{"id":18347,"library":"express-ntlm","title":"express-ntlm","description":"Express middleware for NTLM authentication in Node.js. Current stable version 2.7.0. Maintained as of 2023. It provides NTLM authentication for Express apps, supporting both NTLMv1 and NTLMv2, with optional LDAP validation. Compared to alternatives like passport-ntlm, express-ntlm is simpler and does not require Passport.js. It handles NTLM negotiation, extracts user info (username, domain, workstation), and can validate against Active Directory via LDAP. Known issues with proxies and multiple users on same connection.","status":"active","version":"2.7.0","language":"javascript","source_language":"en","source_url":"git://github.com/einfallstoll/express-ntlm","tags":["javascript","express","ntlm","ldap","authentication"],"install":[{"cmd":"npm install express-ntlm","lang":"bash","label":"npm"},{"cmd":"yarn add express-ntlm","lang":"bash","label":"yarn"},{"cmd":"pnpm add express-ntlm","lang":"bash","label":"pnpm"}],"dependencies":[],"imports":[{"note":"The module exports a single function. Use with Express middleware.","symbol":"default","correct":"const ntlm = require('express-ntlm');"},{"note":"ESM import works if package.json has 'type': 'module' or using .mjs.","wrong":"import ntlm from 'express-ntlm';\n// use with ES module imports (if your project uses type: module)","symbol":"default","correct":"import ntlm from 'express-ntlm';"},{"note":"The middleware requires an options object. At minimum, domain and domaincontroller are required for validation.","wrong":"app.use(ntlm); // missing options","symbol":"ntlm (as middleware)","correct":"app.use(ntlm({ domain: 'DOMAIN', domaincontroller: 'ldap://dc.example.com' }));"}],"quickstart":{"code":"const express = require('express');\nconst ntlm = require('express-ntlm');\n\nconst app = express();\n\n// NTLM authentication middleware\napp.use(ntlm({\n  debug: (...args) => console.log(...args),\n  domain: 'MYDOMAIN',\n  domaincontroller: 'ldap://myad.example',\n}));\n\napp.all('*', (req, res) => {\n  res.end(JSON.stringify(req.ntlm));\n});\n\napp.listen(3000, () => console.log('Server running on port 3000'));","lang":"javascript","description":"Sets up an Express server with NTLM authentication middleware, requiring LDAP domain controller."},"warnings":[{"fix":"Update property names in your code from req.ntlm.username to req.ntlm.UserName, etc.","message":"Upgrading from v1.0: The fields for username, domain and workstation have different names: `UserName`, `DomainName`, `Workstation`.","severity":"breaking","affected_versions":">=1.0.0 <2.0.0"},{"fix":"Use connection-pinning (e.g., nginx ip_hash) or custom reverse proxy with session sharing.","message":"NTLM authenticates the TCP connection, not HTTP session. Behind a reverse proxy, multiple users may share the same connection, causing user mixup.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Always provide a domaincontroller for LDAP validation in production.","message":"Without validation (no domaincontroller), the middleware will accept any NTLM response, including fake ones. Security risk.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Use the standard middleware options; NTLM_No_Proxy is removed.","message":"Old method for NTLM without proxy (NTLM_No_Proxy) is deprecated; use the standard options.","severity":"deprecated","affected_versions":">=2.5.0"}],"env_vars":null,"last_verified":"2026-04-25T00:00:00.000Z","next_check":"2026-07-24T00:00:00.000Z","problems":[{"fix":"Ensure the client sends proper NTLM authentication; verify network setup and proxy configuration.","cause":"The module could not extract NTLM type 2 or type 3 messages; often due to malformed NTLM headers.","error":"TypeError: Cannot read property 'authenticate' of null"},{"fix":"Check LDAP server availability, firewall rules, and domaincontroller URL.","cause":"LDAP connection refused; domaincontroller host/port unreachable.","error":"Error: connect ECONNREFUSED <ldap-server>:389"},{"fix":"Update to latest version (2.6.1+); if persists, check client NTLM version support.","cause":"The module failed to create an NTLM type 2 challenge.","error":"Error: NTLM type 2 message generation failed"}],"ecosystem":"npm","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}