vesse / passport-ldapauth Goto Github PK

Is there a way to get a user's groups and other information too upon authentication? I need to get groups and whether or not a user is an administrator.

I'm receiving the following errors when I use npm install:

child_process: customFds option is deprecated, use stdio instead.
ACTION binding_gyp_libusdt_target_build_libusdt .
Building libusdt for x86_64
rm -f .gch
rm -f *.o
rm -f libusdt.a
rm -f test_usdt
rm -f test_usdt32
rm -f test_usdt64
rm -f test_mem_usage
gcc -O2 -arch x86_64 -c -o usdt.o usdt.c
usdt.c:212:9: warning: implicit declaration of function 'usdt_dof_section_free' is invalid in C99 [-Wimplicit-function-declaration]
usdt_dof_section_free(&strtab);
^
usdt.c:238:9: warning: implicit declaration of function 'usdt_dof_file_free' is invalid in C99 [-Wimplicit-function-declaration]
usdt_dof_file_free(provider->file);
^
2 warnings generated.
gcc -O2 -arch x86_64 -c -o usdt_dof_file.o usdt_dof_file.c
gcc -arch x86_64 -o usdt_tracepoints.o -c usdt_tracepoints_x86_64.s
gcc -O2 -arch x86_64 -c -o usdt_probe.o usdt_probe.c
gcc -O2 -arch x86_64 -c -o usdt_dof.o usdt_dof.c
gcc -O2 -arch x86_64 -c -o usdt_dof_sections.o usdt_dof_sections.c
rm -f libusdt.a
ar cru libusdt.a usdt.o usdt_dof_file.o usdt_tracepoints.o usdt_probe.o usdt_dof.o usdt_dof_sections.o
ranlib libusdt.a
TOUCH Release/obj.target/libusdt.stamp
CXX(target) Release/obj.target/DTraceProviderBindings/dtrace_provider.o
In file included from ../dtrace_provider.cc:1:
../dtrace_provider.h:69:44: error: no type named 'Arguments' in namespace 'v8'; did you mean 'v8::internal::Arguments'?
static v8::Handlev8::Value New(const v8::Arguments& args);
^~~~~~~~~~~~~
v8::internal::Arguments
/Users/ericdemauro/.node-gyp/0.12.1/deps/v8/include/v8.h:127:7: note: 'v8::internal::Arguments' declared here
class Arguments;
^
In file included from ../dtrace_provider.cc:1:
../dtrace_provider.h:70:45: error: no type named 'Arguments' in namespace 'v8'; did you mean 'v8::internal::Arguments'?
static v8::Handlev8::Value Fire(const v8::Arguments& args);
^~~~~~~~~~~~~
v8::internal::Arguments
/Users/ericdemauro/.node-gyp/0.12.1/deps/v8/include/v8.h:127:7: note: 'v8::internal::Arguments' declared here
class Arguments;
^
In file included from ../dtrace_provider.cc:1:
../dtrace_provider.h:87:44: error: no type named 'Arguments' in namespace 'v8'; did you mean 'v8::internal::Arguments'?
static v8::Handlev8::Value New(const v8::Arguments& args);
^~~~~~~~~~~~~
v8::internal::Arguments
/Users/ericdemauro/.node-gyp/0.12.1/deps/v8/include/v8.h:127:7: note: 'v8::internal::Arguments' declared here
class Arguments;
^
In file included from ../dtrace_provider.cc:1:
../dtrace_provider.h:88:49: error: no type named 'Arguments' in namespace 'v8'; did you mean 'v8::internal::Arguments'?
static v8::Handlev8::Value AddProbe(const v8::Arguments& args);
^~~~~~~~~~~~~
v8::internal::Arguments
/Users/ericdemauro/.node-gyp/0.12.1/deps/v8/include/v8.h:127:7: note: 'v8::internal::Arguments' declared here
class Arguments;
^
In file included from ../dtrace_provider.cc:1:
../dtrace_provider.h:89:52: error: no type named 'Arguments' in namespace 'v8'; did you mean 'v8::internal::Arguments'?
static v8::Handlev8::Value RemoveProbe(const v8::Arguments& args);
^~~~~~~~~~~~~
v8::internal::Arguments
/Users/ericdemauro/.node-gyp/0.12.1/deps/v8/include/v8.h:127:7: note: 'v8::internal::Arguments' declared here
class Arguments;
^
In file included from ../dtrace_provider.cc:1:
../dtrace_provider.h:90:47: error: no type named 'Arguments' in namespace 'v8'; did you mean 'v8::internal::Arguments'?
static v8::Handlev8::Value Enable(const v8::Arguments& args);
^~~~~~~~~~~~~
v8::internal::Arguments
/Users/ericdemauro/.node-gyp/0.12.1/deps/v8/include/v8.h:127:7: note: 'v8::internal::Arguments' declared here
class Arguments;
^
In file included from ../dtrace_provider.cc:1:
../dtrace_provider.h:91:48: error: no type named 'Arguments' in namespace 'v8'; did you mean 'v8::internal::Arguments'?
static v8::Handlev8::Value Disable(const v8::Arguments& args);
^~~~~~~~~~~~~
v8::internal::Arguments
/Users/ericdemauro/.node-gyp/0.12.1/deps/v8/include/v8.h:127:7: note: 'v8::internal::Arguments' declared here
class Arguments;
^
In file included from ../dtrace_provider.cc:1:
../dtrace_provider.h:92:45: error: no type named 'Arguments' in namespace 'v8'; did you mean 'v8::internal::Arguments'?
static v8::Handlev8::Value Fire(const v8::Arguments& args);
^~~~~~~~~~~~~
v8::internal::Arguments
/Users/ericdemauro/.node-gyp/0.12.1/deps/v8/include/v8.h:127:7: note: 'v8::internal::Arguments' declared here
class Arguments;
^
../dtrace_provider.cc:23:17: error: calling a protected constructor of class 'v8::HandleScope'
HandleScope scope;
^
/Users/ericdemauro/.node-gyp/0.12.1/deps/v8/include/v8.h:816:13: note: declared protected here
V8_INLINE HandleScope() {}
^
../dtrace_provider.cc:25:55: error: cannot initialize a parameter of type 'v8::Isolate *' with an lvalue of type 'v8::Handlev8::Value (const v8::internal::Arguments &)'
Local t = FunctionTemplate::New(DTraceProvider::New);
^~~~~~~~~~~~~~~~~~~
/Users/ericdemauro/.node-gyp/0.12.1/deps/v8/include/v8.h:3456:16: note: passing argument to parameter 'isolate' here
Isolate isolate,
^
../dtrace_provider.cc:26:58: error: 'New' is a private member of 'v8::PersistentBasev8::FunctionTemplate'
constructor_template = Persistent::New(t);
^
/Users/ericdemauro/.node-gyp/0.12.1/deps/v8/include/v8.h:572:23: note: declared private here
V8_INLINE static T* New(Isolate* isolate, T* that);
^
../dtrace_provider.cc:26:28: error: too few arguments to function call, expected 2, have 1; did you mean 'DTraceProbe::New'?
constructor_template = Persistent::New(t);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
DTraceProbe::New
../dtrace_provider.h:69:34: note: 'DTraceProbe::New' declared here
static v8::Handlev8::Value New(const v8::Arguments& args);
^
../dtrace_provider.cc:27:25: error: member reference type 'Persistentv8::FunctionTemplate' is not a pointer; maybe you meant to use '.'?
constructor_template->InstanceTemplate()->SetInternalFieldCount(1);
~~~~~~~~~~~~~~~~~~~~^~
.
../dtrace_provider.cc:27:27: error: no member named 'InstanceTemplate' in 'v8::Persistent<v8::FunctionTemplate, v8::NonCopyablePersistentTraitsv8::FunctionTemplate >'
constructor_template->InstanceTemplate()->SetInternalFieldCount(1);
~~~~~~~~~~~~~~~~~~~~ ^
../dtrace_provider.cc:28:25: error: member reference type 'Persistentv8::FunctionTemplate' is not a pointer; maybe you meant to use '.'?
constructor_template->SetClassName(String::NewSymbol("DTraceProvider"));
~~~~~~~~~~~~~~~~~~~~^~
.
../dtrace_provider.cc:28:27: error: no member named 'SetClassName' in 'v8::Persistent<v8::FunctionTemplate, v8::NonCopyablePersistentTraitsv8::FunctionTemplate >'
constructor_template->SetClassName(String::NewSymbol("DTraceProvider"));
~~~~~~~~~~~~~~~~~~~~ ^
../dtrace_provider.cc:28:48: error: no member named 'NewSymbol' in 'v8::String'
constructor_template->SetClassName(String::NewSymbol("DTraceProvider"));
~~~~~~~~^
../dtrace_provider.cc:30:31: error: no viable conversion from 'Persistentv8::FunctionTemplate' to 'v8::Handlev8::FunctionTemplate'
NODE_SET_PROTOTYPE_METHOD(constructor_template, "addProbe", DTraceProvider::AddProbe);
^~~~~~~~~~~~~~~~~~~~
/Users/ericdemauro/.node-gyp/0.12.1/deps/v8/include/v8.h:196:26: note: candidate constructor (the implicit copy constructor) not viable: no known conversion from 'Persistentv8::FunctionTemplate' to
'const v8::Handlev8::FunctionTemplate &' for 1st argument
template class Handle {
^
/Users/ericdemauro/.node-gyp/0.12.1/deps/v8/include/v8.h:213:32: note: candidate template ignored: could not match 'Handle' against 'Persistent'
template V8_INLINE Handle(Handle that)
^
/Users/ericdemauro/.node-gyp/0.12.1/src/node.h:244:72: note: passing argument to parameter 'recv' here
inline void NODE_SET_PROTOTYPE_METHOD(v8::Handlev8::FunctionTemplate recv,
^
../dtrace_provider.cc:31:31: error: no viable conversion from 'Persistentv8::FunctionTemplate' to 'v8::Handlev8::FunctionTemplate'
NODE_SET_PROTOTYPE_METHOD(constructor_template, "removeProbe", DTraceProvider::RemoveProbe);
^~~~~~~~~~~~~~~~~~~~
/Users/ericdemauro/.node-gyp/0.12.1/deps/v8/include/v8.h:196:26: note: candidate constructor (the implicit copy constructor) not viable: no known conversion from 'Persistentv8::FunctionTemplate' to
'const v8::Handlev8::FunctionTemplate &' for 1st argument
template class Handle {
^
/Users/ericdemauro/.node-gyp/0.12.1/deps/v8/include/v8.h:213:32: note: candidate template ignored: could not match 'Handle' against 'Persistent'
template V8_INLINE Handle(Handle that)
^
/Users/ericdemauro/.node-gyp/0.12.1/src/node.h:244:72: note: passing argument to parameter 'recv' here
inline void NODE_SET_PROTOTYPE_METHOD(v8::Handlev8::FunctionTemplate recv,
^
fatal error: too many errors emitted, stopping now [-ferror-limit=]
20 errors generated.
make: *** [Release/obj.target/DTraceProviderBindings/dtrace_provider.o] Error 1
gyp ERR! build error
gyp ERR! stack Error: make failed with exit code: 2
gyp ERR! stack at ChildProcess.onExit (/usr/local/lib/node_modules/npm/node_modules/node-gyp/lib/build.js:267:23)
gyp ERR! stack at ChildProcess.emit (events.js:110:17)
gyp ERR! stack at Process.ChildProcess._handle.onexit (child_process.js:1067:12)
gyp ERR! System Darwin 14.3.0
gyp ERR! command "node" "/usr/local/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js" "rebuild"
gyp ERR! cwd /Users/ericdemauro/Code/node/orgs-api/node_modules/passport-ldapauth/node_modules/ldapauth-fork/node_modules/ldapjs/node_modules/dtrace-provider
gyp ERR! node -v v0.12.1
gyp ERR! node-gyp -v v1.0.2
gyp ERR! not ok
npm WARN optional dep failed, continuing [email protected]

Problem Description

Using balderdashy/[email protected] with passport-ldapauth when the app starts it throws a bunch of dtrace-provider related errors.

{ Error: Cannot find module './build/Debug/DTraceProviderBindings'
    at Function.Module._resolveFilename (module.js:469:15)
    at Function.Module._load (module.js:417:25)
    at Module.require (module.js:497:17)
    at require (internal/module.js:20:19)
    at Object.<anonymous> (/Users/mhdevita/Web Development/sapinfrastructure/backend/node_modules/dtrace-provider/dtrace-provider.js:17:23)
    at Module._compile (module.js:570:32)
    at Object.Module._extensions..js (module.js:579:10)
    at Module.load (module.js:487:32)
    at tryModuleLoad (module.js:446:12)
    at Function.Module._load (module.js:438:3)
    at Module.require (module.js:497:17)
    at require (internal/module.js:20:19)
    at /Users/mhdevita/Web Development/sapinfrastructure/backend/node_modules/ldapauth-fork/node_modules/ldapjs/lib/dtrace.js:84:20
    at Object.<anonymous> (/Users/mhdevita/Web Development/sapinfrastructure/backend/node_modules/ldapauth-fork/node_modules/ldapjs/lib/dtrace.js:124:2)
    at Module._compile (module.js:570:32)
    at Object.Module._extensions..js (module.js:579:10) code: 'MODULE_NOT_FOUND' }

I have attempted adding the "ldapjs": "mcavage/node-ldapjs", into my package.json as described in issue #27 but this did not resolve the errors.

Steps to Reproduce

1. Install [email protected]
2. Install passport, passport-ldapauth
3. start the app via node app.js
4. errors as mentioned above show up

System Information

Node Version: 6.10.1
OS Version: OS X SIerra (10.12)
NPM Version: 3.10.10
Yarn Version: 0.21.3

Hi Vesse, I've managed to successfully use passport-ldapauth to authenticate, however trying to implement persistent session doesn't seem to work – passport.serializeUser is never called and req.isAuthenticated() is always false despite of successful login.

Have you got any suggestions on what might be going on?

Using "express": "4.13.4","express-session": "1.14.1", "passport": "0.3.2" and the latest passport-ldapauth.

Thanks.

When I authenticate against ldap I get NoSuchObjectError. A quick fix I have found is in strategy.js file on line 113 update with :
if (err.name === 'InvalidCredentialsError' ||
err.name === 'NoSuchObjectError' || ....

Hello, I just implemented this into my node app. It all seems to work fine for a while but then all of a sudden i get:

Error: connect ETIMEDOUT (IP of the LDAP server)

at Objects.exports._errnoException (util.js:874:11)

I also tried using just the LDAP fork that this uses and i eventually get the same error.

I have to wait a while and then it starts working again.

I have another project where i didnt use ldapauth that authenticates against the same server and that doesnt have these issues.

Thanks

EDIT.. I used edge for node (C# in node) in the end to do LDAP auth and it doesnt have the ETIMEDOUT issue.. So i am not sure if its an issue with this library or an issue with our LDAP server and this libary.

Using passport-ldapauth module and getting this error when trying to login using a locked account. The trace below points to ldapjs client. Any ideas?

ConstraintViolationError: Exceed password retry limit. Account locked.
at messageCallback (C:\Users\jg63717\projects\raap\node_modules\passport-ldapauth\node_modules\ldapauth-fork\node_modules\ldapjs\lib\client\client.js:867:40)
at Parser.onMessage (C:\Users\jg63717\projects\raap\node_modules\passport-ldapauth\node_modules\ldapauth-fork\node_modules\ldapjs\lib\client\client.js:199:12)
at Parser.emit (events.js:95:17)
at Parser.write (C:\Users\jg63717\projects\raap\node_modules\passport-ldapauth\node_modules\ldapauth-fork\node_modules\ldapjs\lib\messages\parser.js:105:8)
at CleartextStream.onData (C:\Users\jg63717\projects\raap\node_modules\passport-ldapauth\node_modules\ldapauth-fork\node_modules\ldapjs\lib\client\client.js:155:24)
at CleartextStream.emit (events.js:95:17)
at CleartextStream. (stream_readable.js:764:14)
at CleartextStream.emit (events.js:92:17)
at emitReadable (_stream_readable.js:426:10)
at _stream_readable.js:419:7

Is there a way to include more than 1 URL?

Hi i am getting user from ldap, but when i try to return the user i am getting this error:

/Users/Home/Proyectos/app-webs/website/node_modules/passport/lib/passport/index.js:287
      return done(e);
             ^
TypeError: object is not a function
    at pass (/Users/marsanla/Proyectos/app-webs/website/node_modules/passport/lib/passport/index.js:287:14)
    at Passport.serializeUser (/Users/marsanla/Proyectos/app-webs/website/node_modules/passport/lib/passport/index.js:289:5)
    at IncomingMessage.req.login.req.logIn (/Users/marsanla/Proyectos/app-webs/website/node_modules/passport-ldapauth/node_modules/passport/lib/http/request.js:48:29)
    at Context.delegate.success (/Users/marsanla/Proyectos/app-webs/website/node_modules/passport/lib/passport/middleware/authenticate.js:194:13)
    at Context.actions.success (/Users/marsanla/Proyectos/app-webs/13Genius/node_modules/passport/lib/passport/context/http/actions.js:21:25)
    at null.<anonymous> (/Users/marsanla/Proyectos/app-webs/13Genius/node_modules/passport-ldapauth/lib/passport-ldapauth/strategy.js:113:17)
    at Promise.<anonymous> (/Users/marsanla/Proyectos/app-webs/website/config/passport.js:104:28)
    at Promise.<anonymous> (/Users/marsanla/Proyectos/app-webs/website/node_modules/mongoose/node_modules/mpromise/lib/promise.js:177:8)
    at Promise.EventEmitter.emit (events.js:95:17)
    at Promise.emit (/Users/marsanla/Proyectos/app-webs/website/node_modules/mongoose/node_modules/mpromise/lib/promise.js:84:38)

This is my code:

// Use ldap strategy
    passport.use(new LdapStrategy({
            server: {
                url: config.ldap.url,
                adminDn: config.ldap.adminDn,
                adminPassword: config.ldap.adminPassword,
                searchBase: config.ldap.searchBase,
                searchFilter: config.ldap.searchFilter
            },
            usernameField: 'username',
            passwordField: 'password'
        }, function(userLdap, done) {
            User.findOne({
                username: userLdap.uid
            }, function(err, user) {
                if (err) {
                    return done(err);
                }
                if (!user) {
                    user = new User({
                        username: userLdap.uid,
                        firstName: userLdap.givenName,
                        lastName: userLdap.sn,
                        email: userLdap.mail,
                        phone: userLdap.mobile,
                        address: userLdap.postalAddress,
                        postalCode: userLdap.postalCode,
                        city: userLdap.l,
                        state: userLdap.st,
                        title: userLdap.title,
                        provider: 'ldap'
                    });
                    user.save(function(err) {
                        return done(err, user); // Error happens here
                    });
                } else {
                    return done(err, user); // Error happens here
                }
            });
        }
    ));

If I write:

return done(err, false);

There are no error!

Any ideas?

Thanks!

This just changed with 2.2 I have a test that simply checks to see if an unauthorized user can login, it started failing today.
Error: expected 401 "Unauthorized", got 400 "Bad Request"

Hi @vesse,

We have two LDAP server and I was wondering if I could pass multiple LDAP urls in the 'url' param in an array or any other form? I know currently the 'url' param is accepting strings, so I tried passing two urls space separated like you would do in apache (ldaps://server1.company.com server2.company.com). However, it only takes the first url (I tried prepending ldaps in front of the second url too, but without any result). Here is my config file:

var fs = require('fs');

module.exports = {
    'port': process.env.PORT || 8080,
    'env': process.env.ENV || 'develpment',
    'secret': 'mysupersecret',
    'ldap': {
        server: {
            url: 'ldaps://server1.company.com server2.company.com',
            bindDn: 'my-binding-username',
            bindCredentials: 'my-binding-username-password',
            searchBase: 'dc=company,dc=com',
            searchFilter: '(sAMAccountName={{username}})',
            tlsOptions: {
                ca: [
                    fs.readFileSync(__dirname + 'certificate-for-server1'),
                    fs.readFileSync(__dirname + 'certificate-for-server2')
                ]
            }
        }
    },
    ldapgroup: 'group-to-compare-user-membership-in-verify-function'
};

Is there a way to be done? Thank you in advance!

Hi,
I've updated my code to passport 0.3.2 (previously I was on 0.2.1) and passport-ldapauth 0.5.0 (previously I was on 0.2.4) and now, after the login, I don't have the session cookie.
If I revert to the previous version it works.

Any hit?

Thx

If there's a DNS related error when creating the LDAP client, I get an unhandled error event. From the description given by the ldapjs maintainers, it looks like whatever is creating the client should have the error event listener. As I see it, the client instance is not exposed through passport, so I wonder if anything can be done in passport-ldapauth.

ldapjs/node-ldapjs#234

Currently I have mcavage/node-ldapjs#773a1c6 and passport-ldapauth ^0.3.0 installed.

events.js:85
      throw er; // Unhandled 'error' event
            ^
Error: getaddrinfo ENOTFOUND example.asd
    at errnoException (dns.js:44:10)
    at GetAddrInfoReqWrap.onlookup [as oncomplete] (dns.js:94:26)

vesse/node-ldapauth-fork#43

Please merge the actual node-ldapauth-fork version, if the linked ticket is closed.

I am currently using Node.js version 0.12.2 and [email protected] with passport @0.2.1.

I'm running into an issue where I am able to talk to an ldap server using "ldap://....:389" successfully, however when using ldaps://, I run into the problem as documented here:

http://stackoverflow.com/questions/28773546/nodejs-passport-ldapauth-cannot-read-on-property-of-undefined

Following the recommended solution of replacing the sub-module for ldapjs seems to fix the problem.

node.js project before:

├─┬ [email protected]
│ ├── [email protected]
│ └── [email protected]
├─┬ [email protected]
│ ├─┬ [email protected]
│ │ ├── [email protected]
│ │ ├─┬ [email protected] <----- Look here
│ │ │ ├── [email protected]
│ │ │ ├── [email protected]
│ │ │ ├─┬ [email protected]
│ │ │ │ └── [email protected]
│ │ │ ├─┬ [email protected]
│ │ │ │ └── [email protected]
│ │ │ └─┬ [email protected]
│ │ │ ├── [email protected]
│ │ │ └─┬ [email protected]
│ │ │ ├─┬ [email protected]
│ │ │ │ ├── [email protected]
│ │ │ │ ├── [email protected]
│ │ │ │ └── [email protected]
│ │ │ └─┬ [email protected]
│ │ │ └── [email protected]
│ │ └── [email protected]
│ └── [email protected]

To fix:

(Start at project root)
cd ./passport-ldapauth/node_modules/ldapauth-fork/node_modules/ldapjs
cd ..
npm rm ldapjs unbuild [email protected]
npm install git://github.com/mcavage/node-ldapjs.git

├─┬ [email protected]
│ ├── [email protected]
│ └── [email protected]
├─┬ [email protected]
│ ├─┬ [email protected]
│ │ ├── [email protected]
│ │ ├─┬ [email protected] <--- Look here
│ │ │ ├── [email protected]
│ │ │ ├── [email protected]
│ │ │ ├─┬ [email protected]
│ │ │ │ └── [email protected]
│ │ │ ├─┬ [email protected]
│ │ │ │ ├─┬ [email protected]
│ │ │ │ │ ├─┬ [email protected]
│ │ │ │ │ │ └── [email protected]
│ │ │ │ │ ├── [email protected]
│ │ │ │ │ └── [email protected]
│ │ │ │ └── [email protected]
│ │ │ ├── [email protected]
│ │ │ ├─┬ [email protected]
│ │ │ │ └── [email protected]
│ │ │ ├── [email protected]
│ │ │ ├─┬ [email protected]
│ │ │ │ └── [email protected]
│ │ │ ├─┬ [email protected]
│ │ │ │ └─┬ [email protected]
│ │ │ │ └── [email protected]
│ │ │ └─┬ [email protected]
│ │ │ └── [email protected]
│ │ └── [email protected]
│ └── [email protected]

The process of having to manually update the project makes node.js very difficult to manually deploy. I'm not too sure if this should be fixed at the ldapauth-fork or not?

Having issues serializing the user. I logged an issue in a few places, but it seems there is a discrepancy in how the passport-ldapauth's included passport dependency calls out to serializeUser and that of passport

Logged some details here:
jaredhanson/passport#236
http://stackoverflow.com/questions/23396112/passport-js-fails-on-req-login/23409195#23409195

I am trying to authenticate username and password using passport-ldapauth npm. while executing the below code I am always getting error as Bad Request. Kindly help me what is wrong with my code.

var express      = require('express'),
    passport     = require('passport'),
    bodyParser   = require('body-parser'),
    LdapStrategy = require('passport-ldapauth');

// Credentials from the free LDAP test server by LDAP Search

var OPTS = {
  server: {
    url: 'ldap://54.227.207.201:389',
    bindDn: 'CN=simple One,CN=Users,DC=test,DC=local',
    bindCredentials: 'password',
    searchBase: 'ou=passport-ldapauth',
    searchFilter: '(uid={{username}})'
  },
  usernameField: "CN=simple One,CN=Users,DC=test,DC=local",
  passwordField: "password"
};

var app = express();

passport.use(new LdapStrategy(OPTS));

app.use(bodyParser.json());
app.use(bodyParser.urlencoded({extended: false}));
app.use(passport.initialize());


// you can refer code from here:https://github.com/vesse/passport-ldapauth

app.post('/login', passport.authenticate('ldapauth', {session: false}), function(req, res) {    
//will generate error 'Bad Request'
  res.send({status: 'ok'});
});
//server running at 8080
app.listen(8080);

Hello,

This may not be an issue (I'm new to LDAP) but let me briefly describe what I'm trying to do with passport-ldapauth. I have a simple Apache Directory Studio LDAP server instance running and I'm trying to test validating user credentials with my application. The default password of 'secret' is still in place. My question is: How can I access my server (localhost:10389) and validate the credentials from the ones entered by the user instead of having them hardcoded into my OPTS variable? As you'll see below, I have a bindDN with the uid hardcoded in and a bindCredentials with the password hardcoded in. Here is my OPTS:

var OPTS = {
server: {
url: 'ldap://localhost:10389',
bindDn: 'uid=admin,ou=system',
bindCredentials: 'secret',
searchBase: 'ou=system',
searchFilter: 'uid={{username}}'
}
};

Here is my authenticate call:
passport.authenticate('ldapauth', {session: false}, function (err, user, info) {
if (err) {
return next(err); // will generate a 500 error
}
// Generate a JSON response reflecting authentication status
if (!user) {
return res.send({success: false, message: 'authentication failed. Reason: ' + info.message});
}
return res.send({success: true, message: 'authentication succeeded'});
})(req, res, next);

The code above works but if there's a way to do this in a more flexible manner without brute forcing please let me know. Thank you in advance!

For implementing basic auth with post functionality i have added following code. The only difference is that basic auth will be base64 encoded

if (!authorization) { 
    /**
    In original plugin version only following two line were there . Two introduce basic auth in this I have copied some code from passport-http
     **/
    var username = lookup(req.body, this.options.usernameField) || lookup(req.query, this.options.usernameField);
    var password = lookup(req.body, this.options.passwordField) || lookup(req.query, this.options.passwordField);
} else {

var parts = authorization.split(' ')
if (parts.length < 2) { return this.fail(400); }

var scheme = parts[0]
    , credentials = new Buffer(parts[1], 'base64').toString().split(':');

if (!/Basic/i.test(scheme)) { return this.fail(this._challenge()); }
if (credentials.length < 2) { return this.fail(400); }

var username = credentials[0];
var password = credentials[1];
}

Is this secure?
Sorry If I posted it in wrong place.

With a basic configuration I got the following error:

throw er; // Unhandled 'error' event
      ^

Error: unable to get local issuer certificate
    at Error (native)
    at TLSSocket.<anonymous> (_tls_wrap.js:1055:38)
    at emitNone (events.js:86:13)
    at TLSSocket.emit (events.js:185:7)
    at TLSSocket._finishInit (_tls_wrap.js:580:8)
    at TLSWrap.TLSSocket._init.ssl.onhandshakedone (_tls_wrap.js:412:38)

The ldap server is behind a firewall, reached through a port forwarding on the firewall.
What should I do?

RT.

I think this is effectively an enhancement request as I cannot figure out a good way to do it with the given design. The way we do LDAP authentication is by binding with the specific user's credentials, rather than using a secret admin account and searching. If the bind succeeds, then the credentials are good. If not, they are bad.

bindDn:'domain\\'+username,
bindCredentials:''+password,

Problem is, I see no way of passing the user's username and password through to the assigned internal getOptions function. We can currently test this successfully by using global variables but that smells bad and might present a race condition when multiple users go to log-in at the same time.

A simple fix would be for getOptions to include parameters for username and password, or just pass the entire request object if that would fit the abstraction appropriately.

When the ldap server is down, an exception is thrown by the evens handler because no callback is registered for 'error' in ldapjs.client:

events.js:71
        throw arguments[1]; // Unhandled 'error' event
                       ^
ConnectionError: ldap://localhost:9999 closed
    at node_modules/passport-ldapauth/node_modules/ldapauth-fork/node_modules/ldapjs/lib/client/client.js:124:15
    at Array.forEach (native)
    at Socket.onClose (node_modules/passport-ldapauth/node_modules/ldapauth-fork/node_modules/ldapjs/lib/client/client.js:121:39)
    at Socket.EventEmitter.emit (events.js:96:17)
    at Socket._destroy.destroyed (net.js:357:10)
    at process.startup.processNextTick.process._tickCallback (node.js:244:9)

I also reproduced the issue by directly using ldapauth-fork:

var LdapAuth = require('ldapauth-fork');
var options = {
  url: 'ldap://localhost:9999',
  searchBase: 'ou=people,o=sevenSeas',
  searchFilter: '(uid={{username}})'
};
var auth = new LdapAuth(options);

auth.authenticate('user1', 'pass', function(err, user) {
  console.log('authenticate', err, user);
  auth.close(function(err) {
    console.log('close', err);
  });
});

When using the passport.authenticate function, I can only use session:false or my server will crash on
/node_modules/passport/lib/passport/index.js:288
return done(e);
TypeError: object is not a function

Does passport-ldapauth not support keeping a user's authentication alive using sessions?

I notice that image returned from searchAttributes is already converted to String.

I found a research material ldapjs/node-ldapjs#137
Is there anyway that we could get the buffer instead of the converted string?

The express example described in the README.md file fails with "Bad Request" when doing POST /login

Evidence: http://runnable.com/VOXApb1vNXtApwTG/passport-ldapauth-example-fails-for-node-js-and-hello-world

Hi this module is not compatible with 0.12 since there were some breaking changes.

Hello,

How do i bind anonymously to the LDAP server?

Thanks

[Error: Symbol DTraceProviderBindings_module not found.]
{ [Error: Cannot find module './build/default/DTraceProviderBindings'] code: 'MODULE_NOT_FOUND' }
{ [Error: Cannot find module './build/Debug/DTraceProviderBindings'] code: 'MODULE_NOT_FOUND' }

For some reason bindCredentials can't be empty or bindDN. I wish to use your library to perform anonymous ldap queries. What's the correct way to do it? Thanks!

if you have a user with password "Qwerty1" and send a password that is lets say "Qwerty1yidgfsdkfsdk" it will still return your user as long as you have your password first in the string.

We have a very unique issue. We have an app that currently uses our internal LDAP server for SSO. We've successfully used passport-ldap for this app. Recently, we moved the deployment of this app to Heroku for easier management. The problem is that our internal LDAP server only allows certain IPs to make it through the firewall. Since Heroku by default uses floating IPs, this caused a problem with our internal LDAP server because the request needs to come from one given IP.

We are in the process of evaluating Proximo as an add on with Heroku -- since it gives us a static outbound IP to meet the whitelist requirement. With Proximo added on, we have successfully "made a connection" with the passport-ldapauth library -- and our IT departments confirms they see the request go through. However, the response from the LDAP server never makes it back to the app. I forked the repo and added some console.logs to see where the code was running/not running. I currently added these consoles in strategy.js:

  ...
  console.log("before ldapauth");

  ldap = new LdapAuth(this.options.server);
  ldap.authenticate(username, password, function(err, user) {
        console.log("Coming back");
        console.log(err);
        console.log("-------------");

    ldap.close(function(){}); // We don't care about the closing
    console.log("close");
    ...

What the server logs is "before ldapauth", but nothing in the authenticate function is getting logged. Any pointers or assistance on this would be fantastic.

I have a problem with my Nodejs project.
I have a server to deploy code, I have created CA certificate for LDAP on that server. I clone code from server to run on local and when I login with LDAPurl by port 389, It's work. But when I change to port 636 and I login with LDAP ssl account, it's fail to login. I have downloaded CA certifiacte and add tlsOptions in LDAP server config:

tlsOptions: { ca:[ fs.readFileSync('D:/config login ldap/DCC/DCC/server/config/slapd.pem') }

I see when login with port 389, all accounts(LDAP and normal) can login. when I run it don't show any mistakes and still run. I want to login with LDAP account over SSL.
I checked CA certificate:
`CONNECTED(00000003)
depth=0 C = VN, ST = NA, L = Ho Chi Minh, O = DEK VN, OU = Intern, CN = dcc.vn.dektech.internal, emailAddress = [email protected]
verify error:num=18:self signed certificate
verify return:1
depth=0 C = VN, ST = NA, L = Ho Chi Minh, O = DEK VN, OU = Intern, CN = dcc.vn.dektech.internal, emailAddress = [email protected]
verify return:1
Certificate chain
0 s:/C=VN/ST=NA/L=Ho Chi Minh/O=DEK VN/OU=Intern/CN=dcc.vn.dektech.internal/emailAddress=[email protected]
i:/C=VN/ST=NA/L=Ho Chi Minh/O=DEK VN/OU=Intern/CN=dcc.vn.dektech.internal/emailAddress=[email protected]
-----BEGIN CERTIFICATE-----
MIICnTCCAgYCCQC7ll+Hg/oOizANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMC
Vk4xCzAJBgNVBAgMAk5BMRQwEgYDVQQHDAtIbyBDaGkgTWluaDEPMA0GA1UECgwG
REVLIFZOMQ8wDQYDVQQLDAZJbnRlcm4xIDAeBgNVBAMMF2RjYy52bi5kZWt0ZWNo
LmludGVybmFsMRwwGgYJKoZIhvcNAQkBFg1hZG1pbkBkZWsuY29tMB4XDTE3MDYy
MjEwMDYyM1oXDTE3MDcyMjEwMDYyM1owgZIxCzAJBgNVBAYTAlZOMQswCQYDVQQI
DAJOQTEUMBIGA1UEBwwLSG8gQ2hpIE1pbmgxDzANBgNVBAoMBkRFSyBWTjEPMA0G
A1UECwwGSW50ZXJuMSAwHgYDVQQDDBdkY2Mudm4uZGVrdGVjaC5pbnRlcm5hbDEc
MBoGCSqGSIb3DQEJARYNYWRtaW5AZGVrLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB
jQAwgYkCgYEAxA8TL/UuXGgaEd68TbaifBQZ/SO/Cd4/TkB03rlo54NrEGxUirzD
mWCBDsC0ny8Ix+8rCmSlcqBgsPR6FgCP5FgCU70IUN1IjMNpP5POQBBVeDg+WXei
OHfpWTdcUEf1LnV8ye6Rp9dFBTEaeUaCOfDxK13ywmtvz3FpZ+Cd9a0CAwEAATAN
BgkqhkiG9w0BAQsFAAOBgQCJPIwVWKRhLBd7n9D4CYFfhiAbGzPg5H2F159bP9oP
BprZrTF1Z/uifcH7x6ry6YbcZYOPDfpwc8aJ40kSykqpx2lc2tYDlZ8Fe09IqlJc
wZH3QOvWxlJMCQoO4mL/MO/88ksZhQc45XJKYIvNLTK94TaFNvINi8Q/DlvHO9ew
ew==
-----END CERTIFICATE-----
Server certificate
subject=/C=VN/ST=NA/L=Ho Chi Minh/O=DEK VN/OU=Intern/CN=dcc.vn.dektech.internal/emailAddress=[email protected]
issuer=/C=VN/ST=NA/L=Ho Chi Minh/O=DEK VN/OU=Intern/CN=dcc.vn.dektech.internal/emailAddress=[email protected]
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
SSL handshake has read 1050 bytes and written 431 bytes
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 75CB895B660F2287DFBAD4F7F2BC140E71B3001308D5337641FC4957135E83AE
Session-ID-ctx:
Master-Key: 8F54D1AB92179111ED6A742B25A0493424FB028568F486DF99F1D39B8E7286E7C950227846F4A687D560704A5EC24F73
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1498631047
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)

`
I don't know where is my mistake. Please help me!

I was unable to detect when a user was being locked out, but after some troubleshooting and some debugging, I found that the InvalidCredentials error was wrapping up a lot of possible errors when used against a MicrosoftLDAP implementation.

http://www-01.ibm.com/support/docview.wss?uid=swg21290631

I have a PR coming your way, I hope it's correctly formatted

I've tried manipulating the search filter to allow searches for users in multiple groups. It seems like that feature isn't supported. Is there any way to include something like:

searchBase: ['ou=group1,o=org,c=us', ou=group2,o=org,c=us']

Or perhaps there is a way to allow an or statement in the search filter and I'm not sure how to do it? I've tried that route and setting a higher level search base, but that also seems to fail with openLdap syntax.

searchFilter: '(uid={{username}})(|(ou=group1)(ou=group2))'

I am a newbie in nodejs and I want to implement it to my node app but I still cannot understand the sample code. Can anyone explain this to me ?
How do we store user's password and which function will compare password that user entered and password is stored ?

It looks like the library as it stands doesn't support sessions. If you add

Strategy.prototype.authenticate = function(req, options) {
  var property = req._passport.instance._userProperty || 'user';
  if(req._passport.session) return this.success(req[property]);

to the front end of the auth function it will work. I'm not 100% this is how you will want to do it. Mind if I put together a PR for this?

I just ran into issue #27 in anvilresearch/connect#287.

A few days ago version 1.0.0 with updated dependencies of ldapjs was released.

If passport-ldapauth could adopt this version, then the issue would go away for downstream projects.
Can this version be adopted? Are there obstacles or incompatibilities?

I'm using https://github.com/sdelements/lets-chat, and I ran into sdelements/lets-chat#380, where I couldn't login using my email address when connecting via XMPP with Pidgin, although their web interface does not have that problem.

After investigating (read: inserting console.log() all around), this was my finding: sdelements/lets-chat#380 (comment)
(copy-pasting it here)

Just confirmed it. "@" does not work.

Given the "[email protected]" format, if I pass use my email address as username, Pidgin itself breaks the "myemail@[email protected]" string into:

• username = "myemail"
• domain = "[email protected]"

So I tried to URL-encode my email address into "myemail%40mycompany.com", and passport-ldapauth simply passes it directly to the LDAP directory. It's passport-ldapauth that does not support email addresses as XMPP usernames.

I added this

  username = decodeURIComponent(username);

at https://github.com/vesse/passport-ldapauth/blob/master/lib/passport-ldapauth/strategy.js#L139 in my local install (lets-chat/node_modules/lets-chat-ldap/node_modules/passport-ldapauth/lib/passport-ldapauth/strategy.js) in order to test my hunch, and I can now login via Pidgin!

I've ran into a similar situation before, also concerning XMPP and trying to authenticate with LDAP, and the workaround was the same: typing in a URL-encoded email address, substituting "@" with "%40". I know you can look at it as a Pidgin (or other XMPP client) bug, but I'm not optimistic about them addressing it faster than you could possibly do. :-p

The adminDn -> bindDn change of the API introduced with 0.2.3 is a backwards incompatible change. I know this was the follow ldapauth-fork, but this is completely uncool for a 0.2.2 to 0.2.3 patch update.

Versioning of npm modules should follow semver, because that's what's built into things like npm outdated and npm update. With semver, backwards incompatible changes must change major version number (i.e: first digit).

The fix in this case is easy, but the bug was unexpected when the tests ran after the update, and easily could have gone unnoticed if we didn't set up LDAP servers for continuous testing.

Hi,

Would it be possible to an example of working connect-flash with this? I have a simple example that's not working for me and I'm not really sure why:

// server.js

/*
 * some junk in the middle
 */

// required for passport
app.use(session({
  secret: process.env.SECRET, // session secret
  resave: false,
  saveUninitialized: false
}));
app.use(passport.initialize());
app.use(passport.session()); // persistent login sessions
app.use(flash()); // use connect-flash for flash messages stored in session
require('./config/passport')(passport);

// routing
require('./app/routes.js')(app, passport);

app.listen(port);
console.log("APP LISTENING: PORT " + port);

// config/passport.js

var LdapStrategy = require('passport-ldapauth');

module.exports = function(passport) {

  // LDAP Authentication
  options = {
    server: {
      url: 'ldaps://registry.northwestern.edu:636',
      bindDn: process.env.LDAP_BIND_DN,
      bindCredentials: process.env.LDAP_BIND_CREDENTIALS,
      searchBase: 'dc=northwestern,dc=edu',
      searchFilter: 'nuIdTag={{username}}'
    }
  };

  passport.use(new LdapStrategy(options));
};

// app/routes.js

module.exports = function(app, passport) {

//// VIEWS ---------------------------------------------------------------------
    // home page
    app.get('/', function(req, res) {
        res.render('index.html', {
            // user : req.user
        });
    });

    app.post('/login', passport.authenticate('ldapauth', {
        session: false,
        successRedirect: '/success',
        failureRedirect: '/',
        failureFlash: true

    }), function(req, res) {
        console.log(req);
        res.send({status: 'ok'});
    });
};

I'm not familiar with flash but this seems like a very by-the-books way to do things, so I don't know why it wouldn't be working.

pls requrie bodyparser in readme "Express example"

getting error when trying to install npm on windows

C:\Users\admin\Desktop\sailsProjects\port-c9>npm install passport-ldapauth --save
npm http GET https://registry.npmjs.org/passport-ldapauth
npm http 304 https://registry.npmjs.org/passport-ldapauth
npm http GET https://registry.npmjs.org/ldapauth-fork
npm http GET https://registry.npmjs.org/passport
npm http 304 https://registry.npmjs.org/passport
npm http 304 https://registry.npmjs.org/ldapauth-fork
npm http GET https://registry.npmjs.org/pkginfo
npm http GET https://registry.npmjs.org/pause/0.0.1
npm http GET https://registry.npmjs.org/ldapjs/0.7.0
npm http GET https://registry.npmjs.org/lru-cache/2.5.0
npm http GET https://registry.npmjs.org/bcrypt/0.7.7
npm http 304 https://registry.npmjs.org/pause/0.0.1
npm http 304 https://registry.npmjs.org/ldapjs/0.7.0
npm http 304 https://registry.npmjs.org/pkginfo
npm http 304 https://registry.npmjs.org/lru-cache/2.5.0
npm http 304 https://registry.npmjs.org/bcrypt/0.7.7
npm http GET https://registry.npmjs.org/bindings/1.0.0
npm http GET https://registry.npmjs.org/assert-plus/0.1.2
npm http GET https://registry.npmjs.org/asn1/0.1.11
npm http GET https://registry.npmjs.org/buffertools/1.1.0
npm http GET https://registry.npmjs.org/dtrace-provider/0.2.8
npm http GET https://registry.npmjs.org/nopt/2.1.1
npm http GET https://registry.npmjs.org/bunyan/0.21.1
npm http GET https://registry.npmjs.org/pooling/0.4.5
npm http 304 https://registry.npmjs.org/bindings/1.0.0

> [email protected] install C:\Users\admin\Desktop\sailsProjects\port-c9\node_modules\passport-ldapauth\node_modules\ldapauth-fork\node_modules\bcrypt
> node-gyp rebuild

C:\Users\admin\Desktop\sailsProjects\port-c9\node_modules\passport-ldapauth\node_modules\ldapauth-fork\node_modules\bcrypt>node "C:\Program Files\nodejs\node_modules\npm\bin\node-gyp-bin\\..\..\node_modules\node-gyp\bin\node-gyp.js" rebuild

Building the projects in this solution one at a time. To enable parallel build,please add the "/m" switch.
C:\Program Files (x86)\MSBuild\Microsoft.Cpp\v4.0\V110\Microsoft.Cpp.Platform.targets(42,5): error MSB8020: The builds tools for Visual Studio 2010 (Platform Toolset = 'v100') cannot be found. To build using the v100 build tools, either click the Project menu or right-click the solution, and then select "Update VC++ Projects...". Install Visual Studio 2010 to build using the Visual Studio 2010 build tools.[C:\Users\admin\Desktop\sailsProjects\port-c9\node_modules\passport-ldapauth\node_modules\ldapauth-fork\node_modules\bcrypt\build\bcrypt_lib.vcxproj]
gyp ERR! build error
gyp ERR! stack Error: `C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe` failed with exit code: 1
gyp ERR! stack     at ChildProcess.onExit (C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\lib\build.js:267:23)
gyp ERR! stack     at ChildProcess.EventEmitter.emit (events.js:98:17)
gyp ERR! stack     at Process.ChildProcess._handle.onexit (child_process.js:797:12)
gyp ERR! System Windows_NT 6.2.9200
gyp ERR! command "node" "C:\\Program Files\\nodejs\\node_modules\\npm\\node_modules\\node-gyp\\bin\\node-gyp.js" "rebuild"
gyp ERR! cwd C:\Users\admin\Desktop\sailsProjects\port-c9\node_modules\passport-ldapauth\node_modules\ldapauth-fork\node_modules\bcrypt
gyp ERR! node -v v0.10.25
gyp ERR! node-gyp -v v0.12.2
gyp ERR! not ok
npm http 304 https://registry.npmjs.org/nopt/2.1.1
npm http 304 https://registry.npmjs.org/dtrace-provider/0.2.8
npm http 304 https://registry.npmjs.org/bunyan/0.21.1
npm http 304 https://registry.npmjs.org/asn1/0.1.11
npm http 304 https://registry.npmjs.org/assert-plus/0.1.2
npm http 304 https://registry.npmjs.org/buffertools/1.1.0
npm http 304 https://registry.npmjs.org/pooling/0.4.5
npm http GET https://registry.npmjs.org/once/1.3.0
npm http GET https://registry.npmjs.org/bunyan/0.22.0
npm http GET https://registry.npmjs.org/assert-plus/0.1.4
npm http GET https://registry.npmjs.org/vasync/1.4.0
npm http GET https://registry.npmjs.org/abbrev
npm http 304 https://registry.npmjs.org/abbrev
npm http 304 https://registry.npmjs.org/bunyan/0.22.0
npm http 304 https://registry.npmjs.org/assert-plus/0.1.4
npm http 304 https://registry.npmjs.org/vasync/1.4.0
npm http 304 https://registry.npmjs.org/once/1.3.0
npm http GET https://registry.npmjs.org/mv/0.0.5
npm http GET https://registry.npmjs.org/jsprim/0.3.0
npm http GET https://registry.npmjs.org/verror/1.1.0
npm http 304 https://registry.npmjs.org/jsprim/0.3.0
npm http 304 https://registry.npmjs.org/verror/1.1.0
npm http 304 https://registry.npmjs.org/mv/0.0.5
npm http GET https://registry.npmjs.org/extsprintf/1.0.0
npm http GET https://registry.npmjs.org/json-schema/0.2.2
npm http GET https://registry.npmjs.org/verror/1.3.3
npm http 304 https://registry.npmjs.org/extsprintf/1.0.0
npm http 304 https://registry.npmjs.org/verror/1.3.3

> [email protected] install C:\Users\admin\Desktop\sailsProjects\port-c9\node_modules\passport-ldapauth\node_modules\ldapauth-fork\node_modules\ldapjs\node_modules\buffertools
> node-gyp rebuild


C:\Users\admin\Desktop\sailsProjects\port-c9\node_modules\passport-ldapauth\node_modules\ldapauth-fork\node_modules\ldapjs\node_modules\buffertools>node "C:\Program Files\nodejs\node_modules\npm\bin\node-gyp-bin\\..\..\node_modules\node-gyp\bin\node-gyp.js" rebuildBuilding the projects in this solution one at a time. To enable parallel build, please add the "/m" switch.
C:\Program Files (x86)\MSBuild\Microsoft.Cpp\v4.0\V110\Microsoft.Cpp.Platform.targets(42,5): error MSB8020: The builds tools for Visual Studio 2010 (Platform Toolset = 'v100') cannot be found. To build using the v100 build tools, either click the Project menu or right-click the solution, and then select "Update VC++ Projects...". Install Visual Studio 2010 to build using the Visual Studio 2010 build tools. [C:\Users\admin\Desktop\sailsProjects\port-c9\node_modules\passport-ldapauth\node_modules\ldapauth-fork\node_modules\ldapjs\node_modules\buffertools\build\buffertools.vcxproj]
gyp ERR! build error
gyp ERR! stack Error: `C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe` failed with exit code: 1
gyp ERR! stack     at ChildProcess.onExit (C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\lib\build.js:267:23)
gyp ERR! stack     at ChildProcess.EventEmitter.emit (events.js:98:17)
gyp ERR! stack     at Process.ChildProcess._handle.onexit (child_process.js:797:12)
gyp ERR! System Windows_NT 6.2.9200
gyp ERR! command "node" "C:\\Program Files\\nodejs\\node_modules\\npm\\node_modules\\node-gyp\\bin\\node-gyp.js" "rebuild"
gyp ERR! cwd C:\Users\admin\Desktop\sailsProjects\port-c9\node_modules\passport-ldapauth\node_modules\ldapauth-fork\node_modules\ldapjs\node_modules\buffertools

gyp ERR! node -v v0.10.25
gyp ERR! node-gyp -v v0.12.2
gyp ERR! not ok
npm http 304 https://registry.npmjs.org/json-schema/0.2.2
npm WARN optional dep failed, continuing [email protected]

> [email protected] install C:\Users\admin\Desktop\sailsProjects\port-c9\node_modules\passport-ldapauth\node_modules\ldapauth-fork\node_modules\ldapjs\node_modules\dtrace-provider
> node-gyp rebuild


C:\Users\admin\Desktop\sailsProjects\port-c9\node_modules\passport-ldapauth\node_modules\ldapauth-fork\node_modules\ldapjs\node_modules\dtrace-provider>node "C:\Program Files\nodejs\node_modules\npm\bin\node-gyp-bin\\..\..\node_modules\node-gyp\bin\node-gyp.js" rebuild
Building the projects in this solution one at a time. To enable parallel build, please add the "/m" switch.
C:\Program Files (x86)\MSBuild\Microsoft.Cpp\v4.0\V110\Microsoft.Cpp.Platform.targets(42,5): error MSB8020: The builds tools for Visual Studio 2010 (Platform Toolset = 'v100') cannot be found. To build using the v100 build tools, either click the Project menu or right-click the solution, and then select "Update VC++ Projects...". Install Visual Studio 2010 to build using the Visual Studio 2010 build tools. [C:\Users\admin\Desktop\sailsProjects\port-c9\node_modules\passport-ldapauth\node_modules\ldapauth-fork\node_modules\ldapjs\node_modules\dtrace-provider\build\DTraceProviderStub.vcxproj]
gyp ERR! build error
gyp ERR! stack Error: `C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe` failed with exit code: 1
gyp ERR! stack     at ChildProcess.onExit (C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\lib\build.js:267:23)
gyp ERR! stack     at ChildProcess.EventEmitter.emit (events.js:98:17)
gyp ERR! stack     at Process.ChildProcess._handle.onexit (child_process.js:797:12)
gyp ERR! System Windows_NT 6.2.9200
gyp ERR! command "node" "C:\\Program Files\\nodejs\\node_modules\\npm\\node_modules\\node-gyp\\bin\\node-gyp.js" "rebuild"
gyp ERR! cwd C:\Users\admin\Desktop\sailsProjects\port-c9\node_modules\passport-ldapauth\node_modules\ldapauth-fork\node_modules\ldapjs\node_modules\dtrace-provider
gyp ERR! node -v v0.10.25
gyp ERR! node-gyp -v v0.12.2
gyp ERR! not ok
npm ERR! [email protected] install: `node-gyp rebuild`
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the [email protected] install script.
npm ERR! This is most likely a problem with the buffertools package,
npm ERR! not with npm itself.
npm ERR! Tell the author that this fails on your system:
npm ERR!     node-gyp rebuild
npm ERR! You can get their info via:
npm ERR!     npm owner ls buffertools
npm ERR! There is likely additional logging output above.

npm ERR! System Windows_NT 6.2.9200
npm ERR! command "C:\\Program Files\\nodejs\\\\node.exe" "C:\\Program Files\\nodejs\\node_modules\\npm\\bin\\npm-cli.js" "install" "passport-ldapauth" "--save"
npm ERR! cwd C:\Users\admin\Desktop\sailsProjects\port-c9
npm ERR! node -v v0.10.25
npm ERR! npm -v 1.3.24
npm ERR! code ELIFECYCLE
npm ERR!
npm ERR! Additional logging details can be found in:
npm ERR!     C:\Users\admin\Desktop\sailsProjects\port-c9\npm-debug.log
npm ERR! not ok code 0

C:\Users\admin\Desktop\sailsProjects\port-c9>

Could you please supply a working express example? I'm looking at using this along with passport-github.

Thanks

Great module!
But, apparently some err are not displayed by

passport.authenticate('ldap auth', function(err, user) { });

My case was a nonexistent user on LDAP. I think the bug is on this.fail on passport.js

hi all,

i have stored SSHA based password in LDAP server while adding users. how can we make passport-ldapauth to decrypt that encrypted/hashed password? Is there any options, we can define?

I'm writing a Meteor package that depends on passport-ldapauth and I can't seem to configure things properly to make it work. I'm attempting to log in using a test AD my team and I set up, and it works well (doing an ldapsearch in the terminal comes back with exactly what we want). My problem is that when I try to set up the call in Meteor, nothing happens. Here's what I have so far:

ldap-server.js

import {Accounts} from 'meteor/accounts-base';
import {Meteor} from 'meteor/meteor';

passport = Npm.require('passport');
LDAPStrategy = Npm.require('passport-ldapauth');

REQUEST_DEFAULTS = {
    server: {
        url: '',
        // ...
    }
};

function getLdapConfiguration( req, callback ) {
    console.log('getLdapConfiguration', req);

    process.nextTick(() => {
        let options = _.defaults(req, REQUEST_DEFAULTS);
        callback(null, options);
    });
}

Accounts.registerLoginHandler('ldap', request => {
    console.log('ldap request', request);
    // this request must be specified as an ldap request to pass
    if ( !request.isLdap ) {
        return undefined;
    }

    const authenticationOptions = {
        // meteor will handle sessions
        session: false,
        // ensure failures have messages
        flashFailure: true
    };

    passport.use(new LDAPStrategy(getLdapConfiguration, ( req, user, done ) => {
        return done(null, user);
    }));

    passport.initialize();

    // authenticate request
    passport.authenticate('ldapauth', authenticationOptions, ( err, user, info ) => {
        console.log('authenticate callback');
    });
});

The request coming in to the loginHandler has the username and password from the client, among other options. However, The console statements within the getLdapConfiguration function and the callback in passport.authenticate never fire. I'm not really sure what to do, as I've moved those functions around, included or removed passport.initialize in multiple places in the code, etc., but as I said, those console statements never fire. There are also no errors reported in either the client or the server.

What am I doing wrong?

It would be great if there was a way to pass additional options for a group DN, group filter in such a way that when you authenticate a user then lookup what groups that user is a member of.

Example:

{
  bindUserDN: "CN=bindUser,OU=Users,DC=domain,DC=com",
  bindUserPassword: "password",
  userBaseDN: "OU=Users,DC=domain,DC=com",
  userFilter: "(&(objectClass=person)(sAMAccountName={{username}}))"
  userAttributes: ['sAMAccountName', 'mail'],
  roleBaseDN: "OU=Groups,DC=domain,DC=com",
  roleFilter: "(&(objectClass=group)(member={{roleValue}}))",  //Filter groups where the UserDN is a member
  roleField: 'cn', //This is the role attribute from the groups LDAP entry.
  roleValue: 'dn' //This is the value from the User LDAP entry to perform a lookup on group membership
}

A search is done to find the user that exists and then perform another search to determine what groups the User is a member of by using the UserDN into the role/group search.

Thoughts?

Hello, as @charly37 commented (#41 (comment)) in another issue, I was wondering how to achieve a "bind with user credentials" - instead of binding with an admin/static/stored account - with passport-ldapauth.

Our university LDAP directory does not support anonymous bind, and it is not a good idea to let my personal account info to bind. I had experience with the LDAP Drupal module that offers an option to bind with the user credentials.

I tried the bindCredentials: '{{password}}' approach, but it does not work.

How to achieve it with current passport-ldapauth (v1.0.0)?
Would it be possible the Asynchronous configuration retrieval?
Or this is not currently supported?

Thanks in advance for any help.