hopfma
/
om
Watch 4
Star 1
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Ohm-Management - Projektarbeit B-ME
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
135 Commits
2 Branches
Tree: cad0230c47
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'cad0230c47'
${ noResults }
om/server/ldap_ohm.js

ldap_ohm.js 4.1KB
Raw Normal View History

outsource db routes, schemata and logic into dbs.js
5 years ago
restructure server.js, adding ldap access, part 1/2 role authorization
5 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106 
  1. // Original file created by Prof.Dr. Matthias Hopf

  2. 

  3. /*

  4.  * Valdiate ohm logins with ldap service

  5.  */

  6. const ldap = require('ldapjs');

  7. const ldap_escape = require('ldap-escape');

  8. 

  9. 

  10. // TODO: Where do I get the URL from?? A: Is given.

  11. var ldap_client = ldap.createClient({

  12.   //url: 'ldap://gso2.ads1.fh-nuernberg.de/',

  13.   url: 'ldap://sso.cs.ohm-hochschule.de:389/',

  14.   //url: 'ldaps://sso.cs.ohm-hochschule.de:636/',

  15.   reconnect: true,

  16.   // timeouts don't work reliably

  17. });

  18. 

  19. // TODO: Where do I get the 'bindpath' parameters info from? A: Is given.

  20. const ldap_config = {

  21.     bindpath: 'cn=Users,dc=ohm-hochschule,dc=de',

  22.     timeout: 2000

  23. };

  24. 

  25. const ldap_ohm = {

  26.     init: function () {

  27.     },

  28. 

  29.     // Authorize user with password

  30.     // Calls callback with null if unauthorized

  31.     // Calls callback with object describing user if successful:

  32.     authorize: function (user, pwd, cb) {

  33.         if (typeof user != 'string' || typeof pwd != 'string')

  34.             return cb (null);

  35.         // Empty passwords *may* bind successfully anonymously

  36.         if (user.length < 1 || pwd.length < 1)

  37.             return cb (null);

  38. 

  39.         /* Same function, different writing style */

  40. 		/* Escape ldap login input */

  41.         //escaped = ldap_escape.dn`cn=${user},`+ldap_config.bindpath;

  42.         escaped = ldap_escape.dn (['cn=',','+ldap_config.bindpath], user);

  43. 

  44.         // Timeout handler: call callback,

  45.         // make sure later ldap returns don't do anything weird

  46.         var return_object = {};

  47.         var timeoutHandle = setTimeout (function () {

  48.             console.log('ldap timeout');

  49.             return_object = null;

  50.             cb (null);

  51.         }, ldap_config.timeout);

  52. 

  53.         // Bind ldap to user (authorize)

  54.         ldap_client.bind (escaped, pwd, function (err, res) {

  55.             if (return_object === null)

  56.                 return;                 // Timeout, cb has already been called

  57.             if (err !== null) {

  58.                 console.log ("ldap bind: failed for user " + user + ": " + err);

  59.                 clearTimeout (timeoutHandle);

  60.                 return cb (null);

  61.             }

  62. 

  63.             // Search for user entry of just bound user

  64.             // There should be only one...

  65.             ldap_client.search (escaped, { sizeLimit: 1 }, function (err, res) {

  66.                 if (return_object === null)

  67.                     return;             // Timeout, cb has already been called

  68.                 if (err !== null) {

  69.                     console.log ("ldap search: search after bind didn't work for user "

  70.                                  + user + ": " + err);

  71.                     clearTimeout (timeoutHandle);

  72.                     return cb (null);

  73.                 }

  74.                 // Populate return with search results

  75.                 res.on('searchEntry', function(entry) {

  76.                     if (return_object === null)

  77.                         return;         // Timeout, cb has already been called

  78.                     return_object.user = user;

  79.                     return_object.name = entry.object.displayname;

  80.                     return_object.type = entry.object.employeetype;

  81.                     return_object.mail = entry.object.mail;

  82.                     return_object.gender = entry.object.orclgender;

  83. 

  84.                     // Calling cb here, not in 'end', because of potential bugs with

  85.                     // concurrency failures, and we have our single(!) entry

  86.                     // https://github.com/joyent/node-ldapjs/pull/424

  87.                     clearTimeout (timeoutHandle);

  88.                     if (typeof return_object.mail != 'string' || return_object.mail.length < 1) {

  89.                         console.log("ldap search error after bind for user " + user);

  90.                         return cb (null);

  91.                     }

  92.                     return cb (return_object);

  93.                 });

  94.                 res.on('error', function(err) {

  95.                     console.log('ldap error: ' + err.message);

  96.                 });

  97.                 res.on('end', function(result) {

  98. 					// TODO: Did we forget something?

  99.                     // TODO: analyze result.status?

  100.                 });

  101.             });

  102.         });

  103.     }

  104. };

  105. 

  106. module.exports = ldap_ohm;