Need help to authenticate users
aurelien-logiciels-bernard opened this issue · 2 comments
Hello, for a professional project, I have to check if the users have the right to connect to a web application that I develop in dart. I receive from a form an account and password of the user who tries to connect. The client gave me an account and password that I assume to be a technical account.
I am not an expert in LDAP connection but according to my readings, it would be enough to open a connection, to carry out an operation bind with the technical identifiers then to carry out a research of the user who tries to connect and to remake an operation bin with its account and password?
Here is the information that the customer gave me:
- host: "priv.client.fr",
- baseDN: "OU=Users Citrix,DC=priv,DC=client,DC=en",
- login: "admin",
- password: "test"
I've tried it every which way, with or without SSL, etc. I always get an error...
A little help would be welcome!
Code :
import 'dart:io';
import 'package:dartdap/dartdap.dart';
import 'authentification.dart';
class LDAPAuth extends Authentication {
LDAPAuth(
{required this.host,
required this.baseDN,
required this.adminLogin,
required this.adminPassword,
this.ssl = false});
final String host;
final String adminLogin;
final String adminPassword;
final bool ssl;
final String baseDN;
@override
Future<bool> checkCrendential(
{required String login, required String? password}) async {
final connection = LdapConnection(
host: host,
ssl: ssl,
port: ssl ? Ldap.PORT_LDAPS: Ldap.PORT_LDAP,
bindDN: "CN=" + adminLogin + "," + baseDN,
password: adminPassword,
badCertificateHandler: (X509Certificate cert) {
return true;
},
);
try {
await connection.open();
await connection.bind();
await _doSearch(connection);
return Future.value(true);
} catch (e, stacktrace) {
throw MyError("LDAP Authentication", e, stacktrace);
} finally {
await connection.close();
}
}
Future<void> _doSearch(LdapConnection connection) async {
var filter = Filter.present('objectClass');
var attrs = ['dn', 'objectclass'];
var searchResult =
await connection.search(baseDN, filter, attrs, sizeLimit: 15);
await for (var entry in searchResult.stream) {
print('dn: ${entry.dn}');
for (var attr in entry.attributes.values) {
for (var value in attr.values) {
print(' ${attr.name}: $value');
}
}
}
}
}
It looks like you're trying to connect to Active Directory. AD does not implement LDAP correctly because it dates from the bad old MS days of "embrace, extend, extinguish", so your customer might mean that you're literally expected to set bindDN to adminLogin. You'll almost certainly have to use SSL.
If that doesn't work, you'll need to ask the customer exactly what they mean.
The second part - doSearch() - should be using a much more specific filter than (objectclass=*) which will actually return every entry. OK, up to a maximum of 15 because of your sizeLimit. If you have more details of the user you should construct a more precise filter. But get your bind operation working first :-)
closing due to lack of activity