musterroll-ldap/index.js at master · cloudfleet/musterroll-ldap · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
var ldap = require('ldapjs');
var bunyan = require('bunyan');
var ldap_handler = require('./lib/ldap_handler');

var SimpleLdapServer = function(options)
{
    var rootDN = options["rootDN"] || 'dc=users, dc=example, dc=com';
    var userStore = options["userStore"];
    var domain = options["domain"];

    var ldapHandler = options["ldap_handler"] || ldap_handler.createHandler(
        {
            userStore: userStore,
            rootDN: rootDN,
            domain: domain
        }
    );

    var log = bunyan.createLogger({name: "musterroll-ldap"});
    var server = ldap.createServer();
    server.log = log;


    server.bind('ou=users,'+rootDN, function(req, res, next) {
        console.log('binding ' + req.dn.rdns[0].cn);
        var password = req.credentials;
        var username = req.dn.rdns[0].cn;

        if (!userStore.authorize(username, password))
        {
            return next(new ldap.InvalidCredentialsError());
        }
        res.end();
        return next();
    });


    server.search(rootDN, function(req, res, next) {
        console.log("scope "+req.scope+", filter "+req.filter+", baseObject "+req.baseObject+", controls "+JSON.stringify(req.controls));
        ldapHandler.handleSearch(req, res);
        res.controls = req.controls;
        res.end();
        return next();
    });

    /*
     * Configuration searches (TODO: Check if we really need this?)
     */

    server.search('', function(req, res, next) {

        var baseObject = {
            dn: '',
            structuralObjectClass: 'OpenLDAProotDSE',
            configContext: 'cn=config',
            attributes: {
                objectclass: ['top', 'OpenLDAProotDSE'],
                namingContexts: [rootDN],
                supportedLDAPVersion: ['3'],
                subschemaSubentry:['cn=Subschema']
            }
        };
        if('base' == req.scope
            && '(objectclass=*)' == req.filter.toString()
            && req.baseObject == ''){
            res.send(baseObject);
        }
        res.end();
        return next();
    });

    server.search('cn=Subschema', function(req, res, next) {
        var schema = {
            dn: 'cn=Subschema',
            attributes: {
                objectclass: ['top', 'subentry', 'subschema', 'extensibleObject'],
                cn: ['Subschema']
            }
        };
        res.send(schema);
        res.end();
        return next();
    });


    this.ldapjsServer = server;

};

module.exports = {
    createServer: function(options){
        var server = new SimpleLdapServer(options);
        return server.ldapjsServer;
    }
};