Node.js – Active Directory authentication with ldap.js

active-directoryauthenticationldapnode.js

I've been attempting to authenticate to an Active Directory Windows 2008 server with ldap.js. The only goal is to authenticate to the server, and I am using the client side stuff (not creating new server, which is what all the documentation is about). I'm totally new to LDAP, and as such, authenticating with username "MYDOMAIN\myuser" does not work in ldap.js, but does in ldapsearch: ldapsearch -H ldap://192.168.1.212:389 -x -D 'MYDOMAIN\myuser' -w pa33w0rd -LLL -b "dc=mydomain" '(sAMAccountName=myuser)' which authenticates successfully but then spits out Referral (10).

trying that in ldap.js with client.bind("MYDOMAIN\myuser", 'pa33w0rd', function(err) { ... } ); fails with 49 InvalidCredentialsError 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, ...

Attempting to re-write MYDOMAIN\myuser as a Distingushed Name dn: cn=myuser, dc=mydomain also fails with auth errors also in ldap search. What is the proper way to convert DOMAIN\USER (domain backslash user format) to a DN?

Best Answer

From http://www.rlmueller.net/NameTranslateFAQ.htm:

Distinguished Names - format as specified in RFC 1779. For example cn=TestUser,ou=Sales,dc=MyDomain,dc=com.

NT format - the name format used in Windows NT 4.0. For example MyDomain\TestUser, where MyDomain is the NetBIOS name of the domain and TestUser is the NT name of the object (the pre-Windows 2000 name). The value of the sAMAccountName attribute is the NT name of the object.

Thus, the NT format (domain backslash user) login name MYDOMAIN\myuser can map to cn=myuser,cn=Users,dc=mydomain,dc=com or cn=myuser,cn=Users,dc=mydomain,dc=local or a bunch of others. I suggest you look at the hosts file or DNS domain name of the AD server. You should also change the -b (base) to include the dc=com or dc=local, or whatever to fix the referral error.

Related Solutions

Python – Authenticating against active directory using python + ldap

I was missing

l.set_option(ldap.OPT_REFERRALS, 0)

From the init.

Sql – Star schema in SQLAlchethe

A typical fact table in a star schema contains foreign key references to all dimension tables, so usually there wouldn't be any need for custom join conditions - they are determined automatically from foreign key references.

For example a star schema with two fact tables would look like:

Base = declarative_meta()

class Store(Base):
    __tablename__ = 'store'

    id = Column('id', Integer, primary_key=True)
    name = Column('name', String(50), nullable=False)

class Product(Base):
    __tablename__ = 'product'

    id = Column('id', Integer, primary_key=True)
    name = Column('name', String(50), nullable=False)

class FactOne(Base):
    __tablename__ = 'sales_fact_one'

    store_id = Column('store_id', Integer, ForeignKey('store.id'), primary_key=True)
    product_id = Column('product_id', Integer, ForeignKey('product.id'), primary_key=True)
    units_sold = Column('units_sold', Integer, nullable=False)

    store = relation(Store)
    product = relation(Product)

class FactTwo(Base):
    __tablename__ = 'sales_fact_two'

    store_id = Column('store_id', Integer, ForeignKey('store.id'), primary_key=True)
    product_id = Column('product_id', Integer, ForeignKey('product.id'), primary_key=True)
    units_sold = Column('units_sold', Integer, nullable=False)

    store = relation(Store)
    product = relation(Product)

But suppose you want to reduce the boilerplate in any case. I'd create generators local to the dimension classes which configure themselves on a fact table:

class Store(Base):
    __tablename__ = 'store'

    id = Column('id', Integer, primary_key=True)
    name = Column('name', String(50), nullable=False)

    @classmethod
    def add_dimension(cls, target):
        target.store_id = Column('store_id', Integer, ForeignKey('store.id'), primary_key=True)
        target.store = relation(cls)

in which case usage would be like:

class FactOne(Base):
    ...

Store.add_dimension(FactOne)

But, there's a problem with that. Assuming the dimension columns you're adding are primary key columns, the mapper configuration is going to fail since a class needs to have its primary keys set up before the mapping is set up. So assuming we're using declarative (which you'll see below has a nice effect), to make this approach work we'd have to use the instrument_declarative() function instead of the standard metaclass:

meta = MetaData()
registry = {}
def register_cls(*cls):
    for c in cls:
        instrument_declarative(c, registry, meta)

So then we'd do something along the lines of:

class Store(object):
    # ...

class FactOne(object):
    __tablename__ = 'sales_fact_one'

Store.add_dimension(FactOne)

register_cls(Store, FactOne)

If you actually have a good reason for custom join conditions, as long as there's some pattern to how those conditions are created, you can generate that with your add_dimension():

class Store(object):
    ...

    @classmethod
    def add_dimension(cls, target):
        target.store_id = Column('store_id', Integer, ForeignKey('store.id'), primary_key=True)
        target.store = relation(cls, primaryjoin=target.store_id==cls.id)

But the final cool thing if you're on 2.6, is to turn add_dimension into a class decorator. Here's an example with everything cleaned up:

from sqlalchemy import *
from sqlalchemy.ext.declarative import instrument_declarative
from sqlalchemy.orm import *

class BaseMeta(type):
    classes = set()
    def __init__(cls, classname, bases, dict_):
        klass = type.__init__(cls, classname, bases, dict_)
        if 'metadata' not in dict_:
            BaseMeta.classes.add(cls)
        return klass

class Base(object):
    __metaclass__ = BaseMeta
    metadata = MetaData()
    def __init__(self, **kw):
        for k in kw:
            setattr(self, k, kw[k])

    @classmethod
    def configure(cls, *klasses):
        registry = {}
        for c in BaseMeta.classes:
            instrument_declarative(c, registry, cls.metadata)

class Store(Base):
    __tablename__ = 'store'

    id = Column('id', Integer, primary_key=True)
    name = Column('name', String(50), nullable=False)

    @classmethod
    def dimension(cls, target):
        target.store_id = Column('store_id', Integer, ForeignKey('store.id'), primary_key=True)
        target.store = relation(cls)
        return target

class Product(Base):
    __tablename__ = 'product'

    id = Column('id', Integer, primary_key=True)
    name = Column('name', String(50), nullable=False)

    @classmethod
    def dimension(cls, target):
        target.product_id = Column('product_id', Integer, ForeignKey('product.id'), primary_key=True)
        target.product = relation(cls)
        return target

@Store.dimension
@Product.dimension
class FactOne(Base):
    __tablename__ = 'sales_fact_one'

    units_sold = Column('units_sold', Integer, nullable=False)

@Store.dimension
@Product.dimension
class FactTwo(Base):
    __tablename__ = 'sales_fact_two'

    units_sold = Column('units_sold', Integer, nullable=False)

Base.configure()

if __name__ == '__main__':
    engine = create_engine('sqlite://', echo=True)
    Base.metadata.create_all(engine)

    sess = sessionmaker(engine)()

    sess.add(FactOne(store=Store(name='s1'), product=Product(name='p1'), units_sold=27))
    sess.commit()

Best Answer

Related Solutions

Python – Authenticating against active directory using python + ldap

Sql – Star schema in SQLAlchethe

Related Topic