Skip to content

pixelfederation/verdaccio-activedirectory

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
index.js
index.js
 
 
npm-shrinkwrap.json
npm-shrinkwrap.json
 
 
package.json
package.json
 
 

Repository files navigation

verdaccio-activedirectory-pxfd

Active Directory authentication plugin for verdaccio (pxfd fork)

Installation

$ npm install verdaccio-activedirectory-pxfd

Config

Add to your config.yaml:

auth:
  activedirectory:
    url: "ldap://10.0.100.1"
    baseDN: 'dc=sample,dc=local'
    domainSuffix: 'sample.local'
    groupName: 'npmWriters' # optional
    rejectUnauthorized: true # (optional) If set to false, the server will accept connections even if they are not authorized by the list of supplied CAs. Default is true (recommended). For more details, see the Node.js documentation: https://nodejs.org/api/tls.html#tlscreateserveroptions-secureconnectionlistener

Alternatively, if your config.yaml uses multiple security groups, you can provide a yaml sequence:

auth:
  activedirectory:
    url: "ldap://10.0.100.1"
    baseDN: 'dc=sample,dc=local'
    domainSuffix: 'sample.local'
    groupName:
      - 'npmWriters'
      - 'npmAdministrators'

Note that when using the groupName parameter, the plugin will require at least one security group to exist on the user in order to successfully authenticate.

Examples

Restricting a specific scope

Groups(s) defined in the groupName secion of the activedirectory configuration become available to the packages block of config.yaml. This can be used to restrict certain actions. Below, the scope @internal-scope is only accessable to users belowing to npmUsers:

auth:
  activedirectory:
    url: "ldap://10.0.100.1"
    baseDN: 'dc=sample,dc=local'
    domainSuffix: 'sample.local'
    groupName: 'npmUsers' 

packages:
  '@internal-scope/*':
    access: npmUsers
    publish: npmUsers
    unpublish: npmUsers

  '**':
    access: $all
    proxy: npmjs

Using multiple groups for access control

By providing multple groups in the groupName section, we can restrict actions to individual classes of users. In this example we:

  • allow anyone to view and install packages within @internal-scope
  • have restricted publishing to users who belong to npmWriters or npmAdmins
  • only allow npmAdmins to unpublish packages
auth:
  activedirectory:
    url: "ldap://10.0.100.1"
    baseDN: 'dc=sample,dc=local'
    domainSuffix: 'sample.local'
    groupName: 
      - npmWriters
      - npmAdmins

packages:
  '@internal-scope/*':
    access: $all
    publish: npmUsers npmAdmins
    unpublish: npmAdmins

  '**':
    access: $all
    proxy: npmjs

For more information about TLS options and rejectUnauthorized, refer to the Node.js documentation: TLS Server Options

About

Active Directory authentication plugin for verdaccio

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

 
 
 

Contributors

Languages

  • JavaScript 100.0%