FR: Improving Active Directory integration

[tomer953]

Feature Request Create ActiveDirectory Module for a better integration \ use with AD.

Hi, I just found that your library suits most of my cases, and for years I used a lot of workarounds that now can be achieved in few lines of codes - so first - huge thanks!

anyway, I'm using activedirectory2 package, which is very old, but does the work. the thing is that we need to pass the username and password to the package config, so I prefer using your solution in order to avoid that.

therefore, I have some feature requests for improving the AD integration:

1. create some common functions like in activedirectory2 ie:
   • findUser(username)
   • findGroup(groupName)
   • isUserMemberOf(user, group) etc..
2. custom entity parser same as activedirectory2 - allowing us to grab the buffer from thumbnailPhoto property, which now returns undefined
3. better typing for the AD results, ie maybe we can pass an object with our AD properties with description, and insert this typing dynamiclly to the result of the AD User result
4. pack into AD module or something easier than: const { getUser } = require("node-expose-sspi/dist/sso/userdb");

Thank you for your hard work.

[jlguenego]

please have a look at how getUser is implemented. You can duplicate it in your code to fit your needs. The express middleware and client are just example of how to use a low level API called SSPI.

node-expose-sspi is in fact just a library that exposes the low level microsoft win32 API called SSPI. Please use all the low level API to fit your needs. If it was a SSO library I would call it sso-something ;)... SSO is just an example of what people can do with this library.

On Thu, Oct 7, 2021 at 4:14 PM Tomer953 @.***> wrote:

OK wow I just found that: sso/userdb has a getUser() function that can query the AD.

So sorry for missing that. (maybe a separate readme file for AD could be help?)

can I request some new features?

1.

any option to create custom entryParser same as activedirectory2 package has? the main goal is for grabbing the thumbnailPhoto buffer. (which is now undefined) 2.

support a better return type for getUser, currently it has only 3 properties. while we can enable some configuration where we can pass an object mapping between the AD property name into the actual meaning (ie: cn: username or sn: lastName etc) and then attach the return type of that object. so for example:

let u = await getUser('cn=tomer') u will now have: u.username (from the cn) and u.lastName from the sn

1. adding the most common function for querying AD, ie: 3.1. getUser by username (cn=...) 3.2 getUserGroups 3.3 getGroupMembers 3.4 isMemberOf() etc..

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/jlguenego/node-expose-sspi/issues/113#issuecomment-937834900, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAVV6TWIHJC6HH3RBR6N5CTUFWTMDANCNFSM5FRK4RIQ .

-- Jean-Louis GUENEGO Tel : +33 6 12 19 81 48 mail: @.***

[jlguenego]

I forgot to indicate that node-expose-sspi exposes all ActiveDirectory API. It is called Win32 ADSI. You have it in node in this library. Look at the test file regarding ADSI. https://github.com/jlguenego/node-expose-sspi/blob/master/test/adsi.spec.ts

[tomer953]

Sounds about right. Thanks