search

vesse / node-ldapauth-fork

Simple node.js module to authenticate against an LDAP server
Other
127 stars 79 forks source link

ldapauth-fork says "no such user" even when LDAP server console says that entries were found #104

Open bk-m opened 2 years ago

bk-m commented 2 years ago

I have a OpenLDAP server running locally. When I try to authenticate a user with ldapauth-fork it reports no such user: "my-username" even though the OpenLDAP console reports 1 entry found.

container-name  | [...] ACCEPT from IP=XXX.XXX.XXX.XXX:XXXXX (IP=0.0.0.0:1389)
container-name  | [...] ACCEPT from IP=XXX.XXX.XXX.XXX:XXXXX (IP=0.0.0.0:1389)
container-name  | [...] BIND dn="cn=admin,dc=local,dc=ldap,dc=dev" method=128
container-name  | [...] BIND dn="cn=admin,dc=local,dc=ldap,dc=dev" mech=SIMPLE bind_ssf=0 ssf=0
container-name  | [...] RESULT tag=97 err=0 qtime=0.000015 etime=0.000148 text=
container-name  | [...] SRCH base="dc=local,dc=ldap,dc=dev" scope=2 deref=0 filter="(&(objectClass=inetOrgPerson)(uid=my-username))"
container-name  | [...] SEARCH RESULT tag=101 err=0 qtime=0.000015 etime=0.000245 nentries=1 text=

If I manually run the search in Apache Directory Studio with the same arguments that I pass to the LdapAuth constructor, it correctly finds the user. When I intentionally pass a wrong username (one that doesn't exist in LDAP) to authenticate(), both ldapauth-fork and OpenLDAP will correctly report "no such user" and nentries=0 respectively.

I'm running this image for my local OpenLDAP server. https://hub.docker.com/r/bitnami/openldap/ (tag: 2.6.3)

During debugging it seemed like my app never got to this code from ldapauth-fork:

var items = [];
searchResult.on('searchEntry', function (entry) {
  items.push(entry.object);
  if (self.opts.includeRaw === true) {
    items[items.length - 1]._raw = entry.raw;
  }
});

When I followed the Debugger all the way down to ldapjs's code it looked like ldapjs did find the entity it was supposed to but somehow that entity never made it back to my code.

My code:

import LdapAuth from "ldapauth-fork";

const opts: LdapAuth.Options = {
  url: "ldap://localhost:1389",
  bindDN: "cn=admin,dc=local,dc=ldap,dc=dev",
  bindCredentials: "admin",
  searchBase: "dc=local,dc=ldap,dc=dev",
  searchFilter: "(&(objectClass=inetOrgPerson)(uid={{username}}))",
};

const ldapAuth = new LdapAuth(opts);

try {
  ldapAuth.authenticate(
    "my-username",
    "my-password",
    (err, user) => {
      if (err) {
        // prints `no such user: "my-username"`
        console.log(err);
      }
      return user;
    }
  );
} finally {
    ldapAuth.close();
}

I'm certainly not an LDAP expert so it's entirely possible that I'm doing something wrong, I just don't know what.