LDAP directory search error 52e with Nodejs

Issue

I was able to run it with C# but not with NodeJs. C# code is running successfully.

DirectoryEntry directoryEntry = new DirectoryEntry("LDAP://abc.local", userName, password);                    
DirectorySearcher dsearch = new DirectorySearcher(directoryEntry);
dsearch.Filter = "sAMAccountName=" + userName;
SearchResult results = dsearch.FindOne();

I’m trying with nodejs but I always get the same error. I’m using ldapjs to make requests with nodejs. Username variable
I tried with domain extension and only as username (abcd or abcd@abc.com.tr)

ERROR: {"lde_message":"80090308: LdapErr: DSID-0C090447, comment: AcceptSecurityContext error, data 52e, v3839\u0000","lde_dn":null}

My Nodejs Code:

  const client = ldap.createClient({
    url: process.env.LDAP_URL,
    baseDN: 'dc=abc,dc=local',
    username: username,
    password: pass,
  });
  const opts = {
    filter: `(sAMAccountName=${username})`,
    attributes: [],
  };
  client.bind(username, pass, (err) => {
    if (err) console.log(err);
    else console.log('connect success');
    client.search('', opts, (err, res) => {
      if (err) console.log('SER: ', err);
      res.on('searchRequest', (searchRequest) => {
        console.log('searchRequest: ', searchRequest);
      });
      res.on('searchEntry', (entry) => {
        console.log('entry: ' + JSON.stringify(entry.object));
      });
      res.on('searchReference', (referral) => {
        console.log('referral: ' + referral.uris.join());
      });
      res.on('error', (err) => {
        console.error('error: ' + err.message);
      });
      res.on('end', (result) => {
        console.log('status: ' + result.status);
      });
    });
  });

Solution

Directory Service in C# automatically adds @abc.local to username. I fixed the issue when I added this to username manually in the ldapjs or activedirectory libraries.

         const config = {
            url: 'LDAP://abc.local',
            baseDN: 'DC=abc,DC=local',
            username: username + '@abc.local',
            password: pass,
          };
    
          const ad = new activedirectory(config);
          const promiseLDAP = new Promise((resolve, reject): Promise<any> => {
            return ad.findUser(username, (err, user) => {
              if (err) return reject(null);
    
              if (!user) return reject(null);
              return resolve(user);
            });
          });

Answered By – BroscR

Answer Checked By – Katrina (AngularFixing Volunteer)

Leave a Reply

Your email address will not be published.