Open wesley3295 opened 3 months ago
It is a very sad that some stupid coward threatened the maintainer and now the project is archived.
So far I have not found anything yet. We should find some people to take the project over since it is open source.
I don't know of any alternatives sadly... It was one of, if not the only decent ldap packages for node. I've never seen such an unhinged deprecation readme before. It was clearly a troll/spam email but I guess the author wanted an excuse to stop maintaining it.
I think we can easily port it to https://github.com/jjhoughton/napi-ldap or make it abstract.
or maybe it will be better just to reimplement such features by Rust? https://github.com/inejge/ldap3
or maybe it will be better just to reimplement such features by Rust? https://github.com/inejge/ldap3
I like this idea. Any pointers on how?
I like this idea. Any pointers on how?
I think the easier way to make binding by this https://github.com/neon-bindings/neon
It should be relatively easy because we do not need many features. If you want, I can try/help next week.
PS Of course, true JS implementation has some benefits, but we do not have easy solutions in the current situation.
It seems like we are using one filter
: https://github.com/ldapjs/filter. Do we need it? As I understand, it's IR, and in our case, (${userAttr}=${userName})
it's overkill.
For the rust idea, I think it will be easier to implement high-level functions - _searchUser
and _searchUserGroups
.
It seems like we are using one
filter
: https://github.com/ldapjs/filter. Do we need it? As I understand, it's IR, and in our case,(${userAttr}=${userName})
it's overkill.
What is IR
? Now I look into the code, it does seem over complicated in the ldapjs/filter
implementation. But I wonder if we simply use string substitute, do we need to do any pre-processing of the user input to ease any security injection concern? Of course, I am not sure the filter
lib does that, but I just assume it does something.
The neon-bindings is a really nice lib. I searched and there is another one called napi-rs. Have you compared these two?
What is IR?
https://en.wikipedia.org/wiki/Intermediate_representation
do we need to do any pre-processing of the user input to ease any security injection concern?
Yes, sure, but it is trivial; all literals should be escaped. Rust lib already supports it: https://docs.rs/ldap3/0.11.3/ldap3/fn.ldap_escape.html
The neon-bindings is a really nice lib. I searched and there is another one called napi-rs. Have you compared these two?
Yeah, it seems like napi-rs even better! https://napi.rs/docs/more/neon
Cool let me try it out next week and see how is it going.
Any ideas on what we can do in replacement of ldapjs? This package is something my company relies on heavily and with it not being maintained anymore throws a huge plot twist into our current work with our client. Is there another open source ldap package that can replace ldapjs or something I/we can contribute to?