Authorization Filtering for NodeJS Express Application (uses:NTLM + LDAP + JWT)

Usage no npm install needed!

<script type="module">
  import acastellonAuth from 'https://cdn.skypack.dev/@acastellon/auth';



Authentication Control System for microservices that uses a combination of NTLM + LDAP + JWT to check the security


module.exports = {
    url: 'ldap://<address>:389'
    ,DOMAIN : '<domain>'
    ,baseDN: '<baseDN>'
    ,username: '<user-ldap>'
    ,password: '<password>'
    ,NTLM_DEBUG: false // to activate log messages 

    ,CNAME: 'dev.example.com'
    ,passToken: '<passphrase-optional>'  /* if doesn't exists the module generates ones automatically */
    ,EXPIRES: 86400                     /* JWT expires in 24 hours */
    ,MOCKUP_USERS : ['acastellon','lskywalker']
    ,MOCKUP_ROLES : ['User','Admin']
    ,ROLES : {
        'User': 'GI RD USER '
        , 'Admin': 'GI RD  ADMINISTRATOR '
        , 'Viewer': 'GI RD  VIEWER '

const auth      = require('@acastellon/auth')(def_auth);

In case of Authentication based in NTLM (normally is related to the Server Web FrontEnd), use:.


In case of Authentication based in JWT use:


Uses an internal cache to avoid continues queries to the LDAP server.

@TODO: update the cache when throws the expiration of the token.      

Values in Header created:

  x-access-token        - JWT generated 
  is-authenticated      - a flag if it was validated already for ldap 
  auth-user             - name of the user validated

Note: In order to increase the Security (if it's required) we could use the following techniques:

  • reduce the expiration time for the tokens
  • create a hash with : < users >: < passwordToken-autogenerated >

all in order that practically every request contain a new token (but this tech. decrease the performance)