One requirement for my current Meteor project was that a user must login with their ActiveDirectory account. This means that Meteor must be able to authenticate against LDAP. In atmosphere there are already a few packages available which implement and support LDAP authentication. However, they are either outdated or difficult to configure. This is why I’ve decided to build my own custom login request handler for Meteor.
For Meteor there are not many options left when choosing a user account package. The built-in option is the only use- and successful solution so far. The package is well documented and works like a charm. However, whenever I set up the account system in Meteor I am confronted with these two scenarios:
- How can I extend the user profile object with data from a registration form? (A user should be able to edit the profile data himself later on.)
- And how can I add other attributes to the user collection object? (A user should not be able to change a custom attribute himself later on.)
These are two fundamental obstacles almost every developer faces when setting up the account system. There are a lot of solutions out there on how to do this in Meteor properly, but a lot of them are poorly described and make it difficult the get the right idea of how the account system works. It got even more difficult due to API changes and Meteor itself that changed a lot over years. Now I would like to give a good example for this two questions.
The purpose of this article is to show the intention and implemention of the most common modifications for the ADFS login page.
Out of the box the login form should look like this:
The f.e. is by default the page url, this can confuse the user, due they expect something like “your login” or “Office365 Login”.
With over 350 users in the Office365 cloud as in my case it’s difficult being aware of which licenses I really need.
To help my out I’ve made an ActiveDirectory group which holds the allowed Office365 users. And with this PowerShell script I look up every Office365 user and his licenses and check if this users is allowed to use Office365.