Bind anonymously about passport-ldapauth HOT 8 CLOSED

I have a kind of similar request. Let me say that I have something working properly right now BUT the issue is that I had to hardcode my user/password in the setup

passport.use(new LdapStrategy({
    server: {
      url: 'ldap://XXXXXXXXXXX.net',
      bindCredentials: '<mypassowrd>',
      bindDn: 'CN=<myuser>,OU=Staff,OU=XXXX,OU=XXXXX,OU=XXXXX,DC=XXXXXX,DC=XXXXXXXX,DC=net',
      searchBase: 'dc=xxx,dc=xxx,dc=net',
      searchFilter: 'samaccountname={{username}}'
    }
  },

It works fine and I m able to authenticate the poeple logging on the website but I don't like the idea to have my user and password in the webserver code. Is there a way to use the "username" and "password" for the "bindCredentials" and "binDN" too ?
I tried something like

passport.use(new LdapStrategy({
    server: {
      url: 'ldap://XXXXXXXXXXX.net',
      bindCredentials: '{{password}}',
      bindDn: 'CN={{username}},OU=Staff,OU=XXXX,OU=XXXXX,OU=XXXXX,DC=XXXXXX,DC=XXXXXXXX,DC=net',
      searchBase: 'dc=xxx,dc=xxx,dc=net',
      searchFilter: 'samaccountname={{username}}'
    }
  },

but it fails.
Maybe this idea make no sense (I have very limited knowledge of LDAP flows)
THX

from passport-ldapauth.

@charly37 , please see #59. I just could make work to bind with the user credentials. I hope that helps and I am open to any improvement suggestion.

from passport-ldapauth.

Probably by defining empty string as bindDn and nothing as bindCredentials (see ldapjs/node-ldapjs#254). There are related fixes in latest version of passport-ldapauth (vesse/node-ldapauth-fork#27), older version will end up passing undefined to ldapjs if given credentials are falsy.

from passport-ldapauth.

Thanks, i updated to the latest version but still keep getting the following error:

LDAP auth error: OperationsError: 000004DC: , comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580

If i add my credentials to bindDn and bindCredentials then it works.. I created a .net app to make sure i didnt need to provide credentials to my LDAP server and i dont.

This is what my settings look like:

var config = {
  ldap: {
    url: "LDAP://",
       searchBase: "my stuff",
    searchFilter: "(sAMAccountName={{username}})",
    bindDn: "",
     bindCredentials: ""
  }
};

var ldap = new LdapAuth({
  url: config.ldap.url,
  bindDn: config.ldap.bindDn,
 // bindCredentials: config.ldap.bindCredentials,
  searchBase: config.ldap.searchBase,
  searchFilter: config.ldap.searchFilter,

  //log4js: require('log4js'),
  cache: true
});

Thanks for your help

from passport-ldapauth.

@whittssg what did your .net app do? Did it perform a search? Usually that error comes when server is configured to not allow anonymous search. The error message you see comes from the LDAP server so I don't know if you can bypass it.

The commit that resolved the above mentioned issue in ldapjs has a test where an empty string is given to bind password and credentials, so I would assume that's how it should work, but maybe it works if you don't do bind at all. You could try that by not setting bindDn and bindCredentials at all which causes ldapauth-fork not to call bind on adminClient

from passport-ldapauth.

@vesse Yes my net app just performed a search on the username field. Maybe its using my nt account to authenticate without me knowing. I got your code working with credentials so i think i will just request some from IT. Thanks for your help.

from passport-ldapauth.

I got the same necessity as @whittssg.

With empty credentials or without credentials I got the same error.

from passport-ldapauth.

I am getting the same error even today after making the changes like

1. passed empty string 2. didnt add bindDN & bindCredentials in the configuration

and I have also updated to the latest version.
Kindly confirm if ldapauth supports binding anonymously or not ?

from passport-ldapauth.