Open wesley3295 opened 3 months ago
shaozi
commented
3 months ago It is a very sad that some stupid coward threatened the maintainer and now the project is archived.
So far I have not found anything yet. We should find some people to take the project over since it is open source.
mattkrins
commented
2 months ago I don't know of any alternatives sadly... It was one of, if not the only decent ldap packages for node. I've never seen such an unhinged deprecation readme before. It was clearly a troll/spam email but I guess the author wanted an excuse to stop maintaining it.
stalkerg
commented
4 weeks ago I think we can easily port it to https://github.com/jjhoughton/napi-ldap or make it abstract.
stalkerg
commented
4 weeks ago or maybe it will be better just to reimplement such features by Rust? https://github.com/inejge/ldap3
shaozi
commented
3 weeks ago or maybe it will be better just to reimplement such features by Rust? https://github.com/inejge/ldap3
I like this idea. Any pointers on how?
stalkerg
commented
3 weeks ago I like this idea. Any pointers on how?
I think the easier way to make binding by this https://github.com/neon-bindings/neon
It should be relatively easy because we do not need many features. If you want, I can try/help next week.
PS Of course, true JS implementation has some benefits, but we do not have easy solutions in the current situation.
stalkerg
commented
3 weeks ago It seems like we are using one filter: https://github.com/ldapjs/filter. Do we need it? As I understand, it's IR, and in our case, (${userAttr}=${userName}) it's overkill.
stalkerg
commented
3 weeks ago For the rust idea, I think it will be easier to implement high-level functions - _searchUser and _searchUserGroups.
shaozi
commented
3 weeks ago It seems like we are using one
filter: https://github.com/ldapjs/filter. Do we need it? As I understand, it's IR, and in our case,(${userAttr}=${userName})it's overkill.
What is IR? Now I look into the code, it does seem over complicated in the ldapjs/filter implementation. But I wonder if we simply use string substitute, do we need to do any pre-processing of the user input to ease any security injection concern? Of course, I am not sure the filter lib does that, but I just assume it does something.
shaozi
commented
3 weeks ago The neon-bindings is a really nice lib. I searched and there is another one called napi-rs. Have you compared these two?
stalkerg
commented
3 weeks ago What is IR?
https://en.wikipedia.org/wiki/Intermediate_representation
do we need to do any pre-processing of the user input to ease any security injection concern?
Yes, sure, but it is trivial; all literals should be escaped. Rust lib already supports it: https://docs.rs/ldap3/0.11.3/ldap3/fn.ldap_escape.html
The neon-bindings is a really nice lib. I searched and there is another one called napi-rs. Have you compared these two?
Yeah, it seems like napi-rs even better! https://napi.rs/docs/more/neon
shaozi
commented
3 weeks ago Cool let me try it out next week and see how is it going.
Any ideas on what we can do in replacement of ldapjs? This package is something my company relies on heavily and with it not being maintained anymore throws a huge plot twist into our current work with our client. Is there another open source ldap package that can replace ldapjs or something I/we can contribute to?