All geek questions in one place

LDAP Authentication with NodeJS, Express and Passport-ldapauth

I am having problems authenticating with the Active Directory server using the tools / applications mentioned in the header.

I am using the AD test environment found here. Here are the relevant code snippets if anyone has any suggestions that I really appreciate.

Currently, the error I am getting is "invalid username / password". I'm not sure if this is the bindDn / pw account or the one the user enters into the form. According to the project passport-ldapauth it is:

invalidCredentials flash message for InvalidCredentialsError NoSuchObjectError, and /no such user/i LDAP errors (default: 'Invalid username/password')

Thanks in advance.

CLIENT - auth.service.js

 ... login: function(user, callback) { var cb = callback || angular.noop; var deferred = $q.defer(); $http.post('/auth/ldap', { email: user.email, password: user.password }). success(function(data) { $cookieStore.put('token', data.token); currentUser = User.get(); deferred.resolve(data); return cb(); }). error(function(err) { this.logout(); deferred.reject(err); return cb(err); }.bind(this)); return deferred.promise; }, ...

SERVER index.js

 'use strict'; var express = require('express'); var passport = require('passport'); var auth = require('../auth.service'); var router = express.Router(); router.post('/', function(req, res, next) { passport.authenticate('ldapauth', function (err, user, info) { var error = err || info; if (error) return res.json(401, error); if (!user) return res.json(404, {message: 'Something went wrong, please try again.'}); var token = auth.signToken(user._id, user.role); res.json({token: token}); })(req, res, next) }); module.exports = router;

SERVER passport.js

 var passport = require('passport'); var LdapStrategy = require('passport-ldapauth').Strategy; exports.setup = function (User, config) { passport.use(new LdapStrategy({ usernameField: 'email', passwordField: 'password', server: { url: 'ldap://ldap.forumsys.com:389', bindDn: "cn=read-only-admin,dc=example,dc=com", bindCredentials: "password", searchBase: 'ou=mathematicians,dc=example,dc=com', searchFilter: 'uid={{username}}' } }, function (user, done) { return done(null, user); } )); };
+8
source share
3 answers

The problem is ou=mathematicians in the search database. The comments on this web page have the following mention:

The problem you see is that "uid = riemann" is a member of "ou = mathemeticians", but is not under that ou. Its membership in this ou is set by the uniqueMember attribute to "ou = mathemeticians".

This should work (even tried with ldapauth-fork , which uses passport-ldapauth ):

 var opts = { server: { "url": "ldap://ldap.forumsys.com:389", "adminDn": "cn=read-only-admin,dc=example,dc=com", "adminPassword": "password", "searchBase": "dc=example,dc=com", "searchFilter": "(uid={{username}})", } };
+5
source

Your code looks correct, but the error you get makes me believe that you really do not have the correct username and password! Are you sure you are testing the correct credentials?

As a side element - if you are looking for an easier way to do this for a large project and do not mind spending a little money, the Stormpath API does it for you: it basically synchronizes AD / LDAP users with this API service, so you can work with them through REST API (this is much simpler).

There are two libraries that you can use to work with it:

Both are pretty simple / enjoyable to use.

+2
source

For those who are still lost, here is my code snippet in Typescript.

Server side

 import * as express from 'express' import * as bodyParser from 'body-parser' import * as cors from 'cors' import * as passport from 'passport' import * as ldapstrategy from 'passport-ldapauth' // connect to LDAP server const OPTS: ldapstrategy.Options = { server: { url: "ldap://ldap.forumsys.com", bindDN: "cn=read-only-admin,dc=example,dc=com", bindCredentials: 'password', searchBase: "dc=example,dc=com", searchFilter: "(uid={{username}})" } } passport.use(new ldapstrategy(OPTS)) // instantiate the server const app = express() // parse the request data automatically app.use(bodyParser.json()) // allow cross origin resource sharing app.use(cors()) // inject LDAP connection to express server app.use(passport.initialize()) // listen to port defined const port = process.env.PORT || 8085 app.listen(port, (): void => { console.log('Listening on port ${port}') }) app.post('/login', (req: express.Request, res: express.Response, next: express.NextFunction): void | Response => { passport.authenticate('ldapauth', (err, user, info): void => { var error = err || info if (error) res.send({ status: 500, data: error }) if (!user) res.send({ status: 404, data: "User Not Found" }) else res.send({ status: 200, data: user }) })(req, res, next) })

Client side

Postman example

0
source

Source: https://habr.com/ru/post/981573/

More articles:


All Articles