alexandre-io / verdaccio-ldap Goto Github PK

LDAP auth plugin for verdaccio

License: MIT License

JavaScript 98.77% Dockerfile 1.23%

npm registry private-npm verdaccio ldap active-directory sinopia

verdaccio-ldap's Introduction

verdaccio-ldap

verdaccio-ldap is a fork of sinopia-ldap. It aims to keep backwards compatibility with sinopia, while keeping up with npm changes.

Installation

$ npm install verdaccio
$ npm install verdaccio-ldap

A detailed example of the verdaccio-ldap plugin + OpenLDAP server packed in Docker for v3 is available here and for v4 here.

Read a guide how to migrate from Verdaccio v3 to v4 using LDAP plugin.

Config

Add to your config.yaml:

auth:
  ldap:
    type: ldap
    # Only required if you are fetching groups that do not have a "cn" property. defaults to "cn"
    groupNameAttribute: "ou"
    # Optional, default false.
    cache:
      # max credentials to cache (default to 100 if cache is enabled)
      size: 100
      # cache expiration in seconds (default to 300 if cache is enabled)
      expire: 300
    client_options:
      url: "ldap://ldap.example.com"
      # Only required if you need auth to bind
      adminDn: "cn=admin,dc=example,dc=com"
      adminPassword: "admin"
      # Search base for users
      searchBase: "ou=People,dc=example,dc=com"
      searchFilter: "(uid={{username}})"
      # If you are using groups, this is also needed
      groupDnProperty: 'cn'
      groupSearchBase: 'ou=groups,dc=myorg,dc=com'
      # If you have memberOf support on your ldap
      searchAttributes: ['*', 'memberOf']
      # Else, if you don't (use one or the other):
      # groupSearchFilter: '(memberUid={{dn}})'
      # Optional
      reconnect: true

LDAP Admin Password

If you run this plugin in k8s, you may want to set password by env with secretRef. You can use LDAP_ADMIN_PASS to set ldap admin password, it will override the one in config.yaml.

For plugin writers

It's called as:

require('verdaccio-ldap')(config, stuff)

Where:

config - module's own config
stuff - collection of different internal verdaccio objects
- stuff.config - main config
- stuff.logger - logger

This should export two functions:

adduser(user, password, cb)

It should respond with:
- cb(err) in case of an error (error will be returned to user)
- cb(null, false) in case registration is disabled (next auth plugin will be executed)
- cb(null, true) in case user registered successfully
It's useful to set err.status property to set http status code (e.g. err.status = 403).
authenticate(user, password, cb)

It should respond with:
- cb(err) in case of a fatal error (error will be returned to user, keep those rare)
- cb(null, false) in case user not authenticated (next auth plugin will be executed)
- cb(null, [groups]) in case user is authenticated
Groups is an array of all users/usergroups this user has access to. You should probably include username itself here.

verdaccio-ldap's People

Contributors

Stargazers

Watchers

verdaccio-ldap's Issues

v.1.4.0 doesn't work

I've built docker with verdaccio-ldap: verdaccio/2.7.4 + [email protected]

as far as I can see from verdaccio trace, the very ldap auth is successfull, but the result is still „error: bad username/password, access denied“

looks like the very verdaccio miss interprets verdaccio-ldap results

verdaccio-ldap.error.log

Verdaccio generates lots of authentication requests to LDAP

and possibly crashes LDAP.

I'm currently investigating on an issue that causes our npm-registry stopped working.

On first sight, it's LDAP that stopped working, as you can see in this issue, it failed with too many open files error.

If we use yarn add <package>, then everything is fine, but if we use npm install, registry server is constantly requesting ldap server and finally at some point, ldap server crashes.

I had to restart ldap server twice to let npm install a package.

Possible reasons:

Registry server logs have a lot of warnings
```
warn --- basic authentication is deprecated, please use JWT instead
```
I'm thinking that if jwt is used, registry server need only one request to ldap server while login the user with npm adduser (maybe).
I have cache: True set in ldap settings (it was False, I'm testing with True), maybe it's not working.
Our OpenLDAP server is too weak to handle that many requests(config issue).

Plugin throws errors during user authentication

warn --- the plugin method add_user in the auth plugin is deprecated and will be removed in next major release, notify to the plugin author
 warn --- the plugin method add_user in the auth plugin is deprecated and will be removed in next major release, notify to the plugin author
 error--- the user "redacted" could not being added. Error: bad username/password, access denied
 warn --- verdaccio-ldap error Error: read ECONNRESE

The login still works, but the plugin throws all kinds of warnings and errors.
Seems like the plugin needs to be updated to match the latest verdaccio api

version information:

├── [email protected]
└── [email protected]

nodejs 16.16.0-deb-1nodesource1

Ubuntu 20.04.4 LTS

ldap config:

 38 auth:
 39   ldap:
 40     type: ldap
 41     client_options:
 42       url: "ldaps://redacted.net:636"

verdaccio authenticating against ldap

I am experiencing errors when trying to setup verdaccio to authenticate against active directory.I get the following error on the backend which is a centos 7 aws machine and my client machine is in corporate office as well as the AD server (VPN connected):

my steps to recreate:

npm set registry https://npm.mydomain.io
npm adduser --registry https://npm.mydomain.io

  http  <-- 409, user: undefined, req: 'PUT /-/user/org.couchdb.user:andrewm', error: registration is disabled
0|verdacci |  http  <-- 200, user: undefined, req: 'GET /-/user/org.couchdb.user:andrewm?write=true', bytes: 0/106
0|verdacci |  warn  --- LDAP error { message: '80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1\u0000',
0|verdacci |   name: 'InvalidCredentialsError',
0|verdacci |   stack: 'InvalidCredentialsError: InvalidCredentialsError\n    at messageCallback (/usr/lib/node_modules/verdaccio-ldap/node_modules/ldapjs/lib/client/client.js:1419:45)\n    at Parser.onMessage (/usr/lib/node_modules/verdaccio-ldap/node_modules/ldapjs/lib/client/client.js:1089:14)\n    at emitOne (events.js:96:13)\n    at Parser.emit (events.js:191:7)\n    at Parser.write (/usr/lib/node_modules/verdaccio-ldap/node_modules/ldapjs/lib/messages/parser.js:111:8)\n    at TLSSocket.onData (/usr/lib/node_modules/verdaccio-ldap/node_modules/ldapjs/lib/client/client.js:1076:22)\n    at emitOne (events.js:96:13)\n    at TLSSocket.emit (events.js:191:7)\n    at readableAddChunk (_stream_readable.js:178:18)\n    at TLSSocket.Readable.push (_stream_readable.js:136:10)',
0|verdacci |   code: 49,
0|verdacci |   signal: undefined }
0|verdacci |  http  <-- 409, user: undefined, req: 'PUT /-/user/org.couchdb.user:andrewm/-rev/undefined', error: registration is disabled

and I get the following error on the client machine which is window 7

npm ERR! Windows_NT 6.1.7601
npm ERR! argv "C:\\Program Files\\nodejs\\node.exe" "C:\\Program Files\\nodejs\\node_modules\\npm\\bin\\npm-cli.js" "adduser" "--registry" "https://npm.aud"
npm ERR! node v6.9.1
npm ERR! npm  v3.10.8
npm ERR! code E409

npm ERR! registration is disabled : -/user/org.couchdb.user:andrewm/-rev/undefined
npm ERR!
npm ERR! If you need help, you may report this error at:
npm ERR!     <https://github.com/npm/npm/issues>

npm ERR! Please include the following file with any support request:
npm ERR!     C:\Users\andrewm\npm-debug.log

npm config list

; cli configs
scope = ""
user-agent = "npm/4.2.0 node/v7.10.0 linux x64"

; userconfig /home/ec2-user/.npmrc
http-proxy = null
https-proxy = null
registry = "https://registry.npmjs.org/"
strict-ssl = false

; globalconfig /usr/etc/npmrc
registry = "https://registry.npmjs.org/"

; node bin location = /usr/bin/node
; cwd = /home/ec2-user
; HOME = /home/ec2-user
; "npm config ls -l" to show all defaults.

My config file is below

storage: ./storage

###########

 auth:
  ldap:
    type: ldap
    groupNameAttribute: 'admin'
    client_options:
      url: "ldaps://tordc1"
      adminDn: "cn=admin,dc=toronto,dc=audi"
      adminPassword: "P@nc@k3"
      searchBase: "ou=Audien Corp,dc=toronto,dc=audien"
      searchFilter: "(uid={{admin}})"
      cache: False
      searchAttributes:
        - "*"
        - memberOf
      tlsOptions:
        rejectUnauthorized: False

##########


# a list of other known repositories we can talk to
uplinks:
  npmjs:
    url: https://registry.npmjs.org/
###########

packages:
  # uncomment this for packages with "local-" prefix to be available
  # for admin only, it's a recommended way of handling private packages
   'av-*':
      allow_access: $all
      allow_publish: $all

   '*':
      allow_access: $all
      allow_publish: $all
      proxy: npmjs

   '@*/*':
      allow_access: $all
      allow_publish: $authenticated
      proxy: npmjs


https:
  key: /home/ec2-user/verdaccio/verdaccio-keynew.pem
  cert: /home/ec2-user/verdaccio/verdaccio-certnew.pem
  ca: /home/ec2-user/verdaccio/server.ca


# log settings
logs:
  - {type: stdout, format: pretty, level: http}
  #- {type: file, path: verdaccio.log, level: info}

listen:
- https://devnpm:4873
max_body_size: 300mb

Could I get some assistance on resolving my issue pleaseÉ

Thank you

Hybrid authentication not working to publish/unpublish using node console.

Hi,

we are using latest verdaccio (3.8.5) with verdaccio-ldap plugin.
On config.yaml file, we have the both authentication methods:

auth:
ldap:
type: ldap
client_options:
url: "ldap: .....
.......
htpasswd:
file: /verdaccio/conf/htpasswd
max_users: 2

If we login on web browser, both auth users can login.
When we try to use an LDAP user to login through npm console, it throws an error "maximum amount of users reached" - (because it tries to register a new user instead of looking in LDAP users).

Can you fix this problem (or implement this feature, case this is not implemented yet ) ?

Best Regards,
Cristóvão

Fast login expiration

Hi,
I'm using this plugin with verdaccio v3.11.6 and npm 6.4.1
We have ldap with 2FA enabled.

If I run these commands with cache: false:

> npm login --registry http://myverdaccio:4873 --scope=@mycompany

Username: manuel.spigolon
Password: <psw+OTP>
Email: (this IS public) [email protected]
Logged in as manuel.spigolon to scope @mycompany on http://myverdaccio:4873/.

> cat `npm config get userconfig`
(token maskered)
//myverdaccio:4873/:_authToken="cutLAAAfbbb0XXmppppmeW1ACCCbtD0JYY1ZZZZLgAE="
@mycompany:registry=http://myverdaccio:4873/

> npm whoami --registry http://myverdaccio:4873

npm ERR! code ENEEDAUTH
npm ERR! need auth Your auth token is no longer valid. Please log in again.
npm ERR! need auth You need to authorize this machine using `npm adduser`

if I set cache: true, npm whoami --registry http://myverdaccio:4873 (and all the commands like publish and install) works for 5 minutes: the timing of the cache.

I saw that this configuration is pass to the module ldapauth-fork but I was wondering why this token without cache expire immediately.

Could you help me to understand this behaviour? There are something that I have misconfig?
Thanks a lot

can not catch the invalid error

Context:
[email protected] & [email protected]
[email protected]

config section:

auth:
  ldap:
      type: ldap
      groupNameAttribute: 'cn'
      client_options:
        url: "serverName"
        adminDn: "cn=admin,dc=sever,dc=com"
        adminPassword: "***"
        searchBase: "ou=People,dc=server,dc=com"
        searchFilter: "(uid={{username}})"
        cache: False
        searchAttributes:
          - "*"
          - memberOf
        tlsOptions:
          rejectUnauthorized: False
  htpasswd:
    file: ./htpasswd
    # Maximum amount of users allowed to register, defaults to "+inf".
    # You can set this to -1 to disable registration.
    #max_users: 1000

packages:
  '@*/*':
    # scoped packages
    access: $authenticated
    publish: $authenticated
    proxy: npmjs

  '**':
    # allow all users (including non-authenticated users) to read and
    # publish all packages
    #
    # you can specify usernames/groupnames (depending on your auth plugin)
    # and three keywords: "$all", "$anonymous", "$authenticated"
    access: $authenticated

    # allow all known users to publish packages
    # (anyone can register by default, remember?)
    publish: $authenticated

    # if package is not available locally, proxy requests to 'npmjs' registry
    proxy: npmjs

Step:

clear htpasswd file and npmrc
excute npm --registry=http://localhost:4874 login
type wrong username & password
See verdaccio console but npmrc file was write
```
warn --- LDAP error InvalidCredentialsError: Invalid Credentials
```
and terminal console as

Logged in as userName on http://localhost:4873/

excute npm --registry=http://localhost:4874 info react version
the same verdaccio console as step4, and terminal console as
```
16.4.2
```
it seams can use the invalid user to access the packages?

Release with ldapauth 4.0.1 and logger?

Hey,
Thanks for your work in maintaining this.

With LdapAuth > v4, LdapAuth now accepts a parameter 'log' that takes a bunyan logger. You can happily pass in Verdaccio's logger here and get LdapAuth's logs showing up in Verdaccio's.

Aside from this, any chance for a release with the updated dependencies? :)

Jarrad

Version 10 of node.js has been released

Version 10 of Node.js (code name Dubnium) has been released! 🎊

To see what happens to your code in Node.js 10, Greenkeeper has created a branch with the following changes:

Added the new Node.js version to your .travis.yml
The new Node.js version is in-range for the engines in 1 of your package.json files, so that was left alone

If you’re interested in upgrading this repo to Node.js 10, you can open a PR with these changes. Please note that this issue is just intended as a friendly reminder and the PR as a possible starting point for getting your code running on Node.js 10.

More information on this issue

Greenkeeper has checked the engines key in any package.json file, the .nvmrc file, and the .travis.yml file, if present.

engines was only updated if it defined a single version, not a range.
.nvmrc was updated to Node.js 10
.travis.yml was only changed if there was a root-level node_js that didn’t already include Node.js 10, such as node or lts/*. In this case, the new version was appended to the list. We didn’t touch job or matrix configurations because these tend to be quite specific and complex, and it’s difficult to infer what the intentions were.

For many simpler .travis.yml configurations, this PR should suffice as-is, but depending on what you’re doing it may require additional work or may not be applicable at all. We’re also aware that you may have good reasons to not update to Node.js 10, which is why this was sent as an issue and not a pull request. Feel free to delete it without comment, I’m a humble robot and won’t feel rejected 🤖

FAQ and help

There is a collection of frequently asked questions. If those don’t help, you can always ask the humans behind Greenkeeper.

Your Greenkeeper Bot 🌴

Authentication against Active Directory LDAP server crashes verdaccio

Authentication succeeds but verdaccio crashes afterwards. Looks like the "groups" passed back to verdaccio isn't an array:

May 25 10:20:49 websrv1 verdaccio: http <-- 200, user: glenn.matthys(*redacted* via ::1), req: 'POST /-/verdaccio/login', bytes: 66/1256
May 25 10:20:49 websrv1 verdaccio: fatal--- uncaught exception, please report this
May 25 10:20:49 websrv1 verdaccio: TypeError: (groups || []).concat is not a function
May 25 10:20:49 websrv1 verdaccio: at authenticatedUser (/usr/lib/node_modules/verdaccio/src/lib/auth.js:438:32)
May 25 10:20:49 websrv1 verdaccio: at /usr/lib/node_modules/verdaccio/src/lib/auth.js:117:26
May 25 10:20:49 websrv1 verdaccio: at sendResult (/usr/lib/node_modules/verdaccio-ldap/node_modules/ldapjs/lib/client/client.js:1395:12)
May 25 10:20:49 websrv1 verdaccio: at messageCallback (/usr/lib/node_modules/verdaccio-ldap/node_modules/ldapjs/lib/client/client.js:1421:16)
May 25 10:20:49 websrv1 verdaccio: at /usr/lib/node_modules/verdaccio-ldap/node_modules/ldapjs/lib/client/client.js:1282:14
May 25 10:20:49 websrv1 verdaccio: at Array.forEach (native)
May 25 10:20:49 websrv1 verdaccio: at Client._onClose (/usr/lib/node_modules/verdaccio-ldap/node_modules/ldapjs/lib/client/client.js:1272:19)
May 25 10:20:49 websrv1 verdaccio: at Socket.g (events.js:292:16)
May 25 10:20:49 websrv1 verdaccio: at emitOne (events.js:96:13)
May 25 10:20:49 websrv1 verdaccio: at Socket.emit (events.js:188:7)
May 25 10:20:49 websrv1 verdaccio: at TCP._handle.close [as _onclose] (net.js:509:12)

config.yaml:

auth:
  ldap:
    type: ldap
    client_options:
      adminDn: "*redacted*"
      adminPassword: "*redacted*"
      url: "ldap://*redacted*.local"
      searchBase: "DC=*redacted*,DC=*redacted*"
      searchFilter: "(sAMAccountName={{username}})"
      groupDnProperty: "distinguishedName"
      groupSearchBase: "DC=*redacted*,DC=*redacted*"
      searchAttributes: ['*', 'memberOf']

add support for multiple LDAP/AD servers for failover

this is a request to add support to the configuration for multiple AD/LDAP servers to allow for failover/redundancy when a AD server is unavailable
something like

 38 auth:
 39   ldap:
 40     type: ldap
 41     client_options:
 42       url: "ldaps://ad02.local.net:636 ldaps://ad01.local.net:636"

support secure protocol

When we use ldaps://... in the config then we get an error

 fatal--- uncaught exception, please report this
Error: unable to get local issuer certificate
    at TLSSocket.<anonymous> (_tls_wrap.js:1105:38)
    at emitNone (events.js:106:13)
    at TLSSocket.emit (events.js:208:7)
    at TLSSocket._finishInit (_tls_wrap.js:639:8)
    at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:469:38)

Can't login verdaccio 3.3.0

Hello,
i'm unable to login with verdaccio 3.3.0 :

info &lt;-- 10.244.73.1 requested 'POST /-/v1/login'
 http &lt;-- 404, user: undefined(XX.XX.XX.XX via 10.244.73.1), req: 'POST /-/v1/login', bytes: 21/150
 http &lt;-- 404, user: undefined(XX.XX.XX.XX via 10.244.73.1), req: 'POST /-/v1/login', bytes: 21/150
 info &lt;-- 10.244.73.1 requested 'PUT /-/user/org.couchdb.user:user.test'
 error--- unexpected error: plugin[method] is not a function
TypeError: plugin[method] is not a function
    at next (/usr/local/app/build/lib/auth.js:108:23)
    at Auth.add_user (/usr/local/app/build/lib/auth.js:118:7)
    at /usr/local/app/build/api/endpoint/api/user.js:24:12
    at Layer.handle [as handle_request] (/usr/local/app/node_modules/express/lib/router/layer.js:95:5)
    at next (/usr/local/app/node_modules/express/lib/router/route.js:137:13)
    at Route.dispatch (/usr/local/app/node_modules/express/lib/router/route.js:112:3)
    at Layer.handle [as handle_request] (/usr/local/app/node_modules/express/lib/router/layer.js:95:5)
    at /usr/local/app/node_modules/express/lib/router/index.js:281:22
    at param (/usr/local/app/node_modules/express/lib/router/index.js:354:14)
    at param (/usr/local/app/node_modules/express/lib/router/index.js:365:14)
    at param (/usr/local/app/node_modules/express/lib/router/index.js:365:14)
    at paramCallback (/usr/local/app/node_modules/express/lib/router/index.js:401:21)
    at /usr/local/app/build/api/middleware.js:36:7
    at paramCallback (/usr/local/app/node_modules/express/lib/router/index.js:404:7)
    at param (/usr/local/app/node_modules/express/lib/router/index.js:384:5)
    at Function.process_params (/usr/local/app/node_modules/express/lib/router/index.js:410:3)
 http &lt;-- 500, user: undefined(XX.XX.XX.XX via 10.244.73.1), req: 'PUT /-/user/org.couchdb.user:user.test', error: internal server error
(node:8) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.
 http &lt;-- 500, user: undefined(XX.XX.XX.XX via 10.244.73.1), req: 'PUT /-/user/org.couchdb.user:user.test', error: internal server errorinfo &lt;-- 10.244.73.1 requested 'POST /-/v1/login'
 http &lt;-- 404, user: undefined(XX.XX.XX.XX via 10.244.73.1), req: 'POST /-/v1/login', bytes: 21/150
 http &lt;-- 404, user: undefined(XX.XX.XX.XX via 10.244.73.1), req: 'POST /-/v1/login', bytes: 21/150
 info &lt;-- 10.244.73.1 requested 'PUT /-/user/org.couchdb.user:user.test'
 error--- unexpected error: plugin[method] is not a function
TypeError: plugin[method] is not a function
    at next (/usr/local/app/build/lib/auth.js:108:23)
    at Auth.add_user (/usr/local/app/build/lib/auth.js:118:7)
    at /usr/local/app/build/api/endpoint/api/user.js:24:12
    at Layer.handle [as handle_request] (/usr/local/app/node_modules/express/lib/router/layer.js:95:5)
    at next (/usr/local/app/node_modules/express/lib/router/route.js:137:13)
    at Route.dispatch (/usr/local/app/node_modules/express/lib/router/route.js:112:3)
    at Layer.handle [as handle_request] (/usr/local/app/node_modules/express/lib/router/layer.js:95:5)
    at /usr/local/app/node_modules/express/lib/router/index.js:281:22
    at param (/usr/local/app/node_modules/express/lib/router/index.js:354:14)
    at param (/usr/local/app/node_modules/express/lib/router/index.js:365:14)
    at param (/usr/local/app/node_modules/express/lib/router/index.js:365:14)
    at paramCallback (/usr/local/app/node_modules/express/lib/router/index.js:401:21)
    at /usr/local/app/build/api/middleware.js:36:7
    at paramCallback (/usr/local/app/node_modules/express/lib/router/index.js:404:7)
    at param (/usr/local/app/node_modules/express/lib/router/index.js:384:5)
    at Function.process_params (/usr/local/app/node_modules/express/lib/router/index.js:410:3)
 http &lt;-- 500, user: undefined(XX.XX.XX.XX via 10.244.73.1), req: 'PUT /-/user/org.couchdb.user:user.test', error: internal server error
(node:8) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.
 http &lt;-- 500, user: undefined(XX.XX.XX.XX via 10.244.73.1), req: 'PUT /-/user/org.couchdb.user:user.test', error: internal server error

config :

auth:
  ldap:
    type: ldap
    groupNameAttribute: 'cn'
    client_options:
      url: "ldaps://openldap"
      adminDn: "cn=admin,dc=example,dc=org"
      adminPassword: "admin"
      searchBase: "ou=Users,dc=example,dc=org"
      searchFilter: "(&(uid={{username}})(memberOf=cn=Npm,ou=Groups,dc=example,dc=org))"
      groupDnProperty: 'cn'
      groupSearchBase: 'ou=Groups,dc=example,dc=org'
      searchAttributes: ['*', 'memberOf']
      cache: true
      reconnect: true
      tlsOptions:
        #ca: /verdaccio/tls/ldap/ca.crt
        #cert: /verdaccio/tls/ldap/cert.crt
        #key: /verdaccio/tls/ldap/cert.key
        rejectUnauthorized: False

guess plugin called function signature changed ? :s

maybe this can help us : https://github.com/verdaccio/verdaccio/blob/master/test/flow/plugins/auth/example.auth.plugin.js

Response time problem under load for verdaccio-ldap version >= 4.0.0

Looks like verdaccio-ldap having some problems with response time under load

Problem reproducible with verdaccio-ldap version >= 4.0.0
Works fine with version <= 3.1.0 and below

Result of testing with different versions:

For loading I used Locust and wrote few tests to download different pacakges, as well as request /-/ping and /-/whoami endpoints

In test I have used:

		"verdaccio": "3.8.2" and "4.10.0",
		"verdaccio-audit": "^9.7.3",
		"verdaccio-ldap": "2.8.0", "3.1.0", "4.0.0", "4.0.1" 4.2.0"

This issue 82 might be connected to problem described above

Stop to work after some time

I've configured verdaccio-ldap agains ldap from AD. It works fine few minutes after start, with configuration like

auth:
  ldap:
    type: ldap
    client_options:
      url: "ldaps://ldap.server"
    adminDn: "CN=user,OU=A,OU=B,OU=C,DC=D,DC=local"
    adminPassword: "XXX"
    searchBase: "OU=B,OU=C,DC=D,DC=local"
    searchFilter: "(sAMAccountName={{username}})"
    groupDnProperty: 'cn'
    groupSearchBase: 'OU=B,OU=C,DC=D,DC=local'
    searchAttributes: ['*', 'memberOf']
    cache: true
    reconnect: true

Unfortunately, after few login/logout it stop works, and i have in logs:

verdaccio_1 | warn --- LDAP error OperationsError: 000004DC: LdapErr: DSID-0C0907C2, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580
verdaccio_1 | http <-- 401, user: null(10.99.0.14), req: 'POST /-/verdaccio/login', error: bad username/password, access denied
verdaccio_1 | http <-- 401, user: null(10.99.0.14), req: 'POST /-/verdaccio/login', error: bad username/password, access denied

Any suggestions how to solve it?

[Feat] STARTTLS

We are trying to solve #33 and instead of using ldaps:// to use ldap://.

But we need to have encryption, so we need to have it with STARTTLS.

We have tried to see if the current plugin was able to deal with ldap:// and STARTTLS but it was not.

This feature request concern an improvement to allow starttls.

[Bug][2.0.0] E403 when trying to npm install <name> --registry http://localhost:4873

Expected

publish with npm install.
access with npm install.
access with browser.

Result

publish with npm install: OK
access with npm install: FAIL
access with browser: OK

Reproduction

Version:

verdaccio: 2.7.4
verdaccio-ldap: 2.0.0

ldap/config.yml:

storage: /verdaccio/storage

auth:
  ldap:
    type: ldap
    groupNameAttribute: 'cn'
    client_options:
      url: "ldap://ldap.example.com"
      adminDn: "cn=admin,dc=example,dc=com"
      adminPassword: "example"
      searchBase: "dc=example,dc=com"
      searchFilter: "(&(uid={{username}})(memberOf=cn=npm_users,ou=npm,ou=groups,dc=example,dc=com))"
      groupDnProperty: 'cn'
      groupSearchBase: 'ou=npm,ou=groups,dc=example,dc=com'
      searchAttributes: ['*', 'memberOf']
      cache: False
      tlsOptions:
        rejectUnauthorized: False
    max_users: -1
  htpasswd:
    file: ./htpasswd
    max_users: 2
uplinks:
  npmjs:
    url: https://registry.npmjs.org/
packages:
  '@example/*':
    access: npm_example_access
    publish: npm_example_publisher
  '@example2/*':
    # scoped packages
    access: npm_example2_access
    publish: npm_example2_publisher
    proxy: npmjs
  '@*/*':
    access: npm_scope_root_access
    publish: npm_scope_root_publisher
    proxy: npmjs
  '**':
    access: npm_users
    publish: npm_users_publisher
    proxy: npmjs
logs:
  - {type: stdout, format: pretty, level: debug}
web:
  enable: true
  title: npm example

I have created an user which is memberOf all the groups here.

I am able to login, to publish, to view in the UI the package, but when I do:

$ npm install mypackage-test --registry http://npm.example.com

I have 403 error:

npm ERR! code E403
npm ERR! 403 Forbidden: mypackage-test@latest

LDAP Connection Flooding BUG

I discover there is connection flooding from the verdaccio server with ldap plugin I deployed, After I shutdown the verdaccio server everything back to normal.

sudo netstat -nap | grep ns

yes, even hidden code blocks!

[enmd@ipa1 ~]$ sudo netstat -nap | grep ns
Active Internet connections (servers and established)
tcp6       0      0 :::389                  :::*                    LISTEN      5325/ns-slapd
tcp6       0      0 :::636                  :::*                    LISTEN      5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:34531    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:5221     ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:32650    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:42410    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:39803    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:26062    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:5162     ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:17843    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:20083    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:57710    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:57057    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:23449    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:18419    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:64563    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:53072    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:43155    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:55745    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:58535    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:44771    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:4422     ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:4441     ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:59589    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:1041     ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:48210    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:6150     ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:2618     ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:52491    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:22916    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:38698    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:8799     ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:41915    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:55174    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:19949    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:46471    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:56927    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:26005    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:22579    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:46244    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:18867    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:43303    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:29438    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:37499    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:16009    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:48325    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:62709    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:27232    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:9263     ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:58652    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:65208    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:39629    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:56791    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:51226    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:53359    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:5186     ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:44455    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:59977    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:14488    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:49029    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:29822    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:43995    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:40621    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:9652     ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:21493    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:8930     ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:1439     ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:57879    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:40752    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:52682    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:29627    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:57711    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:44948    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:59152    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:39667    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:42967    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:9649     ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:50975    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:24119    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:4807     ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:55880    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:16950    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:54844    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:5300     ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:24359    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:4231     ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:33751    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:48733    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:2771     ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:29915    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:63968    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:42618    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:20712    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:6498     ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:42758    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:10314    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:13643    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:23269    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:53926    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:59118    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:63399    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:8967     ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:43296    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:23954    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:22301    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:1293     ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:44805    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:26975    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:36915    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:22762    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:57813    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:50130    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:14783    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:29024    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:57907    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:38425    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:10578    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:37082    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:39628    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:24240    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:28499    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:12286    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:12128    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:26874    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:16207    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:30979    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:54726    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:32446    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:54404    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:65107    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:33840    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:10305    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:2837     ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:52136    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:61722    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:32945    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:53780    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:62201    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:28260    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:27701    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:41989    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:38836    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:45963    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:43218    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:23184    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:7977     ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:38432    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:58263    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:47628    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:15300    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:20206    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:28905    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:42063    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:26132    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:54218    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:48015    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:32292    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:31661    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:62256    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:45553    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:39087    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:65431    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:52169    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:44986    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:54848    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:37050    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:28610    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:48833    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:47070    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:34657    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:29665    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:62154    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:57068    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:12114    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:26755    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:6107     ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:48937    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:43230    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:36173    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:21439    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:19679    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:12479    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:15278    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:44844    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:27800    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:25896    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:6472     ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:29621    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:46473    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:17093    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:32239    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:37838    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:46617    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:57623    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:50387    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:24904    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:38676    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:59030    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:57250    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:18746    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:17942    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:10827    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:26578    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:2067     ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:12099    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:28769    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:44403    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:51514    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:32085    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:16769    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:26046    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:64197    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:10427    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:25633    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:41422    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:60351    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:27465    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:63263    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:9237     ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:34909    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:23183    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:34339    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:38731    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:12807    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:7306     ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:50393    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:48633    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:48644    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:60290    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:5174     ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:17611    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:60475    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:58122    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:28531    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:60140    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:39534    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:21459    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:5212     ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:38993    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:28965    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:28082    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:44335    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:22092    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:5140     ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:25438    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:11747    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:20795    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:29675    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:31779    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:36967    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:4021     ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:46152    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:21846    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:31352    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:36709    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:45636    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:49308    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:7580     ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:14650    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:46835    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:63319    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:58982    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:30443    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:56745    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:4470     ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:8159     ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:43246    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:60259    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:33381    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:33763    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:36062    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:7760     ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:17446    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:44595    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:57730    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:8081     ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:46508    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:32917    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:19698    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:28869    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:8933     ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:6035     ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:56926    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:53891    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:19130    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:63746    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:38469    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:30697    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:20192    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:41912    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:5672     ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:61660    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:25213    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:63114    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:41663    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:43005    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:51217    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:48375    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:37039    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:4988     ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:45767    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:59440    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:33170    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:28444    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:57633    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:63724    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:37258    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:46088    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:7532     ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:47768    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:26119    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:37482    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:14852    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:47247    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:43170    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:41201    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:5907     ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:1941     ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:6300     ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:63079    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:32403    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:28768    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:20369    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:37841    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:41766    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:12165    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:4429     ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:42947    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:11209    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:59746    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:7774     ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:43138    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:18742    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:19715    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:24231    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:33477    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:2321     ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:60911    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:33241    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:39724    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:55558    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:41156    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:20531    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:28168    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:10657    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:59219    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:52129    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:30839    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:55094    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:10966    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:38190    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:39588    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:65514    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:33101    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:56795    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:30700    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:31865    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:63223    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:25680    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:61848    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:61159    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:8929     ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:17302    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:4688     ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:57163    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:29151    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:28006    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:60180    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:50114    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:13318    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:7470     ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:38823    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:9888     ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:41846    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:38336    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:13589    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:43235    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:55843    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:60827    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:44201    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:47806    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:3134     ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:44077    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:3682     ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:24012    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:1338     ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:28464    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:47655    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:4461     ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:17427    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:48295    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:24480    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:55375    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:64746    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:21230    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:22364    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:32386    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:22707    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:38860    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:47539    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:35145    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:38922    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:45780    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:29484    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:59465    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:58807    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:42637    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:3799     ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:43539    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:62250    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:44507    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:39864    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:37982    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:16817    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:33329    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:21600    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:10763    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:50162    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:54963    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:46536    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:31284    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:38744    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:24355    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:34981    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:53285    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:10888    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:53051    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:12944    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:35536    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:7115     ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:47027    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:27840    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:41219    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:33312    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:52263    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:33949    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:51474    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:1042     ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:57198    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:59883    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:17805    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:31443    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:45401    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:29596    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:7188     ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:31288    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:41434    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:63591    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:20586    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:56682    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:31383    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:15909    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:27395    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:25905    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:24727    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:59026    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:63315    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:1500     ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:43288    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:21829    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:36357    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:33074    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:53979    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:12914    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:32647    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:47937    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:26799    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:34269    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:14416    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:1029     ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:58154    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:20251    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:12368    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:33211    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:54406    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:5744     ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:25653    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:43861    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:7447     ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:52671    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:50007    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:61331    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:40324    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:8893     ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:43084    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:18718    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:38928    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:43543    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:53757    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:34394    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:55562    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:43265    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:21848    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:24644    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:59975    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:30677    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:8321     ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:22179    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:49752    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:47847    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:22703    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:5997     ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:51516    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:50398    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:52375    ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:33294    ESTABLISHED 5325/ns-slapd
tcp6       0      0 <ipa-server-ip>:636      <verdaccio-server-ip>:8295     ESTABLISHED 5325/ns-slapd
tcp6     345      0 <ipa-server-ip>:636      <verdaccio-server-ip>:31504    ESTABLISHED 5325/ns-slapd

I deployed verdaccio in kubernetes with such config,I guessed there is some kind of bug about reconnect mechanism,it created almost up to 500 connections to my server and make it unusable. Even I restart the ldap server, verdaccio still immediately recreated such ridiculous amount of connections to ldap server. I don't known what kind of condition will caused this bug,and I didn't preserve the log before restart the verdaccio server so the log is lost. For now I try to enable the cache if it can prevent ldap plugin keep creating connection.

auth:
  ldap:
    type: ldap
    client_options:
      tlsOptions:
        rejectUnauthorized: false
      url: "ldaps://<masked>"
      adminDn: "<masked>
      adminPassword: <masked>
      searchBase: "cn=users,cn=accounts,dc=example,dc=com"
      searchFilter: <masked>
      groupDnProperty: 'cn'
      groupSearchBase: 'cn=groups,cn=accounts,dc=example,dc=com'
      # If you have memberOf support on your ldap
      searchAttributes: ['*', 'memberOf']
      # Else, if you don't (use one or the other):
      # groupSearchFilter: '(memberUid={{dn}})'
      # Optional
      reconnect: true

Possible memory issue due to LDAP plugin

Hey!

Recently updated our installation of verdaccio and we start seeing an increase of memory over time until verdaccio is OOM.

We were previously running:

"verdaccio": "^3.8.2",
"verdaccio-ldap": "^2.3.0

We are now running:

"verdaccio": "^4.8.1",
"verdaccio-audit": "^9.7.3",
"verdaccio-ldap": "^4.2.0"

I could reproduce the OOM by querying with siege the /-/whoami endpoint with an authenticated user. Requests to our LDAP would work fine until OOM occurred. I suspect (but not sure) that the LDAP plugin could be at play here...

I turned on LDAP auth cache and it helped a bit but OOM ended up happening again over time.

Possibly related? ldapjs/node-ldapjs#605

Environment info:

Runs in kubernetes
Use node 12

If you need more information please let me know.
Thanks!

Groups with spaces and special characters

Is it possible to work with groups that have spaces or ampersands? Our active directory groups are often like "@ team x - specialty y". On the package access/publish properties, spaces are treated as a delimiter, so not sure how to make this work. Thanks.

node-gyp related error with version 3.x

I get the following error when trying to install version 3.x:

sudo npm install -g verdaccio-ldap

> [email protected] install /usr/lib/node_modules/verdaccio-ldap/node_modules/dtrace-provider
> node-gyp rebuild || node suppress-error.js

gyp ERR! configure error 
gyp ERR! stack Error: EACCES: permission denied, mkdir '/usr/lib/node_modules/verdaccio-ldap/node_modules/dtrace-provider/build'
gyp ERR! System Linux 4.15.18-7-pve
gyp ERR! command "/usr/bin/node" "/usr/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js" "rebuild"
gyp ERR! cwd /usr/lib/node_modules/verdaccio-ldap/node_modules/dtrace-provider
gyp ERR! node -v v10.15.3
gyp ERR! node-gyp -v v3.8.0
gyp ERR! not ok 
+ [email protected]
added 43 packages from 135 contributors in 1.722s

installing version 2.x works just fine though...

$authenticated doesn't work with verdaccio v2.7.4, ldap plugin 1.3.0 and node 10.1

I am trying to set access: $authenticated to the scope '@someorg/*': but I keep getting authenticated then the next request is anonymous.

Does anybody know about such a bug ?

I am using :

verdaccio v2.7.4
verdaccio-ldap v1.3.0
node v10.1.

This is my configuration:

storage: /verdaccio/storage

auth:
  ldap:
    type: ldap
    groupNameAttribute: 'cn'
    client_options:
      url: "ldap://ldap.example.com"
      adminDn: "cn=readonly,dc=example,dc=com"
      adminPassword: "example"
      searchBase: "dc=example,dc=com"
      searchFilter: "(&(uid={{username}})(memberOf=cn=npm_users,ou=groups,dc=example,dc=com))"
      cache: False
      searchAttributes:
        - "*"
        - memberOf
      tlsOptions:
        rejectUnauthorized: False
    max_users: -1
  htpasswd:
    file: ./htpasswd
#   # Maximum amount of users allowed to register, defaults to "+inf".
#   # You can set this to -1 to disable registration.
#   # currently used only for deployment accounts
    max_users: 2

# a list of other known repositories we can talk to

uplinks:
  npmjs:
    url: https://registry.npmjs.org/

packages:
  '@someorg/*':
    # scoped packages
    access: $authenticated
    publish: npm_users
#    proxy: npmjs

  '@*/*':
    # scoped packages
    access: $all
    publish: $authenticated

    # if package is not available locally, proxy requests to 'npmjs' registry
    proxy: npmjs

  '**':
    # allow all users (including non-authenticated users) to read and
    # publish all packages
    #
    # you can specify usernames/groupnames (depending on your auth plugin)
    # and three keywords: "$all", "$anonymous", "$authenticated"
    access: $all

    # allow all known users to publish packages
    # (anyone can register by default, remember?)
    publish: $authenticated

    # if package is not available locally, proxy requests to 'npmjs' registry
    proxy: npmjs

# log settings
logs:
  - {type: stdout, format: pretty, level: http}
  #- {type: file, path: verdaccio.log, level: info}
web:
  enable: true
  title: Redacted

I am able to publish a scoped package in @someorg/* but no user can download it after:

 http <-- 200, user: dga(115.73.7.165 via 172.16.0.1), req: 'GET /@someorg%2fdeleteme', bytes: 0/3248
 http <-- 403, user: undefined(115.73.7.165 via 172.16.0.1), req: 'GET /@someorg%2fdeleteme/-/deleteme-0.0.4.tgz', error: unregistered users are not allowed to access package @someorg/deleteme

I have fixed my version of verdaccio and verdaccio-ldap because both latest version together doesn't work. Somebody on IRC shared me it's working version with ldap but mine is not working. I would gladly upgrade if maintainer could help.

[Bug] TypeError: (groups || []).concat is not a function , secure ldap is failing TLS randomly

We are using:

[email protected] within docker
[email protected]
[email protected] within docker

We have GItLab-CI runner that run npm install --registry https://our.registry.com for the project.

I can connect repetitively multiple time to the LDAP, until:

In node 10.1.0

http <-- 200, user: me(172.18.0.1 via 172.16.14.10), req: 'GET /node-int64', bytes: 0/2481
 http --> 304, req: 'GET https://registry.npmjs.org/multicast-dns-service-types' (streaming)
 http --> 304, req: 'GET https://registry.npmjs.org/multicast-dns-service-types', bytes: 0/0
 debug--- connected after 1 attempt(s)
 debug--- connected after 1 attempt(s)
 debug--- connected after 1 attempt(s)
 debug--- failed to connect after 1 attempts
 fatal--- uncaught exception, please report this
Error: Client network socket disconnected before secure TLS connection was established
    at TLSSocket.onConnectEnd (_tls_wrap.js:1092:19)
    at Object.onceWrapper (events.js:273:13)
    at TLSSocket.emit (events.js:187:15)
    at endReadableNT (_stream_readable.js:1086:12)
    at process._tickCallback (internal/process/next_tick.js:63:19)

In node 8.11.2

 info --> making request: 'GET https://registry.npmjs.org/array-unique'
 debug--- connected after 1 attempt(s)
 debug--- connected after 1 attempt(s)
 fatal--- uncaught exception, please report this
TypeError: (groups || []).concat is not a function
    at authenticatedUser (/usr/local/lib/node_modules/verdaccio/build/lib/auth.js:372:32)
    at /usr/local/lib/node_modules/verdaccio/build/lib/auth.js:105:26
    at sendResult (/usr/local/lib/node_modules/verdaccio-ldap/node_modules/ldapjs/lib/client/client.js:1395:12)
    at messageCallback (/usr/local/lib/node_modules/verdaccio-ldap/node_modules/ldapjs/lib/client/client.js:1421:16)
    at /usr/local/lib/node_modules/verdaccio-ldap/node_modules/ldapjs/lib/client/client.js:1282:14
    at Array.forEach (<anonymous>)
    at Client._onClose (/usr/local/lib/node_modules/verdaccio-ldap/node_modules/ldapjs/lib/client/client.js:1272:19)
    at Object.onceWrapper (events.js:272:13)
    at TLSSocket.emit (events.js:180:13)
    at _handle.close (net.js:541:12)
    at TCP.done [as _onclose] (_tls_wrap.js:379:7)

We can connect repititively to the LDAP but then this error happen and prevent us totally from using verdaccio.

We are not using any proxy between verdaccio and the ldap, why is this happening?

Is there a way to prevent such bug ?

support secure protocol with self signed certificate

Hi,

I would like to know how i could configure this plugin to work on ldaps using self signed certificate.
For now i got :

trace--- ldap emitted error: Error: unable to get local issuer certificate
Oct 01 10:32:46 pvden01l.prod.stormshieldcs.eu verdaccio[5285]:  warn --- verdaccio-ldap error Error: unable to get local issuer certificate

version 1.4.0 breaks LDAP authentication by group

I just updated from 1.3.0 to 1.4.0 and could no longer access any packages from my verdaccio server.

I get errors like:

"status":403,"error":"user <user> is not allowed to access package <package>"

My verdaccio config.yaml is setup to use the ldap groups to control access, something like:

packages:
  '@*/*':
    # scoped packages
    access: <ldap-group>
    publish: <ldap-group>
    proxy: npmjs

I downgraded back to 1.3.0 and everything started working again, so definitely looks like something broke in 1.4.0

Different searchBase for Admin and other users

My bind (admin) user and the users that I actually want to authenticate have different search bases. The only parts they have in common are the dc parts. If I set a search base that's sufficient to find my bind user, it will never find my regular users. Does that make sense?

So, for example, I have a bind user with DN like: DN=admin,OU=admins,OU=specialUsers,DC=example,DC=com
And regular users who I want to authenticate like: DN=JoeBlow,OU=chumps,OU=regularDudes,DC=example,DC=com

Then I can set bindDN to that first string (actually, just admin would be enough) and set the searchBase to something like: OU=specialUsers,DC=example,DC=com and the bind user will be authenticated properly but JoeBlow will not be able to log in because the searchBase misses him.

Any suggestion?

Set up unit testing

Your plugin is the most popular by far. How can we help you to set up a proper unit testing?

The unique script I found is "test": "echo 'todo'" not really helpful.

We use jest and works really fine for us.

Couldn't retrieve nested groups

We're using AD authentication with lots of nested groups.
I couldn't find a way to receive all of user's groups with subgroups — node-ldapauth-fork just returns top-level user groups (like cn + 1 group). It seems that our admins are using memberOf (at least this field does exist in object returned by ldapauth-fork while _groups field does not).
Please help 🙂

Allow spaces in groups

Hello,

We also have a lot of LDAP Groups with spaces.
I know it was already discussed here, with no solution right now (Verdaccio is not supporting spaces in groups names):
#68

Is it possible to have this workaround in the code (.split(' ').join('_'))?
function authenticatedUserGroups(user, groupNameAttribute) { return [ user.cn, // _groups or memberOf could be single els or arrays. ...user._groups ? [].concat(user._groups).map((group) => group[groupNameAttribute].split(' ').join('_')) : [], ...user.memberOf ? [].concat(user.memberOf).map((groupDn) => rfc2253.parse(groupDn).get('CN').split(' ').join('_')) : [], ]; }
The I could use the groups with an underscore instead of a space in verdaccio config.yaml.
Could also be configurable.

Kind regards,
Marcus

(groups || []).concat is not a function

root@npm:~# nodejs -v
v10.3.0

-- [email protected]
+-- [email protected]

ubuntu 16.04

everytime I authenticate it crashes the verdaccio service. with the following error in the log:

{"name":"verdaccio","hostname":"npm","pid":14503,"level":60,"err":{"message":"(groups || []).concat is not a function","name":"TypeError","stack":"TypeError: (groups || []).concat is not a function\n    at authenticatedUser (/usr/lib/node_modules/verdaccio/build/lib/auth.js:372:32)\n    at /usr/lib/node_modules/verdaccio/build/lib/auth.js:105:26\n    at sendResult (/usr/lib/node_modules/verdaccio-ldap/node_modules/ldapjs/lib/client/client.js:1395:12)\n    at messageCallback (/usr/lib/node_modules/verdaccio-ldap/node_modules/ldapjs/lib/client/client.js:1421:16)\n    at /usr/lib/node_modules/verdaccio-ldap/node_modules/ldapjs/lib/client/client.js:1282:14\n    at Array.forEach (<anonymous>)\n    at Client._onClose (/usr/lib/node_modules/verdaccio-ldap/node_modules/ldapjs/lib/client/client.js:1272:19)\n    at Object.onceWrapper (events.js:273:13)\n    at Socket.emit (events.js:182:13)\n    at TCP._handle.close [as _onclose] (net.js:596:12)"},"msg":"uncaught exception, please report this\n@{err.stack}","time":"2018-06-05T19:13:08.335Z","v":0}

auth:
  ldap:
    type: ldap
    client_options:
      url: "ldap://ca02vwdc01.agilitypr.net:389"
      # Only required if you need auth to bind
      adminDn: "CN=verdaccio,OU=Service Accounts,DC=domain,DC=net"
      adminPassword: "passwordhidden"
      # Search base for users
      searchBase: "OU=Users,OU=CORP,DC=domain,DC=net"
      searchFilter: "(sAMAccountName={{username}})"
      # If you are using groups, this is also needed
      groupDnProperty: 'cn'
      groupSearchBase: "OU=Users,OU=CORP,DC=domain,DC=net"
      # If you have memberOf support on your ldap
      searchAttributes: ['*', 'memberOf']
      # Else, if you don't (use one or the other):
      groupSearchFilter: '(memberUid={{dn}})'
      # Optional
      cache: False

Group Search by filter

Hi!

Would it be possible to add a group search by filter?
Because we have a lot of nested groups and we will need to retrieve them.

Thanks in advance,
Nighthawk

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.