LDAP filter

dist/ldapAuthenticationHandler.d.ts

@@ -3,7 +3,8 @@ export interface LdapAuthenticationConfiguration {
     ldapUrl: string;
     bindDnField: string;
     bindBase: string;
-    usernameField: string;
+    usernameField?: string | null;
+    ldapFilter?: string | null;
     totpField?: string | null;
 }
 export declare class LdapAuthenticationHandler implements IAuthenticationHandler {

dist/ldapAuthenticationHandler.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"ldapAuthenticationHandler.d.ts","sourceRoot":"","sources":["../src/ldapAuthenticationHandler.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,sBAAsB,EAAE,MAAM,YAAY,CAAC;AAGpD,MAAM,WAAW,+BAA+B;IAC5C,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,GAAC,IAAI,CAAC;CAC3B;AAOD,qBAAa,yBAA0B,YAAW,sBAAsB;IACpE,OAAO,CAAC,aAAa,CAAkC;gBAEpC,aAAa,EAAE,+BAA+B;IAIjE,OAAO,CAAC,aAAa;YAQP,OAAO;IAqCR,QAAQ,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;IAMpF,QAAQ,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;CAMrF"}
+{"version":3,"file":"ldapAuthenticationHandler.d.ts","sourceRoot":"","sources":["../src/ldapAuthenticationHandler.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,sBAAsB,EAAE,MAAM,YAAY,CAAC;AAGpD,MAAM,WAAW,+BAA+B;IAC5C,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,CAAC,EAAE,MAAM,GAAC,IAAI,CAAC;IAC5B,UAAU,CAAC,EAAE,MAAM,GAAC,IAAI,CAAC;IACzB,SAAS,CAAC,EAAE,MAAM,GAAC,IAAI,CAAC;CAC3B;AAOD,qBAAa,yBAA0B,YAAW,sBAAsB;IACpE,OAAO,CAAC,aAAa,CAAkC;gBAEpC,aAAa,EAAE,+BAA+B;IAIjE,OAAO,CAAC,aAAa;YAQP,OAAO;IA0CR,QAAQ,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;IAOpF,QAAQ,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;CAMrF"}

dist/ldapAuthenticationHandler.js

@@ -27,12 +27,17 @@ export class LdapAuthenticationHandler {
         const bindDn = `${this.configuration.bindDnField}=${username},${this.configuration.bindBase}`;
         let totp = null;
         let finalUsername = null;
+        let success = false;
         try {
             await client.bind(bindDn, password);
-            if (this.configuration.totpField) {
-                const data = await client.search(bindDn);
-                totp = this.fieldToString(data.searchEntries[0]?.[this.configuration.totpField]);
-                finalUsername = this.fieldToString(data.searchEntries[0]?.[this.configuration.usernameField]);
+            const data = await client.search(bindDn, {
+                filter: this.configuration.ldapFilter || undefined,
+                attributes: [this.configuration.totpField, this.configuration.usernameField, this.configuration.bindDnField].filter(x => !!x)
+            });
+            if (data.searchEntries[0]) {
+                success = true;
+                totp = this.configuration.totpField ? this.fieldToString(data.searchEntries[0]?.[this.configuration.totpField]) : null;
+                finalUsername = this.configuration.usernameField ? this.fieldToString(data.searchEntries[0]?.[this.configuration.usernameField]) : username;
             }
         }
         catch (ex) {
@@ -42,13 +47,14 @@ export class LdapAuthenticationHandler {
         finally {
             client.unbind();
         }
-        return {
+        return success ? {
             username: finalUsername,
             totp: totp
-        };
+        } : null;
     }
     async tryLogin(username, password, totp) {
         const account = await this.tryBind(username, password);
+        console.log(account);
         if (!account)
             return null;
         return TotpChecker.ValidateTotp(account.totp, totp);

src/ldapAuthenticationHandler.ts

@@ -6,7 +6,8 @@ export interface LdapAuthenticationConfiguration {
     ldapUrl: string;
     bindDnField: string;
     bindBase: string;
-    usernameField: string;
+    usernameField?: string|null;
+    ldapFilter?: string|null;
     totpField?: string|null;
 }
 
@@ -45,13 +46,18 @@ export class LdapAuthenticationHandler implements IAuthenticationHandler {
         const bindDn = `${this.configuration.bindDnField}=${username},${this.configuration.bindBase}`;
         let totp: string|null = null;
         let finalUsername: string|null = null;
+        let success = false;
 
         try {
             await client.bind(bindDn, password);
-            if (this.configuration.totpField) {
-                const data = await client.search(bindDn);
-                totp = this.fieldToString(data.searchEntries[0]?.[this.configuration.totpField]);
-                finalUsername = this.fieldToString(data.searchEntries[0]?.[this.configuration.usernameField]);
+            const data = await client.search(bindDn, {
+                filter: this.configuration.ldapFilter || undefined,
+                attributes: [this.configuration.totpField, this.configuration.usernameField, this.configuration.bindDnField].filter(x => !!x) as string[]
+            });
+            if (data.searchEntries[0]) {
+                success = true;
+                totp = this.configuration.totpField ? this.fieldToString(data.searchEntries[0]?.[this.configuration.totpField]) : null;
+                finalUsername = this.configuration.usernameField ? this.fieldToString(data.searchEntries[0]?.[this.configuration.usernameField]) : username;
             }
         }
         catch (ex) {
@@ -61,14 +67,15 @@ export class LdapAuthenticationHandler implements IAuthenticationHandler {
         finally {
             client.unbind();
         }
-        return <AccountInformations> {
+        return success ? <AccountInformations> {
             username: finalUsername,
             totp: totp
-        };
+        } : null;
     }
 
     public async tryLogin(username: string, password: string, totp?: string): Promise<boolean | null> {
         const account = await this.tryBind(username, password);
+        console.log(account);
         if (!account)
             return null;
         return TotpChecker.ValidateTotp(account.totp, totp);