addict

    1.1.1 • Public • Published

    Addict

    Get a full Active Directory REST API in 30 seconds


    Addict is a drop-in REST API microservice for Active Directory implementations. Just like that.

    Doing this:

    npm i addict -g
    addict --url ldaps://[address] --user [user]@[domain] --pass [pass]

    Gives you a web server with REST endpoints to add, remove, move, disable, enable, unlock or list Users, Groups and Organizational Units. It includes result caching by default and flexible filters for querying, sorting, pagination and column selection.

    There's interactive API docs at /api:

    Screenshot of API docs for Addict.

    No, it's not Slate.

    These docs let you add arguments, try the requests and see the results.

    Lastly, it comes with a companion Javascript library.

    Made with <3 by dthree.

    API

    # Users
     
    GET /user
    POST /user
    GET /user/:user
    PUT /user/:user
    GET /user/:user/exists
    GET /user/:user/member-of/:group
    POST /user/:user/authenticate
    PUT /user/:user/password
    PUT /user/:user/password-never-expires
    PUT /user/:user/password-expires
    PUT /user/:user/enable
    PUT /user/:user/disable
    PUT /user/:user/move
    PUT /user/:user/unlock
    DELETE /user/:user
     
    # Groups
     
    GET /group
    POST /group
    GET /group/:group
    GET /group/:group/exists
    POST /group/:group/user/:user
    DELETE /group/:group/user/:user
    DELETE /group/:group
     
    # Organizational Units
     
    GET /ou
    POST /ou
    GET /ou/:ou
    GET /ou/:ou/exists
    DELETE /ou/:ou
     
    # Other
     
    GET /other
    GET /all
    GET /find/:filter
    GET /status
     
    # Monitoring
     
    GET /status
     

    Want more? Just ask.

    Filters

    Fields

    Choose which fields to include in the results:

    GET /user?_fields=description,cn

    Filter

    Filter any field with fieldName=value.

    GET /group?cn=Guests

    We've got operators as well:

    GET /user?userAccountControl_gte=500

    Operators
    • =: Equals
    • _ne=: Not equals
    • _lt=: Less than
    • _gt=: Greater than
    • _gte=: Greater than or equal to
    • _lte=: Less than or equal to
    • _like=: Like (fuzzy search)

    Sort

    GET /ou?_sort=whenCreated,dn&_order=desc,asc

    Paginate

    GET /user?_page=6&limit=10

    Slice

    Add _start and _end or _limit:

    GET /user?_start=20&_limit=40

    Full Text Search

    GET /group?_q=addict

    The Nitty Gritty

    Passing Secrets

    You can pass the AD details at runtime:

    addict --url ldaps://[address] --user [user]@[domain] --pass [pass] --port [port]

    Port is optional and defaults to 3000.

    As environmental variables:

    export ADDICT_URL=ldaps://[address]
    export ADDICT_USER=[user]@[domain]
    export ADDICT_PASS=[pass]
    export ADDICT_PORT=[port] # optional 

    You can run it from docker as well, using environmental variables.

    Or in ./config.json:

    git clone https://github.com/dthree/addict.git
    cd addict
    vim ./config.json
    {
      ...
      "user": "[user]@[domain]",
      "pass": "[pass]",
      "url": "ldaps://[address]",
      "port": 3000
    }

    Authentication

    This service defaults to no authentication. I can't and won't try to guess your flavor.

    Addict uses express. The file ./middleware.js at the root of the directory exposes the app so you can add middleware hooks for auth logic.

    LDAP vs LDAPS

    If you connect to Active Directory over plain LDAP, it will refuse certain write operations including adding a user and changing a password. To make things even better, Windows Server doesn't support LDAPS out of the box. You're going to have to set up the Domain Controller as a cert authority by installing the Active Directory Certificate Services Role.

    Here's a good tutorial on that.

    License

    MIT

    Install

    npm i addict

    DownloadsWeekly Downloads

    6

    Version

    1.1.1

    License

    MIT

    Last publish

    Collaborators

    • dthree