MarkusAnthony
commented
4 years ago If passport-ldapauth is using the ldap server for authentication username/password can I ask for an option to use an alternative server?
Closed MarkusAnthony closed 4 years ago
MarkusAnthony
commented
4 years ago If passport-ldapauth is using the ldap server for authentication username/password can I ask for an option to use an alternative server?
vesse
commented
4 years ago You can use multiple strategies and you can use same strategy with different options by naming them.
And yes, of course the options are used. Wouldn't make much sense to have them otherwise? Most options are passed to ldapauth-fork and the actual search implementation you can see from it's sources.
MarkusAnthony
commented
4 years ago I didn't get any answers here. I think you misunderstood.
My main question: Is the ldapauth using the ldap server to login and authenticate?
My second question was: Instead of having ldapauth try to login in to the ldap server can we give it another ip address to login to. I still need the ldap search result. Isn't it a possible security issue if everyone that authenticates via ldapauth has to be able to login to the ldap server?
-Markus
vesse
commented
4 years ago You can see eg. this Stack Overflow comment on how LDAP authentication is performed.
We have external users that we want to authenticate. They have very limited access accounts. For instance they are not allowed to logon to the domain controller. They are allowed to VPN in and ability to logon to 2 or 3 other machines.
Using ldapsearch we are able to find their account.
Authentication via passport-ldapauth fails for those limited accounts.
How is the authentication actually being performed? Are you using the information in the options to try to login to the ldap server?
-Markus