search

jjhoughton / napi-ldap

MIT License
7 stars 5 forks source link

When STARTTLS is required, the implicit anonymous bind does not work #12

Open dilyanpalauzov opened 3 years ago

dilyanpalauzov commented 3 years ago

My understanding is, that first of all napi-ldap does anonymous bind and then tries regular (SASL/SIMPLE) bind. For ldap servers configured over port 389, which require STARTTLS before anything else, the anonymous implicit bind fails with “Confidentiality required”. With

client = new ldap({...
  connect() {
        console.log('ABC')
        this.starttls(x => {if (x && x.message != 'Success') console.error('STARTTLS failure 1', x)})
        this.bind({binddn, password}, x => {
            if (x && x.message != 'Success') console.error('BIND ERROR 1', x)
        })
  },
    }, function (err) {
            console.log('DEF')
        if (err) console.log('CONNECT ERR', err.message, err)
        client.starttls(x => {if (x && x.message != 'Success') console.error('STARTTLS failure 2', x.message)})
        client.bind({binddn, password}, x => {
        if (x && x.message != 'Success') console.error('BIND ERROR 2', x)
        })
       }
})

The output is:

ABC DEF CONNECT ERR undefined Confidentiality required INIT Confidentiality required BIND ERROR 2 Confidentiality required

dilyanpalauzov commented 3 years ago

After trying everything possible, I come to the conclusion that napi-ldap cannot be used, when the server enforces STARTTLS over ldap:// . napi-ldap can be used, when the protocol is ldaps:// .