Hacker News new | past | comments | ask | show | jobs | submit login
AD – A Javascript implementation of common Active Directory tasks (github.com/dthree)
79 points by robinj6 on Aug 3, 2017 | hide | past | favorite | 19 comments



I really appreciate the effort put in to a library like this, fantastic work.

However I would strongly warn anyone considering using it to do massive amounts of testing in their real production network. Implementing against the current version is easy, but lets remember: this is a protocol old enough to buy cigarettes. It not only changes in behavior between versions, it also has edge cases where things behave differently when the version you are running is an upgrade. Or an upgrade in progress. Or part of a forest that also has... etc.


I'm pretty sure Microsoft had this 15 years ago. AD is accessible through COM. Anything that's accessible through COM is scriptable in JS and VBScript (if it still exists, it's been a while).


Right, the thing is called ADSI: https://msdn.microsoft.com/en-us/library/aa772170%28v=vs.85%...

Yes, both JScript (not the same as JavaScript, BTW) and VBScript are still supported and both are included in modern Windows versions.

The project is still somewhat useful because it runs on any OS, not just Windows. It doesn’t use ADSI, it relies on this instead: http://ldapjs.org/


.. and Powershell. It's very, very hard to discover what this API is though.


Ops project or PowerShell?


COM APIs within powershell generally and AD ones in particular.


Is this the API that the .net libraries are based on? If so it's the worst API I've ever used in my life. It's near impossible to test with and anything non-trivial can leave the system in god knows what state when something goes wrong.


https://gist.github.com/Summertime/95cc7bec49d3948ce2f76ded0... An attempt to transcribe the examples to powershell cmdlets, in case anyone was wondering how much it differs to the tools pre-existing for the task

- - -

I have to say, other than setup and lack of permission handling the js lib has, I would find myself preferring it


I am not very proficient in javascript so excuse my idiotic questions but how does this work ? Does this need to talk to some low level api or nodejs supports this or ?


You would download and run this on a Node server. It then uses LDAP to talk to Active Directory, and exposes a Javascript library to make that talk simple.


I don't think the server part is necessary. Regardless of where you run it, it relies on ldapjs to talk LDAP to Active Directory.


LDAPJS is neat. You can actually run an LDAP server in NODE. I haven't played with it too much, but that's one of those things I just didn't think I would see.


It's an npm package for use with node.js. I don't think it will work in a browser as-is. It's funny, but my initial assumption these days is that it will be exposed via npm and work in node and/or browser via bundling.


Let me get this straight. Passwords, including the password of a domain admin, are hardcoded as plain text in client side JavaScript files. Surely, I must be reading this wrong?


Reading it wrong. Any application needs to use secrets, it's up to the developer to pass them in properly. For example, you can use environmental variables, command line args when running the process, or a config file. This isn't a client-side library.


Yeah you're reading it wrong. This is for node so it'd never be client side, and I'm sure the pw examples are in plaintext just for simplicity in the README.


The authors are even aware of this! The admin password in their first example is "howinsecure".


A recent shared secret, I defaulted to "not very secure" for local dev/testing, but uses an environment variable in practice.


Thank you for the clarification.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: