-
Notifications
You must be signed in to change notification settings - Fork 2.8k
/
ldaputil.js
121 lines (103 loc) · 2.89 KB
/
ldaputil.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
var util = require('util')
var ldap = require('ldapjs')
var Promise = require('bluebird')
function InvalidCredentialsError(user) {
Error.call(this, util.format('Invalid credentials for user "%s"', user))
this.name = 'InvalidCredentialsError'
this.user = user
Error.captureStackTrace(this, InvalidCredentialsError)
}
util.inherits(InvalidCredentialsError, Error)
// Export
module.exports.InvalidCredentialsError = InvalidCredentialsError
// Export
module.exports.login = function(options, username, password) {
function tryConnect() {
var resolver = Promise.defer()
var client = ldap.createClient({
url: options.url
, timeout: options.timeout
, maxConnections: 1
})
if (options.bind.dn) {
client.bind(options.bind.dn, options.bind.credentials, function(err) {
if (err) {
resolver.reject(err)
}
else {
resolver.resolve(client)
}
})
}
else {
resolver.resolve(client)
}
return resolver.promise
}
function tryFind(client) {
var resolver = Promise.defer()
var query = {
scope: options.search.scope
, filter: new ldap.AndFilter({
filters: [
new ldap.EqualityFilter({
attribute: 'objectClass'
, value: options.search.objectClass
})
, new ldap.EqualityFilter({
attribute: options.search.field
, value: username
})
]
})
}
client.search(options.search.dn, query, function(err, search) {
if (err) {
return resolver.reject(err)
}
function entryListener(entry) {
resolver.resolve(entry)
}
function endListener() {
resolver.reject(new InvalidCredentialsError(username))
}
function errorListener(err) {
resolver.reject(err)
}
search.on('searchEntry', entryListener)
search.on('end', endListener)
search.on('error', errorListener)
resolver.promise.finally(function() {
search.removeListener('searchEntry', entryListener)
search.removeListener('end', endListener)
search.removeListener('error', errorListener)
})
})
return resolver.promise
}
function tryBind(client, entry) {
return new Promise(function(resolve, reject) {
client.bind(entry.object.dn, password, function(err) {
if (err) {
reject(new InvalidCredentialsError(username))
}
else {
resolve(entry.object)
}
})
})
}
return tryConnect().then(function(client) {
return tryFind(client)
.then(function(entry) {
return tryBind(client, entry)
})
.finally(function() {
client.unbind()
})
})
}
// Export
module.exports.email = function(user) {
return user.mail || user.email || user.userPrincipalName
}