Closed viperscape closed 7 years ago
Can you point me to existing code or a gist performing that kind of authentication, noting the precise name and version of the used LDAP package?
Protocol-wise, nothing stops you from supplying an arbitrary BindDN value for simple binds: it's encoded as an octet string, and this library doesn't check its form. However, the spec constrains it to the LDAP DN format, and a conforming server will reject anything else. Note that Active Directory is not conforming here, as it accepts a bunch of name forms in addition to DNs. To use an alternative name form and be standards-conformant, you'd have to use a SASL bind, which is a whole another can of worms, and unsupported by this crate.
What I suspect is happening in the Node scenario:
You're authenticating against AD using one of name forms it recognizes. You can issue exactly the same bind request with this library, or
The LDAP package is doing an internal search, then binding with a found DN. Unlikely, but it can be replicated, or
The LDAP package is doing a SASL bind. Also unlikely, and can't be replicated with what the library currently supports.
Thanks for the reply, this is helpful!
The js gist is below:
const ActiveDirectory = require('activedirectory2');
const config = { url: 'ldap://host',
baseDN: 'DC=domain,DC=com' };
const ad = new ActiveDirectory(config);
ad.authenticate(username+"@domain.com", password, function(e,r) {
});
I was having trouble replicating this with the ldap3 crate, I'll keep tinkering! thanks
I got it working now :) Thanks so much, I was still combining dn with the principle name, so replacing it all with just the full account works now. Thanks for your help!
I noticed to bind successfully I must use the full DN, which includes the first and last name of the person. I basically want to use this library to quickly authenticate users, in something like nodejs I would bind anonymously and then authenticate using the
userPrincipalName
or something similarjdoe@domain.com
Is there a workaround for what I am trying to achieve?