Comments (4)
passport-ldapauth
just passes the password to ldapauth-fork
which uses the password only for LDAP bind. If bind
does not return an error then the user object is returned, but that is something these libraries are not in control of. I don't see how this could happen apart from you having pretty unsecure LDAP server, or a bug in ldapjs
which I doubt.
from passport-ldapauth.
I'm not that good at ldap so it might be so. but have you tried it in your environment and confirmed that it's not the case ? it might be ldapauth-fork that has a bug or just me who cannot config ldap server right 😛
from passport-ldapauth.
Try eg. this test server
var opts = {
"url": "ldap://ldap.forumsys.com:389",
"bindDn": "cn=read-only-admin,dc=example,dc=com",
"bindPassword": "password",
"searchBase": "dc=example,dc=com",
"searchFilter": "(uid={{username}})"
}
var a = new LdapAuth(opts);
// Correct password for riemann is "password"
a.authenticate('riemann', 'passwordxxx', function(err, user) {
console.log(err, user);
a.close();
});
You can also test your server with ldapsearch
and see how it handles the password by binding with the DN of that user with Qwerty1
for password. Using the example server and the example user riemann
this would be:
ldapsearch \
-H ldap://ldap.forumsys.com:389 \
-x \
-D uid=riemann,dc=example,dc=com \
-w password \
-b dc=example,dc=com \
"(uid=riemann)"
Now if you set the password here to passwordxxx
, the LDAP server returns ldap_bind: Invalid credentials (49)
from passport-ldapauth.
I have tested you test code and looks like it works well and my "bug" cannot be reproduced.
Looks like it is my ldap server that works crapy
thanks for the help
I found what it was wrong. in my LDAP server, my users had crypt as password cryptograph. I changed it to SHA and now it work as it suppose to do :)
from passport-ldapauth.
Related Issues (20)
- How can I tell when receiving the message Unauthorized if it for the LDAP bind credentials or the username I am searching for? HOT 1
- How to add SameSite strict to passport-Idapauth session cookie?
- Remove @types from package.json "dependencies" and place them in "devDependencies" HOT 1
- How to use dynamic ldap config options in a Nestjs app? HOT 1
- can we use passport-ldapauth for react app authentication
- using dynamic bindDN & bindCredentials from POST query HOT 2
- `errorhandler` called twice in strategy.js if LDAP server unreachable HOT 1
- To find which credentials is not valid.
- STARTTLS for passport-ldapauth HOT 1
- Comma in firstname or lastname fails user authentication.
- Real Error should also been handled as failed if multiple url provided
- Q: NestJs Passport Strategy implementation for LDAP/AD/Winauth
- LdapAuth and verifyCredentials
- Authentication not working if user cannot log on to domain server HOT 4
- Error when installing HOT 1
- Update to new issue template format
- Unable to attempt authenticate HOT 2
- passport-ldapauth does not allow caching of ldap responses by ldapauth-fork HOT 3
- got Unauthorized message but ldapsearch work HOT 2
- LDAP Search Fails Due To Spaces Inserted Into BaseDN HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from passport-ldapauth.