search

ldapjs / node-ldapjs

LDAP Client and Server API for node.js
http://ldapjs.org
MIT License
1.61k stars 439 forks source link

Bind error #878

Open jor6e opened 1 year ago

jor6e commented 1 year ago

With the last major version (2.x.x), the error property in bind funtion was more complete, why not in 3?

For example, the error 49 has suberrors, I would like to know the suberrors with version 3.

I refer to this: https://community.bmc.com/s/article/How-to-understand-LDAP-Error-Codes

For example, error code 49, error subcode 525, 52e, etc.

jsumners commented 1 year ago

Can you please provide examples of error messages you are talking about? I do not understand the issue.

jor6e commented 1 year ago

Sorry, I think it is not an error, or maybe yes.

v2.x.x. bind error response: LDAPError [InvalidCredentialsError]: 80090308: LdapErr: DSID-0C090447, comment: AcceptSecurityContext error, data 533, v3839

v3.x.x. bind error response LDAPError [InvalidCredentialsError]: Invalid Credentials

As you can check, the error description in v3 is less complete than v2.

Thanks.

jsumners commented 1 year ago

Please provide the full stack trace for the errors instead of just the message property.

jor6e commented 1 year ago

v3

LDAPError [InvalidCredentialsError]: Invalid Credentials
    at messageCallback (C:\Users\username\Desktop\my-project\node_modules\ldapjs\lib\client\client.js:1261:45)
    at Parser.onMessage (C:\Users\username\Desktop\my-project\node_modules\ldapjs\lib\client\client.js:919:14)
    at Parser.emit (node:events:527:28)
    at Parser.write (C:\Users\username\Desktop\my-project\node_modules\ldapjs\lib\messages\parser.js:135:8)
    at TLSSocket.onData (C:\Users\username\Desktop\my-project\node_modules\ldapjs\lib\client\client.js:875:22)
    at TLSSocket.emit (node:events:527:28)
    at addChunk (node:internal/streams/readable:315:12)
    at readableAddChunk (node:internal/streams/readable:289:9)
    at TLSSocket.Readable.push (node:internal/streams/readable:228:10)
    at TLSWrap.onStreamRead (node:internal/stream_base_commons:190:23) {
  lde_message: 'Invalid Credentials',
  lde_dn: null
}

v2

LDAPError [InvalidCredentialsError]: 80090308: LdapErr: DSID-0C090447, comment: AcceptSecurityContext error, data 533, v3839
    at messageCallback (C:\Users\username\Desktop\my-project\node_modules\ldapjs\lib\client\client.js:1220:45)
    at Parser.onMessage (C:\Users\username\Desktop\my-project\node_modules\ldapjs\lib\client\client.js:888:14)
    at Parser.emit (node:events:527:28)
    at Parser.write (C:\Users\username\Desktop\my-project\node_modules\ldapjs\lib\messages\parser.js:107:8)
    at TLSSocket.onData (C:\Users\username\Desktop\my-project\node_modules\ldapjs\lib\client\client.js:875:22)
    at TLSSocket.emit (node:events:527:28)
    at addChunk (node:internal/streams/readable:315:12)
    at readableAddChunk (node:internal/streams/readable:289:9)
    at TLSSocket.Readable.push (node:internal/streams/readable:228:10)
    at TLSWrap.onStreamRead (node:internal/stream_base_commons:190:23) {
  lde_message: '80090308: LdapErr: DSID-0C090447, comment: AcceptSecurityContext error, data 533, v3839\x00',
  lde_dn: null
}
classmatewu commented 1 year ago

I also met this error code: InvalidCredentialsError with the same stack trace today, but my bind dn and bind password is also right. what is the meaning of this code and under what circumstances may it appear?

jsumners commented 1 year ago

Please file a different issue if you think binding is not working correctly. This issue is about the information in the error.

jsumners commented 1 year ago

Regarding this actual issue: I am not ignoring it. To diagnose how the difference occurs will require running through a test case on both v2 and v3 with a debugger to inspect what happens where. It will take me some time to get to it. If anyone wants to provide such an analysis, that'd be great.

bladerunner2020 commented 1 year ago

This is really important. v2.3.x: InvalidcredentialsError: 80090308: LdapErr: DSID-OC090447, comment: AcceptSecurityContext error, data 532... v3.0.3: {Invalid Credentials} (code: 49, name: InvalidCredentialsError)

data 532 - means that the password is expired, while code 49 gives no clues what's wrong.

I am afraid but I think we will need to downgrade as it is very difficult to troubleshoot errors in v3.

jsumners commented 1 year ago

It seems it isn't important enough for you to contribute anything useful to the conversation nor a solution.

bladerunner2020 commented 1 year ago

As soon as we get more data I will share our analysis. We modified our code to be able to use v2 and v3 based on an environment variable. Invalid credentials error looks the same on both versions. Unfortunately we can't test right now with expired password error, where we saw the difference in the past.