-
-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
First working version after node-ldapauth-fork fork
### Added - New, required, configuration property `domainDn`, which points to the distinguished name of the domain root (e.g. `dc=corp,dc=example,dc=com`) - `searchFilterByDN` configuration property, which defaults to `(&(objectCategory=user)(objectClass=user)(distinguishedName={{dn}}))` - `searchFilterByUPN` configuration property, which defaults to `(&(objectCategory=user)(objectClass=user)(userPrincipalName={{upn}}))` - `searchFilterBySAN` configuration property, which defaults to `(&(objectCategory=user)(objectClass=user)(samAccountName={{username}}))` - Users can now be authenticated both by their user principal name, or UPN, (`user@example.com`) and down-level logon name (`EXAMPLE\user`) - A user's `primaryGroupID` is now used to resolve the primary group object and prepend it to `memberOf` and `_groups` - Group membership is now fetched recursively and represents all the groups a user is an _effective_ member of ### Removed - `searchFilter` configuration property, which has has been split into `searchFilterByDN`, `searchFilterByUPN`, and `searchFilterBySAN` - `cutarelease.py` build step, in favour of a manual release workflow. This may be reconsidered at a later time. ### Changed - The authentication process now attempts to bind the user's credentials first. Subsequent LDAP queries use the client bound to the user's credentials - Groups are now fetched by default instead of on-demand - `searchBase` now defaults to the value of `domainDn` and isn't required to be explicitly set - `groupSearchFilter` now defaults to `(&(objectCategory=group)(objectClass=group)(member={{dn}}))` - Dependency versions now use caret (`^`), except for `ldapjs`, which refers to `master`, pending a future release
- Loading branch information
1 parent
227327a
commit ea60fc2
Showing
11 changed files
with
680 additions
and
1,139 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,4 @@ | ||
Vartan Simonian <vsimonianpress@gmail.com> (https://github.com/vsimonian) | ||
Vesa Poikajärvi <vesa.poikajarvi@iki.fi> | ||
Trent Mick <trentm@gmail.com> (http://trentm.com) | ||
Jacques Marneweck (https://github.com/jacques) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
# Change log | ||
|
||
## 0.1.0 | ||
First working version after being forked from node-ldapauth-fork | ||
|
||
### Added | ||
- New, required, configuration property `domainDn`, which points to the | ||
distinguished name of the domain root (e.g. `dc=corp,dc=example,dc=com`) | ||
- `searchFilterByDN` configuration property, which defaults to | ||
`(&(objectCategory=user)(objectClass=user)(distinguishedName={{dn}}))` | ||
- `searchFilterByUPN` configuration property, which defaults to | ||
`(&(objectCategory=user)(objectClass=user)(userPrincipalName={{upn}}))` | ||
- `searchFilterBySAN` configuration property, which defaults to | ||
`(&(objectCategory=user)(objectClass=user)(samAccountName={{username}}))` | ||
- Users can now be authenticated both by their user principal name, or UPN, | ||
(`user@example.com`) and down-level logon name (`EXAMPLE\user`) | ||
- A user's `primaryGroupID` is now used to resolve the primary group object and | ||
prepend it to `memberOf` and `_groups` | ||
- Group membership is now fetched recursively and represents all the groups a | ||
user is an _effective_ member of | ||
|
||
### Removed | ||
- `searchFilter` configuration property, which has has been split into | ||
`searchFilterByDN`, `searchFilterByUPN`, and `searchFilterBySAN` | ||
- `cutarelease.py` build step, in favour of a manual release workflow. This may | ||
be reconsidered at a later time. | ||
|
||
### Changed | ||
- The authentication process now attempts to bind the user's credentials first. | ||
Subsequent LDAP queries use the client bound to the user's credentials | ||
- Groups are now fetched by default instead of on-demand | ||
- `searchBase` now defaults to the value of `domainDn` and isn't required to be | ||
explicitly set | ||
- `groupSearchFilter` now defaults to | ||
`(&(objectCategory=group)(objectClass=group)(member={{dn}}))` | ||
- Dependency versions now use caret (`^`), except for `ldapjs`, which refers to | ||
`master`, pending a future release |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.