If all you need to do is prove that the given username and password are correct, then you don't always need a binding username and pwd in order to do a search. If you are not interested in the user's groups or name or other LDAP properties, you can just bind to the LDAP server using the user/pwd of the user you want to authenticate.
e.g. binding to LDAP://domainController1.acme.local:389 with a user/pwd will tell you if it is valid or not. This actually binds to the 'rootDSE' - the root of the directory and should always be readable by an authenticated user.
If the user/pwd is incorrect, you'll get an error. We do this using Java from Linux in a Microsoft Active Directory environment. Note that I have only tested it with Active Directory, but it should work for other LDAP providers.
Out of curiosity, I created a function by extracting the relevant bits from node-red-node-ldap which uses ldapjs to connect.
Here is the simple function...
const LDAP = global.get('ldapjs');
// The LDAP server or AD Domain Controller
// Would need to add additional options here to support LDAPs and cert validation etc
//
var client = LDAP.createClient({ url: 'LDAP://dc1.acme.local:389' });
// IMPORTANT - NEVER ALLOW A BLANK PASSWORD to be used as some LDAP providers will
// not return an error, but bind anonymously, returning 'success' which would
// be wrongly interpreted as the user having authenticated.
//
var username = "domain\\username";
var password = "pwd";
if(password.length === 0)
{
msg.payload = "Authentication failed - blank password";
return msg;
}
// Bind to the rootDSE to test the user's credentials...
//
client.bind(username, password, function(err)
{
if (err)
{
node.warn("Auth failed:" + err);
msg.payload = "Authentication failed";
}
else
{
msg.payload = "Authenticated";
}
node.send(msg);
});
Pre-reqs - you need to install ldapjs and add it as a module in your node-red settings.js. See the info here on how to add external modules.
Don't forget to install ldapjs (npm install ldapjs) from the right path (~/.node-red).
Here is what the settings.js file looks like for me:
functionGlobalContext: { ldapjs:require("ldapjs") },
You'd need to make it bulletproof and modify it use TLS and parse input messages, change output messages etc.
FYI, the other option is to modify an existing node to take the incoming 'user to authenticate' as the binding user, but this may not always work - it depends on the permissions that the authenticating user has within your LDAP directory, which is why a lot of these libraries ask for a 'binding service account' up-front.
Be interested to know if this works for you and what LDAP provider you have (AD?)
Regards...