LibreChat/api/strategies/ldapStrategy.js

const LdapStrategy = require('passport-ldapauth');
const User = require('~/models/User');
const fs = require('fs');

const ldapOptions = {
  server: {
    url: process.env.LDAP_URL,
    bindDN: process.env.LDAP_BIND_DN,
    bindCredentials: process.env.LDAP_BIND_CREDENTIALS,
    searchBase: process.env.LDAP_USER_SEARCH_BASE,
    searchFilter: process.env.LDAP_SEARCH_FILTER || 'mail={{username}}',
    searchAttributes: ['displayName', 'mail', 'uid', 'cn', 'name', 'commonname', 'givenName', 'sn'],
    ...(process.env.LDAP_CA_CERT_PATH && {
      tlsOptions: { ca: [fs.readFileSync(process.env.LDAP_CA_CERT_PATH)] },
    }),
  },
  usernameField: 'email',
  passwordField: 'password',
};

const ldapLogin = new LdapStrategy(ldapOptions, async (userinfo, done) => {
  if (!userinfo) {
    return done(null, false, { message: 'Invalid credentials' });
  }

  try {
    const firstName = userinfo.givenName;
    const familyName = userinfo.surname || userinfo.sn;
    const fullName =
      firstName && familyName
        ? `${firstName} ${familyName}`
        : userinfo.cn ||
          userinfo.name ||
          userinfo.commonname ||
          userinfo.displayName ||
          userinfo.mail;

    const username = userinfo.givenName || userinfo.mail;
    let user = await User.findOne({ email: userinfo.mail });
    if (user && user.provider !== 'ldap') {
      return done(null, false, { message: 'Invalid credentials' });
    }
    if (!user) {
      user = new User({
        provider: 'ldap',
        ldapId: userinfo.uid,
        username,
        email: userinfo.mail || '',
        emailVerified: true,
        name: fullName,
      });
    } else {
      user.provider = 'ldap';
      user.ldapId = userinfo.uid;
      user.username = username;
      user.name = fullName;
    }

    await user.save();

    done(null, user);
  } catch (err) {
    done(err);
  }
});

module.exports = ldapLogin;
🔒 feature(auth): LDAP Authentication (#2859) * 🔧 chore: npm install passport-ldapauth * ✨ feat(auth): add ldap authentication support * chore: merge conflict fix --------- Co-authored-by: Danny Avila <danny@librechat.ai> 2024-05-29 14:46:20 -07:00			`const LdapStrategy = require('passport-ldapauth');`
			`const User = require('~/models/User');`
			`const fs = require('fs');`

			`const ldapOptions = {`
			`server: {`
			`url: process.env.LDAP_URL,`
			`bindDN: process.env.LDAP_BIND_DN,`
			`bindCredentials: process.env.LDAP_BIND_CREDENTIALS,`
			`searchBase: process.env.LDAP_USER_SEARCH_BASE,`
			`searchFilter: process.env.LDAP_SEARCH_FILTER \|\| 'mail={{username}}',`
			`searchAttributes: ['displayName', 'mail', 'uid', 'cn', 'name', 'commonname', 'givenName', 'sn'],`
			`...(process.env.LDAP_CA_CERT_PATH && {`
			`tlsOptions: { ca: [fs.readFileSync(process.env.LDAP_CA_CERT_PATH)] },`
			`}),`
			`},`
			`usernameField: 'email',`
			`passwordField: 'password',`
			`};`

			`const ldapLogin = new LdapStrategy(ldapOptions, async (userinfo, done) => {`
			`if (!userinfo) {`
			`return done(null, false, { message: 'Invalid credentials' });`
			`}`

			`try {`
			`const firstName = userinfo.givenName;`
			`const familyName = userinfo.surname \|\| userinfo.sn;`
			`const fullName =`
			`firstName && familyName`
			? `${firstName} ${familyName}`
			`: userinfo.cn \|\|`
			`userinfo.name \|\|`
			`userinfo.commonname \|\|`
			`userinfo.displayName \|\|`
			`userinfo.mail;`

			`const username = userinfo.givenName \|\| userinfo.mail;`
			`let user = await User.findOne({ email: userinfo.mail });`
			`if (user && user.provider !== 'ldap') {`
			`return done(null, false, { message: 'Invalid credentials' });`
			`}`
			`if (!user) {`
			`user = new User({`
			`provider: 'ldap',`
			`ldapId: userinfo.uid,`
			`username,`
			`email: userinfo.mail \|\| '',`
			`emailVerified: true,`
			`name: fullName,`
			`});`
			`} else {`
			`user.provider = 'ldap';`
			`user.ldapId = userinfo.uid;`
			`user.username = username;`
			`user.name = fullName;`
			`}`

			`await user.save();`

			`done(null, user);`
			`} catch (err) {`
			`done(err);`
			`}`
			`});`

			`module.exports = ldapLogin;`