javascript - LDAP query from Chrome App - Stack Overflow

admin管理员组

文章数量:1426193

I believe javascript is constrained to use only HTTP, but I was curious if there is anything out there that can enable a chrome application to make an LDAP query from the client side (without having to go through my webserver to connect to the LDAP and check credentials). My goal here is to have my users login to the internal web application using their network credentials, without having to wait on my server to establish an HTTPS connection.

Also, are there any security concerns with a setup such as this?

I believe javascript is constrained to use only HTTP, but I was curious if there is anything out there that can enable a chrome application to make an LDAP query from the client side (without having to go through my webserver to connect to the LDAP and check credentials). My goal here is to have my users login to the internal web application using their network credentials, without having to wait on my server to establish an HTTPS connection.

Also, are there any security concerns with a setup such as this?

• javascript
• jquery
• ldap
• google-chrome-app

Share Improve this question Follow asked Sep 3, 2013 at 15:57 jake_nerdnestjake_nerdnest 40244 silver badges1010 bronze badges 2

• Don't think so. Even if you could use js to create TCP connections to any server on any port directly from browser (WebSockets, maybe? Not sure how they work), you would have to implement the whole ldap protocol in javascript, which is no easy task even in most server-side languages. – Robert Rossmann Commented Sep 3, 2013 at 21:36
• It looks like somebody wrote an LDAP client for node github./jeremycx/node-ldap. Not sure if that gets you any closer. – kzahel Commented Sep 4, 2013 at 14:00

Add a ment  | 

1 Answer 1

Sorted by: Reset to default 5

A Chrome app is indeed capable of doing what you want. You'd use the chrome.socket API to establish a connection directly with the LDAP server.

However, your question sets off several alarms. If your client code is separately checking LDAP for credentials, and querying the web application for content, then what's stopping a malicious or buggy client from skipping the LDAP step and just grabbing the content, without authorization, directly from the web app? If your web app assumes only trusted clients, then why bother actually checking LDAP at all? In real life, this design would be like handing a note to a bank teller saying "I don't need to show you my ID because I promise I already showed it to the security guard stationed outside the bank. Please give me all the money in my account." It's much more monplace -- and secure -- for the credential check, be it LDAP or otherwise, to be done by the web application, behind HTTP/HTTPS. (OAuth is another story in terms of its mechanics, but in principle it's the same.)

"without having to wait on my server to establish an HTTPS connection": it's not clear at all what you mean by this. HTTPS has nothing to do with authentication (except to the extent it confirms that the server is authentic). Do you really mean SSL handshake speed? An SSL handshake is usually from 200-500 milliseconds. Unless yours is an unusual use case, this amount of time won't matter. And again, HTTPS as normally deployed is transport security having nothing to do with client authentication. Even if you'd figured out a nonstandard but valid way to authenticate clients, you'd still want the conversation to happen over SSL unless there were truly nothing sensitive about the content (in which case you probably wouldn't need intranet client authentication in the first place).

More questions are outstanding, but you haven't sufficiently explained your use case yet.

TL;DR: yes, you can do this with a Chrome app. But yes, there are many security concerns with this design.

本文标签： javascriptLDAP query from Chrome AppStack Overflow