node-ldapjs icon indicating copy to clipboard operation
node-ldapjs copied to clipboard

Published 20 hours ago verified publisher icon ldapjs

Bind error

Open jor6e opened this issue 1 year ago • 10 comments

With the last major version (2.x.x), the error property in bind funtion was more complete, why not in 3?

For example, the error 49 has suberrors, I would like to know the suberrors with version 3.

I refer to this: https://community.bmc.com/s/article/How-to-understand-LDAP-Error-Codes

For example, error code 49, error subcode 525, 52e, etc.

jor6e avatar Apr 28 '23 09:04 jor6e

Can you please provide examples of error messages you are talking about? I do not understand the issue.

jsumners avatar Apr 28 '23 11:04 jsumners

Sorry, I think it is not an error, or maybe yes.

v2.x.x. bind error response: LDAPError [InvalidCredentialsError]: 80090308: LdapErr: DSID-0C090447, comment: AcceptSecurityContext error, data 533, v3839

v3.x.x. bind error response LDAPError [InvalidCredentialsError]: Invalid Credentials

As you can check, the error description in v3 is less complete than v2.

Thanks.

jor6e avatar Apr 28 '23 11:04 jor6e

Please provide the full stack trace for the errors instead of just the message property.

jsumners avatar Apr 28 '23 11:04 jsumners

v3

LDAPError [InvalidCredentialsError]: Invalid Credentials
    at messageCallback (C:\Users\username\Desktop\my-project\node_modules\ldapjs\lib\client\client.js:1261:45)
    at Parser.onMessage (C:\Users\username\Desktop\my-project\node_modules\ldapjs\lib\client\client.js:919:14)
    at Parser.emit (node:events:527:28)
    at Parser.write (C:\Users\username\Desktop\my-project\node_modules\ldapjs\lib\messages\parser.js:135:8)
    at TLSSocket.onData (C:\Users\username\Desktop\my-project\node_modules\ldapjs\lib\client\client.js:875:22)
    at TLSSocket.emit (node:events:527:28)
    at addChunk (node:internal/streams/readable:315:12)
    at readableAddChunk (node:internal/streams/readable:289:9)
    at TLSSocket.Readable.push (node:internal/streams/readable:228:10)
    at TLSWrap.onStreamRead (node:internal/stream_base_commons:190:23) {
  lde_message: 'Invalid Credentials',
  lde_dn: null
}

v2

LDAPError [InvalidCredentialsError]: 80090308: LdapErr: DSID-0C090447, comment: AcceptSecurityContext error, data 533, v3839
    at messageCallback (C:\Users\username\Desktop\my-project\node_modules\ldapjs\lib\client\client.js:1220:45)
    at Parser.onMessage (C:\Users\username\Desktop\my-project\node_modules\ldapjs\lib\client\client.js:888:14)
    at Parser.emit (node:events:527:28)
    at Parser.write (C:\Users\username\Desktop\my-project\node_modules\ldapjs\lib\messages\parser.js:107:8)
    at TLSSocket.onData (C:\Users\username\Desktop\my-project\node_modules\ldapjs\lib\client\client.js:875:22)
    at TLSSocket.emit (node:events:527:28)
    at addChunk (node:internal/streams/readable:315:12)
    at readableAddChunk (node:internal/streams/readable:289:9)
    at TLSSocket.Readable.push (node:internal/streams/readable:228:10)
    at TLSWrap.onStreamRead (node:internal/stream_base_commons:190:23) {
  lde_message: '80090308: LdapErr: DSID-0C090447, comment: AcceptSecurityContext error, data 533, v3839\x00',
  lde_dn: null
}

jor6e avatar Apr 28 '23 12:04 jor6e

I also met this error code: InvalidCredentialsError with the same stack trace today, but my bind dn and bind password is also right. what is the meaning of this code and under what circumstances may it appear?

classmatewu avatar May 08 '23 12:05 classmatewu

Please file a different issue if you think binding is not working correctly. This issue is about the information in the error.

jsumners avatar May 08 '23 12:05 jsumners

Regarding this actual issue: I am not ignoring it. To diagnose how the difference occurs will require running through a test case on both v2 and v3 with a debugger to inspect what happens where. It will take me some time to get to it. If anyone wants to provide such an analysis, that'd be great.

jsumners avatar May 08 '23 12:05 jsumners

This is really important. v2.3.x: InvalidcredentialsError: 80090308: LdapErr: DSID-OC090447, comment: AcceptSecurityContext error, data 532... v3.0.3: {Invalid Credentials} (code: 49, name: InvalidCredentialsError)

data 532 - means that the password is expired, while code 49 gives no clues what's wrong.

I am afraid but I think we will need to downgrade as it is very difficult to troubleshoot errors in v3.

bladerunner2020 avatar Jul 20 '23 14:07 bladerunner2020

It seems it isn't important enough for you to contribute anything useful to the conversation nor a solution.

jsumners avatar Jul 20 '23 15:07 jsumners

As soon as we get more data I will share our analysis. We modified our code to be able to use v2 and v3 based on an environment variable. Invalid credentials error looks the same on both versions. Unfortunately we can't test right now with expired password error, where we saw the difference in the past.

bladerunner2020 avatar Jul 23 '23 15:07 bladerunner2020