This is a simple wrapper around ldapjs for basic operations against an Active Directory instance. If you're looking for a robust interface, you may be interested in activedirectory2.
What can you do with adldap
?
- Issue generic searches
- Find users
- Authenticate arbitrary users
- Determine if a user is a member of a specific group
- Update specific attribute values
This library was written because activedirectory2
pulls back too much data
when retreiving groups. I merely need the list of names; activedirectory2
pulls back much more information than that.
If I ever get the time and desire, I may flesh out this library more. Pull requests are always welcome.
const adldapFactory = require('adldap')()
const client = adldapFactory({
searchUser: 'dn=Generic Searcher,ou=accounts,dn=example,dn=com',
searchUserPass: 'supersecret',
ldapjs: {
url: 'ldaps://ad.example.com',
searchBase: 'dn=example,dn=com',
scope: 'sub'
}
})
// You must bind before you can do anything else.
client.bind()
.then(() => {
client.findUser('someUser')
.then((user) => console.log(user.memberOf))
.catch((err) => console.error(err))
.then(() => client.unbind())
})
.catch((err) => console.error(err))
You could also "flatten" the code via Bluebird and bluebird-co:
const Promise = require('bluebird')
require('bluebird-co')
function * doItGenerator () {
try {
yield client.bind()
const user = yield client.findUser('someUser')
console.log(user.memberOf)
yield client.unbind()
} catch (e) {
console.error(e.message)
}
}
const doIt = Promise.coroutine(doItGenerator)
doIt()
searchUser
: A fully qualified DN to a user that can perform searches against your Active Directory.searchUserPass
: The search user's password, obviously.ldapjs
url
: The URL to your Active Directory in LDAP format.searchBase
: Default search base to use for all searches unless overridden by a method's options.scope
: The default search scope to use for all searches unless overridden by a method's options. Can be 'base', 'one', or 'sub'. Defaults to 'base'. (optional)attributes
: An array of default attributes to return with searches. The default list is['dn', 'cn', 'sn', 'givenName', 'mail', 'memberOf']
. If overridden by a method, you must supply the complete list of attributes you want. (optional)
The full documentation is included in the api.md document.
authenticate(username, password)
bind()
findUser(username, options)
search(base, options, controls)
unbind()
userInGroup(username, groupName)
replace(dn, change)
replaceAttribute(cn, attribute, value)
incrementAttribute(cn, attribute)