Introduction:
Connecting to LDAP Server is one of the features that allow enterprise to use their LDAP directory to authenticate to their enterprise application by connecting directly to the LDAP Server like Active Directory, or using an SSO (Single Sign Out) agent, in the coming versions Wakanda will support directly the SSO in the coming version as mentioned in the roadmap, this connector was requested by the Wakanda community, and now the latest version in DEV already provide it.
In this article we will discover how to use the LDAP connector module to authenticate a user to a Wakanda business application using the company LDAP Server.
Prerequisites:
- Download the latest Wakanda Enterprise which contains already the LDAP module.
- Active Directory Server settings : (IP address, port, base name, login and password) which will be used as the parameters for the function that will create the LDAP client in Wakanda Server.
You could download this open source LDAP explorer which could help you to browse the LDAP Directory, so you could simulate what you could get using the LDAP connector and compare the results.
How to use the LDAP connector:
The LDAP connector is a Wakanda module that follows the same logic as the other CommonJS module implemented in Wakanda Server, this module is loaded first by the Wakanda Server and after providing the LDAP Server parameters it establish a connection and after that you could query (search or bind operations in this article) the LDAP directory.
First of all, you should create an SSJS (Server Side JavaScript) module in the Wakanda solution where you will import the WAF-LDAP module and set its parameter.
Right click on the solution name and choose to create a new JavaScript File:
Now import the WAF-LDAP module in the created SSJS using the require() function :
var ldap = require('waf-ldap');
Now define the LDAP parameters of your Server by creating an LDAP client:
You could first define an object which contains the LDAP Server parameters and pass it to the LDAP client, the parameters passed to the createClient() method could be and URL or an IP address :
var ldapServerParams = {
hostname: '192.168.10.38',
port: 389,
ssl: false
};
Or :
var ldapServerParams = {
url: 'ldap://192.168.10.38:389'
};
The used parameters in our example is explicit (hostname, port and ssl), we could also add other parameters like baseDN (the base of the Distinguished Name where the search should start) define the root point where the search should start, the priority when we have the same object (user) locally in Wakanda Directory and in the remote LDAP Server and the password…etc.
var ldapServerParams = {
hostname: '192.168.10.38',
port: 389,
ssl: false,
baseDN: 'OU=Node1,DC=LDAP1,DC=local',
password: 'LDAPPass'
};
Now, we could create our LDAP client using the createClient() method:
var client = ldap.createClient(ldapServerParams);
Now, we will bind a user to the LDAP Directory using the bind() method:
// define the cn and password
var ldapPass, cn;
ldapPass = "LDAPPWD";
cn = "CN=userTest,CN=Users,DC=LDAP1,DC=local";
try{
var user = client.bind(cn, ldapPass);
}
Catch(e){
console.log('Error when binding a user : '+e);
}
If the given user is found in the LDAP Directory the object user will contain the user properties, if not the bind method will return null, so we could create a function that uses the same principle to authenticate a user using the LDAP Directory, the function will have the user name and the password as an entry and return true if it’s authenticated or an error if not:
function ldapLogin(userName, password) {
var client, cn, user;
dnSuffix = ',CN=Users,DC=LDAP1,DC=local';
client = ldap.createClient({
hostname: '192.168.10.38',
port: 389,
ssl: false
});
// build the CN for the user from the userName and the DN Suffix
cn = 'CN=' + userName + dnSuffix;
user = client.bind(cn, password);
if (user != null) {
return true;
} else {
return {
error: 1152,
errorMessage: "invalid user name or password"
}
}
}
This function could be called from client side (a Wakanda Web page or a mobile application) to authenticate user via the enterprise LDAP Directory.
Conclusion :
LDAP and SSO are the most used protocol to authenticate user in enterprise using an LDAP Directory like Active Directory or Lotus, having this module on Wakanda will allow enterprises to build their business applications without having the user directory in the application database and cut the development time which could be spent on organizing users on groups and defining permissions for each group which is already available in their LDAP directory.