Security News
The Unpaid Backbone of Open Source: Solo Maintainers Face Increasing Security Demands
Solo open source maintainers face burnout and security challenges, with 60% unpaid and 60% considering quitting.
verdaccio-ldap-group-fix
Advanced tools
verdaccio-ldap
is a fork of sinopia-ldap
. It aims to keep backwards compatibility with sinopia
, while keeping up with npm changes.
$ npm install verdaccio
$ npm install verdaccio-ldap
Add to your config.yaml
:
auth:
ldap:
type: ldap
client_options:
url: "ldaps://ldap.example.com"
# Only required if you need auth to bind
adminDn: "cn=admin,dc=example,dc=com"
adminPassword: "admin"
# Search base for users
searchBase: "ou=People,dc=example,dc=com"
searchFilter: "(uid={{username}})"
# If you are using groups, this is also needed
groupDnProperty: 'cn',
groupSearchBase: 'ou=groups,dc=myorg,dc=com',
# If you have memberOf support on your ldap
searchAttributes: ['*', 'memberOf']
# Else, if you don't (use one or the other):
# groupSearchFilter: '(memberUid={{dn}})'
# Optional
cache: False
It's called as:
require('verdaccio-ldap')(config, stuff)
Where:
This should export two functions:
adduser(user, password, cb)
It should respond with:
cb(err)
in case of an error (error will be returned to user)cb(null, false)
in case registration is disabled (next auth plugin will be executed)cb(null, true)
in case user registered successfullyIt's useful to set err.status
property to set http status code (e.g. err.status = 403
).
authenticate(user, password, cb)
It should respond with:
cb(err)
in case of a fatal error (error will be returned to user, keep those rare)cb(null, false)
in case user not authenticated (next auth plugin will be executed)cb(null, [groups])
in case user is authenticatedGroups is an array of all users/usergroups this user has access to. You should probably include username itself here.
FAQs
LDAP auth plugin for verdaccio
The npm package verdaccio-ldap-group-fix receives a total of 3 weekly downloads. As such, verdaccio-ldap-group-fix popularity was classified as not popular.
We found that verdaccio-ldap-group-fix demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Solo open source maintainers face burnout and security challenges, with 60% unpaid and 60% considering quitting.
Security News
License exceptions modify the terms of open source licenses, impacting how software can be used, modified, and distributed. Developers should be aware of the legal implications of these exceptions.
Security News
A developer is accusing Tencent of violating the GPL by modifying a Python utility and changing its license to BSD, highlighting the importance of copyleft compliance.