"Missing Credentials" when trying to login to the ldap server

Question

"Missing Credentials" when trying to login to the ldap server

jefly opened this issue 6 years ago · comments

I want to authenticate an user whether the username & password is correct. I'll paste only the important code here.

const passport = require('passport');
const ldapStrategy = require('passport-ldapauth').Strategy;


var LDAP_OPTS = {
    server: {
        url: 'ldap://server_ip:389',
        bindDN: 'DN info',
        bindCredentials: 'ldap admin password',
        searchBase: 'base_info',
        searchFilter: '(sAMAccountName={{my_user_name}})'
    },
    usernameField: 'my_user_name',
    passwordField: 'my_password'
};

passport.use(new ldapStrategy(LDAP_OPTS));
app.use(passport.initialize());

module.exports.login = function(req, res, next){

    passport.authenticate('ldapauth', function(err, user, info){
        if(err){
            return next(err);
        }

        if(!user){
            res.status(401).json({ success: false, message: 'authentication failed' });
        } else {
            res.status(200).json({success: true});
        }

        console.log('after response..')

    })(req, res, next)
}

Again I'm telling I just need to authenticate whether my username exist in the ldap server and after that validate my password over it and return a response based on that. Can anyone help me?
@vesse @mikeputnam @simong

GIGOU · Answer 1 · Thu May 17 2018 21:34:12 GMT+0800 (China Standard Time)

Same problem here, trying with SSL.

    const ldapOptions = {
      server: {
        url: config.LDAP_SERVER_URL,
        bindDN: config.LDAP_SERVER_BIND_DN,
        bindCredentials: config.LDAP_SERVER_BIND_CREDENTIALS,
        searchBase: config.LDAP_SERVER_SEARCH_BASE || null,
        searchFilter: config.LDAP_SERVER_SEARCH_FILTER || null,
        searchAttributes: config.LDAP_SERVER_SEARCH_ATTR,
        tlsOptions: {
          ca: [fs.readFileSync(config.LDAP_PATH_TO_CERT)]
        }
      },
      usernameField: 'my_user_name',
      passwordField: 'my_password'
    }

    passport.use(new LdapStrategy(ldapOptions))

Part of the code

import passport from 'passport'
import LdapStrategy from 'passport-ldapauth'

passport.authenticate(authStrategy, { session: false }, (err, user, info) => {
      if (err || !user) {
        logger.error(`${prefix} Cannot authenticate the user "${user}": ${JSON.stringify(info)}`)
        return res.status(400).json({
          message: info.message,
          error: err,
          user: user,
          info: info
        })
      }

Returned content

{
    "message": "Missing credentials",
    "error": null,
    "user": false,
    "info": {
        "message": "Missing credentials"
    }
}

Version from package.json

    "passport": "^0.4.0",
    "passport-ldapauth": "^2.0.0",

Supun Wimukthi · Answer 2 · Fri May 18 2018 12:55:54 GMT+0800 (China Standard Time)

Even though I tagged some of the people, they seems to haven't responding.
@gigouni Did you find any alternative way?

Vesa Poikajärvi · Answer 3 · Fri May 18 2018 13:23:46 GMT+0800 (China Standard Time)

I find it unlikely that you both have HTML forms that send username and password in fields with names

usernameField: 'my_user_name',
passwordField: 'my_password'

Did you read the documentation? Furthermore, this is not an ISSUE in the library, for basic usage instructions please refer to the documentation or stackoverflow

Supun Wimukthi · Answer 4 · Fri May 18 2018 14:43:33 GMT+0800 (China Standard Time)

@vesse I read documentation and I'm not expecting the basic usage here.
Sorry for bugging you but I really need to get this done. Can you please check these images and let me know what's the wrong? I've been trying for 3 days now. Please help

Vesa Poikajärvi · Answer 5 · Fri May 18 2018 15:13:44 GMT+0800 (China Standard Time)

Did you check this link I already provided?

Hint: you are assigning data (form.value.username) to usernameField - eg. if you put usernameField: jefly@example.com, the implementation will search for input field named jefly@example.com from the request.

Update: Oh, but you are also assigning a credentialsLookup function but not setting any HTTP Basic Auth headers.

This still does not look like an ISSUE in the library but a very basic user error. I suggest you check the implementation that gives the Missing credentials reply. It comes because there are no credentials found to be checked agains LDAP.

Supun Wimukthi · Answer 6 · Fri May 18 2018 17:12:48 GMT+0800 (China Standard Time)

@vesse: Thank you very much, now it's working! You saved my life. Yes, you're right. I understood the usernameField issue. Actually I didn't need credentialsLookup. I used it because authentication didn't work. Thanks again and sorry for bothering. I think it's better if you provide the html form in your example, so others can understand easily :)

Barathwaja S · Answer 7 · Fri Nov 30 2018 00:38:05 GMT+0800 (China Standard Time)

I'm still getting bad Request / missing credentials !! I tried to pass username and password in usernameField and passwordField no luck where exactly i should pass those into? in options or passport.authentication () ??? can anyone help me on this.

Supun Wimukthi · Answer 8 · Fri Nov 30 2018 16:39:59 GMT+0800 (China Standard Time)

@Barathwaja usernameField, passwordField should be the name of your name of txt inputs inside the form.