hardillb / node-red-contrib-ldap-auth Goto Github PK

View Code? Open in Web Editor NEW

8.0 6.0 14.0 40 KB

A Node-RED authentication plugin that uses LDAP as the backend user store.

License: Apache License 2.0

JavaScript 100.00%

node-red-contrib-ldap-auth's Introduction

Node-red-contrib-ldap-auth

This is a Node-RED authentication plugin that uses LDAP as the backend user store.

It can be installed with:

npm install -g node-red-contrib-ldap-auth

And then to enable it add the following to your settings.js file:

adminAuth: require('node-red-contrib-ldap-auth').setup({
  uri:'ldap://url.to.server',
  base: 'ou=group,o=company.com',
  filterTemplate: 'mail={{username}}'
}),

Bind Authentication

If your LDAP server requires authentication before it can search, you can use the bind_dn and bind_pw parameters:

adminAuth: require('node-red-contrib-ldap-auth').setup({
  uri:'ldap://url.to.server',
  base: 'ou=group,o=company.com',
  filterTemplate: 'mail={{username}}',
  bind_dn: 'cn=authuser,o=company.com',
  bind_pw: 'yourlittlesecret',
}),

Security Group Filtering

If your LDAP login needs to be restricted to a specifc group, you can use an advanced filterTemplate to filter users to a specific group.

filterTemplate: '(&(sAMAccountName={{username}})(memberOf=CN=ExampleGroup,OU=Security Groups,OU=Groups,OU=Corp,DC=example,DC=com))',

You can also combine multiple filters, see https://ldap.com/ldap-filters/.

AND Filters (&(<first>)(<second>)(<third>))
OR Filters (|(<first>)(<second>)(<third>))
Combined Filters (&(<first>)(|(<first_or>)(<second_or>))) (e.g. filter for multiple groups that should have access)

Certificate Verification

If your LDAP server is not using a verifiable SSL certificate, you can set the no_verify_ssl parameter to true (boolean) and it will not validate the connection.

Anonymous Access

To allow anonymous read access to the NodeRed Admin UI, you can set the anon_read parameter to true.

node-red-contrib-ldap-auth's People

Contributors

Stargazers

Watchers

Forkers

markrey jgibbarduk thuylevn rossigee tiefpunkt jsonsmth hseyang ohartl cristianovotre hyperhubs caputomarcos leesonwei kaechele

node-red-contrib-ldap-auth's Issues

Users Permissions?

Hi there!

Once again, thank you so much for this incredible node.

Now, I need to set permissions for each authenticated user.

At first, the 2 basic permissions (full access and read-only) might do. Yet, I will probably need a more granular level of permissions, for the near future.

I've noticed that node-red is already prepared for both approaches.

However, it seems to me that the node-red-contrib-ldap-auth sets the full-access permission by default when a user is successfully authenticated, right?

I was considering to send a PR trying to handle this scenario, setting the permission based on some information from the LDAP.

But first, I'd like to know what are your thoughts about this and if you've got any suggestions about it.

Thanks a bunch.

[question] Trying to connect to online-ldap-test-server

Hi there!

First of all, congratulation for this excellent Node! Quite useful! ☺️

I'm pretty much rookie in using both node.js and LDAP, and I've been trying to connect to the online-ldap-test-server without success.

I'm not quite sure of what should go on filterTemplate and I believe this could be the problem.

This is what I've been trying to do so far:

    adminAuth: require('node-red-contrib-ldap-auth').setup({
      uri:'ldap://ldap.forumsys.com',
      base: 'dc=example,dc=com',
      filterTemplate: 'ou=scientists'
    }),

But, even using the username newton and pwd: password (as suggested), the authentication still fails miserably.

Any ideas of what I'm doing wrong?

Also, is there any way to enable some DEBUG mode, in order to obtain more detail from the authentication process failures?

Cheers.

Dependency and User Pass Auth

Hi Ben,

Thank you for developing the library.
I am currently trying to improve based in the same.
Couple of issues

Dependencies are old
Only LDAP Anonymous access ( i am trying to add user pass )

Do you have updated one at local level ? Or not working on it anymore ?

Issue with LDAP authentication on ubi8/node-js docker image version > 12

I am utilizing this node to do LDAP authentication for Node-Red. It is working well with node-js:12 ubi8 image. When we go with node-js:14 or later version, LDAP unbind is not happening so connection closed exception occurring. Tried to upgrade ldapjs from 1.0.2 to 2.3.3 version still didn't help.

Can you please advise.

Error Stack:

8 Oct 10:47:23 - [red] Uncaught Exception:
8 Oct 10:47:23 - [error] ConnectionError: 2__ldaps://xxxxxxxxxxxxxxxxxx:636 closed
at /opt/app-root/src/node_modules/ldapjs/lib/client/client.js:1277:17
at Array.forEach ()
at Client._onClose (/opt/app-root/src/node_modules/ldapjs/lib/client/client.js:1272:19)
at TLSSocket.d (/opt/dynatrace/oneagent/agent/bin/1.267.171.20230713-194652/any/nodejs/nodejsagent.js:4551:23)
at dynatraceOnServiceExecutionIndicator (/opt/dynatrace/oneagent/agent/bin/1.267.171.20230713-194652/any/nodejs/nodejsagent.js:3125:20)
at a.safeInvoke (/opt/dynatrace/oneagent/agent/bin/1.267.171.20230713-194652/any/nodejs/nodejsagent.js:3182:41)
at TLSSocket. (/opt/dynatrace/oneagent/agent/bin/1.267.171.20230713-194652/any/nodejs/nodejsagent.js:6637:21)
at TLSSocket.emit (node:events:514:28)
at node:net:323:12
at TCP.done (node:_tls_wrap:588:7)

Thanks

Error: Cannot find module 'when'

When configured as per README.md, my node-red does not start...

Error loading settings file: /root/.node-red/settings.js
Error: Cannot find module 'when'

I suspect that 'when' is an old dependency of an old dependency, iyswim.

LDAP ssl certificate

Hi. thanks for your work!
any way to tell the certificat to use?

Error: unable to get local issuer certificate at TLSSocket.onConnectSecure (node:_tls_wrap:1540:34) at TLSSocket.emit (node:events:513:28) at TLSSocket._finishInit (node:_tls_wrap:959:8) at ssl.onhandshakedone (node:_tls_wrap:743:12) { code: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY' }

also a way to crypt the password?

Thank you!

Permissions for users after auth

How do I control the permissions for the authenticated users. I'm able to login but get a blank page for the most part and if I go to /flows I get unauthorized

Allow checking if user is in groupOfUniqueNames

I'd like to use a groupOfUniqueNames for authorisation, where each user in the group is specified as:
uniqueMember: <DN>

Is this possible already?

local installation: module not found

Hi,

my system:

npm version 6.9.0
node version 10.15.3
node-red version 0.20.5

I installed you package locally, so npm list --depth=0 returned:
/home/TSTinst/node-red +-- [email protected] -- [email protected]`

My settings.config:
adminAuth: require('node-red-contrib-ldap-auth').setup({ uri:'ldap://dc1.company.local', base: 'CN=myUser,OU=someOU,DC=someDomain,DC=local', filterTemplate: 'CN={{username}}' }),

Now if I try to run node-red, I get an error that the module was not found:
node --max_old_space_size=512 /home/TSTinst/node-red/node_modules/node-red/red.js --userDir /home/TSTinst/node-red-data/ Error loading settings file: /home/TSTinst/node-red-data/settings.js Error: Cannot find module 'node-red-contrib-ldap-auth'

I thought, that I might need to perform install with --save option, but that's now the default option. Sorry for bothering you, but I'd really prefer to use this package locally instead of global.
Do you have any idea, what I might do wrong?

Thank you and best regards
pate