node.js - ldapauth-fork InvalidCredentialsError

Question

I am trying to authenticate user against LDAP by using ldapauth-fork. I am having a problem with LDAP Admin account, while I know that it is right and works fine with LDAP browser but I am not able to make it work with ldapauth-fork.

var basicAuth = require('basic-auth');
  var LdapAuth = require('ldapauth-fork');
  var username= 'usernameToSearch';
  var password= 'userPassword';

  var ldap = new LdapAuth({
    url: 'ldap://......',
    bindDN: 'sAMAccountName=AdminName,OU=Domian,DC=domain,DC=local',
   bindCredentials: 'AdminPassword',
    searchBase: 'OU=Domain,DC=domian,DC=local',
    searchFilter: '(sAMAccountName={{' + username + '}})',
    reconnect: true
  });

  ldap.authenticate(username, password, function (err, user) {
    if (err) {
      console.log(err);
      res.send({
        success: false,
        message: 'authentication failed'
      });
    } else if (!user.uid) {
      console.log("user not found Error");
      res.send({
        success: false,
        message: 'authentication failed'
      });
    } else if (user.uid) {
      console.log("success : user " + user.uid + " found ");
    }
  });

Here is the error that am getting

InvalidCredentialsError: 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580

lde_message: '80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580u0000', lde_dn: null

Any help is appreciated.

Answer 1

Try using the activedirectory2 library over npm, I tried with ldapauth-form but could get a successful result

It has a number of functions to get work done such as

• authenticate
• findUser

Config code

const AD = require('activedirectory2').promiseWrapper;
const config = { url: 'ldap://dc.domain.com',
           baseDN: 'dc=domain,dc=com',
           username: '[email protected]',
           password: 'password' }
const ad = new AD(config);

for #authenticate

var ad = new ActiveDirectory(config);
var username = '[email protected]';
var password = 'password';

ad.authenticate(username, password, function(err, auth) {
 if (err) {
   console.log('ERROR: '+JSON.stringify(err));
   return;
 }

if (auth) {
 console.log('Authenticated!');
}
else {
 console.log('Authentication failed!');
}
});

similarly for #finduser

// Any of the following username types can be searched on
var sAMAccountName = 'username';
var userPrincipalName = '[email protected]';
var dn = 'CN=Smith\, John,OU=Users,DC=domain,DC=com';

// Find user by a sAMAccountName
var ad = new ActiveDirectory(config);
ad.findUser(sAMAccountName, function(err, user) {
if (err) {
 console.log('ERROR: ' +JSON.stringify(err));
 return;
}

if (! user) console.log('User: ' + sAMAccountName + ' not found.');
 else console.log(JSON.stringify(user));
});