search

vesse / node-ldapauth-fork

Simple node.js module to authenticate against an LDAP server
Other
127 stars 79 forks source link

Different searchBase for admin and other users #55

Closed okonomiyaki3000 closed 6 years ago

okonomiyaki3000 commented 7 years ago

My bind (admin) user and the users that I actually want to authenticate have different search bases. The only parts they have in common are the dc parts. If I set a search base that's sufficient to find my bind user, it will never find my regular users. Does that make sense?

So, for example, I have a bind user with DN like: DN=admin,OU=admins,OU=specialUsers,DC=example,DC=com And regular users who I want to authenticate like: DN=JoeBlow,OU=chumps,OU=regularDudes,DC=example,DC=com

Then I can set bindDN to that first string (actually, just admin would be enough) and set the searchBase to something like: OU=specialUsers,DC=example,DC=com and the bind user will be authenticated properly but JoeBlow will not be able to log in because the searchBase misses him.

Any suggestion?

vesse commented 7 years ago

Not sure if I understood what you meant, but the searchBase is not used with bind user. You should define full DN to bindDN.