1

I'm trying to write an activty directory proxy, that will receive search requests, run some code, and then recreate the request with the real server.

I'm not able to get it to work, here's the code so far:

 var ldap = require('ldapjs');
 var ActiveDirectory = require('activedirectory');
 var server = ldap.createServer();


server.bind('cn=root', function(req, res, next) {

    console.log('BIND REACHED');
  if (req.dn.toString() !== 'cn=root' || req.credentials !== 'somepassword')
    return next(new ldap.InvalidCredentialsError());

  res.end();
  return next();
});

 server.listen(389, '127.0.0.1', function() {
   console.log('LDAP server listening at %s', server.url);
 });

   var ad = new ActiveDirectory({
     url: 'ldap://127.0.0.1',
     baseDN: 'dc=lab,dc=ldapproxy,dc=local',
     username: 'root',
     password: 'somepassword'
 }); 
ad.findUser('root', function (err, results) {
                if (err) {
                    console.log('AD Login Failed: '+err);
                }
                else
                    console.log('AD Login Succeeded.');
                });

The error that im getting is: ProtocolError: InvalidDistinguishedNameError: root

It seems no matter how or what i put in the ActiveDirectory credentials i keep getting the same error. But when i run that same code with different credentials on a real active directory server it works without any errors.

What am i missing here? The site i'm reading is explaining how to do this on linux and with the passwords file, i'm not using linux or any files and i don't see any samples describing how to configure the server on the binding and searching based on what i wrote.

EDIT I forgot to mention that this code snappit is for debugging, i know that i'm trying to connect to the same server i just created, that's for testing purposes and learning how to ldap.

Shaul
  • 211
  • 1
  • 4
  • 18

1 Answers1

0

The error says it all: root is not a valid distinguished name you can use for binding.

In generic LDAP (OpenLDAP, for instance), you can only perform a bind operation with a "username" that is a fully qualified distinguished name (FQDN) of the object (the user, in the ldap database) with which you want to bind. That would be something like this:

CN=root,OU=Users,DC=example,DC=local

This, of course, depends on where the user account is located in the database.

Note: In Active Directory, the bind operation is not limited to a FQDN of the user - there are several other options what can be used as a username during binding. I have covered this in a previous SO question. However, I am unsure if ldapjs supports these username formats, considering the error message you are seeing.

Community
  • 1
  • 1
Robert Rossmann
  • 11,931
  • 4
  • 42
  • 73
  • Hi, So based on what you're saying i must have some kind of a users db? Cause i've been trying to reach that line 'console.log('BIND REACHED');' so i can tell that the requests can be received. the ActiveDirectory lib uses ldapjs and it supports those usernames. How can i configure the DC & OU of my server? It's only for auth purposes, so i reckon i can use a simple string for those(OU=Users & DC=example,DC=local) and then any request that doesn't match i can drop. But how do i configure those in my server? – Shaul Apr 16 '15 at 12:40
  • i'm tired so i've missed this part " the error says it all: root....", i mentioned above that attempts to bind to a REAL active directory server using the same code, did work. The difference was only with the details, so i'm assuming that i need to configure the tree somehow before i can receive bind requests. But based on the tutorial, the only way is through a file... – Shaul Apr 16 '15 at 12:50
  • I am not sure what you are asking...:) Try to print the error's stack trace and check yourself that it is coming from the call to either `new ActiveDirectory` or `ad.findUser()`. If you have other means of exploring your Active Directory, try to get the FQDN of the user *root* and bind with that string. It should work. – Robert Rossmann Apr 16 '15 at 12:56
  • 1
    Aha! I double-checked the code... You are creating ldap server and then using the activedirectory module to bind to it. In that case, bind with `cn=root`. That should do it. – Robert Rossmann Apr 16 '15 at 12:58