adldap

This is a simple wrapper around ldapjs for basic operations against an Active Directory instance. If you're looking for a robust interface, you may be interested in activedirectory2.

What can you do with adldap?

• Issue generic searches
• Find users
• Authenticate arbitrary users
• Determine if a user is a member of a specific group
• Update specific attribute values

This library was written because activedirectory2 pulls back too much data when retreiving groups. I merely need the list of names; activedirectory2 pulls back much more information than that.

If I ever get the time and desire, I may flesh out this library more. Pull requests are always welcome.

Example

const adldapFactory = require('adldap')()
const client = adldapFactory({
  searchUser: 'dn=Generic Searcher,ou=accounts,dn=example,dn=com',
  searchUserPass: 'supersecret',
  ldapjs: {
    url: 'ldaps://ad.example.com',
    searchBase: 'dn=example,dn=com',
    scope: 'sub'
  }
})

// You must bind before you can do anything else.
client.bind()
  .then(() => {
    client.findUser('someUser')
      .then((user) => console.log(user.memberOf))
      .catch((err) => console.error(err))
      .then(() => client.unbind())
  })
  .catch((err) => console.error(err))

You could also "flatten" the code via Bluebird and bluebird-co:

const Promise = require('bluebird')
require('bluebird-co')

function * doItGenerator () {
  try {
    yield client.bind()

    const user = yield client.findUser('someUser')
    console.log(user.memberOf)

    yield client.unbind()
  } catch (e) {
    console.error(e.message)
  }
}

const doIt = Promise.coroutine(doItGenerator)
doIt()

Config

• searchUser: A fully qualified DN to a user that can perform searches against your Active Directory.
• searchUserPass: The search user's password, obviously.
• ldapjs
  • url: The URL to your Active Directory in LDAP format.
  • searchBase: Default search base to use for all searches unless overridden by a method's options.
  • scope: The default search scope to use for all searches unless overridden by a method's options. Can be 'base', 'one', or 'sub'. Defaults to 'base'. (optional)
  • attributes: An array of default attributes to return with searches. The default list is ['dn', 'cn', 'sn', 'givenName', 'mail', 'memberOf']. If overridden by a method, you must supply the complete list of attributes you want. (optional)

Methods

The full documentation is included in the api.md document.

• authenticate(username, password)
• bind()
• findUser(username, options)
• search(base, options, controls)
• unbind()
• userInGroup(username, groupName)
• replace(dn, change)
• replaceAttribute(cn, attribute, value)
• incrementAttribute(cn, attribute)

License

MIT License

3.1.0

From this release forward, release notes will be available at https://github.com/jsumners/adldap/releases

3.0.1

• Fix for usernames tha start with cn or dn not being processed correctly

3.0.0

• Update dependencies
• Refactor code into object literals
• Breaking change: switch logger to abstract-logging
• Switch testing framework to node-tap and remove gulp ecosystem
• Fix #authenticate not returning false for invalid credentials errors

2.0.0

• Breaking change: alters the search method to handle the Response events internally. The result of the search method is now a Promise that either resolves to an array of search results or rejects with an Error.
• Update dependencies

1.0.1

• In some instances the authenticate method would not return. This seems to be because Bluebird's coroutine doesn't support yield *; though, I'm not certain of that. In any event, this fix resolves the issue.

1.0.0

• update to standardjs.com code style
• add fairly comprehensive tests
• authenticate() default filter changed to (&(objectcategory=user)(samaccountname=username))
• add support for connecting via Unix domain socket
• switch to Bluebird promise library for more performance