I have a problem about something I've never really encountered before, that is connecting to an LDAP from a NodeJS application. Until now, I didn't even know there was such a thing as an LDAP, so I've been learning on the go. That's why this may be a stupid question, but I haven't found any concise answer.
The requirement is: "log to an LDAP from your application with the user and pass provided in your login screen". The client has an LDAP, and wants to use it to authenticate our application's users, so the user and pass entered in our log in screen are used to try to log in to the LDAP.
I understand that I need three things to connect to an LDAP:
- the server's URL
- A user (with pass)
- And a DN to bind to
I'm currently using
to connect from NodeJS. The operation that I'd need to use to authenticate the user, I understand, it's the
. For that, I need to have created the server (already done, and no problems) and pass the dn, and the password. I assume the DN includes the user. Something like
Which works... provided that the users belong to the same "branch"
. That is, if all of them are in, say,
. That's why I'm able to "hardcode" the DN in the
and just change the user with a replace.
Problem is, not all of them belong to the same "branch" (I don't know the technical name for this). Say, I have some in
, some in
So I don't know to begin with what the user's organization is, so I can't make him bind to the LDAP client because I lack the DN.
The client only provided us with an example, from another application that used ASP.NET and ADO.NET to do so, using something like a SQL command to get the LDAP info. Thing is, the equivalent to the DN was a more generic one. Something like
This, apparently, worked. If I try to do the same thing, using that more "general" DN route (which, I assume, is a node higher on the LDAP tree), providing one of the users' password, I get an authentication error.
So, how come? What am I missing? What do I need to log the users to LDAP using just the "CN=[username]" DN? Is that something that only ADO.NET can use?
Thanks, and sorry if it's too generic a question.