-
Notifications
You must be signed in to change notification settings - Fork 31
Expand file tree
/
Copy pathLDAPAuth.ts
More file actions
69 lines (61 loc) · 1.47 KB
/
LDAPAuth.ts
File metadata and controls
69 lines (61 loc) · 1.47 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
import * as LdapAuth from 'ldapauth-fork';
import * as fs from 'fs';
import { IAuthentication } from '../interfaces/Authentication.js';
import { Logger } from '../logger/Logger.js';
interface ILDAPAuthOptions {
/** ldap url
* e.g. ldaps://ldap.google.com
*/
url: string;
/** base DN
* e.g. 'dc=hokify,dc=com', */
base: string;
tls: {
keyFile: string;
certFile: string;
};
/** tls options
* e.g. {
servername: 'ldap.google.com'
} */
tlsOptions?: any;
/**
* searchFilter
*/
searchFilter?: string;
}
export class LDAPAuth implements IAuthentication {
private logger = new Logger('LDAPAuth');
private ldap: LdapAuth;
constructor(config: ILDAPAuthOptions) {
const tlsOptions = {
key: fs.readFileSync(config.tls.keyFile),
cert: fs.readFileSync(config.tls.certFile),
...config.tlsOptions,
};
this.ldap = new LdapAuth({
url: config.url,
searchBase: config.base,
tlsOptions,
searchFilter: config.searchFilter || '(uid={{username}})',
reconnect: true,
});
this.ldap.on('error', (err) => {
this.logger.error('LdapAuth: ', err);
});
}
async authenticate(username: string, password: string): Promise<boolean> {
const authResult: boolean = await new Promise((resolve, reject) => {
this.ldap.authenticate(username, password, (err, user) => {
if (err) {
resolve(false);
this.logger.error('ldap error', err);
// reject(err);
}
if (user) resolve(user);
else reject();
});
});
return authResult;
}
}