RFC: Adding LDAP authentication support

defaults/config.js

@@ -86,6 +86,56 @@ module.exports = {
 	//
 	displayNetwork: true,
 
+	//
+	// LDAP authentication settings (only available if public=false)
+	// @type    object
+	// @default {}
+	ldap: {
+		//
+		// Enable LDAP user authentication
+		//
+		// @type     boolean
+		// @default  false
+		//
+		enabled: false,
+
+		//
+		// LDAP server URL
+		//
+		// @type     string
+		//
+		//url: "ldaps://example.com",
+
+		//
+		// LDAP bind user
+		//
+		// @type     string
+		//
+		//adminDn: "cn=user,ou=binders,dc=example,dc=com",
+
+		//
+		// LDAP bind password
+		//
+		// @type     string
+		//
+		//adminPassword: "superS3cr3t",
+
+		//
+		// LDAP search base
+		//
+		// @type     string
+		//
+		//searchBase: "ou=accounts,dc=example,dc=com",
+
+		//
+		// LDAP search filter
+		//
+		// @type     string
+		// @default  "(uid={{username}})"
+		//
+		searchFilter: "(uid={{username}})"
+	},
+
 	//
 	// Log settings
 	//

src/clientManager.js

@@ -10,11 +10,13 @@ function ClientManager() {
 	this.clients = [];
 }
 
-ClientManager.prototype.findClient = function(name) {
+ClientManager.prototype.findClient = function(name, token) {
 	for (var i in this.clients) {
 		var client = this.clients[i];
 		if (client.name === name) {
 			return client;
+		} else if (token && token === client.token ) {
+			return client;
 		}
 	}
 	return false;

src/command-line/start.js

@@ -20,7 +20,7 @@ program
 		} else if (program.private) {
 			mode = false;
 		}
-		if (!mode && !users.length) {
+		if (!mode && !users.length && !config.ldap.enabled) {
 			console.log("");
 			console.log("No users found!");
 			console.log("Create a new user with 'shout add <name>'.");

src/server.js

@@ -6,6 +6,7 @@ var express = require("express");
 var fs = require("fs");
 var io = require("socket.io");
 var Helper = require("./helper");
+var LdapAuth = require("ldapauth");
 var config = {};
 
 var sockets = null;
@@ -130,6 +131,24 @@ function init(socket, client, token) {
 	}
 }
 
+function local_auth(client, user, password, callback) {
+	callback(bcrypt.compareSync(password || "", client.config.password));
+}
+
+function ldap_auth(client, user, password, callback) {
+	ldap = new LdapAuth(config.ldap);
+	ldap.authenticate(user, password, function(err, ldap_user){
+		if (!err && !client) {
+			// we've authenticated, but having no client means we
+			// have a valid LDAP user that doesn't exist locally.
+			if (!manager.addUser(user, null)) {
+				console.log("Unable to create new user", user);
+			}
+		}
+		callback(!err);
+	});
+}
+
 function auth(data) {
 	var socket = this;
 	if (config.public) {
@@ -141,27 +160,34 @@ function auth(data) {
 		});
 		init(socket, client);
 	} else {
-		var success = false;
-		_.each(manager.clients, function(client) {
-			if (data.token) {
-				if (data.token === client.token) {
-					success = true;
-				}
-			} else if (client.config.user === data.user) {
-				if (bcrypt.compareSync(data.password || "", client.config.password)) {
-					success = true;
-				}
-			}
-			if (success) {
-				var token;
-				if (data.remember || data.token) {
-					token = client.token;
+		var client = manager.findClient(data.user, data.token);
+		var token;
+		var auth_func;
+		if (data.remember || data.token) {
+			token = client.token;
+		}
+
+		if (client || config.ldap.enabled) {
+			auth_func = ldap_auth;
+		} else if (client) {
+			auth_func = local_auth;
+		}
+
+		if (auth_func) {
+			auth_func(client, data.user, data.password, function(passed) {
+				if (passed) {
+					if (!client) {
+						//LDAP auth just created a user
+						manager.loadUser(data.user);
+						client = manager.findClient(data.user);
+					}
+					init(socket, client, token);
+				} else {
+					socket.emit("auth");
 				}
-				init(socket, client, token);
-				return false;
-			}
-		});
-		if (!success) {
+			});
+		}
+		else {
 			socket.emit("auth");
 		}
 	}