Skip to content

Instantly share code, notes, and snippets.

@smithkyle
Created May 8, 2015 18:21
Show Gist options
  • Save smithkyle/dd1599cd262c1049573f to your computer and use it in GitHub Desktop.
Save smithkyle/dd1599cd262c1049573f to your computer and use it in GitHub Desktop.
MEAN.js passport-ldapauth integration
// public/modules/users/controllers/authentication.client.controller.js
// ...
// Change $http.post to point to /auth/ldap
$scope.signin = function() {
$http.post('/auth/ldap', $scope.credentials).success(function(response) {
// ...
npm install -S passport-ldapauth
// config/env/ldap.js
'use strict';
module.exports = {
url: process.env.LDAP_URL || '',
bindDn: process.env.LDAP_BINDDN || '',
bindCredentials: process.env.LDAP_BINDCREDENTIALS || '',
searchBase: process.env.LDAP_SEARCHBASE || '',
searchFilter: process.env.LDAP_SEARCHFILTER || ''
};
// config/strategies/ldapauth.js
'use strict';
/**
* Module dependencies.
*/
var passport = require('passport'),
url = require('url'),
LDAPStrategy = require('passport-ldapauth').Strategy,
config = require('../config'),
users = require('../../app/controllers/users.server.controller'),
ldapConfig = require('../env/ldap');
module.exports = function() {
// Use LDAP strategy
passport.use(new LDAPStrategy({
server: {
url: ldapConfig.url,
bindDn: ldapConfig.bindDn,
bindCredentials: ldapConfig.bindCredentials,
searchBase: ldapConfig.searchBase,
searchFilter: ldapConfig.searchFilter
},
passReqToCallback: true
},
function(req, user, done) {
console.log('this gets processed FIRST on success, NEVER on error');
// Create the user OAuth profile
var providerUserProfile = {
displayName: user.cn,
email: user.mail,
username: user.sAMAccountName,
firstName: user.givenName,
lastName: user.sn,
provider: 'ldap',
providerIdentifierField: 'id'
};
users.ldapauthSaveUserProfile(req, providerUserProfile, done);
}
));
};
// app/controllers/users/users.authentication.server.controller.js
var passport = require('passport');
// ...
exports.ldapauth = function() {
return function(req, res, next) {
passport.authenticate('ldapauth', function (err, user, info, statusCode) {
console.log('This gets processed FIRST on error/LAST on success');
if (err || !user) {
if (err) {
return res.status(400).send({
message: errorHandler.getErrorMessage(err)
});
}
return res.status(statusCode).send({
message: info.message
});
}
req.login(user, function(err) {
if (err) {
// not sure if this should be 400 or 401
return res.status(401).send({
message: err.toString()
});
}
return res.json(user);
});
})(req, res, next);
};
};
exports.ldapauthSaveUserProfile = function(req, providerUserProfile, done) {
User.findOne({
username: providerUserProfile.username
}, function(err, user) {
if (err) {
return done(err);
} else {
if (!user) {
var possibleUsername = providerUserProfile.username || ((providerUserProfile.email) ? providerUserProfile.email.split('@')[0] : '');
User.findUniqueUsername(possibleUsername, null, function(availableUsername) {
user = new User({
username: possibleUsername,
displayName: providerUserProfile.displayName,
email: providerUserProfile.email,
provider: providerUserProfile.provider,
firstName: providerUserProfile.firstName,
lastName: providerUserProfile.lastName,
});
// And save the user
user.save(function(err) {
return done(err, user);
});
});
} else {
return done(err, user);
}
}
});
};
// ...
// app/routes/users.server.routes.js
// ...
app.route('/auth/ldap').post(users.ldapauth());
// ...
@eydrian
Copy link

eydrian commented May 27, 2015

Very nice, thanks.
just a little update, I think it's:

User.findUniqueUsername(possibleUsername, null, function(availableUsername) {
    user = new User({
        username: availableUsername,
        ...

@smithkyle
Copy link
Author

Ahh good catch - thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment