I try to implement ntlm to ensure a user is in a certain ActiveDirectory-group in order to know if he's allowed to view the content or not. He should not have to login himself in if he has a user account which is in the ActiveDirectory. I'm new to ntlm but I guess the whole thing is exactly about that.
I have a node.js backend with an express server. For ntlm I use the package express-ntlm. The code in the backend looks like this:
app.use(ntlm({
domain: `${LDAP_DOMAIN}`,
domaincontroller: `ldaps://${LDAP_USER}:${LDAP_PASSWORD}@${LDAP_HOST}`,
}))
If I now try to access the endpoint the console logs
[express-ntlm] No Authorization header present
I guess I have to do something on the client side but I cannot imagine that I need to provide the username by myself (for security reasons). The request that I make from the frontend (react) looks like this:
So what am I doing wrong and why can't I check the user against the AD?
(I know it isn't a very specific question and this should not be done here but I don't how to be more specific because I'm new to ntlm/ldap/AD.)
Any ideas or responses are appreciated. Many thanks!