This module provides a user attributes resolver plugin for the JSCAS server. This plugin is intended to retrieve attributes from an Active Directory instance, but may also work agains generic LDAP servers.
The module requires a configuration object matching:
{
ad: { // required
searchUser: 'cn=jsmith,ou=users,dc=example,dc=com', // required
searchPass: 'jsmith_password', // required
ldapjs: {
url: '(ldap|ldaps)://active.directory.server', // required
searchBase: 'dc=example,dc=com', // required
scope: 'base', // 'base', 'one', 'sub' default: 'sub'
attributes: [ 'dn', 'cn', 'sn', 'givenName', 'mail', 'memberOf' ] // optional
}
}
},
attributesMap: {} // optional
}The ad property defines the configuration that will be passed to the
underlying adldap module. This configuration is supplied
to the adldap module as-is.
The username the AD module will use to bind to the server for search operations.
The password for ad.searchUser.
An LDAP URL pointing to your Active Directory server. This property is required.
The DN under which all search queries will be performed. This includes authentications.
The search method to use. This module's default is 'sub'.
An array of attributes to include in search results. These will be used by cas-server as extra attributes during CAS 3.0 authentication. The default attribute set is:
[ 'dn', 'cn', 'sn', 'givenName', 'mail', 'memberOf' ]Allows you to rename the attributes returned in user searches. It should be an object where keys are the AD names and values are the new names. For example:
{
sAMAccountName: 'firstName'
}will rename the sAMAccountName property to firstName and leave all other
property names alone.