
Addict: An Active Directory REST API - robinj6
https://github.com/dthree/addict/blob/master/readme.md
======
dboreham
In case anyone is wondering this is a Node application that implements
HTTP->LDAP gateway with JSON response/entry encoding and REST-like request
encoding. It would work with other LDAP servers (modulo the use of the paged
results control which not all servers support).

The hard work is done in this package :
[https://github.com/dthree/ad](https://github.com/dthree/ad)

and this one: [https://github.com/mcavage/node-
ldapjs](https://github.com/mcavage/node-ldapjs)

------
brentjanderson
For those asking what problem this solves - it solves my problem. We have
scripts for automating onboarding/terminations, services that authenticate
with AD that don’t support SSO yet, etc. This fills a niche we definitely
have.

~~~
dc2
Well that's good. I built it to fill my niche and hoping others would find use
for it as well.

------
metmac
I think its funny how AD is this mystery box to engineers who live outside the
IT space.

This is potentially super useful for folks to build sweet integrations between
AD and modern web applications (i.e: Chat, Ticketing, SAML, SCIM, etc) into a
very industry standard Directory Service while abstracting away the Microsoft
garb, and not having to worry about the LDAP translations with AD. (AD is LDAP
compliant, but there are weird nuances.)

As someone who has to live in both worlds, this is super cool start and
definitely welcomed.

@DC2 well done sir.

------
chunkyslink
I'm sorry but can someone explain to me how this might benefit my company? We
have 20 employees and use Microsoft Office 365.

~~~
toyg
Doesn't look to me like this can work with web-based AD, so it's probably
useless unless you have an actual domain controller on-premises.

For the record, web-based 365 ADs (and most modern on-prem) already support
webservices, just soap (and somewhat painful) rather than rest. I use it to
authenticate from an app outside our network, the implementation wasn't that
hard (python) but i really only do auth, no manipulation. It would be cool if
MS added REST as an option to make this sort of common case easier, but they
are too busy selling you complex integrated services to do that in Azure ("use
Visual Studio, next next next, your app is now deployed on Azure and
completely integrated with all these management tools. Cool, uh? Now give me
lots of money every month or turn it off.")

~~~
sjark
Azure AD (Office 365) already has a REST API
([https://developer.microsoft.com/en-
us/graph/](https://developer.microsoft.com/en-us/graph/)) so this is really
for on-prem Active Directories.

On-prem Active Directory also has AD Web Services
([https://technet.microsoft.com/en-
us/library/dd391908(v=ws.10...](https://technet.microsoft.com/en-
us/library/dd391908\(v=ws.10\).aspx)) that I guess you could use instead of
this, but a simple rest api like this will be easier to integrate with.

~~~
toyg
Ha, I've built my stuff several years ago so things might have been different
then. I'll have to look at it again (but y'know, no need to touch stuff that
keeps working...)

Edit: or it might be that our mail is in 365 but the AD is still partially on
premises...

------
7ewis
Wanted to make a chatbot a while ago to allow the support guys to unlock AD
accounts from our chat system. This sounds like it could be useful!

Could someone explain to me where addict would be installed? Not too familiar
with the Windows side of things. Does it need to be installed on a DC or, just
any machine that can reach AD?

~~~
yellowapple
My impression is that it can be installed on any machine (even your own
workstation) so long as it can reach your DC.

------
danellis
If you're listing a bunch of URL patterns and you're not describing your media
types, you almost certainly don't have a REST API, so why even call it that?
It's an HTTP API. What do you have against calling it that?

~~~
zerkten
Many people making "REST" APIs don't even know what media types are which
means many REST APIs are impure. That doesn't mean that the author won't add
these based on feedback, or that they they have something in particular
against describing it as an HTTP API. In many cases people searching for a
REST API to access AD probably won't care about this particular nuance.

------
juststeve
what problem does this solve?

~~~
justinjlynn
To be honest, if you have to ask it's probably not one you're having. Things
like this tend to be quite application specific. Generally, if you're doing
much with AD directly, you'd be doing it via LDAP. However, if you need to
talk to it (for some reason) through a web application -- this just might be
helpful.

------
jaredmcdonald
i'm sure this is a very useful product, and i understand that "addict"
contains the letters "AD", but naming something "addict" while half the US
drowns in opioids seems a little weird

~~~
sergiotapia
No need for self-righteous indignity here dude. Keep that on Tumblr.

~~~
thepaulstella
Gross. Be a better human.

