LDAP and NFC Node-RED Nodes

About a week ago a colleague asked me to help resurrect some code I had written to use our work ID badges to look up information on the card owner in order to log into a system for a demonstration.

The ID badges are basically mifare cards so can be read by a NFC reader. The content of the cards is encrypted, but each card has a unique ID. Unfortunately the security team will not share the mapping of these IDs to actual people, but since this is for a demonstration that will only be given by a relatively small number of people it’s not a problem to set up a list of mappings our selves.

The original version of this code used nfc-eventd and some java code to the IDs then do a lookup in a little database to convert these to email addresses. It worked but was a bit of a pig to setup and move between machines as it required a number of different apps and config files so I decided to have a go at rewriting it all in Node-RED.

NFC ID Flow

To do this I was going to need 2 new nodes, one to read the NFC card and one to look up details in the LDAP. Both of these actually proved reasonable easy and quick to write as there are existing Node NPM modules that do most of the heavy lifting. The flow has a couple of extra bit, it uses a mongodb to store the id to email address mappings and if there is no match it uses websockets to populate a field in a separate web page to enter a email address to update the database.

NFC

I did a first pass using the nfc npm and it worked but there was no way to shut the connection to the NFC reader down in the code which meant I couldn’t clean up properly when Node-RED shut down or when the node needed to be restarted.

The nfc on npmjs.org is actually a bit out of date compared to the git repository it’s hosted in. So I moved over to using the upstream version of the code. This changed the API a little and still didn’t have a mechanism to allow the interface to be stopped. I forked the project and after a little bit of playing I ended up with some working shutdown code.

The only call back is for when at NFC tag is detected and it polls in tight loop so the stream of data from the node is way too high to feed into a Node-RED flow really. The Node-RED wrapper rate limits to only reporting the same tag once every 10 seconds. This is good enough for the original problem I was looking to solve but I still think it can be done better. I’m planning on adding call backs for tag seen and when it is removed, this is similar to how nfc-eventd works. I also want to look at doing NDEF decoding.

You can install the current version of the node with:

npm install https://github.com/hardillb/node-red-contrib-nfc/archive/master.tar.gz

It depends on libnfc which should work on the Linux and OSx and I’ve even seen instructions to build it for Windows.
Once I’ve got a bit further I’ll add it to npmjs.org.

LDAP

This one was even simpler. The LDAP npm modules links to the openldap libraries and does all the hard work.

It just needed a config dialog creating to take a base DN and a filter and a connection setup that takes a server, port and if needed a bind DN and password. The filter is a mustache template so values can be passed in.

This node is pretty much done, you can find the code on github here and the node can be installed with the following:

npm install node-red-node-ldap

Like with the NFC node, openldap should be available for Linux and OSx and there looks to be a Windows port.

Playing with touchatag reader

Touchatag reader
We got a bunch of Touchatag NFC readers in the office just after Christmas and I said I would have a play with one to see what we could use them for. I had seen one before (in fact I borrowed one from Andy Piper for a little while) but didn’t get much further than trying to read my work id card.

To get it work on Linux you need to use PCSC Lite and download the driver from ASC (the guys that actually make the readers that Touchatag use). You can grab the download here. Once you’ve built these (standard “configure; make; sudo make install”) you will need to update one of the PCSC config files. There is a patch linked to from this page: http://idefix.net/~koos/rfid-touchatag.html

PCSC Lite is packaged for Fedora and Ubuntu, but I couldn’t find libnfc in the standard repos for Ubuntu so ended up building it myself for one of the machines in the office. Again this was a simple “configure; make; sudo make install”. With that done I was able to use the nfc-mfclassic tool from the libnfc samples to read data from a tag.

$ nfc-mfclassic r a test.out
Connected to NFC reader: ACS ACR122U 00 00 / ACR122U103 - PN532 v1.6 (0x07)
Found MIFARE Classic 4k card with UID: 9e2bcaea
Reading out 256 blocks |.....................................|

Which gets me a file with all the data stored on a tag (assuming I know the right keys to access all the blocks), but most of the time just having the tag id is enough to trigger an event. After a bit more poking around I found nfc-eventd which seamed to fit the bill perfectly.

This allows you to specify commands to be run when a tag is placed on the reader and when it is removed and it will pass the tag id to the command. Here is the config file I used

nfc-eventd {

  # Run in background? Implies debug=false if true
  daemon = false;

  # show debug messages?
  debug = true;
	
  # polling time in seconds
  polling_time = 1;

  # expire time in seconds
  # default = 0 ( no expire )
  expire_time = 0;
	
  device my_touchatag {
    driver = "ACR122";
    name = "ACS ACR 38U-CCID 01 00";
  }

  # which device to use ? note: if this part is commented out, 
  # nfc-eventd will try to pick up device automagically...
  #nfc_device = "my_touchatag";

  # list of events and actions
  module nem_execute {
    # Tag inserted
    event tag_insert {
      # what to do if an action fail?
      # ignore  : continue to next action
      # return  : end action sequence
      # quit    : end program
      on_error = ignore ;
	
      # You can enter several, comma-separated action entries
      # they will be executed in turn
      action = "publish 'wmqtt://nfc@broker:1883/nfc/tagid?qos=0&retain=n&debug=0' $TAG_UID"
    }
	
    # Tag has been removed
    event tag_remove { 
      on_error = ignore;
      action = "(echo -n 'Tag (uid=$TAG_UID) removed at: ' && date) >> /tmp/nfc-eventd.log";
    }
	
    # Too much time card removed
    event expire_time { 
      on_error = ignore;
      action = "/bin/false";
    }
  }

}

Here I have used the publish command from the IBM IA93 C MQTT package to publish a message with the tag id to the nfc topic. You can do something similar with mosquitto_pub like this:

mosquitto_pub -h broker -i nfc -t nfc -m $TAG_ID

The plan is to use this now to allow the guys in ETS to log into various demos in the lab with their id badges.

Next on the list is to see if I can get the reader to respond to my Galaxy Nexus when it’s in tag mode.