ActiveDirectory(url, base, searchOptionsopt, idleTimeout, tlsOptions)

This class will authenticate a user to AD and return basic user information

new ActiveDirectory(url, base, searchOptionsopt, idleTimeout, tlsOptions)
ActiveDirectory.js, line 4

Create a new Active Directory object for manging AD connections
Parameters:
Name Type Attributes Description
url string URL / IP of the Active Directory server
base string The default base to use when one is not provided on a method
searchOptions object <optional>
 The search options passed down to ldapjs, see http://ldapjs.org/client.html#search for details.
Properties
Name Type Attributes Default Description
scope string <optional>
 'sub' What scope should the Active Directory be searched in
filter string <optional>
 (objectclass=*) A string version of an LDAP filter
sizeLimit number <optional>
 0 Mximum number of entries to return, 0 = unlimited
idleTimeout number How long to wait idle before timing out
tlsOptions object The NodeJS TLS options object, see https://nodejs.org/api/tls.html#tls_tls_connect_options_callback for details.

Methods

static cleanSama(sAMA) → {string}
ActiveDirectory.js, line 161

Cleans sAMAccountName
Parameters:
Name Type Description
sAMA string
Returns:
string - sAMAccountName

static convertToDate(date) → {Date}
ActiveDirectory.js, line 145

Converts the ActiveDirectory / LDAP fields whenCreated & whenChanged to JS dates
Parameters:
Name Type Description
date string
Returns:
Date - ISO formatted date

static createUserObj(entry) → {object}
ActiveDirectory.js, line 110

Creates a standard user object from ldapjs entry response
Parameters:
Name Type Description
entry object This is an entry returned from loginAdUser
Returns:
object - User object { groups: Array, phone: string, name: string, mail: string, guid: string }

static detectLogonType(username) → {string}
ActiveDirectory.js, line 129

Detects what type of account name this is or defaults to userLogonName
Parameters:
Name Type Description
username string The user name being used to bind
Returns:
string - Returns userPrincipalName || distinguishedName || sAMAccountName

static resolveBindError(error) → {string}
ActiveDirectory.js, line 38

Turns AD bind errors into friendlier error messages
Parameters:
Name Type Description
error string Error returned from ldapjs / AD when attempting to bing
Returns:
string - Error explanation string

static resolveGroups(entry) → {Array.<string>}
ActiveDirectory.js, line 53

Resolves AD group membership
Parameters:
Name Type Description
entry object This is an entry returned from loginAdUser
Returns:
Array.<string> - An array of string group names

static resolveGUID(entry) → {string}
ActiveDirectory.js, line 78

Locates objectGUID and then formats it
Parameters:
Name Type Description
entry object This is an entry returned from loginAdUser
Returns:
string - Formated GUID string

_bind(client, username, password) → {Promise}
ActiveDirectory.js, line 174

Performs a bind on the client passed in
Parameters:
Name Type Description
client ldap.Client LDAPjs client obj
username string Username to bind with
password string Password to bind with
Throws:
If username or password are not a string
Type
Error
Returns:
Promise - Resolvs with LDAPjs response

_search(client, base, search)
ActiveDirectory.js, line 200

Performs a search on a client
Parameters:
Name Type Description
client ldap.Client LDAPjs client obj
base string The base to perform the search on
search object The search options to use

async getAllGroups(username, password, customBaseopt, detailed) → {Promise.<object>}
ActiveDirectory.js, line 276

Attempts to get all groups from AD that the user has permissions to read and match filter.
Parameters:
Name Type Attributes Description
username string This must be the UPN
password string The users password
customBase string <optional>
 Override the default class base, if not passed the class base is used.
detailed boolean Indicates if you want the detailed groups objects with name, dn, guid, description, created, and changed values
Returns:
Promise.<object> - Promise resolves as an obj { success: true, groups: [string] } || { success: false, message: 'error', error: 'ldapjs error' }

async getAllUsers(username, password, customBaseopt, formatted) → {Promise.<object>}
ActiveDirectory.js, line 333

Attempts to get all users from AD that the user has permissions to read and match filter.
Parameters:
Name Type Attributes Description
username string This must be the UPN
password string The users password
customBase string <optional>
 Override the default class base, if not passed the class base is used.
formatted boolean Indicates if you;d like your response formatted as user objects
Returns:
Promise.<object> - Promise resolves as an obj { success: true, users: [object] } || { success: false, message: 'error', error: 'ldapjs error' }

async loginUser(username, password, customBase, customSearch) → {Promise.<object>}
ActiveDirectory.js, line 238

Attempts to authenticate 1 user to AD using their UPN. If the ldap client has an error a user friendly message is in message and the full error is in error.
Parameters:
Name Type Description
username string This must be the UPN
password string The users password
customBase string Override the default class base, if not passed the class base is used.
customSearch string A custom search string, e.g. (userPrincipalName=test@domain.local)
Returns:
Promise.<object> - Promise resolves as an obj { success: true, entry: {} || undefined } || { success: false, message: 'error', error: 'ldapjs error' }