Active directory proxy in node.js

Question

I'm trying to write an activty directory proxy, that will receive search requests, run some code, and then recreate the request with the real server.

I'm not able to get it to work, here's the code so far:

 var ldap = require('ldapjs');
 var ActiveDirectory = require('activedirectory');
 var server = ldap.createServer();


server.bind('cn=root', function(req, res, next) {

    console.log('BIND REACHED');
  if (req.dn.toString() !== 'cn=root' || req.credentials !== 'somepassword')
    return next(new ldap.InvalidCredentialsError());

  res.end();
  return next();
});

 server.listen(389, '127.0.0.1', function() {
   console.log('LDAP server listening at %s', server.url);
 });

   var ad = new ActiveDirectory({
     url: 'ldap://127.0.0.1',
     baseDN: 'dc=lab,dc=ldapproxy,dc=local',
     username: 'root',
     password: 'somepassword'
 }); 
ad.findUser('root', function (err, results) {
                if (err) {
                    console.log('AD Login Failed: '+err);
                }
                else
                    console.log('AD Login Succeeded.');
                });

The error that im getting is: ProtocolError: InvalidDistinguishedNameError: root

It seems no matter how or what i put in the ActiveDirectory credentials i keep getting the same error. But when i run that same code with different credentials on a real active directory server it works without any errors.

What am i missing here? The site i'm reading is explaining how to do this on linux and with the passwords file, i'm not using linux or any files and i don't see any samples describing how to configure the server on the binding and searching based on what i wrote.

EDIT I forgot to mention that this code snappit is for debugging, i know that i'm trying to connect to the same server i just created, that's for testing purposes and learning how to ldap.

Answer 1

The error says it all: root is not a valid distinguished name you can use for binding.

In generic LDAP (OpenLDAP, for instance), you can only perform a bind operation with a "username" that is a fully qualified distinguished name (FQDN) of the object (the user, in the ldap database) with which you want to bind. That would be something like this:

CN=root,OU=Users,DC=example,DC=local

This, of course, depends on where the user account is located in the database.

Note: In Active Directory, the bind operation is not limited to a FQDN of the user - there are several other options what can be used as a username during binding. I have covered this in a previous SO question . However, I am unsure if ldapjs supports these username formats, considering the error message you are seeing.