edgeport - v1.0.3
    Preparing search index...

    Interface AuthenticateOptions

    Options for authenticate: connection settings plus the user lookup and the candidate password.

    The service-account credentials used for the lookup are LdapConnectOptions.bindDN and AuthenticateOptions.bindPassword; when neither is set the lookup binds anonymously. The top-level AuthenticateOptions.password is the user's candidate password, verified by re-binding as the located entry (it overrides the inherited connect-options password so the two roles never collide).

    interface AuthenticateOptions {
        attributes?: string[];
        base: string;
        bindDN?: string;
        bindPassword?: string;
        expectedServerHostname?: string;
        hostname: string;
        password: string;
        port?: number;
        scope?: SearchScope;
        timeoutMs?: number;
        tls?: "off" | "starttls" | "implicit";
        userFilter: string | Filter;
    }

    Hierarchy (View Summary)

    Index
    attributes?: string[]

    Attributes to return on the located entry; omitted returns all user attributes.

    base: string

    Base DN to search for the user under.

    bindDN?: string

    Bind DN; when provided, connect binds before returning.

    bindPassword?: string

    Service-account password for the lookup bind; omit (with no bindDN) to bind anonymously.

    expectedServerHostname?: string

    Hostname the server's TLS certificate must match (server-identity verification). Applies to the StartTLS upgrade; defaults to LdapConnectOptions.hostname. For implicit LDAPS the runtime validates the certificate against the connection hostname directly.

    hostname: string

    Remote LDAP host.

    password: string

    The user's candidate password, verified by re-binding as the located entry.

    port?: number

    Remote port; defaults to 389 (or 636 via edgeport/ldaps).

    scope?: SearchScope

    Scope for the user lookup; defaults to 'sub'.

    timeoutMs?: number

    Per-operation read deadline in milliseconds.

    tls?: "off" | "starttls" | "implicit"

    Transport security:

    • 'off' (default): plaintext LDAP.
    • 'implicit': TLS from the first byte (LDAPS).
    • 'starttls': plaintext, upgraded with the StartTLS extended operation before bind.
    userFilter: string | Filter

    Filter selecting the user entry, as an RFC 4515 string or a structured Filter. Prefer a structured filter built from eq/and so untrusted usernames cannot inject filter syntax.