Monday, 5 June 2017

Literal not replaced in passport-ldapauth

I'm new to NodeJS concepts and working. I'm trying to achieve LDAP authentication using Passport-ldapauth. I'm able to authenticate the user when I user searchFilter: searchFilter: "(&(objectClass=user)(sAMAccountName=USER2))". If I use instead of USER2, passport would give the response Unauthorized.

Below are my usecases.

index.js

var express      = require('express'),
    passport     = require('passport'),
    bodyParser   = require('body-parser'),
    LdapStrategy = require('passport-ldapauth'),
    fs = require('fs');

var OPTS = { ... };

var app = express();

passport.use(new LdapStrategy(OPTS));

app.use(bodyParser.json());
app.use(bodyParser.urlencoded({extended: false}));
app.use(passport.initialize());

app.post('/login', passport.authenticate('ldapauth', {session: false}), function(req, res) {
  res.send({status: 'ok', dn: req.user.displayName});
});

app.listen(8080);

OPT Configuration 1:

OPTS = {
    server: {
        url: 'ldaps://HOSTNAME:636',
        bindDn: 'USER1',
        bindCredentials: 'PASSWORD',
        searchBase: 'DC=corp,DC=com',
        searchFilter: "(&(objectClass=user)(sAMAccountName=USER2))",
        tlsOptions: {
          ca: [
            fs.readFileSync('/PATH/TO/CERT.crt')
          ]
        }
  }
}


#> curl -X POST -H "Content-Type: application/json" -d '{"username": "USER2", "password": "PASSWORD"}' http://0.0.0.0:8080/login
RESPONSE: {status: 'ok', dn:USER2}

OPT Configuration 2:

OPTS = {
    server: {
        url: 'ldaps://HOSTNAME:636',
        bindDn: 'USER1',
        bindCredentials: 'PASSWORD',
        searchBase: 'DC=corp,DC=com',
        searchFilter: "(&(objectClass=user)(sAMAccountName=))",
        tlsOptions: {
          ca: [
            fs.readFileSync('/PATH/TO/CERT.crt')
          ]
        }
  }
}

#> curl -X POST -H "Content-Type: application/json" -d '{"username": "USER2", "password": "PASSWORD"}' http://0.0.0.0:8080/login
RESPONSE: Unauthorized

According to my understanding, should have been replaced with USER2. Is there something wrong here?

Thanks!!



via Prashanth

No comments:

Post a Comment