yes, they are here.
It is not clean though. Lots of patching and duct tape job to make it work (not a js dev here). Active directory details goes in config
The auth happens in
oauth.js. Basically, i take email id and query AD for the email field, if found then validate its sAMAccountName with given password. This part is easy, but new user registration on blog is not straightforward.
New users on blog, on first time login using their AD credential, if AD validates, then they would receive invitation on their mail. They need to complete registration using this invitation in order to use the blog. This step basically creates that user in blog db.
You can diff with master branch and check what files are changed. Do note that this is meant to be run in local environment (LAN) only as few security restrictions are relaxed, like the new user invitation goes out without a need for authentication. Getting the default role id for new user invitation without authentication. etc. Default role for all new users in
contributor, so that they cannot publish post as soon as they get access.