ldap Invalid Credentials While Authenticating User(NodeJs)

Question

There are two Active Directory (LDAP Servers). Following are the users which belongs to their servers respectively.

     Server         user                         password

1-   abc.pk           [email protected]              ********

2-   xyz.com.pk       [email protected]          ******** 

I am authenticating the user in NodeJS with library (ActiveDirectory). Below is my code where I am authenticating [email protected] from its respective server.

       const ActiveDirectory = require('activedirectory');
       var ad = new ActiveDirectory({
           "url": "ldap://xyz.com.pk",
           "baseDN": "DC=xyz,DC=com,DC=pk"
});
                    ad.authenticate(username, password, function(err, auth) {
                        console.log('auth function called with username: '+username);
                        if (err) {
                            console.log('auth function called and with following err  '+JSON.stringify(err));
                            return;
                        }           
                        if (auth) {
                          console.log('Authenticated from Active directory!');
                      });

it works fine. Same works fine if I authenticate [email protected] from server 1 by updating the url and baseDN.

       var ad = new ActiveDirectory({
           "url": "ldap://abc.pk",
           "baseDN": "DC=abc,DC=pk"
});       

Server abc.pk has Trust Relations with Server xyz.com.pk. Means I have to authenticate the user [email protected] from the Server xyz.com.pk . using the following configurations.

      var ad = new ActiveDirectory({
               "url": "ldap://xyz.com.pk",
               "baseDN": "DC=xyz,DC=com,DC=pk"
    });

but now facing the error of invalid credentials. This is the exact error I am facing {"lde_message":"80090308: LdapErr: DSID-0C090453, comment: AcceptSecurityContext error, data 52e, v3839\u0000","lde_dn":null}

If I authenticate the [email protected] from xyz.com.pk Server with Active Directory Explorer it works fine.

Active Directory Explorer image

It would be a great help if someone could give me a solution. Thanks

Answer 1

I solved the problem by checking the following 2 things: 1.-The configuration must be separated in the baseDN part:

var config = {
url: 'ldap://aaa.bbb.ccc.ddd',
baseDN: 'DC=aaa,DC=bbb,DC=ccc,DC=ddd'

};

2.-It seems the problem is not from code https://community.arubanetworks.com/community-home/digestviewer/viewthread?MID=40296#:~:text=%22AcceptSecurityContext%20error%2C%20data%2052e%22,instead%20of%20just%20the%20username.

According to the post, sometimes the domain name server may be required for authentication. It would be necessary to verify if it works with "username" or "[email protected]" or "aaa.bbb.ccc.ddd\username" depending on how the user is registered.

I hope my experience can be of use. Cheers