node-ldap | node ldap client | Identity Management library
kandi X-RAY | node-ldap Summary
kandi X-RAY | node-ldap Summary
node ldap client
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of node-ldap
node-ldap Key Features
node-ldap Examples and Code Snippets
Community Discussions
Trending Discussions on node-ldap
QUESTION
I am fairly new to the concept of domains and am trying to implement LDAP over TLS in node. And I have been stuck with this issue for many days now. I am using ldap-client.
...ANSWER
Answered 2020-Jan-23 at 17:46Certificates are a means to help others verify that the entity presenting the certificate is indeed who it is claiming to be. Thus, when you connect to a server and server returns a certificate, then through that certificate you can be sure that server is indeed the server and not an imposter.
The power of certificate is due to the issuer (also called Certificate Authority or CA). If you trust the issuer, then you effectively trust the certificates issued by it. A list of prominent CAs is usually present in the OS itself, so getting a certificate and verification of that certificate is transparent to the application developer, especially when you are using libraries.
Taking your points one by one:
I know that we need certificates for TLS connection to work. One is held by the server and another by the client (me).
You didn't ask any question here, here is some general info. Usually server verification is all that's needed. In high security environments, client verification is done too and there you (i.e. the client) would need a certificate from a CA to verify yourself to the server. But, in most applications, server verification is sufficient.
It is similar to Normal Forms in RDBMS normalization. Even though you have Normal Forms as strict as 6NF, usually RDBMS's are normalized till 3NF.
How am I to verify that my connection is secure?
Generally, if you are using a well known library, (like curl or openLDAP) calling its secure connection methods is enough. It is very very unlikely that you called a function that the library claims to be secure but it turns out to be a farce.
To be sure though, you can look at your traffic with the server. Wireshark is often used for network traffic analysis.
Where do I see the certificates or not see them at all?
In most cases you don't see the certificates. All you do is tell your library how strict you want the verification to be. And then your library will take care of the rest - often throwing an exception or logging an error if there is some issue with the certificate.
If you are using a client certificate then you would have to keep it on the file system and point your library to it. It is generally a .pem file.
Do I have to manually generate certificates from the server and use them?
No. For server certs, it is the responsibility of the server to provide you with a valid cert. All you have to do is just check that the certificate sent by server is from an established CA - which, as told earlier, is generally a transparent step for the developer using the library.
In cases where you do not care much or in situations where you want to start coding and CA is yet to issue a certificate for you, you can program the server to provide its clients with a self-signed certificate and program the clients to keep the verification less strict.
A self-signed certificate has little value in terms of security. It is like server saying - 'Hey, I'm telling you that I'm the guy you want to talk to.' That clearly isn't enough. You want a third person (i.e. the CA), whom you fully trust, to confirm that that is the guy you wanted to talk to.
QUESTION
ANSWER
Answered 2019-Sep-28 at 13:08The problem can be solved by installing the version next and using req.requestValueBuffer instead of req.requestValue:
QUESTION
I have a NodeJS / Express RESTful API that proxies requests from an Active Directory LDAP Server. I do this because LDAP queries tend to be slow. I use the RESTful API to cache and refresh data intermittently. I recently attempted to add the thumbnail photo. In research it appears the library that I am using ldapjs is converting the native ldap byte array to a string.
Example of what this looks like:
\ufffd\ufffd\ufffd\ufffd\u0000\u0010JFIF\u0000\u0001\u0000\u0001\u0000x\u0000x\u0000\u0000\ufffd\ufffd\u0000\u001fLEAD Technologies Inc. V1.01\u0000\ufffd\ufffd\u0000\ufffd\u0000\u0005\u0005\u0005\b\
Due to this fact the image does not render correctly on the angular client app. So based on my research, here are some attempts in correcting this problem:
Convert the string to a byte array using different methods (See code examples)
Modify the ldapjs library to render the data as a byte array in the RESTFUL as in the following, then bind the byte stream to the angular page:
html binding:
...ANSWER
Answered 2019-Jul-03 at 18:07So after some guidance provided by @Aritra Chakraborty, I checked the RESTful api source code. It appears to be a problem with a ldapjs library. When using the entry object conversion, it is doing something strange with the data to which it is not usable. I then realized, I had access to the entry raw format which is the byte array . Instead of trying to convert to base64 on the client, I moved this to the API. Then just mapped it back on the client binding and bang it worked.
Here is some example code:
RESTFul api
QUESTION
I first want to mention that I'm not an expert with LDAP.
What I need is to get from my company's ldap some information including the user photo.
My problem is that after I get all the information I need, the thumbnailPhoto
appears to be somehow corrupted. I'll show an example:
\ufffdPNG\r\n\u001a\n\u0000\u0000\u0000\rIHDR\u0000\u0000\u0000\ufffd\u0000\u0000\u0000\u ...
I first noticed this when I tried to apply it on my front end client and couldn't make an image from the returning Buffer. Plus when I checked in LDAP to see the photo size of the returned one is almost double in size.
I checked to see if there was a problem with way the photo was saved in LDAP, copy pasted into a converter and all was fine.
I'll give a code snippet of how I get info from LDAP with a library called activedirectory:
...ANSWER
Answered 2018-Apr-30 at 11:44After reviewing again all the issues posted on activedirectory repository I found the answer I needed.
QUESTION
In my node application, I have an use case in which I need to authenticate the LDAP users belonging to a specific group only. If the user does not belong to the mentioned group, authentication should fail.
I am using the library ldapauth-fork for LDAP authentication.
I tried various approaches for the filters, but none of them are working as expected. Below are the attempts that I tried:
...ANSWER
Answered 2018-Apr-20 at 20:27I see that you want an LDAP search filter match on "username = x and group = y". To do this, you need to provide a fully distinguished name for the value of the memberOf attribute.
This should work:
QUESTION
I'm trying to get information from AD using node.js. I've tried activedirectory and ldapauth-fork and in general the code works, but if I need some octetstring data like objectGUID, I see a rubbish string in the object. I found that binary data is converted into a string as utf-8. But the problem is that the data is damaged during convertion (a lot of cahrs with 65533 code) and I can't revert the string to original binary.
How can I access data in octetstring format to get correct binary representation?
ANSWER
Answered 2017-Oct-18 at 14:02entryParser is there for that purpose:
QUESTION
I have LDAP connections working properly with node-ldapjs. I am trying to implement LDAPS connections with node-ldapjs. The setup/configuration I am using is equivalent to the solution which was described as being successful by another individual and was posted here - https://github.com/mcavage/node-ldapjs/issues/307. My code is shown below. When I execute the code below, I get the following message:
{[Error: unable to get local issuer certificate] code: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY'}
Here is the full stacktrace -
...ANSWER
Answered 2017-May-17 at 13:51I don't see a problem eyeballing your code. The raw error as reported is propagating back up from the openSSL layer (of Node.js), and typically arises because the certificate cannot establish its trust chain; in an LDAPS context, I'd expect the problem was validating the server certificate at the client end.
This error can arise with self-signed certificates, or more generally if the trust chain depends upon the correct installation of intermediate certificates to complete the trust from a certificate authority root (assuming nothing has expired). And, in a corporate environment, this can be complicated further by the presence of proxies/firewalls, and their (mis-)configuration.
I'd suggest you concentrate your efforts on diagnosing/validating the combination of your certificates and dependencies to the trusted root CAs along the secure connections that need to be established. In this regard, other tooling, such as curl or openssl tools (and similar can be helpful).
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install node-ldap
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
