ActiveDirectory is an Node.js ldapjs client for authN (authentication) and authZ (authorization) for Microsoft Active Directory with range retrieval support for large Active Directory installations.
License: MIT License
While connecting to secure server, I am getting error (Confidentiality Error ). To solve this I tried to create https node server , but still its the same error.
var ad = new ActiveDirectory(adConfig);
var opts = {
includeMembership: [ 'user' ]
}
ad.getGroupMembershipForUser(opts, req.params.user, function(err, groups) {
if ((err) || (!groups)) {
res.send('ERROR: ' + JSON.stringify(err));
return;
}
res.send(groups);
});
The above will return 4 of each group for some reason:
hi,
is there a chance that the last npm version contains the debug logging?
For most queries I like to use the default baseDN as configured in the instantiation of activedirectory.js
But occasionally I need to lookup users or groups in a specific container. So I tried to do this:
var myopts = {
baseDN: 'OU=Admin Groups,DC=mydomain,DC=com'
};
ad.findUsers(myopts,function(err,users){
if(err){ console.log(this.name +' ERROR: '+ JSON.stringify(err)); return;}
if(!users|| users.length == 0) console.log(this.name + ': No Users Found');
else {
console.log(this.name + ': ' + JSON.stringify(users));
}
});This still lists all users from the whole active directory tree.
I have configured active directory like so in my main app.js like so:
var ad = new ActiveDirectory({
url: 'ldap://pdc.mydomain.com',
baseDN: 'DC=mydomain,DC=com',
username: 'myusername',
password: 'mypassword',
referals: {
enabled: false
},
attributes: {
user: [
'userPrincipalName',
'sAMAccountName',
'mail',
'lockoutTime',
'whenCreated',
'pwdLastSet',
'userAccountControl',
'employeeID',
'sn',
'givenName',
'initials',
'cn',
'displayName',
'comment',
'description',
'memberOf'
]
}
});hi,
every time i run a query that fetch more then about 300 users, it start to be unstable.
which means some time it work and some time i get the econnreset error. any Thoughts about it?
which leads me to the next two question:
hi,
the include membership get an opts object.
but there is no way to change it from outside, because it's internal function.
maybe we need to find a way to pass this object to this internal function.
(for example, in my mongo i save a ref from user to his groups, and i need to save the objectSid because the group dn can be change).
i don't want to change the attributes in include membership hard coded but to pass this somehow.
any ideas?
hi,
i have some test configuration method on the client.
which take the configuration and try to authenticate.
the problem is the authenticate only get user and password so i can't validate the base dn.
which means the test pass ok, but when the user try to search users/groups he can't find anything.
is there anyway to validate also the base dn?
Thx.
Hello. I am getting an error when searching by group and the search results are large.
/node_modules/activedirectory/lib/activedirectory.js:408
result[rangeAttribute.attributeName].push.apply(result[rangeAttribute.attr
TypeError: Cannot read property 'push' of undefined
Any help is appreciated.
The username/password for the admin LDAP config is correct. IDEAS, SUGGESTIONS?
var ad = new ActiveDirectory({ url: 'LDAP://LDAPAUTH.LDAP.< MYDOMAIN >.org',
baseDN: 'OU=SystemUsers,DC=< OUR >,DC=< DOMAIN >DC=local',
username: '< VALIDUSER >',
password: ' <VALID PASSWORD>' });
var username = '< TESTUSERNAME >' ;
var password = '< TESTPASSWORD >' ;
ad.authenticate(username, password, function(err, auth) {
if (err) {
console.log('ERROR: '+JSON.stringify(err));
return;
}
if (auth) {
console.log('Authenticated!');
}
else {
console.log('Authentication failed!');
}
});ERROR: {"dn":"","code":49,"name":"InvalidCredentialsError","message":"80090308: LdapErr: DSID-0C0903A8, comment: AcceptSecurityContext error, data 52e, v1db1\u0000"}
npm install activedrirectory
npm WARN package.json [email protected] No repository field.
npm WARN package.json [email protected] No README data
npm http GET https://registry.npmjs.org/activedrirectory
npm http 404 https://registry.npmjs.org/activedrirectory
npm ERR! 404 'activedrirectory' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it
npm ERR! 404
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, or http url, or git url.
...
...
...
npm ERR! Error: 503 Service Unavailable
npm ERR! at WriteStream. (C:\Program Files\nodejs\node_modules\npm\lib\utils\fetch.js:57:12)
npm ERR! at WriteStream.EventEmitter.emit (events.js:117:20)
npm ERR! at fs.js:1596:14
npm ERR! at C:\Program Files\nodejs\node_modules\npm\node_modules\graceful-fs\graceful-fs.js:103:5
npm ERR! at Object.oncomplete (fs.js:107:15)
Hi,
I am trying to authenticate user against AD. see below test code.
var ActiveDirectory = require('activedirectory');
var ad = new ActiveDirectory('ldaps://remoteserver:636', 'DC=myorg,DC=com');
var username="test_username";
var password="test_password";
ad.authenticate(username, password, function(err, auth) {
if (err) {
console.log('ERROR: '+JSON.stringify(err));
return;
}
if (auth) {
console.log('Authenticated!');
}
else {
console.log('Authentication failed!');
}
});
I ran into below issue executing test. Sounds like a certificate issue.
Can you please suggest how can i fix this?
D:\NODE_JS_CODE\ldapauth>node test.js
events.js:72
throw er; // Unhandled 'error' event
^
Error: CERT_UNTRUSTED
at SecurePair. (tls.js:1370:32)
at SecurePair.EventEmitter.emit (events.js:92:17)
at SecurePair.maybeInitFinished (tls.js:982:10)
at CleartextStream.read as _read
at CleartextStream.Readable.read (_stream_readable.js:320:10)
at EncryptedStream.write as _write
at doWrite (_stream_writable.js:226:10)
at writeOrBuffer (_stream_writable.js:216:5)
at EncryptedStream.Writable.write (_stream_writable.js:183:11)
at write (_stream_readable.js:583:24)
D:\NODE_JS_CODE\ldapauth>
I LOVE this repo, I spent days trying to get ldap.js to work with AD and within minutes it was working thanks to this repo.
I have however added a version of findUser that would allow me to get a list of users based on a filter I pass in. I excluded includeMembership due to potential performance cost. I wasn't sure if you would want a pull request submitted or if it was easier to just cut and paste or if you didn't want to add it to the API so include it below in case anyone else has the same requirement.
/**
* Retrieves the specified users based on the filter provided.
*
* @public
* @param {Object} [opts] Optional LDAP query string parameters to execute. { scope: '', filter: '', attributes: [ '', '', ... ], sizeLimit: 0, timelimit: 0 }
* @param {Function} callback The callback to execute when completed. callback(err: {Object}, user: {User})
*/
ActiveDirectory.prototype.findUsers = function findUsers(opts, callback) {
var self = this
users = []
;
var opts = _.defaults(opts || {}, {
filter: '(samaccountname=*)',
scope: 'sub',
attributes: defaultAttributes.user
});
search.call(self, opts, function onSearch(err, results) {
var i=0;
if (err) {
if (callback) callback(err);
return;
}
if ((! results) || (results.length == 0)) {
if (callback) callback();
return;
}
for(i=0; i<results.length; i++) {
users.push(new User(results[i]));
}
self.emit('users', users);
if (callback) callback(err, users);
});
};
I keep hitting this error. Of course I would think that my displayName is not valid but this error only occurs during a loop. I essentially have a 2D array of emails where each email may or may not be a group email. I have a nested for loop that loops through each email and uses the node-activedirectory.find method to query Active Directory and return either the users email or all user emails within the group. When I search a single array of emails (in my unit test) everything works fine, I am returned all user emails. However, when I run my query more than once (usually around 3 to 5 times or more) in a loop, I get the "Error: displayName= is invalid".
Is there a limit to the number of queries I can do at once? or a limit to the number of queries I can do with a 'new activedirectory()' instance? Most of my code is asynchronous, is it possible two find queries are affecting the same thing?
Thanks
/development/node_modules/activedirectory/node_modules/ldapjs/lib/filters/index.js:206
throw new Error(expr + ' is invalid');
^
Error: displayName= is invalid
at _buildFilterTree (/development/node_modules/activedirectory/node_modules/ldapjs/lib/filters/index.js:206:13)
at _buildFilterTree (/development/node_modules/activedirectory/node_modules/ldapjs/lib/filters/index.js:169:28)
at _buildFilterTree (/development/node_modules/activedirectory/node_modules/ldapjs/lib/filters/index.js:169:28)
at _buildFilterTree (/development/node_modules/activedirectory/node_modules/ldapjs/lib/filters/index.js:164:28)
at _buildFilterTree (/development/node_modules/activedirectory/node_modules/ldapjs/lib/filters/index.js:169:28)
at _parseString (/development/node_modules/activedirectory/node_modules/ldapjs/lib/filters/index.js:417:17)
at Object.module.exports.parseString (/development/node_modules/activedirectory/node_modules/ldapjs/lib/filters/index.js:547:12)
at Client.search (/development/node_modules/activedirectory/node_modules/ldapjs/lib/client/client.js:640:30)
at onAcquire (/development/node_modules/activedirectory/node_modules/ldapjs/lib/client/pool.js:209:19)
at f (/development/node_modules/activedirectory/node_modules/ldapjs/node_modules/pooling/node_modules/once/once.js:16:25)
Hey guy,
I´am new to github and your module. So sorry if I take the wrong way to give you a issue request. When I implement your code as follows in my function, I get a error:
This is my code snippet:
ad.findUsers("cn=*", true, function(err, users) {
if (err) {
console.log('ERROR: ' +JSON.stringify(err));
}
if ((! users) || (users.length === 0)) console.log('No users found.');
else {
console.log('findUsers: '+JSON.stringify(users));
//oUsers.push(users);
}
});
This is the Error:
events.js:85
throw er; // Unhandled 'error' event
^
Error
at messageCallback (/home/electron/projects/itdb/node_modules/ldapjs/lib/client/client.js:867:40)
at Parser.onMessage (/home/electron/projects/itdb/node_modules/ldapjs/lib/client/client.js:199:12)
at Parser.emit (events.js:107:17)
at Parser.write (/home/electron/projects/itdb/node_modules/ldapjs/lib/messages/parser.js:105:8)
at end (/home/electron/projects/itdb/node_modules/ldapjs/lib/messages/parser.js:71:19)
at Parser.write (/home/electron/projects/itdb/node_modules/ldapjs/lib/messages/parser.js:107:10)
at end (/home/electron/projects/itdb/node_modules/ldapjs/lib/messages/parser.js:71:19)
at Parser.write (/home/electron/projects/itdb/node_modules/ldapjs/lib/messages/parser.js:107:10)
at end (/home/electron/projects/itdb/node_modules/ldapjs/lib/messages/parser.js:71:19)
at Parser.write (/home/electron/projects/itdb/node_modules/ldapjs/lib/messages/parser.js:107:10)
My Active Directory Enviroment includes over 1000 entries. Is there a problem with the paging support or is my function not correct?
Thanks
EDIT: The Version I´ve use: [email protected]
Hi,
I think there is an issue with LDAP Referral chase, it seems that when searching a server with a referral to another server the application crashes. When searching a specific server, the search returns only those results that are local, for example if you search for a group, it only shows members that are local even if members from other server exist in the group.
if i call getGroupMembershipForUser with empty opts i won't get the default group attributes.
i invastigate it and found the problem:
getUserDistinguishedName calls
getDistinguishedNames which see that opts is empty and set the attributes key to to be [ 'distinguishedName' ]
then later when we get to
getGroupMembershipForDN which use _.defaults for opts, he get there with opts.attributes already = [ 'distinguishedName' ] so it will not put there the default attributes.
then i will always get just the dn attribute for the groups.
i belive this should be very simple fix, but you have your way to handle the opts object between the function and all the defaults handling so i don't want to touch it my self.
when i call find* with unreachable server, then the callback called twice
first with error:
{"code":"ETIMEDOUT","errno":"ETIMEDOUT","syscall":"connect"}
second with error:
{"dn":"","code":128,"name":"ConnectionError","message":"ldap://serveradress closed"}
it breaks the flow because every error care called twice.
(in my case, i'll send an error in response, so in this case, my server totally crashed because i'm trying to set headers of already sent response)
any ideas?
thx!
I've been trying every which way to find users by a saved objectGUID, but nothing seems to be working.
I've tried filters using the RFC 2254 binary string format (which works in my LDAP test tools) and I get no result.
MS suggests binding to an ldap:://server/<GUID=guid> format to get info, but I couldn't figure out how to make that work either.
Is this a bug or some hole in my understanding of how things work? Either way, a fix would be most helpful. :-)
Can you license this under MIT?
I am so glad to have found this and would like to use it on a project, but the Company requires an MIT license on software before they will allow it to be used.
Thank you :)
hi,
i don't know why, but when i try to use authenticate function and the user have uppercase letters on his password i always get a credentials error.
{
"dn": "",
"code": 49,
"name": "InvalidCredentialsError",
"message": "80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db0\u0000"
}
hi,
for my syncer process i also need to query deleted users/groups.
i have the sid of this users/groups.
i know there is some flag called isDeleted or something like this, but i can't figure out how to use it with activedirectory.js.
any help will be welcome.
thx.
It would be helpful to specify a timeout, if ldap is unavailable the request waits until timeout and crashes.
I am having trouble authenticating and have tried several configurations. Not sure what I am doing wrong. I keep getting
ERROR: {"dn":"","code":49,"name":"InvalidCredentialsError","message":"80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext error, data 52e, v2580\u0000"}
I really only need the ability to determine if an email is a group email, and if so, get all the emails associated with that group.
Is it required that you pass in admin user credentials? in the config for:
var ad = new ActiveDirectory(config);
I have a password (and no username) that is used to access Active directory using npm ldap, for authenticating users name/password at login for the app. But it seems that activedirectory requires an admin username in the config, which I don't have.
i have tried to use this but can't make it work.
when i use findUsers with includeDeleted it work well.
i have compared the params for client.search call and see the following:
findUsers with includeDelted falg:
base = DC=my,DC=domain,DC=com
opts - does not have controls key
sceop = sub
findDeleted:
base = ou=Deleted Objects,DC=my,DC=domain,DC=com
opts - does have controls key
sceop = base
both send the same controls array (outside the opts object).
this is the main error i get
{"name":"ActiveDirectory","hostname":"my-comp","pid":7832,"level":50,"err":{"message":"0000208D: NameErr: DSID-0310020A, problem 2001 (NO_OBJECT), data 0, best match of:\n\t'DC=my,DC=doamin,DC=com'\n\u0000","name":"NoSuchObjectError","stack":"NoSuchObjectError: 0000208D: NameErr: DSID-0310020A, problem 2001 (NO_OBJECT), data 0, best match of:\n\t'DC=my,DC=doamin,DC=com'\n\u0000\n at messageCallback (C:\\Dev\\Projects\\node-activedirectory\\node_modules\\ldapjs\\lib\\client\\client.js:867:40)\n at Parser.onMessage (C:\\Dev\\Projects\\node-activedirectory\\node_modules\\ldapjs\\lib\\client\\client.js:199:12)\n at Parser.EventEmitter.emit (events.js:95:17)\n at Parser.write (C:\\Dev\\Projects\\node-activedirectory\\node_modules\\ldapjs\\lib\\messages\\parser.js:105:8)\n at Socket.onData (C:\\Dev\\Projects\\node-activedirectory\\node_modules\\ldapjs\\lib\\client\\client.js:155:24)\n at Socket.EventEmitter.emit (events.js:95:17)\n at Socket.<anonymous> (_stream_readable.js:746:14)\n at Socket.EventEmitter.emit (events.js:92:17)\n at emitReadable_ (_stream_readable.js:408:10)\n at emitReadable (_stream_readable.js:404:5)","code":32},"msg":"[UNKNOWN] An error occurred performing the requested LDAP search on ou=Deleted Objects,DC=my,DC=doamin,DC=com ({\"filter\":\"dn=*del*\",\"scope\":\"base\",\"attributes\":[\"attributeID\",\"attributeSyntax\",\"dnReferenceUpdate\",\"dNSHostName\",\"flatName\",\"governsID\",\"groupType\",\"instanceType\",\"lDAPDisplayName\",\"legacyExchangeDN\",\"mS-DS-CreatorSID\",\"mSMQOwnerID\",\"nCName\",\"objectClass\",\"objectGUID\",\"objectSid\",\"oMSyntax\",\"proxiedObjectName\",\"replPropertyMetaData\",\"sAMAccountName\",\"securityIdentifier\",\"sIDHistory\",\"subClassOf\",\"systemFlags\",\"trustPartner\",\"trustDirection\",\"trustType\",\"trustAttributes\",\"userAccountControl\",\"uSNChanged\",\"uSNCreated\",\"whenCreated\",\"msDS-AdditionalSamAccountName\",\"msDS-Auxiliary-Classes\",\"msDS-Entry-Time-To-Die\",\"msDS-IntId\",\"msSFU30NisDomain\",\"nTSecurityDescriptor\",\"uid\"],\"controls\":[{\"_value\":{\"size\":1000},\"type\":\"1.2.840.113556.1.4.319\",\"criticality\":false,\"value\":{\"size\":1000},\"json\":{\"controlType\":\"1.2.840.113556.1.4.319\",\"criticality\":false,\"controlValue\":{\"size\":1000}}},{\"type\":\"1.2.840.113556.1.4.417\",\"criticality\":true,\"value\":null,\"json\":{\"controlType\":\"1.2.840.113556.1.4.417\",\"criticality\":true,\"controlValue\":null}}],\"includeDeleted\":true})","time":"2014-11-23T16:15:53.614Z","v":0}
when i have configuration with non exist baseDN and i call to find* functions i never go back to callback.
i just need to wait and wait for ever and i'm stuck.
tried with find, findUser and findUsers. (believe it will also be the same with group/s find)
is there any callbacks when failure of
var ad = new Activedirectory({...})
This will hang the process
the password is similar to this: xxxxxxxxx%71 or xxxxxxxxx%25
It seems like the ldap.createClient call is decoding that value since its two integers after a %?
Tried encoding the password before calling ad.authenticate - still getting the issue.
Please advise.
Thanks for node-activedirectory and apologies if I'm missing something stupid here - am relatively new to node.js etc.
I'm using node-activedirectory to query our AD to resolve UIDs from e-mails entered on a registration system. It's throwing an error:
events.js:72
throw er; // Unhandled 'error' event
^
Error: read ECONNRESET
at errnoException (net.js:901:11)
at TCP.onread (net.js:556:19)
If I put in a process.on('uncaughtException') I get the results I expect and everything seems fine.
I wondered whether this is something I'm doing wrong or whether something has changed resulting in this behaviour. I'm running the code on OSX (node from brew) and debian 7.1 (node built from the release tarball) both node 0.10.25, [email protected], [email protected], [email protected], [email protected]
Thanks in advance,
Daniel.
My code is:
function addUIDfromEmailTo(email, array){
var opts = { filter:'mail='+email }
activeDirectory.findUser( opts, 'DC=ad,DC=ucl,DC=ac,DC=uk', false, function(err,result){
if (err) {
console.log('Error: ' + err);
return;
}
if (typeof(result)=='undefined'){
console.log('Not found for '+opts.filter);
return;
}
uniqueAdd({name: result.displayName, cn: result.cn}, array);
});
}
Just checking, does it have a failover support in-built?
Say I have two AD servers one being primary and the other being disaster recovery server.
If the primary goes down it should validate against DR server.
or should I build custom logic to deal with server failures?
Is there a way to list all the groups in a specific group with node-activedirectory ? If so how can I manage to do that ?
Thank you in advance
I just wanted to know one thing.
When I do a for loop or a forEach loop calling each time ad.getUsersFromGroup for instance.
Does the plugin create each tie a new tcp connection to the ldap server ? Or is it calling just one ?
I have some issues with that, I reach the system limit of opened file descriptor and I get a EMFILE too many open file and I think its due to that kind of for loop.
If so, is there anyway I can limit the connection pool ?
Thank you in advance
I want to add a filter to getUsersForGroup so I only display users that are not disabled.
I have the following filter !userAccountControl: 1.2.840.113556.1.4.803:=2
By reading the documentation I tried this :
ad.getUsersForGroup({myfilter},groupName,function(err,res)
but I get a Invalid left-hand side in assignment, I think I probably messed up with the syntax of the filter.
we add the root dse function few months ago, because i need a way to validate the baseDN that my user enter. (which works great)
but now i think about it, and the baseDN can also contain ou parts.
is there a way to check all the baseDN include the ou parts? now i can only check the DC parts.
i want to check that the ou is actually exists.
and another 3 general questions about baseDN
when i run search with a lot of results (more then 1000).
i get an Size Limit Exceeded error, but this error are not go to the callback but just thrown.
because of asyn issues, even if i wrap my call to find users with try, catch when this error thrown it's not get to my catch so my server crash.
this is the full error:
events.js:72
throw er; // Unhandled 'error' event
SizeLimitExceededError: Size Limit Exceeded
at messageCallback (myProject\node_modules\ldapjs\lib\client\client.js:867:40)
at Parser.onMessage (myProject\node_modules\ldapjs\lib\client\client.js:199:12)
at Parser.EventEmitter.emit (events.js:95:17)
at Parser.write (myProject\node_modules\ldapjs\lib\messages\parser.js:105:8)
at end (myProject\node_modules\ldapjs\lib\messages\parser.js:71:19)
at Parser.write (myProject\node_modules\ldapjs\lib\messages\parser.js:107:10)
at end (myProject\node_modules\ldapjs\lib\messages\parser.js:71:19)
at Parser.write (myProject\node_modules\ldapjs\lib\messages\parser.js:107:10)
at end (myProject\node_modules\ldapjs\lib\messages\parser.js:71:19)
at Parser.write (myProject\node_modules\ldapjs\lib\messages\parser.js:107:10)
So, there are 3 ways (of which I'm aware) that one might use to pass a username:
[email protected]EXAMPLE\useruserObviously, my users would prefer option 3, if possible. Do I need to go ahead and manually append the UPN suffix (pulled from, perhaps, a config file)? Or is this some setting I can set in AD to allow automatic appending of a default UPN suffix?
Thanks!
Hi,
We have following error on production
util.inherits(ActiveDirectory, events.EventEmitter);
^
ReferenceError: util is not defined
at Object. (/node_modules/activedirectory/lib/activedirectory.js:53:1)
at Module._compile (module.js:456:26)
at Object.Module._extensions..js (module.js:474:10)
at Module.load (module.js:356:32)
at Function.Module._load (module.js:312:12)
at Module.require (module.js:364:17)
at require (module.js:380:17)
at Object. (/node_modules/activedirectory/index.js:1:80)
at Module._compile (module.js:456:26)
at Object.Module._extensions..js (module.js:474:10)
Thank you
I have a group with one user. When I call getUsersForGroup it returns empty set. Also looking at the LDAP payload in wireshark shows some very odd looking filter encoding.
Im using node v0.10.33 on windows and when i try to install using:
npm install activedirectory
I get the error:
c:\Projects\CMSystem\source\cms_services\node_modules\activedirectory\node_modules\ldapjs\node_modules\dtrace-provider>node "C:\WinSDKEnv\sdk\nodejs\node_modules\npm\bin\node-gyp-bin....\node_modules\node-gyp\bin\node-gyp.js" rebuild
gyp ERR! configure error
gyp ERR! stack Error: Can't find Python executable "python", you can set the PYTHON env variable.
gyp ERR! stack at failNoPython (C:\WinSDKEnv\sdk\nodejs\node_modules\npm\node_modules\node-gyp\lib\configure.js:103:14)
gyp ERR! stack at C:\WinSDKEnv\sdk\nodejs\node_modules\npm\node_modules\node-gyp\lib\configure.js:64:11
gyp ERR! stack at Object.oncomplete (evalmachine.:107:15)
gyp ERR! System Windows_NT 6.1.7601
gyp ERR! command "node" "C:\WinSDKEnv\sdk\nodejs\node_modules\npm\node_modules\node-gyp\bin\node-gyp.js" "rebuild"
gyp ERR! cwd c:\Projects\CMSystem\source\cms_services\node_modules\activedirectory\node_modules\ldapjs\node_modules\dtrace-provider
gyp ERR! node -v v0.10.33
gyp ERR! node-gyp -v v0.13.1
gyp ERR! not ok
npm WARN optional dep failed, continuing [email protected]
[email protected] activedirectory
+-- [email protected] ([email protected], [email protected], [email protected], [email protected], [email protected])
I understand what the error is saying about not being able to find python. But i though that this is a pure javascript library. So im not sure what it needs to build. Any inputs would be appreciated.
Hi,
list of all OU -
ad.find('objectClass=organizationalUnit',function(err, ldapResults) {
//ldapResults.other => all OUs
}I have a list of OUs and I want to find all groups that belong to specific OU
Today when you search for user's membership, you are recursive going up tree of membership,
For example, in this case:
group 1
----group 2
--------user 1
If you call findUser for user1 with include membership you will get group1 + group 2.
But when you call search group, you get the member key which contains only the direct members.
For example, in this case if you call findGroup for group1 you will only get group2 but you won't get user 1.
This creates inconsistency in the results because this connection should go the same way in both directions (user to group or group to users).
I think that the right solution for this is to add a parameter to the find* method that defines how many level you go up/down.
If a specific number is too complicated to implement we can start by parameter like:
Direct members/membership or recursive members/membership.
This will define if you only want to get the direct level or you want to go up/down to all the levels recursivly.
thoughts?
Hi,
I'm successfully bringing back the list of users but would like to filter with "enabled users" only from a Windows 2000 server . I've read a ms support blog that setting a filter with Filter "(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))"'
should work but I'm not sure how to do that with the repo. While I've read the doc's, my code keeps failing on my attempts to apply the enabled user filter.
TIA
John
var query = 'cn=*';
// this woorks all enabled and disabled accounts
var ad = new ActiveDirectory({ url: 'ldap://192.X.X.X',
baseDN: 'ou=myusers,dc=mydcname,dc=local',
username: 'administrator',
password: 'xxx' });
ad.findUsers(query, true, function(err, users) {
if (err) {
console.log('ERROR: ' +JSON.stringify(err));
return;
}
if ((! users) || (users.length == 0)) console.log('No users found.');
else {
res.json({data: users});
}
});When the call "findUser()" is taken directly from the file where it is declared, it works correctly, but if performed within a "Meteor" or when it is executed from a "child_process()" application and this script has the command "process.send()" or "process.on('message')", it always returns "undefined" (considering that all the information is entered correctly).
"auhenticate()" works in any situation.
Why?
The others were not tested.
how do you catch the error caused by the unavailability of the authentication server? Specifically the call findUser()?
So, I've tried running the following code:
var authenticateWithLDAP = function( username, password ) {
var ret = Q.defer();
if (useLDAP){
var cfg = {
url: ldapURL,
baseDN: ldapDN,
username: ldapUser,
password: ldapPassword,
};
var ad = new ActiveDirectory(cfg);
ad.authenticate( username, password, function (err, auth) {
ret.resolve( !err );
});
} else {
ret.resolve(null);
}
return ret.promise;
};
...only to get this error:
events.js:66
throw arguments[1]; // Unhandled 'error' event
^
Error: connect ECONNREFUSED
at errnoException (net.js:781:11)
at Object.afterConnect [as oncomplete] (net.js:772:19)
events.js:66
throw arguments[1]; // Unhandled 'error' event
^
Error: connect ECONNREFUSED
at errnoException (net.js:781:11)
at Object.afterConnect [as oncomplete] (net.js:772:19)
This is with an AD service not running at the pointed-to url--problem is, I can't catch that failure. Any ideas where to start looking?
I know that this library implements the function isUserMemberOf that verifies if a user x is in a group y. What I want to implement is a function getUserGroup(user, arrayGroup) that returns the name of the group. This is the current function I wrote but its not working ...
function getUserGroup(user,arrayGroup){
for ( var i =0 ; i < arrayGroup.length; i ++){
ad.isUserMemberOf(user, arrayGroup[i], function(err, isMember){
if(isMember == true ){
console.log(arrayGroup[i]) //this returns undefined
//I want to break this loop and return arrayGroup[i] value
}
}
}
}
How can I manage to obtain what I want ?
First of all, just want to say that this is a great node module :)
I'm trying to setup an ldap authentification strategy with your module and so far everything is going well. Except that I can find a way to test the connection first, because my app will have a fallback strategy if active directory is not available.
Thank you
i think it will be great to add results size/limit param to opts for findUsers/groups function.
most of the time i don't realy show all the results from the AD but a resonable constant number of results.
now what i did is just find users then splice the results.
but this is realy unefficent if you also fetch the membership, because we search the groups for every user and just in the finish i splice it.
if i have such param i can splice it and only then search the groups only for the users after the splice.
of course i can implemnt this my self by using find user without the includeMembership then splice it and then run over them and call getGroupMembershipForUser.
but i think it will be usufull for a lot of people. so maybe it worth to be part of the library.
we can't use the sizeLimit param because this is a param for the AD itself that tell him to throw exception when he get to this number of results.
and i only want to splice the results because im not going to show 500 results in page but only few dozens.
hi,
I have user with special chars like aaaá.
i used code like we discussed in #47 (you can see it below) (i have update the first filter to the filter i really use)
so term in the code below will be aaaá.
the first query find the user.. but the second query doesn't.
i read some article about it, like: http://www.rlmueller.net/CharactersEscaped.htm which says i need to escape the special chars..
but i don't under stand why the first query works well and the second not.
i tried a lot of versions with this escaping for example -
'(|(distinguishedName=CN=aaa\xE1 special,CN=Users,DC=dev,DC=sisense,DC=local))'but nothing works.
do you have any idea?
var limit = 20;
var opts = {
filter : "(&(objectcategory=person)(|(anr="+ term + ")(mail=" + term + "*)))",
attributes: [ 'dn' ]
};
ad.findUsers(opts, function(err, users) {
if (err) throw(err);
var count = (users || []).length;
console.log('Query "' + opts.filter + '" returned ' + count + ' results. Getting results for first ' + limit + ' items.');
var filter = '(|' + _.reduce(users.slice(0, limit), function(memo, user, index) {
// Currently a bug in ldapjs that isn't properly escaping DNs with ',' in the name.
return(memo + '(distinguishedName=' + user.dn.replace('\\,', '\\\\,') + ')');
}, '') + ')';
console.log('Generated dynamic filter for user details: ' + filter);
ad.findUsers({ filter: filter, includeMembership: ['all']}, function(err, users) {
if (err) throw(err);
console.log((users || []).length + '/' + count + ' users. Users: ' + JSON.stringify(users));
});
});Hi @gheeres
This is how I connect to our AD:
ldapsearch -x -LLL -h IP_ADDRESS -b "DC=ourdomain,DC=local" -D 'CN=USERNAME cache,OU=TI,OU=USERNAME,OU=Privado,DC=ourdomain,DC=local' -w 'PASSWORD' givenName=USERNAMEI couldn't see any example on how I could connect to our AD using along with CN and OU.
Any idea?
right now every function start with a lot of code like this:
if (typeof(includeMembership) === 'function') {
callback = includeMembership;
includeMembership = undefined;
}
if (typeof(username) === 'function') {
callback = username;
username = opts;
opts = undefined;
}
if (typeof(username) === 'boolean') {
includeMembership = username;
username = opts;
}
if (typeof(opts) === 'string') {
username = opts;
opts = undefined;
}
this meant to support some sort of overloading (so you can skip and not pass some of the params)
but, this code become very nasty when the number of params grow.
also it could make a lot of bugs where the params go to the wrong variable.
for example, i want to add some more params:
this problem is even worse when we have two params with same type one after one (like include deleted and include membership).
most of the places take care of those problem by only pass one object with all the params.
of course it will enforce the users to change their code and call the function with this options object.
but for the long run it will lead to more stable and modular library.
any idea about it?
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.