LDAP and Windows AD · lmenezes/cerebro#392

(1 comment) (0 reactions) (0 assignees)JavaScript (5,411 stars) (721 forks)batch import

bughelp wanted

Description

I have LDAP working with Windows AD using mail as user-attr.

Recently I changed mail address in Windows user accounts and now they cannot access Cerebro using LDAP. They get a user/password error.

After doing some tests I found that Cerebro LDAP (using mail as user attribute) only works if mail and UPN attributes matches in AD. Another combination fails to authenticate.

This is the actual configuration I use: type: ldap method = "simple" user-template = "%s" user-attr = "mail"

Could it be an issue with Cerebro LDAP config?

Thanks.

Contributor guide

Tech stack: javascriptnodejs
Domain: backendauthentication
Issue type: bug
Difficulty: 3
Estimated time: 1-2 days
Activity status: stale
Clarity: mostly clear
Prerequisites: LDAP basicsWindows Active DirectoryCerebro authentication config
Newbie friendliness: 35
Research direction: Investigate the LDAP authentication module in the Cerebro source code, specifically how user attr and user template are used to construct the bind DN. The issue suggests a mismatch when mail and UPN differ, so check if the code assumes they are identical. Look for the search filter and binding logic in files like server/authentication/ldap.js. Consider testing with a Windows AD environment where mail and UPN are different to confirm the bug. Then propose a fix that uses the specified user attr consistently for authentication.