apostrophe-ldap-login

ldap login for apostrophe sites

Usage no npm install needed!

<script type="module">
  import apostropheLdapLogin from 'https://cdn.skypack.dev/apostrophe-ldap-login';
</script>

README

apostrophe-ldap-login

This module allows users to log into your Apostrophe site via their LDAP account, as an optional alternative to using their password.

There must be an existing user on the site with the same email address as the LDAP account.

Installation

This module also requires that you install the passport module globally, so that we can be sure the same instance of passport is seen by both Apostrophe's standard login and apostrophe-ldap-login.

npm install --save apostrophe-ldap-login
npm install --save passport

Configuration

First, you must require passport in app.js:

var passport = require('passport');

Third, you must configure the apostrophe-ldap-login module in app.js, along with the other modules of your project:

  modules: {
    "apostrophe-ldap-login": {
      url: 'ldap://localhost',
      bindDn: 'cn=Administrator',
      bindCredentials: 'secret',
      searchBase: 'dc=example,dc=com',

      // Make sure you pass in passport
      passport: passport,

      // Where to redirect the user if LDAP login fails, or they
      // have an account but it is not associated with your site.
      // Sending them to your login page is a good choice. You might
      // override it with a suitable error message in this case.
      failureRedirect: '/login?query=ldapFailure=1'
    },
    // ... other modules ...
  }

Note: you may want to use data/local.js to merge different settings on your production server, so you can continue to test LDAP login in development as well. That looks like this:

// In data/local.js
module.exports = {
  // Other settings, then...
  modules: {
    'apostrophe-ldap-login': {
      url: 'ldap://ldap.production.site.com',
      baseUrl: 'http://my.production.site.com'
    }
  }
};

Usage

To change authentication to LDAP, just copy loginBase.html to views/global and change /login to /apos-ldap-login.

That's all there is to it!