0

I was able to run it with C# but not with NodeJs. C# code is running successfully.

DirectoryEntry directoryEntry = new DirectoryEntry("LDAP://abc.local", userName, password);                    
DirectorySearcher dsearch = new DirectorySearcher(directoryEntry);
dsearch.Filter = "sAMAccountName=" + userName;
SearchResult results = dsearch.FindOne();

I'm trying with nodejs but I always get the same error. I'm using ldapjs to make requests with nodejs. Username variable I tried with domain extension and only as username (abcd or abcd@abc.com.tr)

ERROR: {"lde_message":"80090308: LdapErr: DSID-0C090447, comment: AcceptSecurityContext error, data 52e, v3839\u0000","lde_dn":null}

My Nodejs Code:

  const client = ldap.createClient({
    url: process.env.LDAP_URL,
    baseDN: 'dc=abc,dc=local',
    username: username,
    password: pass,
  });
  const opts = {
    filter: `(sAMAccountName=${username})`,
    attributes: [],
  };
  client.bind(username, pass, (err) => {
    if (err) console.log(err);
    else console.log('connect success');
    client.search('', opts, (err, res) => {
      if (err) console.log('SER: ', err);
      res.on('searchRequest', (searchRequest) => {
        console.log('searchRequest: ', searchRequest);
      });
      res.on('searchEntry', (entry) => {
        console.log('entry: ' + JSON.stringify(entry.object));
      });
      res.on('searchReference', (referral) => {
        console.log('referral: ' + referral.uris.join());
      });
      res.on('error', (err) => {
        console.error('error: ' + err.message);
      });
      res.on('end', (result) => {
        console.log('status: ' + result.status);
      });
    });
  });
BroscR
  • 167
  • 2
  • 11
  • You need to do the search before the bind. You don't know who you are yet. When you get the search result, use its DN as the username to bind with. Just as your C# code no doubt goes on to do. – user207421 Jun 06 '22 at 07:32
  • actually i tried before bind too but it didn't succeed. Can you share an example ? @user207421 – BroscR Jun 06 '22 at 07:44
  • Didn't succeed how? I have no NodeJS examples but all you need to do is what your working C# code does, and it is certainly not binding before searching. The bit you posted doesn't bind at all. – user207421 Jun 06 '22 at 07:47

1 Answers1

0

Directory Service in C# automatically adds @abc.local to username. I fixed the issue when I added this to username manually in the ldapjs or activedirectory libraries.

         const config = {
            url: 'LDAP://abc.local',
            baseDN: 'DC=abc,DC=local',
            username: username + '@abc.local',
            password: pass,
          };
    
          const ad = new activedirectory(config);
          const promiseLDAP = new Promise((resolve, reject): Promise<any> => {
            return ad.findUser(username, (err, user) => {
              if (err) return reject(null);
    
              if (!user) return reject(null);
              return resolve(user);
            });
          });
BroscR
  • 167
  • 2
  • 11