LDAP Invalid username/password
Closed this issue · 1 comments
I used npm install passport-ldapauth
and believe the following config is correct...at least while looking at the documention on passport-ldapauth.
ldap:
enabled: true
url: 'ldap://{serverIP}:389'
bindDn: 'CN={proxy_username},DC={domain},DC=org'
bindCredentials: '{proxy_password}'
searchBase: 'DC={domain},DC=org'
searchFilter: '(uid={{username}})'
searchAttributes: ['displayName', 'mail']
I appear to be getting an Invalid username/password error, was hoping there was something obvious missing...Are there any gotchas when dealing with LDAP or does the config seem correct?
I have tried many options
- Username
- DOMAIN\Username
- Username@site.org
Also, was able to use dsquery
to get the bindDN piece...but still getting invalid user/pass for known good user/pass
dsquery user dc={domain},dc=org -samid {username}-s {serverIP}
Also temporarily changed passport-ldapauth
to return back the actual error instead of the friendly handled error and received this
80090308: LdapErr: DSID-0C0903A8, comment: AcceptSecurityContext error, data 52e, v1db1
I guess the 52e
represents 'Invalid Credentials'...but the credentials are definitely correct?
So far no luck =/
Alright, managed to get it working after hating life for a few hours....here is an updated config example that hopefully helps others.
ldap:
enabled: true
url: 'ldap://<ldapServer>:389'
// FULL DN!!!! Dont strip anything out from the dsquery
bindDn: 'CN=<user>,OU=<organizationalUnit>,DC=<domain 1>,DC=<domain 2>,DC=org'
bindCredentials: '<password>'
searchBase: 'DC=<domain 1>,DC=<domain 2>,DC=org'
searchFilter: 'sAMAccountName={{username}}'
searchAttributes: ['displayName', 'mail']