jscas-ad-auth

An Active Directory authentication provider for jscas-server

Usage no npm install needed!

<script type="module">
  import jscasAdAuth from 'https://cdn.skypack.dev/jscas-ad-auth';
</script>

README

jscas-ad-auth

This module is an authentication plugin for JSCAS server. It provides a means to authenticate users against an Active Directory instance.

Configuration

The module requires a configuration object matching:

{
  ad: { // required
    searchUser: 'cn=jsmith,ou=users,dc=example,dc=com', // required
    searchPass: 'jsmith_password', // required
    ldapjs: {
      url: '(ldap|ldaps)://active.directory.server', // required
      searchBase: 'dc=example,dc=com', // required
      scope: 'base' // 'base', 'one', 'sub' default: 'sub'
      }
    }
  },
  allowEmptyPass: false, // ldap returns "true" by default if a password is empty
}

ad

The ad property defines the configuration that will be passed to the underlying adldap module. This configuration is supplied to the adldap module as-is.

ad.searchUser

The username the AD module will use to bind to the server for search operations.

ad.searchUserPass

The password for ad.searchUser.

ad.ldapjs.url

An LDAP URL pointing to your Active Directory server. This property is required.

ad.ldapjs.searchBase

The DN under which all search queries will be performed. This includes authentications.

ad.ldapjs.scope

The search method to use. This module's default is 'sub'.

allowEmptyPass

The LDAP protocol allows empty passwords by default. In the case of empty password it will return a "success" response for the bind operation. In almost all cases, you do not want this to happen. But there may be a rare case that you do, so this is left as an option.

License

MIT License