LDAP simple server mock
Really simple basic mock for LDAP server based on ldaps. Use it to mock an LDAP server and authenticate a user without further verifications, it simply searches for the user in the database and returns it. It does not implement LDAP SASL authentication. This should not be used in production environment, it is just for test purpose, nothing more.
Install
npm install ldap-server-mock
Usage
Using the API
ldap-server-mock
exposes the LdapServerMock
class:
constructor(users: LdapUser[], serverConfiguration: LdapServerMockConfiguration, certificatePublicKey?: Buffer, certificatePrivateKey?: Buffer, logger?: LdapServerMockLogger)
Argument | Required | Default | Details |
---|
users | yes | - | The list of LDAP users as JavaScript objects (see below) |
serverConfiguration | yes | { port: 3004, searchBase: 'dc=test'} | The LDAP server mock configuration (see below) |
certificatePublicKey | no | - | The public key of the certificate to use for creating an LDAP server over TLS |
certificatePrivateKey | no | - | The private key corresponding to the public key defined by certificatePublicKey |
logger | no | console | A custom logger to use instead of console |
start(): Promise<void>
stop(): Promise<void>
Example
{
import * as fs from 'node:fs/promises';
import { LdapServerMock } from 'ldap-server-mock';
async function main() {
const ldapUsers = [
{
dn: 'cn=user,dc=test',
attributes: {
objectClass: 'person',
cn: 'user-login',
attribute1: 'value1',
attribute2: 'value2'
}
}
];
const serverConfiguration = {
port: 3004,
searchBase: 'dc=test'
};
const customLogger = {
info: (...args) => {
console.info(...args);
}
}
const certificatePublicKey = await fs.readFile('/path/to/certificate/public/key.pem');
const certificatePrivateKey = await fs.readFile('/path/to/certificate/private/key.pem');
const ldapServer = new LdapServerMock(ldapUsers, serverConfiguration, certificatePublicKey, certificatePrivateKey, customLogger);
await ldapServer.start();
await ldapServer.stop();
}
main();
Using command line
LDAP server mock can be started with command:
npx ldap-server-mock --conf=/tmp/ldap-server-mock-conf.json --database=/tmp/users.json
With:
- --conf The path to a JSON file containing server's configuration (see below)
- --database The path to a JSON file containing the database of users (see below)
Nb: If process is launched as a sub process it will send a message to its parent process when started:
{
status: 'started';
}
Example
/tmp/ldap-server-mock-conf.json
The server's configuration file must be a simple JSON file:
{
"certPath": "/path/to/certificate/public/key.pem",
"certKeyPath": "/path/to/certificate/private/key.pem",
"port": 3004,
"searchBase": "dc=test"
}
/tmp/users.json
The database's configuration file must be a simple JSON file containing an array of users:
[
{
dn: 'cn=user,dc=test',
attributes: {
objectClass: 'person',
cn: 'user-login',
attribute1: 'value1',
attribute2: 'value2'
}
}
];
npx ldap-server-mock --conf=/tmp/ldap-server-mock-conf.json --database=/tmp/users.json
Server configuration
Property | Type | Required | Default | Details |
---|
certPath | string | no | - | The path of the certificate's public key to use for creating an LDAP server over TLS |
certKeyPath | string | no | - | The path of the certificate's private key corresponding to the public key defined by certPath |
port | number | no | 3004 | The port the LDAP server will listen to |
searchBase | string | no | "dc=test" | The search base to use when searching for the user who is trying to connect |
{
certPath: '/path/to/certificate/public/key.pem',
certKeyPath: '/path/to/certificate/private/key.pem',
port: 3004,
searchBase: 'dc=test'
}
LDAP User
An LDAP user must have a valid Dinstinguished Name and any number of other attributes:
Property | Type | Required | Default | Details |
---|
dn | string | yes | - | Dinstinguish Name |
attributes | Object | yes | - | Any key / value pairs of attributes |
{
dn: 'cn=user,dc=test",
attributes: {
objectClass: 'person',
cn: 'user-login',
attribute1: 'value1',
attribute2: 'value2'
}
Test a connection to the LDAP server
Here is an example using the ldapsearch
client from OpenLDAP with the configuration used in examples:
ldapsearch -x -H ldaps://127.0.0.1:3004 -b "dc=test" "(&(objectclass=person)(cn=user-login))" attribute1 attribute2
With:
- -x to use simple authentication without setting binding DN
- -H ldaps://127.0.0.1:3004 the server URL
- -b "dc=test" the search base in LDAP directory, it should be the same as the searchBase property in server's configuration above
- "(&(objectclass=person)(cn=user-login))" the search filter
- attribute1, attribute2 the list of attributes you want to be returned
Nb: Don't forget to change protocol to ldap
if you haven't configured a certificate.
Known issues
STARTTLS
This mock supports running an LDAP server over TLS which is the non-standard LDAPS. However STARTTLS
(the standard way to run an LDAP server over TLS) is not supported as the underlying ldapjs module has not support for it on the server side. See issue STARTTLS support for the Server API for more information.
Contributors
Maintainer: Veo-Labs
License
AGPL