Possible to skip bindDN & bindCredentials?

[Cottin]

Thanks for a great plugin!

I was following the readme.md and I have two servers with IIS 7 on which I do

    <iisnode promoteServerVars="LOGON_USER" />

And I'd like not having to specify the bindDN & bindCredentialslike so:

passport.use(new WindowsStrategy({ 
  ldap: {
    url:             'ldap://wellscordoba.wellscordobabank.com/DC=wellscordobabank,DC=com',
    base:            'DC=wellscordobabank,DC=com',
    bindDN:          'someAccount',   // <------ Skip please
    bindCredentials: 'andItsPass'    // <------ Skip please
  }

...and instead use the credentials of the server itself. On the development server I can skip them and it works fine, but on the production server I cannot.

Should this be possible to do and if so, is there something more you can put in the docs about how to achieve this?

[jfromaniello]

If you use passport.use(new WindowsStrategy({})) without any option and you run inside IIS (iisnode), the profile for passport will only have two properties id and name both equals to the windows logon name passed from IISNode.

However if you need the full profile from LDAP (AD?) you need to provide access to ldap. We haven't had any problems with this, deploying to our customers infrastructure, we just ask them for an AD service account.

I hope this make sense

[nyan-matt]

I do not have access to service account (or AD team will not provide) When I am in a ldap client browser, I can simply connect using url, baseDn, username, and password. Is there anyway to emulate this simple connection (without need for initial binding with service account?)

I am connecting via a vanilla node/express setup to the remove ldap server, although they are on the same network.