Comments (8)
I have a kind of similar request. Let me say that I have something working properly right now BUT the issue is that I had to hardcode my user/password in the setup
passport.use(new LdapStrategy({
server: {
url: 'ldap://XXXXXXXXXXX.net',
bindCredentials: '<mypassowrd>',
bindDn: 'CN=<myuser>,OU=Staff,OU=XXXX,OU=XXXXX,OU=XXXXX,DC=XXXXXX,DC=XXXXXXXX,DC=net',
searchBase: 'dc=xxx,dc=xxx,dc=net',
searchFilter: 'samaccountname={{username}}'
}
},
It works fine and I m able to authenticate the poeple logging on the website but I don't like the idea to have my user and password in the webserver code. Is there a way to use the "username" and "password" for the "bindCredentials" and "binDN" too ?
I tried something like
passport.use(new LdapStrategy({
server: {
url: 'ldap://XXXXXXXXXXX.net',
bindCredentials: '{{password}}',
bindDn: 'CN={{username}},OU=Staff,OU=XXXX,OU=XXXXX,OU=XXXXX,DC=XXXXXX,DC=XXXXXXXX,DC=net',
searchBase: 'dc=xxx,dc=xxx,dc=net',
searchFilter: 'samaccountname={{username}}'
}
},
but it fails.
Maybe this idea make no sense (I have very limited knowledge of LDAP flows)
THX
from passport-ldapauth.
@charly37 , please see #59. I just could make work to bind with the user credentials. I hope that helps and I am open to any improvement suggestion.
from passport-ldapauth.
Probably by defining empty string as bindDn
and nothing as bindCredentials
(see ldapjs/node-ldapjs#254). There are related fixes in latest version of passport-ldapauth
(vesse/node-ldapauth-fork#27), older version will end up passing undefined
to ldapjs
if given credentials are falsy.
from passport-ldapauth.
Thanks, i updated to the latest version but still keep getting the following error:
LDAP auth error: OperationsError: 000004DC: , comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580
If i add my credentials to bindDn and bindCredentials then it works.. I created a .net app to make sure i didnt need to provide credentials to my LDAP server and i dont.
This is what my settings look like:
var config = {
ldap: {
url: "LDAP://",
searchBase: "my stuff",
searchFilter: "(sAMAccountName={{username}})",
bindDn: "",
bindCredentials: ""
}
};
var ldap = new LdapAuth({
url: config.ldap.url,
bindDn: config.ldap.bindDn,
// bindCredentials: config.ldap.bindCredentials,
searchBase: config.ldap.searchBase,
searchFilter: config.ldap.searchFilter,
//log4js: require('log4js'),
cache: true
});
Thanks for your help
from passport-ldapauth.
@whittssg what did your .net app do? Did it perform a search? Usually that error comes when server is configured to not allow anonymous search. The error message you see comes from the LDAP server so I don't know if you can bypass it.
The commit that resolved the above mentioned issue in ldapjs
has a test where an empty string is given to bind password and credentials, so I would assume that's how it should work, but maybe it works if you don't do bind at all. You could try that by not setting bindDn
and bindCredentials
at all which causes ldapauth-fork
not to call bind
on adminClient
from passport-ldapauth.
@vesse Yes my net app just performed a search on the username field. Maybe its using my nt account to authenticate without me knowing. I got your code working with credentials so i think i will just request some from IT. Thanks for your help.
from passport-ldapauth.
I got the same necessity as @whittssg.
With empty credentials or without credentials I got the same error.
from passport-ldapauth.
I am getting the same error even today after making the changes like
- passed empty string 2. didnt add bindDN & bindCredentials in the configuration
and I have also updated to the latest version.
Kindly confirm if ldapauth supports binding anonymously or not ?
from passport-ldapauth.
Related Issues (20)
- How can I tell when receiving the message Unauthorized if it for the LDAP bind credentials or the username I am searching for? HOT 1
- How to add SameSite strict to passport-Idapauth session cookie?
- Remove @types from package.json "dependencies" and place them in "devDependencies" HOT 1
- How to use dynamic ldap config options in a Nestjs app? HOT 1
- can we use passport-ldapauth for react app authentication
- using dynamic bindDN & bindCredentials from POST query HOT 2
- `errorhandler` called twice in strategy.js if LDAP server unreachable HOT 1
- To find which credentials is not valid.
- STARTTLS for passport-ldapauth HOT 1
- Comma in firstname or lastname fails user authentication.
- Real Error should also been handled as failed if multiple url provided
- Q: NestJs Passport Strategy implementation for LDAP/AD/Winauth
- LdapAuth and verifyCredentials
- Authentication not working if user cannot log on to domain server HOT 4
- Error when installing HOT 1
- Update to new issue template format
- Unable to attempt authenticate HOT 2
- passport-ldapauth does not allow caching of ldap responses by ldapauth-fork HOT 3
- got Unauthorized message but ldapsearch work HOT 2
- LDAP Search Fails Due To Spaces Inserted Into BaseDN HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from passport-ldapauth.