npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

node-ldapauthz

v0.1.1

Published

A simple node.js lib for user authorization based on LDAP server groups.

Downloads

5

Readme

node-ldapauthz

A simple node.js lib for user authorization based on LDAP server groups.

License

##Installation

$ npm install connect-roles

Usage

 var LdapAuthz = require('ldapauthz');
 
 var authz = new LdapAuthz({url: 'ldaps://ldap.example.com:663', ...});
 
 ...
 
 authz.getGrantedAuthorities(username, function (err, authorities) { ... });
 
 ...
 
 authz.close(function (err) { ... }) 

API

LdapAuthz(opts)

Creates an LDAP authz class.

  • opts {Object} Configuration options
    • url {String} A valid LDAP url. E.g. 'ldaps://ldap.example.com:663'
    • adminDn {String} Optional, e.g. 'uid=myapp,ou=users,o=example.com'
    • adminPassword {String} Password for adminDn.
    • groupSearchBase {String} Defines the part of the directory tree under which group searches should be performed. E.g. 'ou=groups,o=example.com'
    • groupSearchScope {String} Optional, default 'sub'. Scope of the search, one of 'base', 'one', or 'sub'.
    • groupSearchFilter {String} The filter which is used to search for group membership. Use the literal '{{username}}' to have the given username be interpolated in for the LDAP search. The default is (uniqueMember={{username}}), corresponding to the groupOfUniqueMembers LDAP class.
    • groupRoleAttribute {String} The attribute which contains the name of the authority defined by the group entry. Defaults to cn.
    • log4js Optional. The require'd log4js module to use for logging. If given this will result in TRACE-level logging for ldapauthz.
    • verbose {Boolean} Optional, default false. If log4js is also given, this will add TRACE-level logging for ldapjs (quite verbose).
    • timeout {Integer} Optional, default Infinity. How long the client should let operations live for before timing out.
    • connectTimeout {Integer} Optional, default is up to the OS. How long the client should wait before timing out on TCP connections.
    • tlsOptions {Object} Additional options passed to the TLS connection layer when connecting via ldaps://. See http://nodejs.org/api/tls.html#tls_tls_connect_options_callback for available options.
    • maxConnections {Integer} Whether or not to enable connection pooling, and if so, how many to maintain.
    • bindDN {String} The DN all connections should be bound as. Defaults to adminDn.
    • bindCredentials {String} The credentials to use with bindDN. Defaults to adminPassword.
    • checkInterval {Integer} How often to schedule health checks for the connection pool.
    • maxIdleTime {Integer} How long a client can be idle before health-checking the connection (subject to the checkInterval frequency).

close(callback)

Closes the LDAP client.

  • callback {Function} Callback function.

getGrantedAuthorities(username, callback);

Gets the list of authorities for the user.

  • username {String} The user name.
  • callback {Function} function (err, authorities) The callback function.

Examples

Example using express, passport and connect-roles

const URL = 'ldap://localhost:389';
const ADMIN_DN = 'cn=root,ou=person,dc=sample,dc=com';
const ADMIN_PASSWORD = 'secret';

const SEARCH_BASE = 'ou=person,dc=sample,dc=com';
const SEARCH_FILTER = '(&(objectclass=inetOrgPerson)(uid={{username}}))';

const GROUP_SEARCH_BASE = 'ou=group,dc=sample,dc=com';
const GROUP_SEARCH_FILTER = '(&(uniqueMember={{username}})(objectClass=group))';

var _ = require("underscore"),
  express = require('express'),
  bodyParser = require('body-parser'),
  session = require('express-session'),
  cookieParser = require('cookie-parser'),
  passport = require('passport'),
  LdapStrategy = require('passport-ldapauth').Strategy,
  ConnectRoles = require('connect-roles'),
  LdapAuthz = require('./ldapauthz.js');

var app = express();

var user = new ConnectRoles();

passport.use(new LdapStrategy({
    server: {
      url: URL,
      adminDn: ADMIN_DN,
      adminPassword: ADMIN_PASSWORD,
      searchBase: SEARCH_BASE,
      searchFilter: SEARCH_FILTER
    }
  },
  function(user, done) {

    console.log('user: ' + user.dn);

    var authz = new LdapAuthz({
      url: URL,
      adminDn: ADMIN_DN,
      adminPassword: ADMIN_PASSWORD,
      groupSearchBase: GROUP_SEARCH_BASE,
      groupSearchFilter: GROUP_SEARCH_FILTER
    });

    authz.getGrantedAuthorities(user.dn, function (err, authorities) {
      authz.close(function (err) {});

      if (err) {
        return done(err);
      }

      user.roles = authorities;
      return done(null, user);
    });
  }
));

passport.serializeUser(function(user, done) {
  done(null, user);
});

passport.deserializeUser(function(obj, done) {
  done(null, obj);
});

app.use(bodyParser.urlencoded({extended: true}));
app.use(bodyParser.json());
app.use(session({ secret: 'keyboard cat', saveUninitialized: true, resave: true }));
app.use(cookieParser());
app.use(passport.initialize());
app.use(passport.session());
app.use(user.middleware());

// Anonymous users can only access the home page
// Returning false stops any more rules from being considered
user.use(function (req, action) {
  if (!req.isAuthenticated()) {
    return action === 'access home page';
  }
})

user.use('user', function (req) {
  return  _.contains(req.user.roles, 'GEC-BR-search-usuarios');
});

user.use('admin', function (req) {
  return  _.contains(req.user.roles, 'GEC-BR-search-administradores');
});

app.get('/', user.can('access home page'), function (req, res) {
  res.send({status: 'home - ok'}).end();
});

app.get('/login', passport.authenticate('ldapauth'), function(req, res) {
  res.send({status: 'login - ok'}).end();
});

app.get('/user', user.is('user'), function (req, res) {
  res.send({status: 'user - ok'}).end();
});

app.get('/admin', user.is('admin'), function (req, res) {
  res.send({status: 'admin - ok'}).end();
});

app.listen(8080);