Attempt a login. Can be whatever, either a correct user login or false one
See in the server output an uncaught exception has been thrown
info --- config file - /app/conf/verdaccio.local.yaml
info --- plugin successfully loaded: @verdaccio/active-directory
info --- plugin successfully loaded: verdaccio-audit
warn --- http address - http://0.0.0.0:4873/ - verdaccio/5.27.0
info <-- <ip> requested 'POST /-/verdaccio/sec/login'
http <-- 200, user: null(<ip>), req: 'POST /-/verdaccio/sec/login', bytes: 60/0
fatal--- uncaught exception, please report this
TypeError: log.trace is not a function
at Client._sendSocket (/app/node_modules/ldapjs/lib/client/client.js:1275:7)
at Client._send (/app/node_modules/ldapjs/lib/client/client.js:1156:17)
at Client.bind (/app/node_modules/ldapjs/lib/client/client.js:298:15)
at Object.bindBypass [as bind] (/app/node_modules/ldapjs/lib/client/client.js:930:21)
at /app/node_modules/ldapjs/lib/client/client.js:155:11
at func (/app/node_modules/ldapjs/lib/client/client.js:942:9)
at Array.<anonymous> (/app/node_modules/vasync/lib/vasync.js:209:13)
at waterfall_impl (/app/node_modules/vasync/lib/vasync.js:888:11)
at pipeline (/app/node_modules/vasync/lib/vasync.js:168:10)
at Object.forEachPipeline (/app/node_modules/vasync/lib/vasync.js:213:10)
Expected behavior
When logging in i expect the application to log me in or not based on the correctness of the credentials
Screenshots
Docker || Kubernetes (please complete the following information):
Docker verdaccio tag: Custom docker image with node:lts-alpine and installing verdaccio via npm
# Look here for more config file examples:
# https://github.com/verdaccio/verdaccio/tree/master/conf
# path to a directory with all packages
storage: ../storage
auth:
"@verdaccio/active-directory":
url: "ldaps://mydomaincontrollerhost"
baseDN: "DC=mydomain"
domainSuffix: "mydomain"
user: "myuser"
password: "mypassword"
extendedUsersFile: ./htpasswd
# a list of other known repositories we can talk to
uplinks:
npmjs:
url: https://registry.npmjs.org/
packages:
'@mycompany/*':
access: $authenticated
publish: $authenticated
'@*/*':
# scoped packages
access: $all
proxy: npmjs
'**':
# allow all users (including non-authenticated users) to read and
# publish all packages
#
# you can specify usernames/groupnames (depending on your auth plugin)
# and three keywords: "$all", "$anonymous", "$authenticated"
access: $all
# if package is not available locally, proxy requests to 'npmjs' registry
proxy: npmjs
# log settings
log: {type: stdout, format: pretty, level: http}
middlewares:
audit:
enabled: true
strict_ssl: true
Debugging output
$ NODE_DEBUG=request DEBUG=express:* NODE_OPTIONS=--use-openssl-ca node_modules/verdaccio/bin/verdaccio --config ./conf/verdaccio.local.yaml --listen 0.0.0.0:4873 gave me this result from when i tried logging in
Mon, 27 Nov 2023 06:09:14 GMT express:router dispatching POST /-/verdaccio/sec/login
Mon, 27 Nov 2023 06:09:14 GMT express:router query : /-/verdaccio/sec/login
Mon, 27 Nov 2023 06:09:14 GMT express:router expressInit : /-/verdaccio/sec/login
Mon, 27 Nov 2023 06:09:14 GMT express:router corsMiddleware : /-/verdaccio/sec/login
Mon, 27 Nov 2023 06:09:14 GMT express:router log : /-/verdaccio/sec/login
Mon, 27 Nov 2023 06:09:14 GMT express:router errorReportingMiddleware : /-/verdaccio/sec/login
Mon, 27 Nov 2023 06:09:14 GMT express:router <anonymous> : /-/verdaccio/sec/login
Mon, 27 Nov 2023 06:09:14 GMT express:router compression : /-/verdaccio/sec/login
Mon, 27 Nov 2023 06:09:14 GMT express:router router : /-/verdaccio/sec/login
Mon, 27 Nov 2023 06:09:14 GMT express:router dispatching POST /-/verdaccio/sec/login
Mon, 27 Nov 2023 06:09:14 GMT express:router <anonymous> : /-/verdaccio/sec/login
Mon, 27 Nov 2023 06:09:14 GMT express:router jsonParser : /-/verdaccio/sec/login
Mon, 27 Nov 2023 06:09:14 GMT express:router <anonymous> : /-/verdaccio/sec/login
Mon, 27 Nov 2023 06:09:14 GMT express:router encodeScopePackage : /-/verdaccio/sec/login
Mon, 27 Nov 2023 06:09:14 GMT express:router router : /-/verdaccio/sec/login
Mon, 27 Nov 2023 06:09:14 GMT express:router dispatching POST /-/verdaccio/sec/login
Mon, 27 Nov 2023 06:09:14 GMT express:router <anonymous> : /-/verdaccio/sec/login
Mon, 27 Nov 2023 06:09:14 GMT express:router router : /-/verdaccio/sec/login
Mon, 27 Nov 2023 06:09:14 GMT express:router dispatching POST /-/verdaccio/sec/login
Mon, 27 Nov 2023 06:09:14 GMT express:router <anonymous> : /-/verdaccio/sec/login
Mon, 27 Nov 2023 06:09:14 GMT express:router setSecurityWebHeaders : /-/verdaccio/sec/login
Mon, 27 Nov 2023 06:09:14 GMT express:router router : /-/verdaccio/sec/login
Mon, 27 Nov 2023 06:09:14 GMT express:router dispatching POST /-/verdaccio/sec/login
Mon, 27 Nov 2023 06:09:14 GMT express:router setSecurityWebHeaders : /-/verdaccio/sec/login
Mon, 27 Nov 2023 06:09:14 GMT express:router router : /-/verdaccio/sec/login
Mon, 27 Nov 2023 06:09:14 GMT express:router dispatching POST /-/verdaccio/sec/login
Mon, 27 Nov 2023 06:09:14 GMT express:router rateLimit : /-/verdaccio/sec/login
info <-- <ip> requested 'POST /-/verdaccio/sec/login'
http <-- 200, user: null(<ip>), req: 'POST /-/verdaccio/sec/login', bytes: 60/0
fatal--- uncaught exception, please report this
TypeError: log.trace is not a function
at Client._sendSocket (/app/node_modules/ldapjs/lib/client/client.js:1275:7)
at Client._send (/app/node_modules/ldapjs/lib/client/client.js:1156:17)
at Client.bind (/app/node_modules/ldapjs/lib/client/client.js:298:15)
at Object.bindBypass [as bind] (/app/node_modules/ldapjs/lib/client/client.js:930:21)
at /app/node_modules/ldapjs/lib/client/client.js:155:11
at func (/app/node_modules/ldapjs/lib/client/client.js:942:9)
at Array.<anonymous> (/app/node_modules/vasync/lib/vasync.js:209:13)
at waterfall_impl (/app/node_modules/vasync/lib/vasync.js:888:11)
at pipeline (/app/node_modules/vasync/lib/vasync.js:168:10)
at Object.forEachPipeline (/app/node_modules/vasync/lib/vasync.js:213:10)
$ npm -ddd prints:
npm verb cli /usr/local/bin/node /usr/local/bin/npm
npm info using npm@10.2.3
npm info using node@v20.10.0
npm verb title npm
npm verb argv "--loglevel" "silly"
npm verb logfile logs-max:10 dir:/home/node/.npm/_logs/2023-11-27T06_11_08_713Z-
npm verb logfile /home/node/.npm/_logs/2023-11-27T06_11_08_713Z-debug-0.log
Using verdaccio-activedirectory works fine. On a quick look it looks like verdaccio-activedirectory is using activedirectory while @verdaccio/active-directory is using activedirectory2
juanpicado
commented
6 months ago
Describe the bug When trying to log in with an ldap user on verdaccio, the program crashes because on an uncaught exception.
To Reproduce Steps to reproduce the behavior:
@verdaccio/active-directoryExpected behavior When logging in i expect the application to log me in or not based on the correctness of the credentials
Screenshots
Docker || Kubernetes (please complete the following information):
Configuration File (cat ~/.config/verdaccio/config.yaml)
Debugging output
$ NODE_DEBUG=request DEBUG=express:* NODE_OPTIONS=--use-openssl-ca node_modules/verdaccio/bin/verdaccio --config ./conf/verdaccio.local.yaml --listen 0.0.0.0:4873gave me this result from when i tried logging in$ npm -dddprints:$ npm config get registryprints:Additional context Package versions: @verdaccio/active-directory@10.2.1 verdaccio-audit@10.2.4 verdaccio@5.27.0
Using
verdaccio-activedirectoryworks fine. On a quick look it looks likeverdaccio-activedirectoryis usingactivedirectorywhile@verdaccio/active-directoryis usingactivedirectory2