search

vesse / node-ldapauth-fork

Simple node.js module to authenticate against an LDAP server
Other
127 stars 79 forks source link

feat(auth-without-admin): let get request user data itself #93

Closed JaviPG closed 3 years ago

JaviPG commented 3 years ago

Allows to validate a user and return the requested user information without the need to use admin credentials.

For use user data requested, use {{username}} and {{password}} into opts config:

bindDN: 'uid={{username}},dc=example,dc=com',   
bindCredentials: '{{password}}',
sebthom commented 3 years ago

@vesse I really hope your project isn't dead because the last commit was half a year ago. but can we please have this! :pray:

JaviPG commented 3 years ago

@vesse I really hope your project isn't dead because the last commit was half a year ago. but can we please have this! 🙏

Hi @vesse , Currently my project is deployed in production environment and it working properly.

vesse commented 3 years ago

Hi @JaviPG,

This works if you use each client instance only once, but otherwise it doesn't as the admin client is bound with the credentials of the first user who tries to authenticate, and these credentials are then used as the admin credentials for all subsequent authenticate requests. Additionally, if the first call fails to authenticate so will all the next calls too.

As this lib is intended to be initialised once and used for multiple authentication requests this is obviously something that cannot be merged.

As an example, here the first call has invalid password and the second one has valid password but still fails because bind crendentials are set to the initial, invalid ones.

const optsWithoutAdmin: LdapAuth.Options = {
  url: 'ldap://ldap.forumsys.com:389',
  bindDN: 'uid={{username}},dc=example,dc=com',
  bindCredentials: '{{password}}',
  searchBase: 'dc=example,dc=com',
  searchFilter: '(uid={{username}})',
  groupSearchFilter: '(member={{dn}})',
  groupSearchBase: 'dc=example,dc=com'
};

const authWithoutAdmin = new LdapAuth(optsWithoutAdmin);

authWithoutAdmin.on('error', (err) => {
  console.warn('Admin error', err);
});

authWithoutAdmin.authenticate('riemann', 'invalid-password', (err, user) => {
  if (err) {
    console.warn('Authenticate error', err);
  }

  authWithoutAdmin.authenticate('riemann', 'password', (err, user) => {
    if (err) {
      console.warn('Authenticate error with valid credentials', err);
    }

    authWithoutAdmin.close();
  });

});