node-ldapjs icon indicating copy to clipboard operation
node-ldapjs copied to clipboard

Published 20 hours ago verified publisher icon ldapjs

Question: How to return error if user is not found?

Open prasadgavande opened this issue 3 years ago • 2 comments

I am trying to implement functionality where I can login with openldap.

Below are my steps for login

  1. Get username and password from web form (ejs)
  2. find user using search API of ldapjs: http://ldapjs.org/client.html#search
  3. if user found then use bind API to authenticate: http://ldapjs.org/client.html#bind

This is working fine, but I also need to add exception if search fails at step 2, i.e. if user is not found

How can I add exception where I will know if search fails and user it not there in ldap?

Below is my controller function for login


 exports.postLogin = (req, postResponse, next) => {

    const username = 'cn=' + req.body.username + ',' + process.env.DN;
    const password = req.body.password;

    const opts = {
        filter: '(cn=' + req.body.username + ')',
        scope: 'sub'
    };

    ldapClient.search(process.env.DN, opts, (err, res) => {
       assert.ifError(err);

      

            res.on('searchEntry', (entry) => {
                //once user is found, then authenticate
                ldapClient.bind(
                    username,
                    password,
                    (err, response) => {
                        if (err) {

                            req.flash('error', 'Cannot authenticate: ', err.lde_message);
                            return postResponse.redirect('/user/login');
                        }
                        else {

                            req.session.user = req.body.username;
                           
                            postResponse.redirect('/dashboard');

                        }
                    });
            });
         
            res.on('error', (err) => {
                console.error('error: ' + err.message);
            });

        
            res.on('end', (result) => {
                console.log('status: ' + result.status);

            });
        
    });
}

prasadgavande avatar May 25 '21 13:05 prasadgavande

I would check if searchEntry has been called in end and if it hasn't there are no entries.

UziTech avatar May 25 '21 14:05 UziTech

You should attempt the bind after the search has completed, not upon receiving the first entry. After the search has ended, you should have an array of search results. If that array has zero items, then you cannot attempt the bind as the found user and can return an error.

An example of such logic can be seen in https://github.com/jsumners/adldap/blob/6dcd35ad560dae7a5f0b8e9486890d42a628042c/lib/client/authenticate.js

jsumners avatar May 25 '21 19:05 jsumners

👋

On February 22, 2023, we released version 3 of this library. As a result, we are closing this issue/pull request.

Please see issue #839 for more information, including how to proceed if you feel this closure is in error.

jsumners avatar Feb 22 '23 19:02 jsumners