
Security News
MCP Community Begins Work on Official MCP Metaregistry
The MCP community is launching an official registry to standardize AI tool discovery and let agents dynamically find and install MCP servers.
haraka-plugin-auth-ldap
Advanced tools
Haraka plugin that uses an LDAP bind to authenticate users
The auth/auth_ldap
plugin uses an LDAP bind to authenticate a user. Currently
only one server and multiple DNs can be configured. If any of the DN binds succeed, the user is authenticated.
Configuration is stored in config/auth_ldap.ini
and uses the INI
style formatting.
PLAIN
and LOGIN
authentication methods are supported assuming that passwords in the LDAP database are not stored in cleartext (which would allow for CRAM-MD5). Note that this means passwords will be sent in the clear to the LDAP server unless an ldaps://
conection is used.
Current configuration options in [core]
are:
server - the url of the LDAP server (ldap:// or ldaps://)
timeout - time in miliseconds to wait for the server resonse before giving up
rejectUnauthorized - boolean (true or false) as to whether to reject connections
not verified against a CA. Meaning, a "false" allows non-verified.
Example:
[core]
server=ldaps://ldap.opoet.com
timeout=5000
rejectUnauthorized=false
The [dns]
section (that is plural DN and not domain name system), is a list of DNs to use
to bind. The %u
in the strings is substituted with the user name used in the SMTP authentication. Note that the keys have no meaning and the DNs are tried in series until
the first successful bind. The LDAP RFC does not allow for parallel binds on a connection,
so it is suggested that the most commonly used DN be placed earlier in the list.
Example:
[dns]
dn1=uid=%u,ou=Users,dc=opoet,dc=com
dn2=uid=%u,ou=people,dc=opoet,dc=com
FAQs
Haraka plugin that uses an LDAP bind to authenticate users
The npm package haraka-plugin-auth-ldap receives a total of 557 weekly downloads. As such, haraka-plugin-auth-ldap popularity was classified as not popular.
We found that haraka-plugin-auth-ldap demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
The MCP community is launching an official registry to standardize AI tool discovery and let agents dynamically find and install MCP servers.
Research
Security News
Socket uncovers an npm Trojan stealing crypto wallets and BullX credentials via obfuscated code and Telegram exfiltration.
Research
Security News
Malicious npm packages posing as developer tools target macOS Cursor IDE users, stealing credentials and modifying files to gain persistent backdoor access.