1

I am setting up LDAP authentication for a website that my team created with MEAN stack (MongoDB, Express, Angular, and Node). However, my bind is unsuccessful.

This work has been done on Windows 10. I am having trouble following the ldap.js documentation for client integration, but have found a Github issue that seemed promising. I believe that my issue is with the bind API. My understanding is that I need to give it something in the server (I use my mailNickname, though I have also tried my userPrincipalName) and something private (my password). I used AD Explorer which allowed me to connect to the company server with my userPrincipalName (first.last@company.com) and password. I was able to search for myself within the server using several attributes like mailNickname and userPrincipalName, so I am unsure what is causing my binding error.

We used the same server (with Active Directory) when establishing authentication for a Hygieia dashboard earlier this summer and AD Explorer worked well, so I am confident that I have the correct server.

var ldap = require('ldapjs');
var assert = require('assert');

// Create client and bind to AD
var ldapClient = ldap.createClient({
    url: "ldap://servername.us.company.com:389"
});


ldapClient.bind(myDN, password, function(err) {
     assert.ifError(err);
});


var opts = {
    scope: 'sub',
    filter: '(mailNickname=NICKNAME4Testing)'
};

ldapClient.search('OU=AllUsers,DC=us,DC=company,DC=com', opts, function(err, res) {
    assert.ifError(err);

    res.on('searchEntry', function(entry) {
        console.log(entry.object.name);
        console.log(entry.object.dn);
    });

    res.on('searchReference', function(referral) {
        console.log('referral: ' + referral.uris.join());
    });

    res.on('error', function(err) {
        console.error('error: ' + err.message);
    });

    res.on('end', function(result) {
        console.log(result);
    });

});

When I run npm start from the command line, I expect the output to be four lines on the terminal telling me my name, my DN, the search reference and 'end.' However, what I actually get is

AssertionError [ERR_ASSERTION]: ifError got unwanted exception: 80090308: >LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, >v2580

According to another page that I found, the problem may be with my password, but I am using exactly what I use to access my computer and the server through ADExplorer. There is a special character, but I have tried using both CHARACTER and \CHARACTER to no avail.

Jaimiefication
  • 11
  • 2

1 Answers1

0

Well, I kept digging and managed to work through this particular error. Instead of my DN, I used my userPrincipalName and then kept my password the same. I no longer have teh error, but now I have a SearchResponse that I'm not quite sure what to do with.

Jaimiefication
  • 11
  • 2