英文:
Authentication error from Active Directory with Express.js
问题
I am using the activedirectory module to authenticate users with AD. I have had no issues with most users, but for users in one particular OU, authentication is constantly failing.
Here's the code I'm using
.env
ldap_url = "ldap://mydomain.local"
baseDN = "DC=mydomain, DC=local"
ad_bind_user = "bind-user@mydomain.local"
ad_bind_user_password = "Password Placeholder"
login.js
const express = require('express');
const ActiveDirectory = require('activedirectory');
const router = express.Router();
const config = {
url: process.env.ldap_url,
baseDN: process.env.baseDN,
username: process.env.ad_bind_user,
password: process.env.ad_bind_user_password
};
const ad = new ActiveDirectory(config);
router.post('/api/login', (req, res) => {
const username = req.body.username;
const password = req.body.password;
ad.authenticate(username, password, (error, auth) => {
if (error) {
return res.status(500).send(error);
}
if (auth) {
req.session.user = {
username: username,
authenticated: true
};
return res.json(req.session.user);
}
else {
return res.status(401).send('Unauthorized User');
}
});
});
For users other than a particular Users OU, I am able to authenticate successfully. However, for accounts in the Users OU, authentication fails with the below error
{
"lde_message":"80090308: LdapErr: DSID-0C09044E, comment: AcceptSecurityContext error, data 52e, v2580",
"lde_dn": null
}
For users in this OU, if I provide the username with the domain, I am able to authenticate successfully, i.e., when the username is testuser it doesn't work, but when the username is testuser@mydomain.local it works just fine.
I also created another route to get the user details, and there is no difference in the output for any parameter, i.e., users in both OUs have completely identical parameters.
Here's the code I used to get the user details
router.get('/api/getusers', (req, res) => {
const username = req.body.username;
ad.findUser(username, (error, auth) => {
if (error) {
return res.status(500).send(error);
}
if (auth) {
return res.json(auth);
}
});
});
I don't seem to understand why the code expects the domain only for that particular OU in the authenticate function when it's successfully able to find the user with the findUser function without the need for the domain. How can I get around this?
英文:
I am using the activedirectory module to authenticate users with AD. I have had no issues with most users, but for users in one particular OU, authentication is constantly failing.
Here's the code I'm using
.env
ldap_url = "ldap://mydomain.local"
baseDN = "DC=mydomain, DC=local"
ad_bind_user = "bind-user@mydomain.local"
ad_bind_user_password = "Password Placeholder"
login.js
const express = require('express');
const ActiveDirectory = require('activedirectory');
const router = express.Router();
const config = {
url: process.env.ldap_url,
baseDN: process.env.baseDN,
username: process.env.ad_bind_user,
password: process.env.ad_bind_user_password
};
const ad = new ActiveDirectory(config);
router.post('/api/login', (req, res) => {
const username = req.body.username;
const password = req.body.password;
ad.authenticate(username, password, (error, auth) => {
if (error) {
return res.status(500).send(error);
}
if (auth) {
req.session.user = {
username: username,
authenticated: true
};
return res.json(req.session.user);
}
else {
return res.status(401).send('Unauthorized User');
}
});
});
For users other than a particular Users OU, I am able to authenticate successfully. However for accounts in the Users OU, authentication fails with the below error
{
"lde_message":"80090308: LdapErr: DSID-0C09044E, comment: AcceptSecurityContext error, data 52e, v2580",
"lde_dn": null
}
For users in this OU, if I provide the username with the domain, I am able to authenticate successfully, i.e. when the username is testuser it doesn't work, but when the username is testuser@mydomain.local it works just fine.
I also created another route to get the user details and there is no difference in the output for any parameter, i.e. Users in both OU have completely identical parameters
Here's the code I used to get the user details
router.get('/api/getusers', (req, res) => {
const username = req.body.username;
ad.findUser(username, (error, auth) => {
if (error) {
return res.status(500).send(error);
}
if (auth) {
return res.json(auth);
}
});
});
I don't seem to understand why the code expects the domain only for that particular OU in the authenticate function when its successfully able to find the user with the findUser function without the need of the domain?
How can I get around this?
答案1
得分: 1
以下是已翻译的代码部分:
我无法理解为什么只有authenticate函数在没有域的情况下查找用户时出现问题。因此,我修改了login.js以将域添加到用户名变量(虽然不是最优雅的方法,但它有效)。以下是修改后的脚本。
const express = require('express');
const ActiveDirectory = require('activedirectory');
const router = express.Router();
const config = {
url: process.env.ldap_url,
baseDN: process.env.baseDN,
username: process.env.ad_bind_user,
password: process.env.ad_bind_user_password
};
const ad = new ActiveDirectory(config);
router.post('/api/login', (req, res) => {
const username = req.body.username;
const password = req.body.password;
ad.authenticate(username + '@mydomain.local', password, (error, auth) => {
if (error) {
return res.status(500).send(error);
}
if (auth) {
req.session.user = {
username: username,
authenticated: true
};
return res.json(req.session.user);
}
else {
return res.status(401).send('Unauthorized User');
}
});
});
英文:
I wasn't able to get past as to why, only the authenticate function has problems looking up the users without the domain. So I modified login.js to add the domain to the username variable (Not the most elegant, but it works). Here is the modified script.
const express = require('express');
const ActiveDirectory = require('activedirectory');
const router = express.Router();
const config = {
url: process.env.ldap_url,
baseDN: process.env.baseDN,
username: process.env.ad_bind_user,
password: process.env.ad_bind_user_password
};
const ad = new ActiveDirectory(config);
router.post('/api/login', (req, res) => {
const username = req.body.username;
const password = req.body.password;
ad.authenticate(username + '@mydomain.local', password, (error, auth) => {
if (error) {
return res.status(500).send(error);
}
if (auth) {
req.session.user = {
username: username,
authenticated: true
};
return res.json(req.session.user);
}
else {
return res.status(401).send('Unauthorized User');
}
});
});
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论