@cappern/node-red-ldap

Another LDAP node for Node-RED built on top of ldapts. It provides:

- A config node cappern-ldap-config to define server connection (host, port, protocol, TLS options, base DN, and credentials)
- A runtime node cappern-ldap to perform LDAP searches with optional message-based overrides

Install

From your Node-RED user directory (usually ~/.node-red):

``
npm install @cappern/node-red-ldap
`

Restart Node-RED and look for the nodes under the Function category.

Nodes

- cappern-ldap-config: Shared connection configuration
- host: Server hostname or IP
- port: Defaults to 389 for ldap and 636 for ldaps
- protocol: ldap or ldaps
- base: Default Base DN
- Ignore TLS errors: When ldaps, disables certificate verification (insecure)
- CA Certificates (PEM): Optional trusted CA bundle for ldaps
- credentials: Bind DN and Password (optional)

- cappern-ldap: Perform LDAP search
- Default Base DN, Filter, Scope (base|one|sub), Attributes (comma separated)
- Outputs: msg.payload as an array of entry objects
- Errors: attaches msg.error = { name, code, message } and sets node status

Message Overrides

The cappern-ldap node accepts the following fields from the incoming message to override the node/config:

- msg.base: Base DN
- msg.filter: LDAP filter (defaults to (objectClass=*))
- msg.scope: base, one, or sub (defaults to sub)
- msg.attributes: comma-separated string or array of attribute names
- msg.bindDN: Bind DN for this invocation
- msg.bindCredentials: Bind password for this invocation

When attributes is empty, the server default attribute set is returned.

Examples

Find a user by uid under the node’s Base DN:

`
{
"filter": "(uid=alice)"
}
`

Return specific attributes only under a specific OU:

`
{
"base": "ou=people,dc=example,dc=com",
"filter": "(objectClass=person)",
"attributes": ["cn", "mail", "sn"]
}
`

Search one level below an OU:

`
{
"base": "ou=people,dc=example,dc=com",
"filter": "(cn=Alice*)",
"scope": "one"
}
`

Bind as end-user for this search only:

`
{
"bindDN": "uid=alice,ou=people,dc=example,dc=com",
"bindCredentials": "user-password",
"base": "dc=example,dc=com",
"filter": "(uid=alice)"
}
`

Error Handling

On error, the node sets a red status with a concise message (e.g. invalid credentials, base DN not found, timeout, connection error) and attaches details to msg.error:

`
{
"error": { "name": "InvalidCredentialsError", "code": 49, "message": "Invalid credentials" }
}
`

You can branch on msg.error using a Switch node.

Development & Tests

This repo includes a Mocha test suite using the official Node-RED node test helper. The LDAP client is mocked so tests do not require a live directory server.

- Test runner: Mocha + Chai
- Helper: node-red-node-test-helper with embedded Node-RED runtime
- Location: test/ldap.spec.js

Install dev dependencies and run tests:

`
npm install
npm test
`

What’s covered:

- Node loads with the config node
- Successful search emits entries to msg.payload
- Missing base DN reports an error on output
- Invalid credentials are mapped to a friendly status and error payload

$3

There is an opt-in integration test that connects to a real LDAPS server. It is skipped by default and only runs when LDAP_LIVE=1 is set and connection details are provided.

Env vars:

- LDAP_LIVE=1 — enable the live test
- LDAP_URL=ldaps://host:636 — or provide LDAP_HOST, LDAP_PORT, LDAP_PROTOCOL
- LDAP_BASE=dc=example,dc=com — base DN to search
- LDAP_BIND_DN and LDAP_BIND_PW — optional bind credentials
- LDAP_FILTER — optional search filter (defaults to (objectClass=*))
- LDAP_TLS_INSECURE=1 — optional, disable TLS verification (insecure)
- LDAP_CA_PATH=/path/to/ca.pem or LDAP_CA_PEM="...PEM..." — optional CA bundle

Run just the live test:

`
LDAP_LIVE=1 LDAP_URL=ldaps://ldap.example.com:636 LDAP_BASE=dc=example,dc=com \
LDAP_BIND_DN="cn=admin,dc=example,dc=com" LDAP_BIND_PW="secret" \
npm test -- --grep "live ldaps"
`

License

AGPL-3.0-or-later (see LICENSE`)