search

ORESoftware / ldap-pool

A simple NPM package for creating a pool of LDAP clients.
MIT License
3 stars 2 forks source link

Problems after pool being idle for a long time. #2

Open waglik opened 5 years ago

waglik commented 5 years ago

Hi.

I am investigating an issue with my service, and at this point my most probable guess is that LDAP pool loses data after being idle for a long time. Every morning after running idle over a night LDAP connection fails. I get anonymous bind exception despite the fact that all data are provided as env variables. Restarting container solves the issue that's why I am guessing it might be something related to being idle for few hours. Have you/anybody encounter something similar? What would be best way to verify/debug the issue?

thanks

Matt

ORESoftware commented 5 years ago

can you show the code you're using? And the error if there is one?

waglik commented 5 years ago

Hi

Yes. You can actually download our NPM package :

https://www.npmjs.com/package/@cscfi/commons

and check ldap.js file. We instantiate the class in a container at startup. I think error we get is when we call get_user_by_username method .

Error I get is

[[13:21:35.381]] [ERROR] InappropriateAuthenticationError: Anonymous Simple Bind Disabled.

  | at messageCallback (/opt/app-root/src/node_modules/ldapjs/lib/client/client.js:1419:45)   | at Parser.onMessage (/opt/app-root/src/node_modules/ldapjs/lib/client/client.js:1089:14)   | at emitOne (events.js:116:13)   | at Parser.emit (events.js:211:7)   | at Parser.write (/opt/app-root/src/node_modules/ldapjs/lib/messages/parser.js:111:8)   | at TLSSocket.onData (/opt/app-root/src/node_modules/ldapjs/lib/client/client.js:1076:22)   | at emitOne (events.js:116:13)   | at TLSSocket.emit (events.js:211:7)   | at addChunk (_stream_readable.js:263:12)   | at readableAddChunk (_stream_readable.js:250:11)   | [[13:21:35.381]] [ERROR]

ORESoftware commented 5 years ago

I looked at the code, looks ok. I think the problem is the LDAP server that you are connecting to. Perhaps you are connecting to a dev or test instance? Maybe only use the prod instance of their LDAP server?

check the dn/username/password. I am not an LDAP expert. I do know that this pool package helped us a lot, so stick with it.

waglik commented 5 years ago

Thanks for checking. I definitely want to stick to the lib as it is helpful indeed :)

I've checked with the sever and logs confirms that there is an attempt of anonymous bind. Reason why I think it's not LDAP is that it happens once after an idle time. After just one unsuccessful attempt it will recover and continue without problems for hours.