 var LdapAuthz = require('ldapauthz');
 
 var authz = new LdapAuthz({url: 'ldaps://ldap.example.com:663', ...});
 
 ...
 
 authz.getGrantedAuthorities(username, function (err, authorities) { ... });
 
 ...
 
 authz.close(function (err) { ... })

API

LdapAuthz(opts)

Creates an LDAP authz class.

opts {Object} Configuration options
- url {String} A valid LDAP url. E.g. 'ldaps://ldap.example.com:663'
- adminDn {String} Optional, e.g. 'uid=myapp,ou=users,o=example.com'
- adminPassword {String} Password for adminDn.
- groupSearchBase {String} Defines the part of the directory tree under which group searches should be performed. E.g. 'ou=groups,o=example.com'
- groupSearchScope {String} Optional, default 'sub'. Scope of the search, one of 'base', 'one', or 'sub'.
- groupSearchFilter {String} The filter which is used to search for group membership. Use the literal '{{username}}' to have the given username be interpolated in for the LDAP search. The default is (uniqueMember={{username}}), corresponding to the groupOfUniqueMembers LDAP class.
- groupRoleAttribute {String} The attribute which contains the name of the authority defined by the group entry. Defaults to cn.
- log4js Optional. The require'd log4js module to use for logging. If given this will result in TRACE-level logging for ldapauthz.
- verbose {Boolean} Optional, default false. If log4js is also given, this will add TRACE-level logging for ldapjs (quite verbose).
- timeout {Integer} Optional, default Infinity. How long the client should let operations live for before timing out.
- connectTimeout {Integer} Optional, default is up to the OS. How long the client should wait before timing out on TCP connections.
- tlsOptions {Object} Additional options passed to the TLS connection layer when connecting via ldaps://. See http://nodejs.org/api/tls.html#tls_tls_connect_options_callback for available options.
- maxConnections {Integer} Whether or not to enable connection pooling, and if so, how many to maintain.
- bindDN {String} The DN all connections should be bound as. Defaults to adminDn.
- bindCredentials {String} The credentials to use with bindDN. Defaults to adminPassword.
- checkInterval {Integer} How often to schedule health checks for the connection pool.
- maxIdleTime {Integer} How long a client can be idle before health-checking the connection (subject to the checkInterval frequency).

close(callback)

Closes the LDAP client.

callback {Function} Callback function.

getGrantedAuthorities(username, callback);

Gets the list of authorities for the user.

username {String} The user name.
callback {Function} function (err, authorities) The callback function.

Examples

Example using express, passport and connect-roles

const URL = 'ldap://localhost:389';
const ADMIN_DN = 'cn=root,ou=person,dc=sample,dc=com';
const ADMIN_PASSWORD = 'secret';

const SEARCH_BASE = 'ou=person,dc=sample,dc=com';
const SEARCH_FILTER = '(&(objectclass=inetOrgPerson)(uid={{username}}))';

const GROUP_SEARCH_BASE = 'ou=group,dc=sample,dc=com';
const GROUP_SEARCH_FILTER = '(&(uniqueMember={{username}})(objectClass=group))';

var _ = require("underscore"),
  express = require('express'),
  bodyParser = require('body-parser'),
  session = require('express-session'),
  cookieParser = require('cookie-parser'),
  passport = require('passport'),
  LdapStrategy = require('passport-ldapauth').Strategy,
  ConnectRoles = require('connect-roles'),
  LdapAuthz = require('./ldapauthz.js');

var app = express();

var user = new ConnectRoles();

passport.use(new LdapStrategy({
    server: {
      url: URL,
      adminDn: ADMIN_DN,
      adminPassword: ADMIN_PASSWORD,
      searchBase: SEARCH_BASE,
      searchFilter: SEARCH_FILTER
    }
  },
  function(user, done) {

    console.log('user: ' + user.dn);

    var authz = new LdapAuthz({
      url: URL,
      adminDn: ADMIN_DN,
      adminPassword: ADMIN_PASSWORD,
      groupSearchBase: GROUP_SEARCH_BASE,
      groupSearchFilter: GROUP_SEARCH_FILTER
    });

    authz.getGrantedAuthorities(user.dn, function (err, authorities) {
      authz.close(function (err) {});

      if (err) {
        return done(err);
      }

      user.roles = authorities;
      return done(null, user);
    });
  }
));

passport.serializeUser(function(user, done) {
  done(null, user);
});

passport.deserializeUser(function(obj, done) {
  done(null, obj);
});

app.use(bodyParser.urlencoded({extended: true}));
app.use(bodyParser.json());
app.use(session({ secret: 'keyboard cat', saveUninitialized: true, resave: true }));
app.use(cookieParser());
app.use(passport.initialize());
app.use(passport.session());
app.use(user.middleware());

// Anonymous users can only access the home page
// Returning false stops any more rules from being considered
user.use(function (req, action) {
  if (!req.isAuthenticated()) {
    return action === 'access home page';
  }
})

user.use('user', function (req) {
  return  _.contains(req.user.roles, 'GEC-BR-search-usuarios');
});

user.use('admin', function (req) {
  return  _.contains(req.user.roles, 'GEC-BR-search-administradores');
});

app.get('/', user.can('access home page'), function (req, res) {
  res.send({status: 'home - ok'}).end();
});

app.get('/login', passport.authenticate('ldapauth'), function(req, res) {
  res.send({status: 'login - ok'}).end();
});

app.get('/user', user.is('user'), function (req, res) {
  res.send({status: 'user - ok'}).end();
});

app.get('/admin', user.is('admin'), function (req, res) {
  res.send({status: 'admin - ok'}).end();
});

app.listen(8080);

FAQs

What is node-ldapauthz?

Is node-ldapauthz popular?

Is node-ldapauthz well maintained?

Package last updated on 07 Aug 2014

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install