tastypackets
commented
5 years ago All binds are done using the users credentials, when you call loginUser(). This helps with logging in AD and eliminates the need for a service account in the application, unless you want to use a service account to perform operations without user interaction.
The AD class does not open any connection to the AD server, so no credentials are needed until an operation is being performed.
In this case all operations are handled under the users account, so AD logging will properly show the users attempts to bind / search in AD instead of the logs showing a service account performing a bind. Bind as user -> Query for self as user -> Return result
In the example below the bind operation is executed with username (UPN) test@domain.local and password 123. If the bind is successful it will then perform a search inside AD for this users object, which is returned.
const { ActiveDirectory } = require('node-ad-tools');
const myADConfig = {
url: 'ldap://192.168.1.1', // You can use DNS as well for redundancy in a domain, like domain.local
base: 'dc=domain,dc=local'
}
const myAD = new ActiveDirectory(myADConfig);
myAD.loginUser('test@domain.local','123')
.then(res => {
// If it failed to auth user find out why
if(!res.success) {
console.log(res.message);
return;
}
const user = ActiveDirectory.createUserObj(res.entry);
console.log(user);
})
.catch(err => console.error(err))I hope that helps! Let me know if you have any other questions or think of any changes that would be helpful.
The handling of res.entry and then passing to create user object is clunky and I don't like it, but I left it in case someone needed to access the bin data on the res.entry for things like user photos. I think in the next update I'll keep the res.entry, but add-in the formatted user object or perhaps add a parameter to indicate if you want it add to the res object.
One issue is that there's no place for a user/pass for connecting to the LDAP server, the library is written as if ldap was wide open.