npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

haraka-plugin-ldap-authn

v1.0.0

Published

This haraka plugin implements authentication (authn) agains LDAP servers, i.e. it checks if the given user credentials are valid in LDAP. It can either search for the user DN first, or it can try to bind by predefined DN templates and utilizes the haraka-

Downloads

7

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

tasansgatasansga

Keywords

harakaldapauthenticationauthn

Readme

haraka-plugin-ldap-authn

This haraka plugin implements authentication (authn) agains LDAP servers, i.e. it checks if the given user credentials are valid in LDAP. It can either search for the user DN first, or it can try to bind by predefined DN templates and utilizes the haraka-plugin-ldap-pool plugin.

Configuration

All configuration is done in config/authn_ldap.ini. The following options are configurable:

  • basedn: optional, default: as used by haraka-plugin-ldap-pool
    It's possible to override haraka-plugin-ldap-pool's default basedn for this plugin.
  • scope: optional, default: as used by haraka-plugin-ldap-pool
    It's possible to override haraka-plugin-ldap-pool's default scope for this plugin.
  • searchfilter: optional, default: (&(objectclass=*)(uid=%u))
    Search filter to lookup the user's DN. The param %u denotes the uid/username as given during login. As result the search filter should return the object(s) to be used for a simple bind attempt. Authentication will fail if the search filter doesn't return exactly one matching object.
  • dn: optional, default: undefined
    dn is an array of template DN to check for the given uid. This is an alternate mode of lookup, where the plugin inserts the uid in the DN template and immediately tries to bind instead of doing a search for the DN first. A template DN looks like uid=%u,ou=users,dc=my-domain,dc=com. The param %u denotes the uid/username as given during login.

Examples

Below are two examples to explain both modes of operation.

By search

Given the following configuration:

searchfilter = (&(objectclass=*)(uid=%u))

Here the plugin will search for the object(s) first. The search filter should return some object's DN like uid=user1,ou=users,dc=my-domain,dc=com. Then the plugin will attempt a simple bind with the found DN and the given password.

By DN templates

Given the following configuration:

dn[] = uid=%u,ou=users,dc=my-domain,dc=com
dn[] = uid=%u,ou=people,dc=my-domain,dc=com

The plugin will replace %u with the given username and immediately attempts to simple bind with the resulting DN(s) and the given password.

Difference between both approaches

While the search filter approach offers more flexibility, a limited number of DN templates might be faster as they don't need to search first.

However, there's also another noteworthy difference. Given the following LDAP data:

dn: uid=nonunique,ou=users,dc=my-domain,dc=com
uid: nonunique

dn: uid=nonunique,ou=people,dc=my-domain,dc=com
uid: nonunique

In this scenario, the search filter approach will always deny login for uid nonunique, because the search doesn't return exactly one single result. However, if using DN templates instead the user would be able to log in.