plugin-auth-ldap/index.js

var LdapClient = require('ldapjs-client');
var session = require('express-session');
var router = module.parent.router;

module.exports = function(plugin) {
  plugin.defaults({
    "session": {
      secret: 'session-ldap',
      resave: false,
      saveUninitialized: true
    },
    // See https://github.com/joyent/node-ldapjs/blob/master/docs/client.md#create-a-client
    "bind": {
      dn: "cn=%u,ou=People,dc=domain",
      password: "%u"
    }
  });

  var ldap = new LdapClient(plugin.conf.options)

  function requestAuth(res) {
    res.set('WWW-Authenticate', 'Basic realm="Auth"');
    res.status(401).send('Auth required.');
  }

  router.all('*', session(plugin.conf.session));
  router.all('*', function(req, res, next) {
    if (req.session.isValid) {
      next();
      return;
    }
    // parse login and password from headers
    var b64auth = (req.headers.authorization || '').split(' ')[1] || '';
    var strauth = new Buffer(b64auth, 'base64').toString();
    var splitIndex = strauth.indexOf(':');
    var login = strauth.substring(0, splitIndex);
    var password = strauth.substring(splitIndex + 1);

    if (!login || !password) {
      requestAuth(res);
      return;
    }

    ldap.bind(plugin.conf.bind.dn.replace('%u', login), plugin.conf.bind.password.replace('%p', password))
    .then(function() {
      req.session.isValid = true;
      ldap.unbind(function(err) {
        console.log('E: ldap.unbind: ', err)
      })
      next();
    })
    .catch(function(err) {
      console.log('E: ldap.bind: ', err)
      requestAuth(res);
    })

  });
};
Add code for 2.0.0 1.0.0 shall never see the light of day due to it relying on some cowboy coder's abandoned ldap client. 2019-01-15 19:15:20 -08:00			`var LdapClient = require('ldapjs-client');`
			`var session = require('express-session');`
			`var router = module.parent.router;`

			`module.exports = function(plugin) {`
			`plugin.defaults({`
			`"session": {`
			`secret: 'session-ldap',`
			`resave: false,`
			`saveUninitialized: true`
			`},`
			`// See https://github.com/joyent/node-ldapjs/blob/master/docs/client.md#create-a-client`
			`"bind": {`
			`dn: "cn=%u,ou=People,dc=domain",`
			`password: "%u"`
			`}`
			`});`

			`var ldap = new LdapClient(plugin.conf.options)`

			`function requestAuth(res) {`
			`res.set('WWW-Authenticate', 'Basic realm="Auth"');`
			`res.status(401).send('Auth required.');`
			`}`

			`router.all('*', session(plugin.conf.session));`
			`router.all('*', function(req, res, next) {`
			`if (req.session.isValid) {`
			`next();`
			`return;`
			`}`
			`// parse login and password from headers`
			`var b64auth = (req.headers.authorization \|\| '').split(' ')[1] \|\| '';`
			`var strauth = new Buffer(b64auth, 'base64').toString();`
			`var splitIndex = strauth.indexOf(':');`
			`var login = strauth.substring(0, splitIndex);`
			`var password = strauth.substring(splitIndex + 1);`

			`if (!login \|\| !password) {`
			`requestAuth(res);`
			`return;`
			`}`

			`ldap.bind(plugin.conf.bind.dn.replace('%u', login), plugin.conf.bind.password.replace('%p', password))`
			`.then(function() {`
			`req.session.isValid = true;`
			`ldap.unbind(function(err) {`
			`console.log('E: ldap.unbind: ', err)`
			`})`
			`next();`
			`})`
			`.catch(function(err) {`
			`console.log('E: ldap.bind: ', err)`
			`requestAuth(res);`
			`})`

			`});`
			`};`