Build.One Documentation
Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

Configuration for config.js (required)

  • copy config.example and rename file to config.js. replace secret with a random generated secret. You can use for example https://randomkeygen.com/

Cofiguration for ad-config.js (required for Active Directory Authentication)

  • copy ad-config.example and rename file to ad-config.js.

Options for the Active Directory configuration file

  • path : path for login authentication, '/login' will setup a new http route at 'auth/ad/login' for authentication
  • url : LDAP server url
  • bindDN : Admin connection DN, e.g. uid=myapp,ou=users,dc=example,dc=org. Optional. If not given at all, admin client is not bound. Giving empty string may result in anonymous bind when allowed.
  • bindCredentials : Password for bindDN
  • searchBase : The base DN from which to search for users by username. E.g. ou=users,dc=example,dc=org
  • searchFilter : LDAP search filter with which to find a user by username, group, e.g. '(&(sAMAccountName={{username}})(memberOf=CN=OSIV-Ivdat,OU=OSIV,DC=de,DC=ivnet,DC=ch))'. Use the literal {{username}} to have the given username interpolated in for the LDAP search.
  • errorMessages : Authentication possible error messages options
     [options.badRequestMessage] - 'Missing credentials' - Message for missing username/password
 [options.invalidCredentials] - 'Invalid username/password' - Message for InvalidCredentialsError, NoSuchObjectError, and /no such user/ LDAP errors
 [options.userNotFound] - 'Invalid username/password' - Message for user not found
 [options.constraintViolation] - 'Exceeded password retry limit, account locked' - Message when account is locked (or other constraint violation)
 [options.invalidLogonHours] - 'Not Permitted to login at this time'  - Message for Windows AD invalidLogonHours error
 [options.invalidWorkstation] - 'Not permited to logon at this workstation' - Message for Windows AD invalidWorkstation error
 [options.passwordExpired] - 'Password expired' - Message for Windows AD passwordExpired error
 [options.accountDisabled] - 'Account disabled' - Message for Windows AD accountDisabled error
 [options.accountExpired] - 'Account expired' - Message for Windows AD accountExpired error
 [options.passwordMustChange] - 'User must reset password' - Message for Windows AD passwordMustChange error
 [options.accountLockedOut] - 'User account locked' - Message for Windows AD accountLockedOut error
 [options.noSuchObject] - 'Bad search base' - Bad search base in LDAP query

 

More LDAP Query Examples for AD here

  • No labels