First working version after node-ldapauth-fork fork

### Added - New, required, configuration property `domainDn`, which points to the distinguished name of the domain root (e.g. `dc=corp,dc=example,dc=com`) - `searchFilterByDN` configuration property, which defaults to `(&(objectCategory=user)(objectClass=user)(distinguishedName={{dn}}))` - `searchFilterByUPN` configuration property, which defaults to `(&(objectCategory=user)(objectClass=user)(userPrincipalName={{upn}}))` - `searchFilterBySAN` configuration property, which defaults to `(&(objectCategory=user)(objectClass=user)(samAccountName={{username}}))` - Users can now be authenticated both by their user principal name, or UPN, (`user@example.com`) and down-level logon name (`EXAMPLE\user`) - A user's `primaryGroupID` is now used to resolve the primary group object and prepend it to `memberOf` and `_groups` - Group membership is now fetched recursively and represents all the groups a user is an _effective_ member of ### Removed - `searchFilter` configuration property, which has has been split into `searchFilterByDN`, `searchFilterByUPN`, and `searchFilterBySAN` - `cutarelease.py` build step, in favour of a manual release workflow. This may be reconsidered at a later time. ### Changed - The authentication process now attempts to bind the user's credentials first. Subsequent LDAP queries use the client bound to the user's credentials - Groups are now fetched by default instead of on-demand - `searchBase` now defaults to the value of `domainDn` and isn't required to be explicitly set - `groupSearchFilter` now defaults to `(&(objectCategory=group)(objectClass=group)(member={{dn}}))` - Dependency versions now use caret (`^`), except for `ldapjs`, which refers to `master`, pending a future release
adalinesimonian · Jun 22, 2015 · ea60fc2 · ea60fc2
1 parent 227327a
commit ea60fc2
Show file tree

Hide file tree

Showing 11 changed files with 680 additions and 1,139 deletions.
diff --git a/AUTHORS b/AUTHORS
@@ -1,2 +1,4 @@
+Vartan Simonian <vsimonianpress@gmail.com> (https://github.com/vsimonian)
+Vesa Poikajärvi <vesa.poikajarvi@iki.fi>
 Trent Mick <trentm@gmail.com> (http://trentm.com)
 Jacques Marneweck (https://github.com/jacques)
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -0,0 +1,37 @@
+# Change log
+
+## 0.1.0
+First working version after being forked from node-ldapauth-fork
+
+### Added
+- New, required, configuration property `domainDn`, which points to the
+  distinguished name of the domain root (e.g. `dc=corp,dc=example,dc=com`)
+- `searchFilterByDN` configuration property, which defaults to
+  `(&(objectCategory=user)(objectClass=user)(distinguishedName={{dn}}))`
+- `searchFilterByUPN` configuration property, which defaults to
+  `(&(objectCategory=user)(objectClass=user)(userPrincipalName={{upn}}))`
+- `searchFilterBySAN` configuration property, which defaults to
+  `(&(objectCategory=user)(objectClass=user)(samAccountName={{username}}))`
+- Users can now be authenticated both by their user principal name, or UPN,
+  (`user@example.com`) and down-level logon name (`EXAMPLE\user`)
+- A user's `primaryGroupID` is now used to resolve the primary group object and
+  prepend it to `memberOf` and `_groups`
+- Group membership is now fetched recursively and represents all the groups a
+  user is an _effective_ member of
+
+### Removed
+- `searchFilter` configuration property, which has has been split into
+  `searchFilterByDN`, `searchFilterByUPN`, and `searchFilterBySAN`
+- `cutarelease.py` build step, in favour of a manual release workflow. This may
+  be reconsidered at a later time.
+
+### Changed
+- The authentication process now attempts to bind the user's credentials first.
+  Subsequent LDAP queries use the client bound to the user's credentials
+- Groups are now fetched by default instead of on-demand
+- `searchBase` now defaults to the value of `domainDn` and isn't required to be
+  explicitly set
+- `groupSearchFilter` now defaults to
+  `(&(objectCategory=group)(objectClass=group)(member={{dn}}))`
+- Dependency versions now use caret (`^`), except for `ldapjs`, which refers to
+  `master`, pending a future release
diff --git a/CHANGES.md b/CHANGES.md
diff --git a/LICENSE b/LICENSE
@@ -1,3 +1,4 @@
+Modified Work Copyright 2015 Vartan Simonian.
 Modified Work Copyright 2013 Vesa Poikajärvi.
 Original Work Copyright 2011 Trent Mick.
 All rights reserved.

diff --git a/Makefile b/Makefile
@@ -1,7 +1,8 @@
 #
 # Copyright (c) 2012 Trent Mick
+# Copyright (c) 2015 Vartan Simonian
 #
-# node-ldapauth Makefile
+# node-adauth Makefile
 #
 
 #---- Files
@@ -14,18 +15,10 @@ JSSTYLE_FILES := $(shell find lib -name *.js)
 
 all:
 
-.PHONY: cutarelease
-cutarelease:
-	./tools/cutarelease.py -p ldapauth -f package.json
-
 .PHONY: check-jsstyle
 check-jsstyle: $(JSSTYLE_FILES)
 	./tools/jsstyle -o indent=2,doxygen,unparenthesized-return=0,blank-after-start-comment=0 $(JSSTYLE_FILES)
 
 .PHONY: check
 check: check-jsstyle
-	@echo "Check ok."
-
-.PHONY: prepush
-prepush: check test
-	@echo "Okay to push."
+	@echo "Check ok."
diff --git a/README.md b/README.md
@@ -1,85 +1,57 @@
-Fork of [node-ldapauth](https://github.com/trentm/node-ldapauth) - A simple node.js lib to authenticate against an LDAP server.
+## node-adauth
 
-## Node v0.12 / `dtrace-provider` issue
-
-Currently the latest released version of [ldapjs](https://github.com/mcavage/node-ldapjs) which this module depends on does not install succesfully on Node v0.12 on Mac (see [issue #258](https://github.com/mcavage/node-ldapjs/issues/258)) due to old `dtrace-provider` dependency. To work around the issue, add dependency to `ldapjs` master to your `package.json`:
-
-```json
-{
-  "dependencies": {
-    "ldapjs": "mcavage/node-ldapjs",
-    "ldapauth-fork": "2.3.1"
-  }
-}
-```
-
-## About the fork
-
-This fork was originally created and published because of an urgent need to get newer version of [ldapjs](http://ldapjs.org/) in use to [passport-ldapauth](https://github.com/vesse/passport-ldapauth) since the newer version supported passing `tlsOptions` to the TLS module. Since then a lot of issues from the original module ([#2](https://github.com/trentm/node-ldapauth/issues/2), [#3](https://github.com/trentm/node-ldapauth/issues/3), [#8](https://github.com/trentm/node-ldapauth/issues/8), [#10](https://github.com/trentm/node-ldapauth/issues/10), [#11](https://github.com/trentm/node-ldapauth/issues/11), [#12](https://github.com/trentm/node-ldapauth/issues/12), [#13](https://github.com/trentm/node-ldapauth/pull/13)) have been fixed, and new features have been added as well.
-
-Multiple [ldapjs](http://ldapjs.org/) client options have been made available.
+Fork of [node-ldapauth-fork](https://github.com/vesse/node-ldapauth-fork) targeted towards use with an Active Directory domain.
 
 ## Usage
 
 ```javascript
-var LdapAuth = require('ldapauth-fork');
+var ADAuth = require('adauth');
 var options = {
-    url: 'ldaps://ldap.example.com:636',
-    ...
+    url: 'ldaps://corp.example.com:636',
+    domainDn: 'dc=example,dc=com'
 };
-var auth = new LdapAuth(options);
-...
+var auth = new ADAuth(options);
 auth.authenticate(username, password, function(err, user) { ... });
-...
 auth.close(function(err) { ... })
 ```
 
 ## Install
 
-    npm install ldapauth-fork
+    npm install adauth
 
 
 ## License
 
 MIT. See "LICENSE" file.
 
 
-## `LdapAuth` Config Options
+## `ADAuth` Config Options
 
-[Use the source Luke](https://github.com/vesse/node-ldapauth-fork/blob/master/lib/ldapauth.js#L25-93)
+[Use the source Luke](https://github.com/vsimonian/node-adauth/blob/master/lib/adauth.js#L25-104)
 
 
 ## express/connect basicAuth example
 
 ```javascript
 var connect = require('connect');
-var LdapAuth = require('ldapauth-fork');
+var ADAuth = require('adauth');
 
 // Config from a .json or .ini file or whatever.
 var config = {
-  ldap: {
-    url: "ldaps://ldap.example.com:636",
-    bindDn: "uid=myadminusername,ou=users,o=example.com",
+  ad: {
+    url: "ldaps://corp.example.com:636",
+    bindDn: "CN=LDAP User,OU=Users,OU=MyBusiness,DC=example,DC=com",
     bindCredentials: "mypassword",
-    searchBase: "ou=users,o=example.com",
-    searchFilter: "(uid={{username}})"
+    searchBase: "OU=Users,OU=MyBusiness,DC=example,DC=com"
   }
 };
 
-var ldap = new LdapAuth({
-  url: config.ldap.url,
-  bindDn: config.ldap.bindDn,
-  bindCredentials: config.ldap.bindCredentials,
-  searchBase: config.ldap.searchBase,
-  searchFilter: config.ldap.searchFilter,
-  //log4js: require('log4js'),
-  cache: true
-});
+var ad = new ADAuth(config.ad);
 
 var basicAuthMiddleware = connect.basicAuth(function (username, password, callback) {
-  ldap.authenticate(username, password, function (err, user) {
+  ad.authenticate(username, password, function (err, user) {
     if (err) {
-      console.log("LDAP auth error: %s", err);
+      console.log("AD auth error: %s", err);
     }
     callback(err, user)
   });