Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Deprecation of ldapjs #63

Open
wesley3295 opened this issue Jun 17, 2024 · 18 comments
Open

Deprecation of ldapjs #63

wesley3295 opened this issue Jun 17, 2024 · 18 comments
Labels
help wanted Extra attention is needed v4 will implemented in v4

Comments

@wesley3295
Copy link

Any ideas on what we can do in replacement of ldapjs? This package is something my company relies on heavily and with it not being maintained anymore throws a huge plot twist into our current work with our client. Is there another open source ldap package that can replace ldapjs or something I/we can contribute to?

@shaozi
Copy link
Owner

shaozi commented Jun 19, 2024

It is a very sad that some stupid coward threatened the maintainer and now the project is archived.

So far I have not found anything yet. We should find some people to take the project over since it is open source.

@mattkrins
Copy link

I don't know of any alternatives sadly... It was one of, if not the only decent ldap packages for node.
I've never seen such an unhinged deprecation readme before.
It was clearly a troll/spam email but I guess the author wanted an excuse to stop maintaining it.

@stalkerg
Copy link

I think we can easily port it to https://github.com/jjhoughton/napi-ldap or make it abstract.

@stalkerg
Copy link

or maybe it will be better just to reimplement such features by Rust? https://github.com/inejge/ldap3

@shaozi
Copy link
Owner

shaozi commented Aug 21, 2024

or maybe it will be better just to reimplement such features by Rust? https://github.com/inejge/ldap3

I like this idea. Any pointers on how?

@stalkerg
Copy link

I like this idea. Any pointers on how?

I think the easier way to make binding by this
https://github.com/neon-bindings/neon

It should be relatively easy because we do not need many features.
If you want, I can try/help next week.

PS Of course, true JS implementation has some benefits, but we do not have easy solutions in the current situation.

@stalkerg
Copy link

It seems like we are using one filter: https://github.com/ldapjs/filter. Do we need it? As I understand, it's IR, and in our case, (${userAttr}=${userName}) it's overkill.

@stalkerg
Copy link

For the rust idea, I think it will be easier to implement high-level functions - _searchUser and _searchUserGroups.

@shaozi
Copy link
Owner

shaozi commented Aug 22, 2024

It seems like we are using one filter: https://github.com/ldapjs/filter. Do we need it? As I understand, it's IR, and in our case, (${userAttr}=${userName}) it's overkill.

What is IR? Now I look into the code, it does seem over complicated in the ldapjs/filter implementation. But I wonder if we simply use string substitute, do we need to do any pre-processing of the user input to ease any security injection concern? Of course, I am not sure the filter lib does that, but I just assume it does something.

@shaozi
Copy link
Owner

shaozi commented Aug 22, 2024

The neon-bindings is a really nice lib. I searched and there is another one called napi-rs. Have you compared these two?

@stalkerg
Copy link

What is IR?

https://en.wikipedia.org/wiki/Intermediate_representation

do we need to do any pre-processing of the user input to ease any security injection concern?

Yes, sure, but it is trivial; all literals should be escaped. Rust lib already supports it: https://docs.rs/ldap3/0.11.3/ldap3/fn.ldap_escape.html

The neon-bindings is a really nice lib. I searched and there is another one called napi-rs. Have you compared these two?

Yeah, it seems like napi-rs even better!
https://napi.rs/docs/more/neon

@shaozi
Copy link
Owner

shaozi commented Aug 22, 2024

Cool let me try it out next week and see how is it going.

@stalkerg
Copy link

stalkerg commented Oct 4, 2024

do we have any updates on a such hot topic?

@kedom1337
Copy link

Has anybody already evaluated ldapts as an alternative?

@shaozi
Copy link
Owner

shaozi commented Oct 8, 2024

do we have any updates on a such hot topic?

I have done some testing with rust ldap3 with napi-rs and the result is great!

Here is the plan forward:

I will maintain two branches:

  • v3 which is the current one based on ldapjs
  • v4 which will based on napi-rs and rust ldap3. v4 will have a slightly incompatible result structure than v3, mainly the binary part, will be all base64 encoded string. otherwise I will make it as close to v3 as possible.

@shaozi
Copy link
Owner

shaozi commented Oct 8, 2024

Has anybody already evaluated ldapts as an alternative?

This one looks nice. As I said, I will keep v3 as pure js/ts, so this one may fit there.

@shaozi shaozi added v4 will implemented in v4 help wanted Extra attention is needed labels Oct 8, 2024
@stalkerg
Copy link

stalkerg commented Oct 9, 2024

Yeah, ldapts also looks good, maybe even easier for a short term.

@pdvcs
Copy link

pdvcs commented Nov 29, 2024

I wanted to express my appreciation to @shaozi for looking after this library and for looking for a path forward. Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
help wanted Extra attention is needed v4 will implemented in v4
Projects
None yet
Development

No branches or pull requests

6 participants