I've been attempting to authenticate to an Active Directory Windows 2008 server with ldap.js. The only goal is to authenticate to the server, and I am using the client side stuff (not creating new server, which is what all the documentation is about). I'm totally new to LDAP, and as such, authenticating with username "MYDOMAIN\myuser" does not work in ldap.js, but does in ldapsearch: ldapsearch -H ldap://192.168.1.212:389 -x -D 'MYDOMAIN\myuser' -w pa33w0rd -LLL -b "dc=mydomain" '(sAMAccountName=myuser)' which authenticates successfully but then spits out Referral (10).
我一直在尝试使用ldap.js对活动目录Windows 2008服务器进行身份验证。唯一的目标是对服务器进行身份验证,我使用的是客户端内容(不是创建新服务器,这是所有文档的内容)。我对LDAP完全陌生,因此,使用用户名“MYDOMAIN\myuser”进行身份验证并不适用于LDAP。js,但在ldapsearch: ldapsearch -H ldap:// 192.168.1.212-389 -x -D 'MYDOMAIN\myuser' -w pa33w0rd -LLL -b "dc= MYDOMAIN " '(sAMAccountName=myuser)',它成功地进行了身份验证,然后进行了推荐(10)。
trying that in ldap.js with client.bind("MYDOMAIN\myuser", 'pa33w0rd', function(err) { ... } ); fails with 49 InvalidCredentialsError 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, ...
在ldap。js和客户端。绑定(“MYDOMAIN\myuser”、“pa33w0rd”、function(err){…});49 InvalidCredentialsError 80090308: LdapErr: DSID-0C0903A9失败,注释:AcceptSecurityContext错误,…
Attempting to re-write MYDOMAIN\myuser as a Distingushed Name dn: cn=myuser, dc=mydomain also fails with auth errors also in ldap search. What is the proper way to convert DOMAIN\USER (domain backslash user format) to a DN?
当尝试将MYDOMAIN\myuser重新编写为一个扩展名dn: cn=myuser时,dc= MYDOMAIN也会失败,在ldap搜索中也会出现auth错误。将域\用户(域反斜杠用户格式)转换为DN的正确方法是什么?
1 个解决方案
#1
3
From http://www.rlmueller.net/NameTranslateFAQ.htm:
从http://www.rlmueller.net/NameTranslateFAQ.htm:
- Distinguished Names - format as specified in RFC 1779. For example cn=TestUser,ou=Sales,dc=MyDomain,dc=com.
- 专有名称- RFC 1779中指定的格式。例如cn = TestUser,ou =销售,dc = MyDomain,dc = com。
- NT format - the name format used in Windows NT 4.0. For example MyDomain\TestUser, where MyDomain is the NetBIOS name of the domain and TestUser is the NT name of the object (the pre-Windows 2000 name). The value of the sAMAccountName attribute is the NT name of the object.
- NT格式- Windows NT 4.0中使用的名称格式。例如,MyDomain\TestUser,其中MyDomain是域的NetBIOS名称,TestUser是对象的NT名称(前windows 2000名称)。sAMAccountName属性的值是对象的NT名称。
Thus, the NT format (domain backslash user) login name MYDOMAIN\myuser can map to cn=myuser,cn=Users,dc=mydomain,dc=com or cn=myuser,cn=Users,dc=mydomain,dc=local or a bunch of others. I suggest you look at the hosts file or DNS domain name of the AD server. You should also change the -b (base) to include the dc=com or dc=local, or whatever to fix the referral error.
因此,NT格式(domain backslash user)登录名MYDOMAIN\myuser可以映射到cn=myuser,cn=用户,dc= MYDOMAIN,dc=com或cn=myuser,cn=用户,dc= MYDOMAIN,dc=local或其他一些。我建议您查看AD服务器的主机文件或DNS域名。您还应该更改-b (base),以包含dc=com或dc=local,或任何可以修复引用错误的内容。
#1
3
From http://www.rlmueller.net/NameTranslateFAQ.htm:
从http://www.rlmueller.net/NameTranslateFAQ.htm:
- Distinguished Names - format as specified in RFC 1779. For example cn=TestUser,ou=Sales,dc=MyDomain,dc=com.
- 专有名称- RFC 1779中指定的格式。例如cn = TestUser,ou =销售,dc = MyDomain,dc = com。
- NT format - the name format used in Windows NT 4.0. For example MyDomain\TestUser, where MyDomain is the NetBIOS name of the domain and TestUser is the NT name of the object (the pre-Windows 2000 name). The value of the sAMAccountName attribute is the NT name of the object.
- NT格式- Windows NT 4.0中使用的名称格式。例如,MyDomain\TestUser,其中MyDomain是域的NetBIOS名称,TestUser是对象的NT名称(前windows 2000名称)。sAMAccountName属性的值是对象的NT名称。
Thus, the NT format (domain backslash user) login name MYDOMAIN\myuser can map to cn=myuser,cn=Users,dc=mydomain,dc=com or cn=myuser,cn=Users,dc=mydomain,dc=local or a bunch of others. I suggest you look at the hosts file or DNS domain name of the AD server. You should also change the -b (base) to include the dc=com or dc=local, or whatever to fix the referral error.
因此,NT格式(domain backslash user)登录名MYDOMAIN\myuser可以映射到cn=myuser,cn=用户,dc= MYDOMAIN,dc=com或cn=myuser,cn=用户,dc= MYDOMAIN,dc=local或其他一些。我建议您查看AD服务器的主机文件或DNS域名。您还应该更改-b (base),以包含dc=com或dc=local,或任何可以修复引用错误的内容。