Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.2k views
in Technique[技术] by (71.8m points)

node.js - ldapauth-fork InvalidCredentialsError

I am trying to authenticate user against LDAP by using ldapauth-fork. I am having a problem with LDAP Admin account, while I know that it is right and works fine with LDAP browser but I am not able to make it work with ldapauth-fork.

var basicAuth = require('basic-auth');
  var LdapAuth = require('ldapauth-fork');
  var username= 'usernameToSearch';
  var password= 'userPassword';

  var ldap = new LdapAuth({
    url: 'ldap://......',
    bindDN: 'sAMAccountName=AdminName,OU=Domian,DC=domain,DC=local',
   bindCredentials: 'AdminPassword',
    searchBase: 'OU=Domain,DC=domian,DC=local',
    searchFilter: '(sAMAccountName={{' + username + '}})',
    reconnect: true
  });

  ldap.authenticate(username, password, function (err, user) {
    if (err) {
      console.log(err);
      res.send({
        success: false,
        message: 'authentication failed'
      });
    } else if (!user.uid) {
      console.log("user not found Error");
      res.send({
        success: false,
        message: 'authentication failed'
      });
    } else if (user.uid) {
      console.log("success : user " + user.uid + " found ");
    }
  });

Here is the error that am getting

InvalidCredentialsError: 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580

lde_message: '80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580u0000', lde_dn: null

Any help is appreciated.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Try using the activedirectory2 library over npm, I tried with ldapauth-form but could get a successful result

It has a number of functions to get work done such as

  • authenticate
  • findUser

Config code

const AD = require('activedirectory2').promiseWrapper;
const config = { url: 'ldap://dc.domain.com',
           baseDN: 'dc=domain,dc=com',
           username: 'username@domain.com',
           password: 'password' }
const ad = new AD(config);

for #authenticate

var ad = new ActiveDirectory(config);
var username = 'john.smith@domain.com';
var password = 'password';

ad.authenticate(username, password, function(err, auth) {
 if (err) {
   console.log('ERROR: '+JSON.stringify(err));
   return;
 }

if (auth) {
 console.log('Authenticated!');
}
else {
 console.log('Authentication failed!');
}
});

similarly for #finduser

// Any of the following username types can be searched on
var sAMAccountName = 'username';
var userPrincipalName = 'username@domain.com';
var dn = 'CN=Smith\, John,OU=Users,DC=domain,DC=com';

// Find user by a sAMAccountName
var ad = new ActiveDirectory(config);
ad.findUser(sAMAccountName, function(err, user) {
if (err) {
 console.log('ERROR: ' +JSON.stringify(err));
 return;
}

if (! user) console.log('User: ' + sAMAccountName + ' not found.');
 else console.log(JSON.stringify(user));
});

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...