Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
passport-ldapauth
Advanced tools
Passport authentication strategy against LDAP server. This module is a Passport strategy wrapper for ldapauth-fork
var LdapStrategy = require('passport-ldapauth').Strategy;
passport.use(new LdapStrategy({
server: {
url: 'ldap://localhost:389',
...
}
}));
If you wish to e.g. do some additional verification or initialize user data to local database you may supply a verify
callback which accepts user
object and then calls the done
callback supplying a user
, which should be set to false
if user is not allowed to authenticate. If an exception occured, err
should be set.
var LdapStrategy = require('passport-ldapauth').Strategy;
passport.use(new LdapStrategy({
server: {
url: 'ldap://localhost:389',
...
}
},
function(user, done) {
...
return done(null, user);
}
));
npm install passport-ldapauth
server
: LDAP settings. These are passed directly to ldapauth-fork. See its documentation for all available options.
url
: e.g. ldap://localhost:389
adminDn
: e.g. cn='root'
adminPassword
: Password for adminDnsearchBase
: e.g. o=users,o=example.com
searchFilter
: LDAP search filter, e.g. (uid={{username}})
. Use literal {{username}}
to have the given username used in the search.searchAttributes
: Optional array of attributes to fetch from LDAP server, e.g. ['displayName', 'mail']
. Defaults to undefined
, i.e. fetch all attributestlsOptions
: Optional object with options accepted by Node.js tls module.usernameField
: Field name where the username is found, defaults to username
passwordField
: Field name where the password is found, defaults to password
passReqToCallback
: When true
, req
is the first argument to the verify callback (default: false
):
passport.use(new LdapStrategy(..., function(req, user, done) {
...
done(null, user);
}
));
var express = require('express'),
passport = require('passport'),
LdapStrategy = require('passport-ldapauth').Strategy;
var OPTS = {
server: {
url: 'ldap://localhost:389',
adminDn: 'cn=root',
adminPassword: 'secret',
searchBase: 'ou=passport-ldapauth',
searchFilter: '(uid={{username}})'
}
};
var app = express();
passport.use(new LdapStrategy(OPTS));
app.configure(function() {
app.use(express.bodyParser());
app.use(passport.initialize());
});
app.post('/login', passport.authenticate('ldapauth', {session: false}), function(req, res) {
res.send({status: 'ok'});
});
app.listen(8080);
MIT
FAQs
LDAP authentication strategy for Passport
The npm package passport-ldapauth receives a total of 29,252 weekly downloads. As such, passport-ldapauth popularity was classified as popular.
We found that passport-ldapauth demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.