passport-ldapauth
Passport authentication strategy against LDAP server. This module is a Passport strategy wrapper for ldapauth-fork
Usage
var LdapStrategy = Strategy; passport;
If you wish to e.g. do some additional verification or initialize user data to local database you may supply a verify
callback which accepts user
object and then calls the done
callback supplying a user
, which should be set to false
if user is not allowed to authenticate. If an exception occured, err
should be set.
var LdapStrategy = Strategy; passport;
Install
npm install passport-ldapauth
Status
Configuration options
-
server
: LDAP settings. These are passed directly to ldapauth-fork. See its documentation for all available options.url
: e.g.ldap://localhost:389
adminDn
: e.g.cn='root'
adminPassword
: Password for adminDnsearchBase
: e.g.o=users,o=example.com
searchFilter
: LDAP search filter, e.g.(uid={{username}})
. Use literal{{username}}
to have the given username used in the search.searchAttributes
: Optional array of attributes to fetch from LDAP server, e.g.['displayName', 'mail']
. Defaults toundefined
, i.e. fetch all attributestlsOptions
: Optional object with options accepted by Node.js tls module.
-
usernameField
: Field name where the username is found, defaults to username -
passwordField
: Field name where the password is found, defaults to password -
passReqToCallback
: Whentrue
,req
is the first argument to the verify callback (default:false
):passport.use(new LdapStrategy(..., function(req, user, done) { ... done(null, user); } ));
Express example
var express = passport = LdapStrategy = Strategy; var OPTS = server: url: 'ldap://localhost:389' adminDn: 'cn=root' adminPassword: 'secret' searchBase: 'ou=passport-ldapauth' searchFilter: '(uid={{username}})' ; var app = ; passport; app; app; app;
Active Directory over SSL example
Simple example config for connecting over ldaps://
to a server requiring some internal CA certificate (often the case in corporations using Windows AD).
var fs = ; var opts = server: url: 'ldaps://ad.corporate.com:636' adminDn: 'non-person@corporate.com' adminPassword: 'secret' searchBase: 'dc=corp,dc=corporate,dc=com' searchFilter: '(&(objectcategory=person)(objectclass=user)(|(samaccountname={{username}})(mail={{username}})))' searchAttributes: 'displayName' 'mail' tlsOptions: ca: fs ;...
Asynchronous configuration retrieval
Instead of providing a static configuration object, you can pass to the LdapStrategy a function that will take care of fetching the configuration.
Example (here process.nextTick illustrates the asynchronous workings; in a real world this will for example be a database query):
{ process;} var LdapStrategy = Strategy; passport;
License
MIT