Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
ldapauth-fork
Advanced tools
Fork of node-ldapauth - A simple node.js lib to authenticate against an LDAP server.
This fork was created and published because of an urgent need to get newer
version of ldapjs in use to
passport-ldapauth since the newer
version supports passing tlsOptions
to the TLS module. Once the original
module is updated I will likely deprecate the fork.
Changes in this fork include:
{{username}}
(#10)close()
(#3)bcrypt
is an optional dependency (#13, also affects #9)Multiple ldapjs client options have been made available. From the original options adminDn
and adminPassword
are optional.
var LdapAuth = require('ldapauth-fork');
var options = {
url: 'ldaps://ldap.example.com:663',
...
};
var auth = new LdapAuth(options);
...
auth.authenticate(username, password, function(err, user) { ... });
...
auth.close(function(err) { ... })
npm install ldapauth-fork
MIT. See "LICENSE" file.
LdapAuth
Config Optionsvar connect = require('connect');
var LdapAuth = require('ldapauth-fork');
// Config from a .json or .ini file or whatever.
var config = {
ldap: {
url: "ldaps://ldap.example.com:636",
bindDn: "uid=myadminusername,ou=users,o=example.com",
bindCredentials: "mypassword",
searchBase: "ou=users,o=example.com",
searchFilter: "(uid={{username}})"
}
};
var ldap = new LdapAuth({
url: config.ldap.url,
bindDn: config.ldap.bindDn,
bindCredentials: config.ldap.bindCredentials,
searchBase: config.ldap.searchBase,
searchFilter: config.ldap.searchFilter,
//log4js: require('log4js'),
cache: true
});
var basicAuthMiddleware = connect.basicAuth(function (username, password, callback) {
ldap.authenticate(username, password, function (err, user) {
if (err) {
console.log("LDAP auth error: %s", err);
}
callback(err, user)
});
});
2.2.19
FAQs
Authenticate against an LDAP server
The npm package ldapauth-fork receives a total of 28,691 weekly downloads. As such, ldapauth-fork popularity was classified as popular.
We found that ldapauth-fork demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.