{"id":18313,"library":"ep_ldapauth","title":"ep_ldapauth","description":"Etherpad Lite plugin that provides LDAP-based authentication and authorization. Version 0.4.0 integrates with Etherpad's authentication hooks to allow users to log in using LDAP credentials. It supports both plain LDAP and LDAPS, configurable search filters, group-based access control (admin or read-only), and specific examples for FreeIPA. The plugin is released under GPL-2.0 and is maintained primarily for Etherpad Lite environments. It requires a properly configured settings.json with LDAP server details, search credentials, and group mapping. Notable differentiators: direct integration with Etherpad's auth system, no external dependencies beyond ldapjs, and support for anonymous read-only mode.","status":"active","version":"0.4.0","language":"javascript","source_language":"en","source_url":"https://github.com/tykeal/ep_ldapauth","tags":["javascript"],"install":[{"cmd":"npm install ep_ldapauth","lang":"bash","label":"npm"},{"cmd":"yarn add ep_ldapauth","lang":"bash","label":"yarn"},{"cmd":"pnpm add ep_ldapauth","lang":"bash","label":"pnpm"}],"dependencies":[{"reason":"LDAP client library used for making LDAP connections and queries","package":"ldapjs","optional":false},{"reason":"Runtime environment; plugin hooks into Etherpad's auth system","package":"etherpad-lite","optional":false}],"imports":[{"note":"This is an Etherpad plugin loaded via hooks, not a standard import. It is not meant to be imported directly; it is activated by placing in Etherpad's node_modules and configuring settings.json.","wrong":"import ep_ldapauth from 'ep_ldapauth'","symbol":"default","correct":"require('ep_ldapauth')"}],"quickstart":{"code":"{\n  \"users\": {\n    \"ldapauth\": {\n      \"url\": \"ldaps://ldap.example.com\",\n      \"accountBase\": \"ou=Users,dc=example,dc=com\",\n      \"accountPattern\": \"(&(objectClass=*)(uid={{username}}))\",\n      \"displayNameAttribute\": \"cn\",\n      \"searchDN\": \"uid=searchuser,dc=example,dc=com\",\n      \"searchPWD\": \"supersecretpassword\",\n      \"groupSearchBase\": \"ou=Groups,dc=example,dc=com\",\n      \"groupAttribute\": \"member\",\n      \"groupAttributeIsDN\": true,\n      \"searchScope\": \"sub\",\n      \"groupSearch\": \"(&(cn=admin)(objectClass=groupOfNames))\",\n      \"anonymousReadonly\": false\n    }\n  }\n}","lang":"javascript","description":"Configuration for ep_ldapauth in Etherpad's settings.json, enabling LDAP authentication with admin group mapping."},"warnings":[{"fix":"Set 'groupAttributeIsDN' to true or false without quotes.","message":"Configuration format changed: 'groupAttributeIsDN' must be boolean, not string 'true'/'false'.","severity":"breaking","affected_versions":">=0.3.0"},{"fix":"Omit or set to false if not needed.","message":"'anonymousReadonly' option may be deprecated; not in all examples.","severity":"deprecated","affected_versions":">=0.4.0"},{"fix":"Simply place in node_modules and configure settings.json.","message":"Do not use 'require' or 'import' for this plugin; it is automatically loaded when in node_modules.","severity":"gotcha","affected_versions":"all"},{"fix":"Test connectivity with ldapsearch or similar tool.","message":"LDAP server must be reachable; firewall or DNS issues cause silent failures.","severity":"gotcha","affected_versions":"all"},{"fix":"Provide valid credentials or ensure LDAP allows anonymous search.","message":"searchDN and searchPWD are required for binding; omit only if anonymous bind is allowed (rare).","severity":"gotcha","affected_versions":"all"}],"env_vars":null,"last_verified":"2026-04-25T00:00:00.000Z","next_check":"2026-07-24T00:00:00.000Z","problems":[{"fix":"Verify server host/port, firewall, and that LDAP service is up.","cause":"LDAP server not running or port blocked.","error":"Error: connect ECONNREFUSED <ldap-host>:389"},{"fix":"Check searchDN and searchPWD values; verify accountPattern matches.","cause":"searchDN or searchPWD incorrect, or pattern not matching.","error":"Error: 49 - LDAP_INVALID_CREDENTIALS"},{"fix":"Verify base DNs using ldapsearch or similar tool.","cause":"accountBase or groupSearchBase DN incorrect.","error":"Error: NoSuchObjectError: No such object"},{"fix":"Grant read permissions to the search user on the LDAP tree.","cause":"Insufficient access rights for searchDN.","error":"Error: operationsError"}],"ecosystem":"npm","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}