0

So I'm writing an application backend in ExpressJS which authenticates against our domain using LDAP. I've got 3 AD groups.

  • Foo
  • Foo_bar
  • Foo_bert

How do I ask LDAP "Any groups starting with Foo*, what groups am I a member of?" with the response being as simple as possible.

Bonus points for using javascript ldapjs syntax but not required.

I've never really used LDAP before and my first impression is it's rather finicky

Alistair Hardy
  • 397
  • 1
  • 4
  • 16

1 Answers1

0

How do I ask LDAP "Any groups starting with Foo*, what groups am I a member of?" with the response being as simple as possible.

By issuing a LDAP query as you normally would as shown here.

For example, I want to find all records that have a displayName of BUILDING_FOO, but I also want to exclude certain records. So my LDAP query would look something like:

(&(displayName=BUILDING_*)(!(cn=ILM_BUILDING_EXAMPLE)))

So for your requirement, let's say your base DN is OU=GROUPS,DC=example,DC=com. Then we'll say the group your looking for has an attribute of groupName so your LDAP query could be as simple as:

(groupName=Foo*)

As for LDAPjs, it would look something like:

// Setup/configuration of LDAPjs is omitted, see official docs.

const options = {
    filter: '(groupName=Foo*)',
    scope: 'sub'
}

ldapClient.search('OU=GROUPS,DC=example,DC=com', options, (error, result) => {
    if (error) {
        debug(`Unable to search for groups. (${error.message})`)
        process.exit(1)
    }

    result.on('searchEntry', entry => {
        // Do something with the entry
        console.log(entry)
    })
})
Cisco
  • 20,972
  • 5
  • 38
  • 60
  • Stupid question, what's this result.on("searchEntry", entry => {...})? I've seen it a few times and I assumed it looked through the result for a key word but searchEntry isn't part of the result. – Alistair Hardy Apr 13 '18 at 14:08
  • This is all part of the documentation. `client.search` returns an `EventEmitter` as documented [here](http://ldapjs.org/client.html#search). So `searchEntry` is an emitted event. Use [`Object.keys()`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/keys) to see what's on the object. – Cisco Apr 13 '18 at 14:14
  • I see now. I'm getting an error at the moment-: events.js:183 throw er; // Unhandled 'error' event ^ Error: read ECONNRESET at _errnoException (util.js:1022:11) at TCP.onread (net.js:628:25) – Alistair Hardy Apr 13 '18 at 14:26
  • The documentation also specifies an `error` which you can also listen for. But what you're asking should be asked in its own question. – Cisco Apr 13 '18 at 14:29