Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ldapauth-fork says "no such user" even when LDAP server console says that entries were found #104

Open
bk-m opened this issue Sep 9, 2022 · 0 comments
Open

ldapauth-fork says "no such user" even when LDAP server console says that entries were found #104

bk-m opened this issue Sep 9, 2022 · 0 comments

Comments

@bk-m
Copy link

bk-m commented Sep 9, 2022

I have a OpenLDAP server running locally. When I try to authenticate a user with ldapauth-fork it reports no such user: "my-username" even though the OpenLDAP console reports 1 entry found.

container-name  | [...] ACCEPT from IP=XXX.XXX.XXX.XXX:XXXXX (IP=0.0.0.0:1389)
container-name  | [...] ACCEPT from IP=XXX.XXX.XXX.XXX:XXXXX (IP=0.0.0.0:1389)
container-name  | [...] BIND dn="cn=admin,dc=local,dc=ldap,dc=dev" method=128
container-name  | [...] BIND dn="cn=admin,dc=local,dc=ldap,dc=dev" mech=SIMPLE bind_ssf=0 ssf=0
container-name  | [...] RESULT tag=97 err=0 qtime=0.000015 etime=0.000148 text=
container-name  | [...] SRCH base="dc=local,dc=ldap,dc=dev" scope=2 deref=0 filter="(&(objectClass=inetOrgPerson)(uid=my-username))"
container-name  | [...] SEARCH RESULT tag=101 err=0 qtime=0.000015 etime=0.000245 nentries=1 text=

If I manually run the search in Apache Directory Studio with the same arguments that I pass to the LdapAuth constructor, it correctly finds the user.
When I intentionally pass a wrong username (one that doesn't exist in LDAP) to authenticate(), both ldapauth-fork and OpenLDAP will correctly report "no such user" and nentries=0 respectively.

I'm running this image for my local OpenLDAP server. https://hub.docker.com/r/bitnami/openldap/ (tag: 2.6.3)

During debugging it seemed like my app never got to this code from ldapauth-fork:

var items = [];
searchResult.on('searchEntry', function (entry) {
  items.push(entry.object);
  if (self.opts.includeRaw === true) {
    items[items.length - 1]._raw = entry.raw;
  }
});

When I followed the Debugger all the way down to ldapjs's code it looked like ldapjs did find the entity it was supposed to but somehow that entity never made it back to my code.

My code:

import LdapAuth from "ldapauth-fork";

const opts: LdapAuth.Options = {
  url: "ldap://localhost:1389",
  bindDN: "cn=admin,dc=local,dc=ldap,dc=dev",
  bindCredentials: "admin",
  searchBase: "dc=local,dc=ldap,dc=dev",
  searchFilter: "(&(objectClass=inetOrgPerson)(uid={{username}}))",
};

const ldapAuth = new LdapAuth(opts);

try {
  ldapAuth.authenticate(
    "my-username",
    "my-password",
    (err, user) => {
      if (err) {
        // prints `no such user: "my-username"`
        console.log(err);
      }
      return user;
    }
  );
} finally {
    ldapAuth.close();
}

I'm certainly not an LDAP expert so it's entirely possible that I'm doing something wrong, I just don't know what.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bk-m