LDAP Invalid username/password

[afreeland]

I used npm install passport-ldapauth and believe the following config is correct...at least while looking at the documention on passport-ldapauth.

ldap:
    enabled: true
    url: 'ldap://{serverIP}:389'
    bindDn: 'CN={proxy_username},DC={domain},DC=org'
    bindCredentials: '{proxy_password}'
    searchBase: 'DC={domain},DC=org'
    searchFilter: '(uid={{username}})'
    searchAttributes:  ['displayName', 'mail']

I appear to be getting an Invalid username/password error, was hoping there was something obvious missing...Are there any gotchas when dealing with LDAP or does the config seem correct?

I have tried many options

• Username
• DOMAIN\Username
• Username@site.org

Also, was able to use dsquery to get the bindDN piece...but still getting invalid user/pass for known good user/pass dsquery user dc={domain},dc=org -samid {username}-s {serverIP}

Also temporarily changed passport-ldapauth to return back the actual error instead of the friendly handled error and received this 80090308: LdapErr: DSID-0C0903A8, comment: AcceptSecurityContext error, data 52e, v1db1

I guess the 52e represents 'Invalid Credentials'...but the credentials are definitely correct?

So far no luck =/

[afreeland]

Alright, managed to get it working after hating life for a few hours....here is an updated config example that hopefully helps others.

ldap:
    enabled: true
    url: 'ldap://<ldapServer>:389'
    // FULL DN!!!! Dont strip anything out from the dsquery
    bindDn: 'CN=<user>,OU=<organizationalUnit>,DC=<domain 1>,DC=<domain 2>,DC=org'
    bindCredentials: '<password>'
    searchBase: 'DC=<domain 1>,DC=<domain 2>,DC=org'
    searchFilter: 'sAMAccountName={{username}}'
    searchAttributes:  ['displayName', 'mail']