mirror of
https://github.com/openstf/stf
synced 2025-10-04 10:19:30 +02:00
119 lines
3.3 KiB
JavaScript
119 lines
3.3 KiB
JavaScript
module.exports.command = 'auth-ldap'
|
|
|
|
module.exports.describe = 'Start an LDAP auth unit.'
|
|
|
|
module.exports.builder = function(yargs) {
|
|
return yargs
|
|
.env('STF_AUTH_LDAP')
|
|
.strict()
|
|
.option('app-url', {
|
|
alias: 'a'
|
|
, describe: 'URL to the app unit.'
|
|
, type: 'string'
|
|
, demand: true
|
|
})
|
|
.option('ldap-bind-credentials', {
|
|
describe: 'LDAP bind credentials.'
|
|
, type: 'string'
|
|
, default: process.env.LDAP_BIND_CREDENTIALS
|
|
})
|
|
.option('ldap-bind-dn', {
|
|
describe: 'LDAP bind DN.'
|
|
, type: 'string'
|
|
, default: process.env.LDAP_BIND_DN
|
|
})
|
|
.option('ldap-search-class', {
|
|
describe: 'LDAP search objectClass.'
|
|
, type: 'string'
|
|
, default: process.env.LDAP_SEARCH_CLASS || 'top'
|
|
})
|
|
.option('ldap-search-dn', {
|
|
describe: 'LDAP search DN.'
|
|
, type: 'string'
|
|
, default: process.env.LDAP_SEARCH_DN
|
|
, demand: true
|
|
})
|
|
.option('ldap-search-field', {
|
|
describe: 'LDAP search field.'
|
|
, type: 'string'
|
|
, default: process.env.LDAP_SEARCH_FIELD
|
|
, demand: true
|
|
})
|
|
.option('ldap-search-scope', {
|
|
describe: 'LDAP search scope.'
|
|
, type: 'string'
|
|
, default: process.env.LDAP_SEARCH_SCOPE || 'sub'
|
|
})
|
|
.option('ldap-timeout', {
|
|
alias: 't'
|
|
, describe: 'LDAP timeout.'
|
|
, type: 'number'
|
|
, default: process.env.LDAP_TIMEOUT || 1000
|
|
})
|
|
.option('ldap-url', {
|
|
alias: 'u'
|
|
, describe: 'URL to the LDAP server (e.g. `ldap://127.0.0.1`).'
|
|
, type: 'string'
|
|
, default: process.env.LDAP_URL
|
|
, demand: true
|
|
})
|
|
.option('ldap-username-field', {
|
|
describe: 'LDAP username field.'
|
|
, type: 'string'
|
|
, default: process.env.LDAP_USERNAME_FIELD || 'cn'
|
|
, demand: true
|
|
})
|
|
.option('port', {
|
|
alias: 'p'
|
|
, describe: 'The port to bind to.'
|
|
, type: 'number'
|
|
, default: process.env.PORT || 7120
|
|
})
|
|
.option('secret', {
|
|
alias: 's'
|
|
, describe: 'The secret to use for auth JSON Web Tokens. Anyone who ' +
|
|
'knows this token can freely enter the system if they want, so keep ' +
|
|
'it safe.'
|
|
, type: 'string'
|
|
, default: process.env.SECRET
|
|
, demand: true
|
|
})
|
|
.option('ssid', {
|
|
alias: 'i'
|
|
, describe: 'The name of the session ID cookie.'
|
|
, type: 'string'
|
|
, default: process.env.SSID || 'ssid'
|
|
})
|
|
.epilog('Each option can be be overwritten with an environment variable ' +
|
|
'by converting the option to uppercase, replacing dashes with ' +
|
|
'underscores and prefixing it with `STF_AUTH_LDAP_` (e.g. ' +
|
|
'`STF_AUTH_LDAP_SECRET`). Legacy environment variables like ' +
|
|
'LDAP_USERNAME_FIELD are still accepted, too, but consider them ' +
|
|
'deprecated.')
|
|
}
|
|
|
|
module.exports.handler = function(argv) {
|
|
return require('../../units/auth/ldap')({
|
|
port: argv.port
|
|
, secret: argv.secret
|
|
, ssid: argv.ssid
|
|
, appUrl: argv.appUrl
|
|
, ldap: {
|
|
url: argv.ldapUrl
|
|
, timeout: argv.ldapTimeout
|
|
, bind: {
|
|
dn: argv.ldapBindDn
|
|
, credentials: argv.ldapBindCredentials
|
|
}
|
|
, search: {
|
|
dn: argv.ldapSearchDn
|
|
, scope: argv.ldapSearchScope
|
|
, objectClass: argv.ldapSearchClass
|
|
, field: argv.ldapSearchField
|
|
}
|
|
, username: {
|
|
field: argv.ldapUsernameField
|
|
}
|
|
}
|
|
})
|
|
}
|