node-activedirectory icon indicating copy to clipboard operation
node-activedirectory copied to clipboard

Published 20 hours ago verified publisher icon gheeres

LDAPS failed on ECONNRESET

Open tarakeshp opened this issue 6 years ago • 2 comments

I am trying to connect over ldaps ... 636 port with a self signed cert. However during authentication, tls throws the following error

"code": "ECONNRESET", "name": "Error", "message": "read ECONNRESET", "stack": "Error: read ECONNRESET\n at _errnoException (util.js:992:11)\n at TLSWrap.onread (net.js:618:25)"

This is how I am activedirectory client config is intialized const Config = require("./src/config"); const ActiveDirectory = require('activedirectory'); const fs = require('fs');

let adConfig = { url: Config.activeDirectory.url, baseDN: Config.activeDirectory.baseDN, username: Config.activeDirectory.username, password: Config.activeDirectory.password, attributes: Config.activeDirectory.attributes };

let isSecure = () => { const a = Config.activeDirectory.url.split('//') return (a[0].substr(0, a[0].length - 1).toLowerCase() === "ldaps") ? true : false }

if (isSecure() && !Config.activeDirectory.ssl) { throw "SSL information not found for secure ldap"; } else { console.log("Uses ldaps"); }

console.log("Connecting to active directory using following configuration..", JSON.stringify(adConfig, undefined, 1));

if (isSecure()) { adConfig.tlsOptions = { rejectUnauthorized: true, // key : fs.readFileSync(Config.ssl.key), // cert : fs.readFileSync(Config.ssl.cert), ca: [fs.readFileSync(Config.ssl.crt)] } }

tarakeshp avatar Oct 17 '18 06:10 tarakeshp

@tarakeshp , I am seeing the same issue. Were you able to find a solution to this problem?

achawla5000 avatar Nov 19 '18 15:11 achawla5000

Not sure if this will help but I think your issue just might be the use of the self-signed certificate. In order for the self-signed cert to work properly from a client you it must be able to resolve the DNS name in the cert or it won't facilitate an SSL connection. Have you tried using a regular SSL cert or testing the connection using regular LDAP port 389 temporarily to verify that there is no issue with your code. Just a thought but usually when I see this kinds of issues with self-signed certs its related to the name in the cert not matching the server its connecting to (and connecting via the IP address will definitely count as a non-match). Good luck and let us know if you have any success.

tfrancois avatar Feb 01 '19 09:02 tfrancois