ldap-authentication icon indicating copy to clipboard operation
ldap-authentication copied to clipboard
verified publisher icon shaozi

Deprecation of ldapjs

Open wesley3295 opened this issue 1 year ago • 17 comments

Any ideas on what we can do in replacement of ldapjs? This package is something my company relies on heavily and with it not being maintained anymore throws a huge plot twist into our current work with our client. Is there another open source ldap package that can replace ldapjs or something I/we can contribute to?

wesley3295 avatar Jun 17 '24 18:06 wesley3295

It is a very sad that some stupid coward threatened the maintainer and now the project is archived.

So far I have not found anything yet. We should find some people to take the project over since it is open source.

shaozi avatar Jun 19 '24 03:06 shaozi

I don't know of any alternatives sadly... It was one of, if not the only decent ldap packages for node. I've never seen such an unhinged deprecation readme before. It was clearly a troll/spam email but I guess the author wanted an excuse to stop maintaining it.

mattkrins avatar Jul 02 '24 15:07 mattkrins

I think we can easily port it to https://github.com/jjhoughton/napi-ldap or make it abstract.

stalkerg avatar Aug 19 '24 02:08 stalkerg

or maybe it will be better just to reimplement such features by Rust? https://github.com/inejge/ldap3

stalkerg avatar Aug 20 '24 06:08 stalkerg

or maybe it will be better just to reimplement such features by Rust? https://github.com/inejge/ldap3

I like this idea. Any pointers on how?

shaozi avatar Aug 21 '24 14:08 shaozi

I like this idea. Any pointers on how?

I think the easier way to make binding by this https://github.com/neon-bindings/neon

It should be relatively easy because we do not need many features. If you want, I can try/help next week.

PS Of course, true JS implementation has some benefits, but we do not have easy solutions in the current situation.

stalkerg avatar Aug 22 '24 03:08 stalkerg

It seems like we are using one filter: https://github.com/ldapjs/filter. Do we need it? As I understand, it's IR, and in our case, (${userAttr}=${userName}) it's overkill.

stalkerg avatar Aug 22 '24 03:08 stalkerg

For the rust idea, I think it will be easier to implement high-level functions - _searchUser and _searchUserGroups.

stalkerg avatar Aug 22 '24 03:08 stalkerg

It seems like we are using one filter: https://github.com/ldapjs/filter. Do we need it? As I understand, it's IR, and in our case, (${userAttr}=${userName}) it's overkill.

What is IR? Now I look into the code, it does seem over complicated in the ldapjs/filter implementation. But I wonder if we simply use string substitute, do we need to do any pre-processing of the user input to ease any security injection concern? Of course, I am not sure the filter lib does that, but I just assume it does something.

shaozi avatar Aug 22 '24 04:08 shaozi

The neon-bindings is a really nice lib. I searched and there is another one called napi-rs. Have you compared these two?

shaozi avatar Aug 22 '24 05:08 shaozi

What is IR?

https://en.wikipedia.org/wiki/Intermediate_representation

do we need to do any pre-processing of the user input to ease any security injection concern?

Yes, sure, but it is trivial; all literals should be escaped. Rust lib already supports it: https://docs.rs/ldap3/0.11.3/ldap3/fn.ldap_escape.html

The neon-bindings is a really nice lib. I searched and there is another one called napi-rs. Have you compared these two?

Yeah, it seems like napi-rs even better! https://napi.rs/docs/more/neon

stalkerg avatar Aug 22 '24 07:08 stalkerg

Cool let me try it out next week and see how is it going.

shaozi avatar Aug 22 '24 13:08 shaozi

do we have any updates on a such hot topic?

stalkerg avatar Oct 04 '24 08:10 stalkerg

Has anybody already evaluated ldapts as an alternative?

kedom1337 avatar Oct 06 '24 14:10 kedom1337

do we have any updates on a such hot topic?

I have done some testing with rust ldap3 with napi-rs and the result is great!

Here is the plan forward:

I will maintain two branches:

  • v3 which is the current one based on ldapjs
  • v4 which will based on napi-rs and rust ldap3. v4 will have a slightly incompatible result structure than v3, mainly the binary part, will be all base64 encoded string. otherwise I will make it as close to v3 as possible.

shaozi avatar Oct 08 '24 16:10 shaozi

Has anybody already evaluated ldapts as an alternative?

This one looks nice. As I said, I will keep v3 as pure js/ts, so this one may fit there.

shaozi avatar Oct 08 '24 16:10 shaozi

Yeah, ldapts also looks good, maybe even easier for a short term.

stalkerg avatar Oct 09 '24 02:10 stalkerg

I wanted to express my appreciation to @shaozi for looking after this library and for looking for a path forward. Thank you!

pdvcs avatar Nov 29 '24 04:11 pdvcs

Possible replacement: https://github.com/ldapts/ldapts?tab=readme-ov-file#authenticate-example

ryanm101 avatar Feb 12 '25 10:02 ryanm101

I needed to autenticate with ldap and after frustating search of libraries (lots are decomissioned/abandoned), decided to use ldapts directly, and used your project as high level guideline on how ldap auth works. I managed to reverse engineer and adapt for my use case but using ldapts instead as underlying library.

In order to help this project, considering this open issue, I made a pull request with the changes needed, which seem to be not that much: #78

erickweil avatar Feb 14 '25 15:02 erickweil

@erickweil I added some review comments in #78 Would you take a look and fix them?

shaozi avatar Feb 18 '25 17:02 shaozi

I will close this issue. Thank @erickweil for providing the migration to ldapts. fixed by #78

shaozi avatar Feb 18 '25 19:02 shaozi