Waterlock LDAP Auth
waterlock-ldap-auth is a module for waterlock
providing a LDAP authentication method for users based on customizeable LDAP
queries. It uses ldapauth-fork to
faciliate LDAP authentication.
Usage
npm install waterlock-ldap-auth
set the following option in your waterlock.js
config file
authMethod:[
{
name: "waterlock-ldap-auth",
connection: {
url: "ldaps://ldap.example.com:636",
bindDn: "uid=myadminusername,ou=users,o=example.com",
bindCredentials: "mypassword",
searchBase: "ou=users,o=example.com",
searchFilter: "(uid={{username}})",
cache: true
},
attributes: {}
}
]
Auth Model
LDAP auth adds the following attributes onto the Auth model:
entryUUID: {
type: 'string',
unique: true
},
dn: {
type: 'string',
unique: true
}
They map the dn
and theentryUUID
values of the LDAP user to the Auth
model.
With the way waterlock is designed and this model you can override any of these
attributes.
waterlock-ldap-auth will create a new Auth and User if LDAP authentication
succeeds but no Auth/User is found.
Mapping LDAP attributes
It is possible to map attributes from the LDAP user object to the Auth
model
automatically. Just add objects to the attributes
property:
authMethod:[
{
name: "waterlock-ldap-auth",
connection: { ... },
attributes: {
uid: {
uid: {
type: 'string'
}
},
cn: {
fullname: {
type: 'string'
}
},
mail: {
email: {
type: 'string'
}
}
}
}
]
This example adds a mapping from LDAP to Auth
model:
LDAP | Auth model | Type |
---|
uid | uid | string |
cn | fullname | string |
mail | email | string |
License
Waterlock LDAP Auth is licensed under the MIT license. See the LICENSE file
for more details.