verdaccio authenticating against ldap

[MorganCloud]

I am experiencing errors when trying to setup verdaccio to authenticate against active directory.I get the following error on the backend which is a centos 7 aws machine and my client machine is in corporate office as well as the AD server (VPN connected):

my steps to recreate:

npm set registry https://npm.mydomain.io
npm adduser --registry https://npm.mydomain.io

  http  <-- 409, user: undefined, req: 'PUT /-/user/org.couchdb.user:andrewm', error: registration is disabled
0|verdacci |  http  <-- 200, user: undefined, req: 'GET /-/user/org.couchdb.user:andrewm?write=true', bytes: 0/106
0|verdacci |  warn  --- LDAP error { message: '80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1\u0000',
0|verdacci |   name: 'InvalidCredentialsError',
0|verdacci |   stack: 'InvalidCredentialsError: InvalidCredentialsError\n    at messageCallback (/usr/lib/node_modules/verdaccio-ldap/node_modules/ldapjs/lib/client/client.js:1419:45)\n    at Parser.onMessage (/usr/lib/node_modules/verdaccio-ldap/node_modules/ldapjs/lib/client/client.js:1089:14)\n    at emitOne (events.js:96:13)\n    at Parser.emit (events.js:191:7)\n    at Parser.write (/usr/lib/node_modules/verdaccio-ldap/node_modules/ldapjs/lib/messages/parser.js:111:8)\n    at TLSSocket.onData (/usr/lib/node_modules/verdaccio-ldap/node_modules/ldapjs/lib/client/client.js:1076:22)\n    at emitOne (events.js:96:13)\n    at TLSSocket.emit (events.js:191:7)\n    at readableAddChunk (_stream_readable.js:178:18)\n    at TLSSocket.Readable.push (_stream_readable.js:136:10)',
0|verdacci |   code: 49,
0|verdacci |   signal: undefined }
0|verdacci |  http  <-- 409, user: undefined, req: 'PUT /-/user/org.couchdb.user:andrewm/-rev/undefined', error: registration is disabled

and I get the following error on the client machine which is window 7

npm ERR! Windows_NT 6.1.7601
npm ERR! argv "C:\\Program Files\\nodejs\\node.exe" "C:\\Program Files\\nodejs\\node_modules\\npm\\bin\\npm-cli.js" "adduser" "--registry" "https://npm.aud"
npm ERR! node v6.9.1
npm ERR! npm  v3.10.8
npm ERR! code E409

npm ERR! registration is disabled : -/user/org.couchdb.user:andrewm/-rev/undefined
npm ERR!
npm ERR! If you need help, you may report this error at:
npm ERR!     <https://github.com/npm/npm/issues>

npm ERR! Please include the following file with any support request:
npm ERR!     C:\Users\andrewm\npm-debug.log

npm config list

; cli configs
scope = ""
user-agent = "npm/4.2.0 node/v7.10.0 linux x64"

; userconfig /home/ec2-user/.npmrc
http-proxy = null
https-proxy = null
registry = "https://registry.npmjs.org/"
strict-ssl = false

; globalconfig /usr/etc/npmrc
registry = "https://registry.npmjs.org/"

; node bin location = /usr/bin/node
; cwd = /home/ec2-user
; HOME = /home/ec2-user
; "npm config ls -l" to show all defaults.

My config file is below

storage: ./storage

###########

 auth:
  ldap:
    type: ldap
    groupNameAttribute: 'admin'
    client_options:
      url: "ldaps://tordc1"
      adminDn: "cn=admin,dc=toronto,dc=audi"
      adminPassword: "P@nc@k3"
      searchBase: "ou=Audien Corp,dc=toronto,dc=audien"
      searchFilter: "(uid={{admin}})"
      cache: False
      searchAttributes:
        - "*"
        - memberOf
      tlsOptions:
        rejectUnauthorized: False

##########

# a list of other known repositories we can talk to
uplinks:
  npmjs:
    url: https://registry.npmjs.org/
###########

packages:
  # uncomment this for packages with "local-" prefix to be available
  # for admin only, it's a recommended way of handling private packages
   'av-*':
      allow_access: $all
      allow_publish: $all

   '*':
      allow_access: $all
      allow_publish: $all
      proxy: npmjs

   '@*/*':
      allow_access: $all
      allow_publish: $authenticated
      proxy: npmjs

https:
  key: /home/ec2-user/verdaccio/verdaccio-keynew.pem
  cert: /home/ec2-user/verdaccio/verdaccio-certnew.pem
  ca: /home/ec2-user/verdaccio/server.ca

# log settings
logs:
  - {type: stdout, format: pretty, level: http}
  #- {type: file, path: verdaccio.log, level: info}

listen:
- https://devnpm:4873
max_body_size: 300mb

Could I get some assistance on resolving my issue pleaseÉ

Thank you

[MorganCloud]

I made changes to the config and getting different error, I edited above..

[webmastir]

I could never get it to work with AD either (same setup). I had to port over sinopia-activedirectory. After making some very simply edits, I was up and running in no time. It might be worth a shot unless you're dead set on using this.

[MorganCloud]

thank you for the reply..No I am not dead set, can you guide me in what simple edits do I have to make?

Thank you

[webmastir]

Download the repo and create an npm package with the files. Then publish it to your Verdaccio server. After that, install it from your private repo server.

In terms of editing, it's about as simple as replacing the word "sinopia" with "verdaccio" in those 2 or 3 files.

[MorganCloud]

thank you alot, it worked.

[Alexandre-io]

Here is a configuration example for the active directory:

auth:
  ldap:
    type: ldap
    groupNameAttribute: 'cn'
    client_options:
      url: "ldaps://server.example.com"
      adminDn: "CN=sinopia,CN=Users,DC=example,DC=com"
      adminPassword: "YOUR-PASSWORD"
      searchBase: "DC=example,DC=com"
      searchFilter: "(sAMAccountName={{username}})"
      cache: False
      searchAttributes:
        - "*"
        - memberOf
      tlsOptions:
        rejectUnauthorized: False

[juanpicado]

It should be great have a Docker example in here https://github.com/verdaccio/docker-examples (Verdaccio + LDAP Plugin + Any LDAP Docker Image). Once this is merged https://github.com/verdaccio/verdaccio/pull/232 should be fairly easy.