UNPKG

mecano

Version:

Common functions for system deployment.

www.adaltas.com/projects/node-mecano/

wdavidw/node-mecano

119 lines (102 loc) 3.68 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
# `ldap_user(options, callback)` Create and modify a user store inside an OpenLDAP server. ## Options * `binddn` Distinguished Name to bind to the LDAP directory. * `passwd` Password for simple authentication. * `name` Distinguish name storing the "olcAccess" property, using the database adress (eg: "olcDatabase={2}bdb,cn=config"). * `overwrite` Overwrite existing "olcAccess", default is to merge. * `uri` Specify URI referring to the ldap server. * `user` User object. ## Example ```js require('mecano').ldap_user({ url: 'ldap://openldap.server/', binddn: 'cn=admin,cn=config', passwd: 'password', user: { } }, function(err, modified){ console.log(err ? err.message : 'Index modified: ' + !!modified); }); ``` ## Source Code module.exports = (options, callback) -> # Auth related options binddn = if options.binddn then "-D #{options.binddn}" else '' passwd = if options.passwd then "-w #{options.passwd}" else '' if options.url console.log "Mecano: option 'options.url' is deprecated, use 'options.uri'" options.uri ?= options.url options.uri = 'ldapi:///' if options.uri is true uri = if options.uri then "-H #{options.uri}" else '' # URI is obtained from local openldap conf unless provided # User related options return callback Error "Mecano `ldap_user`: required property 'user'" unless options.user options.user = [options.user] unless Array.isArray options.user modified = false each(options.user) .run (user, callback) => do_user = => entry = {} for k, v of user continue if k is 'userPassword' entry[k] = v @ldap_add entry: entry uri: options.uri binddn: options.binddn passwd: options.passwd , (err, updated, added) -> return callback err if err if added then options.log? 'Mecano `ldap_user`: user added [WARN]' else if updated then options.log? 'Mecano `ldap_user`: user updated [WARN]' modified = true if updated or added if added then do_ldappass() else do_checkpass() do_checkpass = => return do_end() unless user.userPassword @execute # See https://onemoretech.wordpress.com/2011/09/22/verifying-ldap-passwords/ cmd: """ ldapsearch -D #{user.dn} -w #{user.userPassword} #{uri} -b "" -s base "objectclass=*" """ code_skipped: 49 , (err, identical, stdout) -> return callback err if err if identical then do_end() else do_ldappass() do_ldappass = => return do_end() unless user.userPassword @execute cmd: """ ldappasswd #{binddn} #{passwd} #{uri} \ -s #{user.userPassword} \ '#{user.dn}' """ , (err) -> return callback err if err options.log? 'Mecano `ldap_user`: password modified [WARN]' modified = true do_end() do_end = -> callback() do_user() .then (err) -> callback err, modified ## Note A user can modify it's own password with the "ldappasswd" command if ACL allows it. Here's an example: ```bash ldappasswd -D cn=myself,ou=users,dc=ryba -w oldpassword \ -H ldaps://master3.ryba:636 \ -s newpassword 'cn=myself,ou=users,dc=ryba' ``` ## Dependencies each = require 'each' [index]: http://www.zytrax.com/books/ldap/apa/indeces.html