Get a full Active Directory REST API in 30 seconds
Addict is a drop-in REST API microservice for Active Directory implementations. Just like that.
Doing this:
npm i addict -g
addict --url ldaps://[address] --user [user]@[domain] --pass [pass]
Gives you a web server with REST endpoints to add, remove, move, disable, enable, unlock or list Users, Groups and Organizational Units. It includes result caching by default and flexible filters for querying, sorting, pagination and column selection.
There's interactive API docs at /api
:
No, it's not Slate.
These docs let you add arguments, try the requests and see the results.
Lastly, it comes with a companion Javascript library.
Made with <3 by dthree.
# Users
GET /user
POST /user
GET /user/:user
PUT /user/:user
GET /user/:user/exists
GET /user/:user/member-of/:group
POST /user/:user/authenticate
PUT /user/:user/password
PUT /user/:user/password-never-expires
PUT /user/:user/password-expires
PUT /user/:user/enable
PUT /user/:user/disable
PUT /user/:user/move
PUT /user/:user/unlock
DELETE /user/:user
# Groups
GET /group
POST /group
GET /group/:group
GET /group/:group/exists
GET /group/:group/members
POST /group/:group/user/:user
DELETE /group/:group/user/:user
DELETE /group/:group
# Organizational Units
GET /ou
POST /ou
GET /ou/:ou
GET /ou/:ou/exists
DELETE /ou/:ou
# Other
GET /other
GET /all
GET /find/:filter
GET /status
# Monitoring
GET /status
Want more? Just ask.
Choose which fields to include in the results:
GET /user?_fields=description,cn
Filter any field with fieldName=value
.
GET /group?cn=Guests
We've got operators as well:
GET /user?userAccountControl_gte=500
=
: Equals_ne=
: Not equals_lt=
: Less than_gt=
: Greater than_gte=
: Greater than or equal to_lte=
: Less than or equal to_like=
: Like (fuzzy search)
GET /ou?_sort=whenCreated,dn&_order=desc,asc
GET /user?_page=6&limit=10
Add _start
and _end
or _limit
:
GET /user?_start=20&_limit=40
GET /group?_q=addict
You can pass the AD details at runtime:
addict --url ldaps://[address] --user [user]@[domain] --pass [pass] --port [port]
Port
is optional and defaults to 3000
.
As environmental variables:
export ADDICT_URL=ldaps://[address]
export ADDICT_USER=[user]@[domain]
export ADDICT_PASS=[pass]
export ADDICT_PORT=[port] # optional
You can run it from docker as well, using environmental variables.
Or in ./config.json
:
git clone https://github.com/dthree/addict.git
cd addict
vim ./config.json
{
...
"user": "[user]@[domain]",
"pass": "[pass]",
"url": "ldaps://[address]",
"port": 3000
}
This service defaults to no authentication. I can't and won't try to guess your flavor.
Addict uses express
. The file ./middleware.js
at the root of the directory exposes the app so you can add middleware hooks for auth logic.
If you connect to Active Directory over plain LDAP, it will refuse certain write operations including adding a user and changing a password. To make things even better, Windows Server doesn't support LDAPS out of the box. You're going to have to set up the Domain Controller as a cert authority by installing the Active Directory Certificate Services
Role.
Here's a good tutorial on that.
MIT