智慧物流>> verdaccio-ldap>> 返回
项目作者: Alexandre-io

项目描述 :
LDAP auth plugin for verdaccio
高级语言: JavaScript
项目地址: git://github.com/Alexandre-io/verdaccio-ldap.git
创建时间: 2017-03-02T10:59:51Z
项目社区:https://github.com/Alexandre-io/verdaccio-ldap
开源协议:MIT License
下载


verdaccio-ldap Codacy Badge Known Vulnerabilities

verdaccio-ldap is a fork of sinopia-ldap. It aims to keep backwards compatibility with sinopia, while keeping up with npm changes.

Installation

  1. $ npm install verdaccio
  2. $ npm install verdaccio-ldap

A detailed example of the verdaccio-ldap plugin + OpenLDAP server packed in Docker for v3 is available here and for v4 here.

Read a guide how to migrate from Verdaccio v3 to v4 using LDAP plugin.

Config

Add to your config.yaml:

  1. auth:
  2.   ldap:
  3.     type: ldap
  4.     # Only required if you are fetching groups that do not have a "cn" property. defaults to "cn"
  5.     groupNameAttribute: "ou"
  6.     # Optional, default false.
  7.     cache:
  8.       # max credentials to cache (default to 100 if cache is enabled)
  9.       size: 100
  10.       # cache expiration in seconds (default to 300 if cache is enabled)
  11.       expire: 300
  12.     client_options:
  13.       url: "ldap://ldap.example.com"
  14.       # Only required if you need auth to bind
  15.       adminDn: "cn=admin,dc=example,dc=com"
  16.       adminPassword: "admin"
  17.       # Search base for users
  18.       searchBase: "ou=People,dc=example,dc=com"
  19.       searchFilter: "(uid={{username}})"
  20.       # If you are using groups, this is also needed
  21.       groupDnProperty: 'cn'
  22.       groupSearchBase: 'ou=groups,dc=myorg,dc=com'
  23.       # If you have memberOf support on your ldap
  24.       searchAttributes: ['*', 'memberOf']
  25.       # Else, if you don't (use one or the other):
  26.       # groupSearchFilter: '(memberUid={{dn}})'
  27.       # Optional
  28.       reconnect: true

LDAP Admin Password

If you run this plugin in k8s, you may want to set password by env with secretRef.
You can use LDAP_ADMIN_PASS to set ldap admin password, it will override the one in config.yaml.

For plugin writers

It’s called as:

  1. require('verdaccio-ldap')(config, stuff)

Where:

  • config - module’s own config
  • stuff - collection of different internal verdaccio objects
    • stuff.config - main config
    • stuff.logger - logger

This should export two functions:

  • adduser(user, password, cb)

    It should respond with:

    • cb(err) in case of an error (error will be returned to user)
    • cb(null, false) in case registration is disabled (next auth plugin will be executed)
    • cb(null, true) in case user registered successfully

    It’s useful to set err.status property to set http status code (e.g. err.status = 403).

  • authenticate(user, password, cb)

    It should respond with:

    • cb(err) in case of a fatal error (error will be returned to user, keep those rare)
    • cb(null, false) in case user not authenticated (next auth plugin will be executed)
    • cb(null, [groups]) in case user is authenticated

    Groups is an array of all users/usergroups this user has access to. You should probably include username itself here.