I have a problem about something I've never really encountered before, that is connecting to an LDAP from a NodeJS application. Until now, I didn't even know there was such a thing as an LDAP, so I've been learning on the go. That's why this may be a stupid question, but I haven't found any concise answer.
The requirement is: "log to an LDAP from your application with the user and pass provided in your login screen". The client has an LDAP, and wants to use it to authenticate our application's users, so the user and pass entered in our log in screen are used to try to log in to the LDAP.
I understand that I need three things to connect to an LDAP:
I'm currently using ldapjs to connect from NodeJS. The operation that I'd need to use to authenticate the user, I understand, it's the bind operation. For that, I need to have created the server (already done, and no problems) and pass the dn, and the password. I assume the DN includes the user. Something like
CN=myuser,OU=MyOrg,OU=Users,DN=MyLdapServer,DN=com
Which works... provided that the users belong to the same "branch". That is, if all of them are in, say, OU=MyOrg. That's why I'm able to "hardcode" the DN in the bind() and just change the user with a replace.
Problem is, not all of them belong to the same "branch" (I don't know the technical name for this). Say, I have some in OU=MyOrg, some in OU=MyOtherOrg...
So I don't know to begin with what the user's organization is, so I can't make him bind to the LDAP client because I lack the DN.
The client only provided us with an example, from another application that used ASP.NET and ADO.NET to do so, using something like a SQL command to get the LDAP info. Thing is, the equivalent to the DN was a more generic one. Something like
ldap://MyLdapServer.com/CN=[the_user_provided]
This, apparently, worked. If I try to do the same thing, using that more "general" DN route (which, I assume, is a node higher on the LDAP tree), providing one of the users' password, I get an authentication error.
So, how come? What am I missing? What do I need to log the users to LDAP using just the "CN=[username]" DN? Is that something that only ADO.NET can use?
Thanks, and sorry if it's too generic a question.
Per the comment I made:
To bind with Active Directory you do not need to know the full DN of the user. There is a list of all the different available methods on this page in the docs. So you could use user@domain.com as an example. Or just the supplied username would work in most cases.