ldapauth-extended
Advanced tools
A fork of node-ldapauth-fork that is in fact a fork of node-ldapauth - A simple node.js lib to authenticate against an LDAP server.
Differs with node-ldapauth-fork in accounting ALL user's groups instead of only root ones: #a3b6310a
var LdapAuth = require('ldapauth-fork');
var options = {
url: 'ldaps://ldap.example.org:636',
...
};
var auth = new LdapAuth(options);
auth.on('error', function (err) {
console.error('LdapAuth: ', err);
});
...
auth.authenticate(username, password, function(err, user) { ... });
...
auth.close(function(err) { ... })
LdapAuth inherits from EventEmitter.
npm install ldapauth-fork
LdapAuth Config OptionsRequired ldapjs client options:
url - LDAP server URL, eg. ldaps://ldap.example.org:663ldapauth-fork options:
bindDN - Admin connection DN, e.g. uid=myapp,ou=users,dc=example,dc=org. Optional. If not given at all, admin client is not bound. Giving empty string may result in anonymous bind when allowed.bindCredentials - Password for bindDN.searchBase - The base DN from which to search for users by username. E.g. ou=users,dc=example,dc=orgsearchFilter - LDAP search filter with which to find a user by username, e.g. (uid={{username}}). Use the literal {{username}} to have the given username interpolated in for the LDAP search.searchAttributes - Optional, default all. Array of attributes to fetch from LDAP server.bindProperty - Optional, default dn. Property of the LDAP user object to use when binding to verify the password. E.g. name, emailsearchScope - Optional, default sub. Scope of the search, one of base, one, or sub.ldapauth-fork can look for valid users groups too. Related options:
groupSearchBase - Optional. The base DN from which to search for groups. If defined, also groupSearchFilter must be defined for the search to work.groupSearchFilter - Optional. LDAP search filter for groups. Place literal {{dn}} in the filter to have it replaced by the property defined with groupDnProperty of the found user object. {{username}} is also available and will be replaced with the uid of the found user. This is useful for example to filter PosixGroups by memberUid. Optionally you can also assign a function instead. The found user is passed to the function and it should return a valid search filter for the group search.groupSearchAttributes - Optional, default all. Array of attributes to fetch from LDAP server.groupDnProperty - Optional, default dn. The property of user object to use in {{dn}} interpolation of groupSearchFilter.groupSearchScope - Optional, default sub.Other ldapauth-fork options:
includeRaw - Optional, default false. Set to true to add property _raw containing the original buffers to the returned user object. Useful when you need to handle binary attributescache - Optional, default false. If true, then up to 100 credentials at a time will be cached for 5 minutes.log - Bunyan logger instance, optional. If given this will result in TRACE-level error logging for component:ldapauth. The logger is also passed forward to ldapjs.Optional ldapjs options, see ldapjs documentation:
tlsOptions - Needed for TLS connection. See Node.js documentationsocketPathtimeoutconnectTimeoutidleTimeoutreconnectstrictDNqueueSizequeueTimeoutqueueDisableThe LDAP authentication flow is usually:
bindDN and bindCredentials{{username}} from the searchFilter with given usernamevar basicAuth = require('basic-auth');
var LdapAuth = require('ldapauth-fork');
var ldap = new LdapAuth({
url: 'ldaps://ldap.example.org:636',
bindDN: 'uid=myadminusername,ou=users,dc=example,dc=org',
bindCredentials: 'mypassword',
searchBase: 'ou=users,dc=example,dc=org',
searchFilter: '(uid={{username}})',
reconnect: true
});
var rejectBasicAuth = function(res) {
res.statusCode = 401;
res.setHeader('WWW-Authenticate', 'Basic realm="Example"');
res.end('Access denied');
}
var basicAuthMiddleware = function(req, res, next) {
var credentials = basicAuth(req);
if (!credentials) {
return rejectBasicAuth(res);
}
ldap.authenticate(credentials.name, credentials.pass, function(err, user) {
if (err) {
return rejectBasicAuth(res);
}
req.user = user;
next();
});
};
MIT
ldapauth-fork has been partially sponsored by Leonidas Ltd.
FAQs
Authenticate against an LDAP server
The npm package ldapauth-extended receives a total of 3 weekly downloads. As such, ldapauth-extended popularity was classified as not popular.
We found that ldapauth-extended demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Create React App is officially deprecated due to React 19 issues and lack of maintenance—developers should switch to Vite or other modern alternatives.
Security News
Oracle seeks to dismiss fraud claims in the JavaScript trademark dispute, delaying the case and avoiding questions about its right to the name.
Security News
The Linux Foundation is warning open source developers that compliance with global sanctions is mandatory, highlighting legal risks and restrictions on contributions.