0

I was able to run it with C# but not with NodeJs. C# code is running successfully.

DirectoryEntry directoryEntry = new DirectoryEntry("LDAP://abc.local", userName, password);                    
DirectorySearcher dsearch = new DirectorySearcher(directoryEntry);
dsearch.Filter = "sAMAccountName=" + userName;
SearchResult results = dsearch.FindOne();

I'm trying with nodejs but I always get the same error. I'm using ldapjs to make requests with nodejs. Username variable I tried with domain extension and only as username (abcd or [email protected])

ERROR: {"lde_message":"80090308: LdapErr: DSID-0C090447, comment: AcceptSecurityContext error, data 52e, v3839\u0000","lde_dn":null}

My Nodejs Code:

  const client = ldap.createClient({
    url: process.env.LDAP_URL,
    baseDN: 'dc=abc,dc=local',
    username: username,
    password: pass,
  });
  const opts = {
    filter: `(sAMAccountName=${username})`,
    attributes: [],
  };
  client.bind(username, pass, (err) => {
    if (err) console.log(err);
    else console.log('connect success');
    client.search('', opts, (err, res) => {
      if (err) console.log('SER: ', err);
      res.on('searchRequest', (searchRequest) => {
        console.log('searchRequest: ', searchRequest);
      });
      res.on('searchEntry', (entry) => {
        console.log('entry: ' + JSON.stringify(entry.object));
      });
      res.on('searchReference', (referral) => {
        console.log('referral: ' + referral.uris.join());
      });
      res.on('error', (err) => {
        console.error('error: ' + err.message);
      });
      res.on('end', (result) => {
        console.log('status: ' + result.status);
      });
    });
  });
Improve this question
3
  • You need to do the search before the bind. You don't know who you are yet. When you get the search result, use its DN as the username to bind with. Just as your C# code no doubt goes on to do. Commented Jun 6, 2022 at 7:32
  • actually i tried before bind too but it didn't succeed. Can you share an example ? @user207421 Commented Jun 6, 2022 at 7:44
  • Didn't succeed how? I have no NodeJS examples but all you need to do is what your working C# code does, and it is certainly not binding before searching. The bit you posted doesn't bind at all. Commented Jun 6, 2022 at 7:47

1 Answer 1

Reset to default
0

Directory Service in C# automatically adds @abc.local to username. I fixed the issue when I added this to username manually in the ldapjs or activedirectory libraries.

         const config = {
            url: 'LDAP://abc.local',
            baseDN: 'DC=abc,DC=local',
            username: username + '@abc.local',
            password: pass,
          };
    
          const ad = new activedirectory(config);
          const promiseLDAP = new Promise((resolve, reject): Promise<any> => {
            return ad.findUser(username, (err, user) => {
              if (err) return reject(null);
    
              if (!user) return reject(null);
              return resolve(user);
            });
          });
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.