waterlock-ldap-auth is a module for waterlock providing a LDAP authentication method for users based on customizeable LDAP queries. It uses ldapauth-fork to faciliate LDAP authentication.
npm install waterlock-ldap-authset the following option in your waterlock.js config file
authMethod:[
{
name: "waterlock-ldap-auth",
connection: {
url: "ldaps://ldap.example.com:636",
bindDn: "uid=myadminusername,ou=users,o=example.com",
bindCredentials: "mypassword",
searchBase: "ou=users,o=example.com",
searchFilter: "(uid={{username}})",
cache: true
},
attributes: {}
}
]LDAP auth adds the following attributes onto the Auth model:
entryUUID: {
type: 'string',
unique: true
},
dn: {
type: 'string',
unique: true
}They map the dn and theentryUUID values of the LDAP user to the Auth
model.
With the way waterlock is designed and this model you can override any of these attributes.
waterlock-ldap-auth will create a new Auth and User if LDAP authentication succeeds but no Auth/User is found.
It is possible to map attributes from the LDAP user object to the Auth model
automatically. Just add objects to the attributes property:
authMethod:[
{
name: "waterlock-ldap-auth",
connection: { ... },
attributes: {
uid: {
uid: {
type: 'string'
}
},
cn: {
fullname: {
type: 'string'
}
},
mail: {
email: {
type: 'string'
}
}
}
}
]This example adds a mapping from LDAP to Auth model:
| LDAP | Auth model |
Type |
|---|---|---|
| uid | uid | string |
| cn | fullname | string |
| string |
Waterlock LDAP Auth is licensed under the MIT license. See the LICENSE file for more details.