attribute values

This library was written because activedirectory2 pulls back too much data when retreiving groups. I merely need the list of names; activedirectory2 pulls back much more information than that.

If I ever get the time and desire, I may flesh out this library more. Pull requests are always welcome.

Example

const adldapFactory = require('adldap')()
const client = adldapFactory({
  searchUser: 'dn=Generic Searcher,ou=accounts,dn=example,dn=com',
  searchUserPass: 'supersecret',
  ldapjs: {
    url: 'ldaps://ad.example.com',
    searchBase: 'dn=example,dn=com',
    scope: 'sub'
  }
})

// You must bind before you can do anything else.
client.bind()
  .then(() => {
    client.findUser('someUser')
      .then((user) => console.log(user.memberOf))
      .catch((err) => console.error(err))
      .then(() => client.unbind())
  })
  .catch((err) => console.error(err))

You could also "flatten" the code via Bluebird and bluebird-co:

const Promise = require('bluebird')
require('bluebird-co')

function * doItGenerator () {
  try {
    yield client.bind()

    const user = yield client.findUser('someUser')
    console.log(user.memberOf)

    yield client.unbind()
  } catch (e) {
    console.error(e.message)
  }
}

const doIt = Promise.coroutine(doItGenerator)
doIt()

Config

• searchUser: A fully qualified DN to a user that can perform searches against your Active Directory.
• searchUserPass: The search user's password, obviously.
• ldapjs
  • url: The URL to your Active Directory in LDAP format.
  • searchBase: Default search base to use for all searches unless overridden by a method's options.
  • scope: The default search scope to use for all searches unless overridden by a method's options. Can be 'base', 'one', or 'sub'. Defaults to 'base'. (optional)
  • attributes: An array of default attributes to return with searches. The default list is ['dn', 'cn', 'sn', 'givenName', 'mail', 'memberOf']. If overridden by a method, you must supply the complete list of attributes you want. (optional)

Methods

The full documentation is included in the api.md document.

• authenticate(username, password)
• bind()
• findUser(username, options)
• search(base, options, controls)
• unbind()
• userInGroup(username, groupName)
• replace(dn, change)
• replaceAttribute(cn, attribute, value)
• incrementAttribute(cn, attribute)

License

MIT License