Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
ldapjs is a pure JavaScript, from-scratch framework for implementing LDAP clients and servers in Node.js. It is designed to be simple, extensible, and robust, making it suitable for a wide range of LDAP-related tasks.
Creating an LDAP Client
This feature allows you to create an LDAP client and bind to an LDAP server. The code sample demonstrates how to connect to an LDAP server running on localhost and bind using a distinguished name (DN) and password.
const ldap = require('ldapjs');
const client = ldap.createClient({
url: 'ldap://127.0.0.1:389'
});
client.bind('cn=root', 'secret', (err) => {
if (err) {
console.error('Error binding to LDAP server:', err);
} else {
console.log('Successfully bound to LDAP server');
}
});
Searching the LDAP Directory
This feature allows you to search the LDAP directory. The code sample demonstrates how to perform a search for entries with the surname 'Smith' and retrieve their distinguished names, surnames, and common names.
const ldap = require('ldapjs');
const client = ldap.createClient({
url: 'ldap://127.0.0.1:389'
});
client.bind('cn=root', 'secret', (err) => {
if (err) {
console.error('Error binding to LDAP server:', err);
return;
}
const opts = {
filter: '(sn=Smith)',
scope: 'sub',
attributes: ['dn', 'sn', 'cn']
};
client.search('o=example', opts, (err, res) => {
if (err) {
console.error('Error searching LDAP directory:', err);
return;
}
res.on('searchEntry', (entry) => {
console.log('Entry:', entry.object);
});
res.on('searchReference', (referral) => {
console.log('Referral:', referral.uris.join());
});
res.on('error', (err) => {
console.error('Search error:', err);
});
res.on('end', (result) => {
console.log('Search result:', result);
});
});
});
Adding an Entry to the LDAP Directory
This feature allows you to add an entry to the LDAP directory. The code sample demonstrates how to add a new entry with common name 'John Doe', surname 'Doe', and email 'john.doe@example.com' to the directory.
const ldap = require('ldapjs');
const client = ldap.createClient({
url: 'ldap://127.0.0.1:389'
});
client.bind('cn=root', 'secret', (err) => {
if (err) {
console.error('Error binding to LDAP server:', err);
return;
}
const entry = {
cn: 'John Doe',
sn: 'Doe',
email: 'john.doe@example.com',
objectclass: 'inetOrgPerson'
};
client.add('cn=John Doe, o=example', entry, (err) => {
if (err) {
console.error('Error adding entry to LDAP directory:', err);
} else {
console.log('Entry added successfully');
}
});
});
Modifying an Entry in the LDAP Directory
This feature allows you to modify an entry in the LDAP directory. The code sample demonstrates how to replace the email attribute of an existing entry with a new email address.
const ldap = require('ldapjs');
const client = ldap.createClient({
url: 'ldap://127.0.0.1:389'
});
client.bind('cn=root', 'secret', (err) => {
if (err) {
console.error('Error binding to LDAP server:', err);
return;
}
const change = new ldap.Change({
operation: 'replace',
modification: {
email: 'john.new@example.com'
}
});
client.modify('cn=John Doe, o=example', change, (err) => {
if (err) {
console.error('Error modifying entry in LDAP directory:', err);
} else {
console.log('Entry modified successfully');
}
});
});
Deleting an Entry from the LDAP Directory
This feature allows you to delete an entry from the LDAP directory. The code sample demonstrates how to delete an entry with the distinguished name 'cn=John Doe, o=example' from the directory.
const ldap = require('ldapjs');
const client = ldap.createClient({
url: 'ldap://127.0.0.1:389'
});
client.bind('cn=root', 'secret', (err) => {
if (err) {
console.error('Error binding to LDAP server:', err);
return;
}
client.del('cn=John Doe, o=example', (err) => {
if (err) {
console.error('Error deleting entry from LDAP directory:', err);
} else {
console.log('Entry deleted successfully');
}
});
});
The 'activedirectory' package is a simple Node.js library for Active Directory LDAP integration. It provides a higher-level abstraction over LDAP operations, making it easier to work with Active Directory. Compared to ldapjs, it is more specialized for Active Directory environments and offers simpler interfaces for common tasks like user authentication and group membership checks.
The 'ldapauth-fork' package is a Node.js library for authenticating users against an LDAP server. It is a fork of the original 'ldapauth' package and provides a straightforward way to authenticate users. Compared to ldapjs, it is more focused on authentication and less on general LDAP operations, making it a good choice for applications that primarily need to authenticate users.
ldapjs makes the LDAP protocol a first class citizen in Node.js.
For full docs, head on over to http://ldapjs.org.
var ldap = require('ldapjs');
var server = ldap.createServer();
server.search('dc=example', function(req, res, next) {
var obj = {
dn: req.dn.toString(),
attributes: {
objectclass: ['organization', 'top'],
o: 'example'
}
};
if (req.filter.matches(obj.attributes))
res.send(obj);
res.end();
});
server.listen(1389, function() {
console.log('ldapjs listening at ' + server.url);
});
To run that, assuming you've got the OpenLDAP client on your system:
ldapsearch -H ldap://localhost:1389 -x -b dc=example objectclass=*
npm install ldapjs
MIT.
FAQs
LDAP client and server APIs
The npm package ldapjs receives a total of 126,397 weekly downloads. As such, ldapjs popularity was classified as popular.
We found that ldapjs demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.