Add a JWT-based LDAP/AD authenticator.

2025-10-03 17:59:28 +02:00 · 2014-01-23 22:51:46 +09:00 · 2014-01-23 22:51:46 +09:00 · 697e552ef0
commit 697e552ef0
parent 11ad1ffc38
6 changed files with 342 additions and 1 deletions
--- a/lib/cli.js
+++ b/lib/cli.js
@ -107,6 +107,67 @@ program
    })
  })

+program
+  .command('auth')
+  .description('start auth server')
+  .option('-p, --port <port>'
+    , 'port (or $PORT)'
+    , Number
+    , 7100)
+  .option('-s, --secret <secret>'
+    , 'secret (or $SECRET)'
+    , String)
+  .option('-i, --ssid <ssid>'
+    , 'session SSID (or $SSID)'
+    , String
+    , 'ssid')
+  .option('-u, --ldap-url <url>'
+    , 'LDAP server URL (or $LDAP_URL)'
+    , String)
+  .option('-t, --ldap-timeout <timeout>'
+    , 'LDAP timeout (or $LDAP_TIMEOUT)'
+    , Number
+    , 1000)
+  .option('--ldap-bind-dn <dn>'
+    , 'LDAP bind DN (or $LDAP_BIND_DN)'
+    , String)
+  .option('--ldap-bind-credentials <credentials>'
+    , 'LDAP bind credentials (or $LDAP_BIND_CREDENTIALS)'
+    , String)
+  .option('--ldap-search-dn <dn>'
+    , 'LDAP search DN (or $LDAP_SEARCH_DN)'
+    , String)
+  .option('--ldap-search-scope <scope>'
+    , 'LDAP search scope (or $LDAP_SEARCH_SCOPE)'
+    , String
+    , 'sub')
+  .option('--ldap-search-class <class>'
+    , 'LDAP search objectClass (or $LDAP_SEARCH_CLASS)'
+    , String
+    , 'user')
+  .action(function(options) {
+    var env = process.env
+    require('./roles/auth')({
+      port: env.PORT || options.port
+    , secret: env.SECRET || options.secret
+    , ssid: env.SSID || options.ssid
+    , ldap: {
+        url: env.LDAP_URL || options.ldapUrl
+      , timeout: env.LDAP_TIMEOUT || options.ldapTimeout
+      , bind: {
+          dn: env.LDAP_BIND_DN || options.ldapBindDn
+        , credentials: env.LDAP_BIND_CREDENTIALS || options.ldapBindCredentials
+        }
+      , search: {
+          dn: env.LDAP_SEARCH_DN || options.ldapSearchDn
+        , scope: env.LDAP_SEARCH_SCOPE || options.ldapSearchScope
+        , objectClass: env.LDAP_SEARCH_CLASS || options.ldapSearchClass
+        , loginField: env.LDAP_SEARCH_LOGINFIELD || options.ldapSearchLoginField
+        }
+      }
+    })
+  })
+
 program
  .command('console')
  .description('start console')