express - LDAP authentication using passport-ldapauth on Node.js -
i've been struggling passport-ldapauth couple of days, , have no more ideas left doing wrong.
briefly, have project uses 2 passport strategies: local , ldap. local strategy works me, ldap problematic one.
i have read-only user ad (let's call "ldap-read-only-admin"), , able connect user via external ldap client , view relevant ou. have triple-checked searchbase, , seems correct.
however, when passing same configuration passport-ldapauth, seems cannot bind user credentials (i guess). ideas on how debug appreciated.
this app.js:
var express = require("express"); var app = express(); var path = require("path"); var session = require("express-session"); var mongoose = require("mongoose"); var passport = require("passport"); var flash = require("connect-flash"); var cookieparser = require("cookie-parser"); var bodyparser = require("body-parser"); var morgan = require("morgan"); var configdb = require('./config/database.js'); require('./config/passport.js')(passport); // pass passport configuration app.use(express.static(__dirname + '/public')); app.set('view engine', 'ejs'); //connect database var promise = mongoose.connect(configdb.url, { usemongoclient: true, }); app.use(morgan('dev')); // log every request console app.use(cookieparser()); // read cookies (needed auth) //app.use(bodyparser()); // information html forms app.use(bodyparser.urlencoded({ extended: true })); app.use(bodyparser.json({ extended: true })); // configuring passport app.use(session({ secret: 'secret', resave: true, saveuninitialized: true })); // session secret app.use(passport.initialize()); app.use(passport.session()); // persistent login sessions app.use(flash()); // use connect-flash flash messages stored in session require('./modules/routes.js')(app, passport); // load our routes , pass in our app , configured passport //make web server listen on specific port app.listen(3000); logger.info("listening on port 3000"); this routes.js (the relevant part):
module.exports = function(app, passport) { app.post('/', function(req, res, next) { passport.authenticate('ldap-login', {session: true}, function(err, user, info) { console.log("user: " + user); console.log("info: " + json.stringify(info)); if (err) { return next(err); // generate 500 error } // generate json response reflecting authentication status if (! user) { return res.send({ success : false, message : 'authentication failed' }); } return res.send({ success : true, message : 'authentication succeeded' }); })(req, res, next); }); } and passport.js:
var localstrategy = require('passport-local').strategy; var ldapstrategy = require('passport-ldapauth').strategy; // load user model var user = require('../modules/user.js'); // expose function our app using module.exports module.exports = function(passport) { // ========================================================================= // passport session setup ================================================== // ========================================================================= // required persistent login sessions // passport needs ability serialize , unserialize users out of session // used serialize user session passport.serializeuser(function(user, done) { done(null, user.id); }); // used deserialize user passport.deserializeuser(function(id, done) { user.findbyid(id, function(err, user) { done(err, user); }); }); // ========================================================================= // local login ============================================================= // ========================================================================= passport.use('local-login', new localstrategy({ passreqtocallback : true // allows pass entire request callback }, function(req, username, password, done) { // callback email , password our form // find user email same forms email // checking see if user trying login exists user.findone({ username : username }, function(err, user) { // if there errors, return error before else if (err) return done(err); // if no user found, return message if (!user) return done(null, false, req.flash('loginmessage', 'the username "' + username + '" not found.')); // req.flash way set flashdata using connect-flash // if user found password wrong if (!user.validpassword(password)) return done(null, false, req.flash('loginmessage', 'oops! wrong password.')); // create loginmessage , save session flashdata // well, return successful user return done(null, user); }); })); // ========================================================================= // ldap login ============================================================== // ========================================================================= var opts = { server: { url: 'ldap://<ldap server address>:389', binddn: 'cn=ldap-read-only-admin', bindcredentials: 'password', searchbase: 'ou=xx1, ou=xx2, dc=domain, dc=local', searchfilter: '(uid={{username}})', // passreqtocallback : true } }; passport.use('ldap-login', new ldapstrategy(opts, function(req, user, done) { console.log("passport ldap authentication."); done(null, user); } )); };
after 5 hours of trying, managed fix problem.
first, "ldap-read-only-admin" under same ous other users, had put whole path ldap-read-only-admin in binddn string. second, needed use samaccountname instead of uid. , third, had remove req ldapstrategy function.
here how ldap login in passport.js looks like:
// ========================================================================= // ldap login ============================================================== // ========================================================================= var opts = { server: { url: 'ldap://<ldap server address>:389', binddn: 'cn=ldap-read-only-admin,ou=xx1, ou=xx2, dc=domain, dc=local', bindcredentials: 'password', searchbase: 'ou=xx1, ou=xx2, dc=domain, dc=local', searchfilter: '(samaccountname={{username}})', // passreqtocallback : true } }; passport.use('ldap-login', new ldapstrategy(opts, function(user, done) { console.log("passport ldap authentication."); done(null, user); } )); hope someone.
Comments
Post a Comment